threat

Window Snyder, Mozilla's chief security something-or-other (her official title), is leaving Mozilla, effective the end of the year.

"I am sad to be leaving," she wrote in her blog on Wednesday, "but I am excited to go work on something I have always been passionate about. I wish I could tell you about it now, but that will have to wait for a while."

In an interview earlier this year, Snyder stressed to me how she wants to bring open-source practices to the security community. And her background certainly supports that passion.

Snyder is the … Read more

Last month, IBM released a report (PDF) identifying the security challenges facing enterprises in the next two to five years. The survey is based on data collected internally by IBM.

One theme is that as the pace of globalization picks up, traditional boundaries continue to disappear. In this new global reality, "open for business" can mean pooling resources or sharing sensitive information among organizations.

The IBM report notes that "the line between participation and isolation can also mark the line of opportunity and risk. (Enterprises) rely on business systems and automated policies to guard that line--to root … Read more

Window Snyder, Mozilla's chief security something-or-other (her official title), wants to bring open source practices to the security community.

"At a lot of companies," she told me recently, "there's fear around security: you don't want to talk about what you're doing around security because one might deem it not enough--or might want to criticize it." She said most companies have a lot of reasons to keep what you're doing in security quiet, but not Mozilla. "We benefit from being open; it's the model for us and it's been … Read more

Microsoft's eighth Blue Hat conference will take place on Thursday and Friday at the software giant's Redmond, Wash., campus. Entitled "C3P0wned," the invitation-only conference features two full days of sessions.

Day one features a select group of security researchers, with team members from Microsoft Security Development Lifecycle (SDL) presenting on the second day. It is an opportunity for Microsoft engineers to hear first hand from leading security researchers. The last Blue Hat conference was held in April.

Of interest on day one is a talk by Dan Kaminsky, director of penetration testing at IO Active, who … Read more

San Francisco officials are trying to find a device on the city's computer network that was allegedly left there by an IT worker who was jailed for refusing to divulge passwords to the city network, the IDG News Service reported on Thursday.

San Francisco network administrator Terry Childs was arrested in July on four felony charges of taking control of the city's computer network and locking administrators out. He remains in jail on $5 million bail despite giving up the passwords to the mayor in a secret jail cell meeting a week later.

The device, which appears to … Read more

Bail for a San Francisco city employee accused of hijacking the city's network remained at $5 million on Friday after prosecutors accused the worker of rigging the network to sabotage it the next time it was shut down for maintenance or due to a power failure, according to The San Francisco Chronicle.

Terry Childs, 43, was arrested July 13 on charges of tampering with the city's computer network. He remained in jail after the hearing on Wednesday.

In a secret meeting with Mayor Gavin Newsom on Monday, Childs revealed the passwords to the system so officials could take … Read more

It's September, so it's time for Internet security companies to release their annual reports and surveys about the threats seen in the first six months of the year. The reports from IBM, Arbor Networks (free registration required), and Symantec (in PDF) each looked at different areas of the Internet in specific but generally found that botnets are on the rise, and that the tools used for attack have gone professional with less noise from mere amateurs. Two of the reports went to find the top three vendors most affected by newly disclosed vulnerabilities were Microsoft, Apple and Oracle, … Read more

When creating a broad forum or social-networking site like Facebook, deciding what, if any, content should be prohibited is always a difficult decision. Pornography and unauthorized copyrighted material are usually forbidden, but any other restrictions will often spark calls of censorship and accusations that the forum infringes on the freedom of speech guaranteed under the U.S. Constitution. In reality, the constitution doesn't dictate what must be allowed in these circumstances, just as you are permitted to make certain subjects off-limits in your own home. Despite the fact that there is no constitutional issue, there is a perception of one, and the concerns about censorship are very real and do have merit.

Lately, Facebook has been dealing with a growing controversy surrounding one of its groups. F**k Islam has more than 800 members, has generated almost 20,000 wall posts, and sparked a number of similar groups in addition to a host of groups built around their opposition to the group's existence. The debate has recently spilled into The New York Times.… Read more

According to a post Monday on the Washington Post's "Security Fix" blog, AOL's password system may not be quite as secure as it would have you believe. A tipster e-mailed blog author Brian Krebs to say that even though AOL allows your password to be 16 characters long, it only counts the first eight. This could spell bad news for AOL members who might not choose their passwords wisely--namely, those who might include their usernames in them.

"Let's take a fictional AOL user named Bob Jones, who signs up with AOL using the user … Read more