|
Flaw turns Gmail into spamming machine
A "serious security flaw" in Gmail allows spammers to send thousands of bulk e-mails through Google's SMTP service, according to a recent report.
FBI probe nets counterfeit Chinese networking parts
Investigation into counterfeit network components made in China and sold to the U.S. government has recovered about 3,500 fake devices with a value of $3.5 million.
Google gains on Microsoft with hosted security offering
The search giant's latest Web-hosted offering, Web Security for Enterprise, gives it a leg up on Microsoft in a digital world increasingly turning to cloud computing, experts say.
Photos of Watchkeeper UAV released
Successful maiden flight for new U.K. UAV.
U.K. turns CCTV, terrorism laws on pooping dogs
The U.K. has the most surveillance cameras per capita in the world. How can local town councils justify the massive surveillance program? By going after pooping dogs.
Why Apple should release a game console
Featured links from the CNET Blog Network
Why Apple should release a game console-- As more people trust and enjoy Apple products in the home, the company could easily capitalize on its success elsewhere and create a gaming console that could do the same.
Nvidia CEO discusses his beef with Intel--Jen-Hsun Huang describes his company as laser focused on just one thing: visual computing. This is leading to clashes with Intel, which is shifting its focus to this area. p>
Verizon Wireless and I are no longer friends--There are few things in life more infuriating than dealing with cell carriers.
DRM: it's like those zombie movies--No matter how many times the content owners wish it worked, DRM has a fundamental technical flaw: you have to give the key to the person you're trying to lock out! Microsoft gets this, even if the RIAA doesn't.
What is your stolen data worth?
McAfee Avert Labs finds price list for stolen bank account and credit card data.
Scary security numbers from Trend Micro
Analyst Jon Oltsik says the state of information security is far worse than they think. If numbers on Web threats from Trend Micro are correct, he may be right.
Attack on epilepsy Web site prompts migraines, near seizures
Hacker tries to trigger seizures by posting hundreds of flashing images on Epilepsy Foundation site.
Google unveils Web Security for corporations
Company says its Web Security for Enterprise protects corporate workers from Internet threats both inside and outside the corporate network.
IRS Web site opens door to phishers
A new IRS site that allows taxpayers to check on the status of their refund checks could lead to users being phished.
CNET News.com - Security
Tech News First
BLACK HAT - Hackers Find a New Place to Hide Rootkits
Security researchers have developed a new type of malicious rootkit software that hides itself in an obscure part of a computer's microprocessor, hidden from current antivirus products.
Four Microsoft Security Patches Due Next Week
Microsoft plans to fix critical bugs in its Word, Publisher and Jet database software next week.
Facebook Partners with AGs for Kids Safety
Facebook is following in the footsteps of its rival MySpace by reaching an online safety agreement with the attorneys general of 49 U.S. states and Washington, D.C.
0day Treasure Hunt: Researcher Hides IE Attack on Web
Security researcher Aviv Raff has published code that would allow someone to take control of a computer running Internet Explorer, but there's a catch. He's not saying exactly where he's hidden the attack.
Hacker Marketplace to Help Build 0day Appliance
WabiSabiLabi, the company best known for building an online marketplace for security flaws, is getting into the hardware business.
Vendor Risk Assessment: A Necessary Evil
Security assessments are tedious, but they reduce risk and are worth the time. And efforts are underway to simplify and automate the process.
Security's 7 Dirty Secrets
The security industry's dirty secrets can undermine the safety of business networks, says expert.
Eight Great Ways to Protect Your Laptop
Don't let hooligans handle your hardware. Here are eight ways to keep your notebook from being pinched--or to get it back if it is stolen.
Military Computer Contractor Convicted on ID Theft Charges
A former U.S. military contractor has pleaded guilty to exceeding authorized access to a computer and aggravated identity theft after he was accused of selling names and Social Security numbers of 17,000 military employees, the U.S. Department of Justice said.
Adoption of Corporate Social Networks Remains Sluggish
Social networks for internal collaboration seem like a good idea in principle, but two obstacles are so far inhibiting their adoption: tools to automatically feed business information to the networks, and the challenge of vying for attention with Facebook and MySpace.
Fraud and Theft Risks in Global Supply Chains Are Everywhere
A new Kroll report sheds light on the complex and overlooked risks in today's international and heavily outsourced supply chains. And while software can help spot supply chain fraud, IT systems are also making enterprises more vulnerable.
Tips on Relieving Overloaded E-Mail Systems While Saving Money
Pepperdine University's CIO shares advice on how he implemented an e-mail alternative solution that cut costs, saved storage resources and addressed security problems.
Colorado Penny Stock Spammer Gets Jail Time
A federal judge has ordered convicted spammer Eddie Davidson to just under two years in prison for sending out a large volume of spam promoting watches, perfume and penny stocks.
Tips to an Effective IT Risk Management Plan for Financial Services
An effective IT risk management program should provide the board of directors, senior management, regulators and other stakeholders with the confidence that IT can deliver business value efficiently and securely while providing high-quality assurance around data integrity, availability and confidentiality.
Identity-Theft Protection: What Services Can You Trust?
New online services offer to protect you from identity theft, and some claim to help you undo damage after it happens. But when we tested the services, we found that many fall short.
CIO.com - Security
How Can We Improve Code Signing?
Opinion: An effort to develop standards to make it more effective and meaningful is under way....
Build IT Knowledge with Current & Trusted Content Helps Employees Develop & Hone New Technical Programming Skills. Sign Up & Get Full Access.
Zero-Day Challenge Revives Disclosure Debate
An Israeli researcher challenges readers to find a proof-of-concept zero-day bug embedded in his blog....
Download a VMWare LAB MANAGER STARTER KIT, FREE! Virtualize the test lab while cutting costs. Get your Free Virtual Lab Starter Kit today.
Google Shores Up Apps with New Security Software
Google's Postini group adds Web security software four days after McAfee and Yahoo strike a security pact....
Six Sigma Certification 100% Online-Six Sigma Certificate from Villanova - Find Out More Now.
Trojan Infects More Than 500,000 PCs
Adware purveyors are using fake MP3 and MPG files on peer-to-peer networks to spread their wares....
SOLVE SUPPORT ISSUES on the First Call! REMOTELY CONTROL AND CONFIGURE SYSTEMS. Easily install applications, updates. All from your Desktop!
Verdasys, Fidelis Take on Large DLP Vendors
The two companies are integrating their network- and host-based DLP....
Attend WINDOWS EMBEDDED ACCELERATION WORKSHOPS Are you ready to learn how you can bring your next-generation embedded device to market faster?
Security - RSS Feeds
Security - RSS Feeds
GGGetting the Best From an Audit
Don't fear the audit. Learn from it. The important thing is that systems should be more secure in the end.
E-Mail As a Service: Time for Another Look?
(Google) Join Google, in this webcast, for a look at how SaaS is upending the belief that organizations must manage their own e-mail infrastructure.
Long Tail Supplier Collaboration - What's In It For You?
(Source: Sterling Commerce) A recent AMR Research study revealed that approximately 70% of companies feel collaboration with long tail suppliers is as important to their business success as collaboration with their core suppliers. If you're not one of them, what are you missing? Join Jane Barrett, Research Director for AMR Research specializing in supply chain execution trends to discuss the complete results of her latest study.
Windows Vista more secure than XP, says security company
Windows Vista is 37% more secure than Windows XP, security vendor PC Tools claimed today, a rate it hinted was disappointing.
Google launches Web security for corporations
Google has announced its Web Security for Enterprise application to protect organizations and remote workers against malware attacks.
Microsoft to patch four bugs on Tuesday
Microsoft plans to release four security updates next Tuesday, three of them "critical," to patch Windows, Word, Publisher and all of the company's anti-malware applications.
More Security News...
View more Security news and analysis from Computerworld.com.
Computerworld Security News
Computerworld.com's award-winning Web site offers IT pros continually updated news stories, as well as features, analysis pieces, opinions and research/resource materials on important technology issues. With a heavy focus on technology users, the site serves as a resource for IT professionals looking to improve business operations -- and their own careers -- by successfully deploying and managing technology.
News: Groups warn travelers to limit laptop data
Groups warn travelers to limit laptop data
News: Patches pose significant risk, researchers say
Patches pose significant risk, researchers say
News: U.S. gov't pushes cybersecurity at con
U.S. gov't pushes cybersecurity at con
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Web developers, fix thy Flash
Web developers, fix thy Flash
Brief: Proposed cybersecurity bill to pressure DHS
Proposed cybersecurity bill to pressure DHS
Brief: India, Belgium warn of Chinese attacks
India, Belgium warn of Chinese attacks
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Brief: Vietnamese pack infects Firefox users
Vietnamese pack infects Firefox users
Brief: Senators quizz gov't on cybersecurity initiative
Senators quizz gov't on cybersecurity initiative
News: Thoughts of a Teenage Bot Master
Thoughts of a Teenage Bot Master
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Radio Free Europe hit by DDoS attack
Radio Free Europe hit by DDoS attack
News: Flash vuln fells Vista
Flash vuln fells Vista
News: Estonia fines man for DDoS attacks
Estonia fines man for DDoS attacks
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Nigeria enlists Microsoft to fight spam scammers
Nigeria enlists Microsoft to fight spam scammers
News: Cross-Site Scripting Worm Hits MySpace
Cross-Site Scripting Worm Hits MySpace
News: Another data security bill in the works
Another data security bill in the works
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: FTC sues company over spyware
FTC sues company over spyware
Infocus: Integrating More Intelligence into Your IDS, Part 2
Integrating More Intelligence into Your IDS, Part 2
Infocus: Integrating More Intelligence into Your IDS, Part 1
Integrating More Intelligence into Your IDS, Part 1
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Infocus: A Guide to Different Kinds of Honeypots
A Guide to Different Kinds of Honeypots
Infocus: Proactively Managing Security Risk
Proactively Managing Security Risk
Mark Rasch: Click Crime
Click Crime
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Jamie Reid: Just Who's Being Exploited?
Just Who's Being Exploited?
Mark Rasch: On the Border
On the Border
Don Parker: Catch Them If You Can
Catch Them If You Can
>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your
Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
More rss feeds from SecurityFocus
News, Infocus, Columns, Vulnerabilities, Bugtraq ...
SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security
information on the Internet. We are a vendor-neutral site that provides
objective, timely and comprehensive security information to all members of
the security community, from end users, security hobbyists and network
administrators to security consultants, IT Managers, CIOs and CSOs.
More of The Same: Another Half Million Web Sites Compromised
There’s no breathing easy when it comes to online security these days. As some several thousands of Web sites try to recover from being hacked via SQL injection barely two days ago, in comes another massive attack on more than half a million Web sites.
Advanced Threats Research Program Manager Ivan Macalintal found the malicious script [...]
Merrill Lynch’s Rock Phish Digital Certificate
The Trend Micro Content Security Team has recently encountered a phishing attack similar to what affected the Bank of America and Comerica recently. The scheme, that involves a malicious digital certificate supposedly downloaded from a link found on the spammed email is now used to fool Merill Lynch Business Center customers. Below is a [...]
“Drive-by Download” Takes A More Literal Meaning
Unsuspecting users who may wish to buy (or simply admire) the new Honda Accord are warned that may fall victim to a drive-by download, leading to the installation of an info-stealing malware. TrendLabs discovered today an attack on the official web site of Honda Cars in Thailand.
According to Advanced Threats Researcher Jonell Baltazar, who discovered [...]
SCADA Watch: ‘Tragedy of The Commons’
“The Tragedy of the Commons is a type of social trap, often economic, that involves a conflict over finite resources between individual interests and the common good.”
- Wikipedia
In a perfect world, we all understand that certain situations should not exist which put our critical infrastructure at risk — we all like to be able to [...]
BBB Spam + Malware Yet Again
Spam turns thirty this month, and it has no signs of abating.
Throughout the years, bulk mail has only morphed into various different forms (from text, to images, some bearing attachments, some links), with some forms evolving from mere unsolicited advertisements, to harbingers of phishing and even malware attacks.
On the antispam work grind, however, things look [...]
A Very Convoluted Chinese Gaming-Info-Stealing Campaign
Our researchers “followed the bouncing Web threat” in this newly discovered spate of hacked legitimate Web sites. Advanced Threats Researcher Paul Ferguson posted about this mass compromise on the blog yesterday, when it was still a “developing issue originating from various locations in China for the past few days that we (security researchers) are still [...]
Those Lazy Hazy Crazy Days of Summer (Movies)
Iron Man just made almost a hundred million dollars during its opening weekend in the US. Yes, summer movie season has just kicked in. You know, that time of the year (even if one’s not in the said country) when all the big blockbuster flicks are jockeying for the “box office hit” title. Almost every [...]
Developing: New Adventures in SQL Injection Attacks
It would appear that we have a developing issue originating from various locations in China for the past few days that we (security researchers) are still piecing together.
Over at the SANS Internet Storm Center, John Bambenek has posted (and also provided at least one update at this hour) a daily handler’s diary entry explaining that [...]
Grand Theft Spam
We were alerted to a spam run that banked on the craze surrounding the highly anticipated worldwide release (except in Japan) of Grand Theft Auto IV (GTA IV) on 29 April 2008.
Below is a screenshot of the sample spammed email message:
It appears to be offering a free PlayStation 3 along with a copy of GTA [...]
April Malware Roundup
Last month started with an April Fool’s message being spammed around. The spammed email contained a link from where a variant of the Storm malware could be downloaded. Aside from that, we’ve had our usual fill of Trojans and malicious scripts that plagued compromised Web sites for April.
Notable Malware
TROJ_AGENT.AMAL
This Trojan poses as a browser plugin [...]
One Year Later, Italian Job Still Working Overtime
In what may turn out to be an advanced one-year “toast” to the June 2007 mass infection that came to be known as the Italian Job, TrendLabs discovered 90 compromised Italian Web sites (all verified active as of this writing) at around 12:30 AM GMT. The compromised sites are varied; their only common thematic link [...]
Barefaced Cyber Crime
Of late, there’s no lack of news about information theft and data breaches, not only in Japan but also the rest of the world. But as these incidents get more common, so are these getting more blatant in the way that these are being carried out. Whereas we used to hear of stolen information being [...]
A Treasury Trove of Phish
At its official Web site, the U.S. Treasury Department Federal Credit Union (TDFCU) makes known that its mission is “to serve the financial needs of our members as a safe and sound cooperative financial institution under sponsorship of the Department of the Treasury.”
Its members include employees of the Treasury Department, Department of Homeland Security, U.S. [...]
Google AdWords Phishing
I received today a strange e-mail about updating payment information for Google AdWords:
This message says that my payment hasn’t been successful and that I need to update my payment information.
As you can see, the link displayed in the mail body is hxxp://adwords.google.com/select/login which is the legitimate one. But the real accessed Web site is hxxp://www.adwords.google.com.fke21.cn/select/Login [...]
‘Hacktivism’ Incidents Escalate, Become More Frequent
While most of the cyber crime activities that we see being conducted on The Internet are being driven by illicit financial incentives, there also appears to be type of malicious activity being driven by other motivations altogether – “Hacktivism”.
Hacktivism is best explained as a combination of “hacking” and “activism”, traditionally rooted in cultural and/or geopolitical [...]
TrendLabs | Malware Blog - by Trend Micro
TrendLabs Malware Blog - Hottest news about worms, viruses, trojans, adware and other internet threats by Trend Micro.
TROJ_DRONDOG.F
This Trojan may be downloaded from remote site(s) by the following malware:
It may be downloaded from certain remote site(s).
It connects to Web sites that contains a list of malware download sites. It then executes the downloaded files. As a result, routines of the downloaded files are exhibited on the affected system.
It deletes itself after execution.
WORM_NUWAR.AIO
TROJ_AGENT.JZK
TROJ_ROOTKIT.BE
This Trojan may be dropped by other malware.
It registers itself as a system service to ensure its automatic execution at every system startup. It does this by creating registry keys/entries.
It deletes itself after execution.
WORM_AUTORUN.BYX
JS_DLDR.AW
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Malware Overview
This malicious JavaScript may be hosted on a compromised Web site and triggers a set of redirections when a user accesses the said Web site.
Eventually, the affected user is redirected to certain URLs that host files detected by Trend Micro as JS_DLOADER.AEHM and TROJ_REALPLAY.BR.
TROJ_AGENT.CSL
This Trojan may arrive as a .DLL file that exports functions used by other malware. It creates registry key and entry to enable its automatic execution at every system startup.
WORM_SILLYFDC.CN
TROJ_VUNDO.BMW
This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware. It may be installed manually by a user. It may be downloaded unknowingly by a user when visiting malicious Web sites.
This Trojan creates several folders. It drops several files. The dropped component files are non-malicious files. It then creates a registry entry to enable its automatic execution at every system startup. It also creates registry entries to disable Task Manager.
This Trojan displays a desktop wallpaper with a link to a remote URL. Clicking the link will perform a fake scan and redirect to a certain Web site. This site offers a download for a fake PC antispyware and PC Cleaner. Modification of the wallpaper does not a have a harmful effect since this is a user-defined variable. However, a link to the redirect site is provided in the modified wallpaper.
Trend Micro - Newest Malware Advisories
TREND MICRO provides free malware information updates
April 2008 - Microsoft Releases 8 Security Advisories
March 2008 - Microsoft Releases 4 Security Advisories
February 2008 - Microsoft Releases 11 Security Advisories
Vulnerability in AcdSee Photo Manager
January 2008 - Microsoft Releases 2 Security Advisories
Vulnerability in UIQ 3.0 with X-Plore v1.13
December 2007 - Microsoft Releases 7 Security Advisories
Vulnerability in UIQ 3.0
November 2007 - Microsoft Releases 2 Security Advisories
Trend Micro - Security Advisories
TREND MICRO provides free security information updates
CRYP_TAP-2
This virus has been renamed to MAL_VUNDO-4.
CRYP_TAP
This virus has been renamed to MAL_VUNDO.
TROJ_VUNDO.HS
BKDR_SALITY.AE
This backdoor program is usually dropped by PE_SALITY.AE.
Once registered, this backdoor program inserts its process in all running processes of an affected machine.
This is Trend Micro's detection for a .DLL file used by other malware programs in performing their malicious routines. One of the said routines include searching for an Internet connection by accessing a valid Microsoft Web site. If there is an Internet connection, this backdoor then attempts to download possibly malicious files from the Internet.
It opens a random port and awaits for commands, which it executes locally, from a remote malicious user.
WORM_GAOBOT.DF
This worm spreads via network shares, and takes advantage of the Windows vulnerabilities whose descriptions are found in the following Microsoft Web pages:
It spreads by attempting to drop a copy of itself in the target addresses' default shares. If the said shares is password-protected, it uses NetBEUI functions to gather a list of user names and passwords, as well as a list of hardcoded user names and passwords as its login credentials.
Using a random port, it connects to an Internet Relay Chat (IRC) server and joins a specific channel, where it listens for commands from a remote malicious user. The said commands are executed locally on affected machines. This routine compromises system security and opens the affected machine to further attacks.
It performs denial of service (DoS) attacks against target sites using different flood methods. It terminates certain processes found running in memory.
This worm is also capable of gathering and stealing Microsoft product keys and CD keys from popular gaming applications installed on affected machines.
TROJ_VUNDO.HI
POSSIBLE_OTORUN1
This malware has been renamed to MAL_OTORUN1.
PE_TRATS.A-O
To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
This file infector may be dropped by other malware. It may also be downloaded unknowingly by a user when visiting malicious Web sites.
It drops another malware detected by Trend Micro as TROJ_TRATS.A.
It targets EXE files for infection. Its infection routine involves sandwiching a target file between its code and TROJ_TRATS.A's code. When an infected file is executed, normal file operation is still performed but, at the same time, the infection cycle is triggered all over again.
BKDR_RBOT.EBH
Upon execution, this memory-resident backdoor drops a copy of itself as CSRRS.EXE in the Windows system folder.
Using random TCP ports, it connects to a specific Internet Relay Chat (IRC) server to receive commands from a remote user. The said commands are executed locally on the affected computer, effectively compromising its security.
It uses a predefined list of user names and passwords to log on to target computers.
In addition, it terminates processes, which are mostly related to antivirus applications ans security programs. It also launches denial of service (DoS) attacks using different flooding methods.
BKDR_IRCBOT.AGF
This backdoor arrives as a downloaded file from the Internet. It may also arrive as a downloaded file from a peer-to-peer (P2P) network.
It drops a copy of itself as SVCHOST.EXE, disguising itself as a legitimate file to avoid easy detection. It sets its attributes to hidden and system. It also displays the following fake error message, stating that the installer is corrupted:
It connects to an Internet Relay Chat (IRC) server and joins a channel by opening a random TCP port. It then waits for commands from a remote user. The said commands are executed locally, thus compromising the affected system.
This backdoor also attempts to act as a P2P server/client to enable downloading of a copy of itself by users connected to a specified P2P network.
Trend Micro - Malware Top10
TREND MICRO - Malware Top 10
Is It Doing Anything?
Part two in a series about Norton 360’s smart task scheduler. In this entry, product development manager, Collin Davis, introduces a new tool that gives users insight into what this feature of Norton 360 is doing behind the scenes.
Norton 360’s Smart Scheduler
Norton 360’s smart task scheduler doesn’t rely on a fixed schedule – instead it works around yours. Product Development Manager Collin Davis explains how Norton 360 is always looking for times that you’re away from your desk to perform the routine maintenance tasks it needs to keep your PC safe and tuned.
Do you Yahoo?
I do! And if you’re among Yahoo!’s 27 million users*, you probably do too. A few weeks ago, Yahoo! announced its new Beta version of their popular instant messaging software called Yahoo! Messenger 9.0. Symantec worked alongside Yahoo! to bring additional security to instant messaging by enabling security scans of files that are sent via IM.
Passmark Performance Testing
While yesterday’s fast moving, widespread threats are a thing of the past, today’s threats are often more challenging to detect due to their stealthiness. They also present a bigger risk to consumers, often compromising personal or financial information.
Tackling Performance Impact with Norton Internet Security and Norton AntiVirus 2008
As most of our users know, over the years, the threat environment has changed drastically. Viruses gave way to worms, then came spyware, phishing, and botnets. In turn, Symantec responded by updating our consumer products each year with new features designed to protect users against these threats.
Detection and Remediation
While yesterday’s fast moving, widespread threats are a thing of the past, today’s threats are often more challenging to detect due to their stealthiness. They also present a bigger risk to consumers, often compromising personal or financial information.
Stray thoughts on security
With the pending trial of alleged spam mogul Robert Alan Soloway, I thought it might be interesting to look at today's threat landscape to see what consumers today are faced with when they switch on their computers.
Security is a funny thing
Security is a funny thing. Everyone knows they want it and need it. Most people using computers today want security software to be vigilantly on guard, but want it to function in the background as an invisible shield without hindering common tasks.
Organized Crime 2.0
Organized criminals are ramping up their use of the Internet as an attack medium.
Stop Cyberbullying Day
Today has been declared "Stop Cyberbullying Day" by Andy Carvin, Internet activist and founding editor of the Digital Divide Network. Recent threatening posts against well-known computer industry blogger, Kathy Sierra, have raised concerns about the increasingly vicious nature of cyberbullying as well as the growth of activity.
Not all Security Solutions are Created Equal
Protecting consumers from the ever expanding universe of online threats requires focus, commitment and experience. Looks like Microsoft- and sadly, users of their Windows Live OneCare software – are finding this out the hard way.
The Envelope Please...
Norton360 Ships!
I’m very pleased to announce the availability of Norton 360 on XP and Vista. Norton 360 is the new flagship product for the consumer team at Symantec, and it spans five key areas of functionality:
New Norton Identity Client Unveiled at DEMO '07
The new Norton Identity Client (NIC) was unveiled this week at
SONAR: Symantec Online Network for Advanced Response and PeaComm
On January 17th, Symantec announced a new technology, SONAR, which stands for Symantec Online Network for Advanced Response. In the week of the announcement, SONAR already played a critical role as an early warning system and Zero Hour detection for the PeaComm threat, let’s examine how:
Norton 360 Blog #5
Welcome back from the holidays! I hope everyone’s now had a chance to get more comfortable with the latest Beta build of Norton 360 to support Vista 6000.
Norton 360 Design Philosophy: User Experience and Performance
I’m very pleased to announce the availability of Norton 360 on Vista. I know many of you have been asking about Vista support, so the Norton 360 team is anxious to get your feedback on what you like and what we can improve.
Norton 360 Design Philosophy: Right Balance of Functionality
Hello All, I’m continuing our blog about the design philosophy behind Norton 360.
Norton 360 Blog #2: Design Philosophy Blog: Automation
Hello and welcome again to the Norton 360 blog. I want to share with you our thinking in the design of this product and expand a bit more about our design philosophy.
Spammers hit blogs...
An interesting new trend and vector for spammers.
Norton 360 Blog #1: Welcome Blog
It is my pleasure to say "Welcome!" to the Norton 360 blog community.
The Illusion of Control, Part 3
In two previous posts I’ve talked about why firewalls fail as outbound control mechanisms due to what amounts to lack of visibility into the traffic they are passing.
The Illusion of Control, Part 2
Previously I made the claim that firewalls fail as outbound control mechanisms because they depend on port bindings for protocol identification and because they make the assumption that they can do content inspection. Let’s explore that a little deeper now.
The Illusion of Control
A key aspect of security is control. In recent years, security and network administrators have spent a great deal of time and money attempting to control their networks for the sake of security.
Criminal ingenuity - online identity theft hits brokerages
Criminals are now targeting brokerage accounts to commit identity fraud against consumers. Consumers need to learn how to transact safely online, both by being more cautious and skeptical as well as utilizing new technology that is now available.
Security 2.0 and Identity
Last week we made some announcements about our "Security 2.0" initiative and talked in some detail about the various products and services. One topic that got some attention was identity. I thought I might write a little about digital identity and why we see it as so important.
Upgrading to Norton 2007 products
Upgrading to Norton 2007 products
Where to download Norton Internet Security Add-on Pack
Where to download Norton Internet Security Add-on Pack
FREE NIS Add-on pack available
FREE NIS Add-on pack available
Norton Internet Security Add-on pack
Norton Internet Security Add-on Pack
Threat Landscape
One of the things Symantec has an extremely good viewpoint into is the evolution of the threat landscape on the Internet.
New 2007 releases – Light and Tight!... continued
Norton Internet Security Add-on Pack
Hardware and Software Firewalls – which one should I use?
Home networking equipment often includes a hardware firewall. Norton Internet Security also includes a software firewall. Find out what makes each type of firewall different and what to use for the absolute best protection.
New 2007 releases – Light and Tight!
I am pleased to let you know that we have just shipped Norton Internet Security 2007 and Norton AntiVirus 2007. These releases were the result of the combined efforts of hundreds of Symantec employees, and I am personally very proud to have been a member of this team.
Norton Confidential
Norton Confidential is a new security product we are working on, and it is unlike anything else in the market. When something so different is released, it’s bound to create excitement, and to prompt some questions like: what does it do? Why do I need it?
Viruses, phishing... they happen to me too.
In the last few weeks I have received several instant messages linking to phishing sites. I find myself really disturbed when security threats find their way to one of my computers, or when they happen to someone I know.
Norton Internet Security 2007 beta
Many of our loyal Norton users are beginning to ask what new things we have been working on, and what will be coming out with this year’s product refreshes. A beta version for Norton Internet Security 2007 was posted last week (check it out here:
Beware of Vishing Attacks
In May of this year, our response organization
Online transaction security - protecting your personal information
As online threats change, you need to continue to evaluate your security protection. Online transactions are identity thieves’ sweet spots - is your security software designed to protect you specifically from the new type of threats like phishing and keystroke logging that are designed to steal your passwords, account numbers and other personal information? I have some tips for those of you banking and shopping online as to how to take more responsibility for your own security.
The importance of Network Intrusion Prevention technology
Intrusion Prevention Technology is a critical component of a comprehensive desktop security solution. This blog entry discusses the main benefits behind Network Intrusion Prevention Systems (NIPS), how they complement other security technologies and the importance of their role in defending a system against common attack vectors in today’s security threats.
Follow Me to Safety Town
Here at Symantec, we’ve been experimenting with new ways to capture people’s attention – and warn them about some of the dangers of going online without proper security precautions. Here’s one of our most recent experiments.
Suite Security
Consumer security suites bring together multiple layers of protection in order to secure a system. This notion of Multilayer Security is well accepted by the security industry at large. They can also be more secure. Let's examine how.
Are all desktop security products created equal, or are they getting harder to test?
It has become increasingly difficult to test the latest security products which use behavior-based systems to protect against today’s real-world threats. Traditionally, security product testing is done by running the product against a set of threats (files), and seeing how many of them are discovered.
Online Identity Theft & Fraud - A Growth Business...continued
Last time I discussed the rise in ID theft and online criminal activity. This week, I’d like to touch on how consumers and companies need to deal with emerging threats, like phishing, pharming, and key loggers.
Welcome to the Norton Protection Blog
Our goal with this blog is to generate an interactive dialog between Symantec and you – our customers, our partners, members of the media, analysts, security experts, and anyone else interested in the issues, technologies, and trends surrounding consumer security and protecting consumers when they go online.
Online Identity Theft & Fraud - A Growth Business
Identity theft continues to rise with reports indicating the vast majority of identity theft takes place offline – I’m not so sure I believe that. Fraud associated with identity theft is often unreported and not prosecuted, and it’s difficult to pinpoint the method by which personal data was stolen. The more technologically challenging the case, the less likely it is the victim will understand how their identity was originally compromised.
They Said It Couldn’t Be Done – A Silent Outbound Firewall and Usable Security
A silent outbound firewall has been made possible by recent innovations at Symantec in the field of Usable Security. While many industry experts believe that you cannot have both security and ease of use, Symantec engineers have applied a unique combination of technologies to provide strong security that is easy to use.
The Rest of the Iceberg
In the consumer security industry, we tend to focus a great deal on the “client software” –Norton Internet Security or some other security software that runs on a user’s PC. While this software is vitally important to effectively protecting people online, it’s really just the “tip of the iceberg” of what’s required to provide comprehensive, effective protection.
Norton Protection Blog - Symantec Corp.
none
How to Protect Yourself From PC Security Pitfalls
A PCWorld.com columnist shows you how to get rid of spyware, shrug off spam, and stay safe on unsecured public networks.
First Trojan for Apple iPhone Targets Modified Handsets
While not a huge risk, the first Trojan for the iPhone has been discovered. The first reports came from iPhone enthusiast site Modmyifone.com and were later confirmed by security research company F-Secure.
Wi-Fi Virus Outbreak? Researchers Say It's Possible
Criminals looking to target unsecured wireless routers could create an attack that could piggyback across thousands of Wi-Fi networks in urban areas like Chicago or New York City, according to researchers at Indiana University.
Microsoft IE, Outlook, Word Get Critical Bug Fixes
Microsoft has released six security updates for its products, fixing critical flaws in Word, Outlook Express, Internet Explorer (IE) and the Kodak image viewer that ships with Windows.
Microsoft Releases Super Bundle of Security Patches
Microsoft has released what security experts are calling one of its most significant security fixes this year.
Symantec Offers Compensation for Bad Software Update
More than a month after Symantec knocked out 50,000 Chinese PCs with a bad software update, the company is ready to offer compensation. But Chinese users eligible for the offer have to act fast; it's good for only a couple of weeks.
SSL Flaw Fixed in Latest Microsoft Security Patches
Microsoft has released its monthly set of security patches, fixing problems in Windows, Intern | 