InformationWeek Security Weblog

Famous Password Auditing Tool, L0phtCrack Is Back

George Hulme — Mon, 30 Nov 2009 11:33:29 -0500

After a couple of years of rest, L0phtCrack, one of the most famous password auditing and recovery tools is back.

Microsoft Provides Insight Into Password Attacks

George Hulme — Sun, 29 Nov 2009 19:11:49 -0500

For about a year now, Microsoft has been trying to gather data on real-world attacks, the types of attacks normal users might encounter in their day to day Internet use - and the software maker just released some interesting data on password attacks.

Exploit Code Targets Internet Explorer Zero-Day

George Hulme — Tue, 24 Nov 2009 17:42:14 -0500

There's exploit code circulating that can be used to target certain versions of Internet Explorer, Microsoft says it's working on a fix.

Chrome OS Security: Initial Impressions

George Hulme — Fri, 20 Nov 2009 16:15:02 -0500

There is much developers can do to build a secure operating system when limits are set on what devices are supported, and there's no regard for compatibility with all types of software applications. I'm sure it's a luxury some software designers in Redmond and Cupertino certainly envy. But that's the clean shot Google has with its new Chrome OS.

Phishers Target Apple Customers In New Attack

George Hulme — Wed, 18 Nov 2009 18:30:21 -0500

While OS X is targeted by a far fewer number of viruses than other operating systems, that's not stopping fraudsters from trying to hit Mac users with fraud.

Reporting Health IT Security Compliance Gets Easier

Marianne Kolbasuk McGee — Mon, 16 Nov 2009 15:15:06 -0500

The Health Information Trust Alliance (HITRUST) has unveiled a new program that helps streamline how healthcare organizations report to their business associates their status of compliance to security regulations such as HIPAA and others.

InformationWeek's RSS Feed is brought to you by

Mon, 16 Nov 2009 15:15:06 -0500

The Web Application Security New Top 10 Risks

George Hulme — Sun, 15 Nov 2009 21:23:31 -0500

With a focus on risks, rather than only ranking software vulnerabilities, the Open Web Application Security Project (OWASP) has made a significant - and welcomed - change in how the organization rates Web application security weaknesses.

Despite Security Concerns, Social Networks Soar

George Hulme — Mon, 09 Nov 2009 11:24:36 -0500

Security firm Palo Alto Networks peeked at the application use of more than 200 organizations around the globe, and found social networking growth on corporate networks is on fire. Will security concerns be the extinguisher? Don't count on it.

JailBroken iPhones Targeted By Rick-Rolling Worm

George Hulme — Sun, 08 Nov 2009 13:26:29 -0500

The SANS Institute Internet Storm Center is warning users of jailbroken iPhones that a new worm is targeting their hacked phones. So how dangerous is it, really?

Microsoft To Patch 15 Vulnerabilities

George Hulme — Thu, 05 Nov 2009 22:48:12 -0500

As part of its monthly ritual, Microsoft in its Security Bulletin Advanced Notification for this month warned of a number of nasty vulnerabilities in its operating systems and productivity software.

Tech Pros Want Security, Healthcare, Green Certifications

Marianne Kolbasuk McGee — Wed, 04 Nov 2009 13:37:45 -0500

Techies are seeking professional certifications in emerging areas like healthcare and green IT, and especially old standbys like IT security, according to a new survey.

Manhattan DA Announces Major ID Theft Indictment

George Hulme — Mon, 02 Nov 2009 21:53:16 -0500

A Manhattan DA brought an 149-count indictment accusing a computer technician of stealing the identities of more than 150 employees of the Bank of New York Mellon and using those identities to orchestrate more than $1.1 million in thefts against charities and non-profits, among other institutions.

New Project Takes Aim At Web Vulnerabilities

George Hulme — Sat, 31 Oct 2009 19:06:59 -0500

New open source honeypot sets bait to lure attackers and to gain first hand information on current attack techniques underway.

Blue Coat Identifies Halloween Trick

Adam Ely — Fri, 30 Oct 2009 19:14:20 -0500

Blue Coat has identified a new malware trick just in time for Halloween. Unsuspecting victims are redirected to one of two malware sites after searching for Halloween related sites. These distribution sites are typically used for hosting of warez, pirated digital content, but have been switched to malware distribution in the past 12 hours.

Patch Your Firefox

George Hulme — Tue, 27 Oct 2009 23:09:50 -0500

Mozilla just released 16 patches for vulnerabilities in Firefox. Eleven of the flaws are critical, and affect a number of components in the browser.

UK Jobs Website Hacked

George Hulme — Mon, 26 Oct 2009 17:22:10 -0500

The news site Guardian is warning members of its UK jobs site that the site has been breached, and that personal data may been snagged.

Application Security Is National Security

George Hulme — Fri, 23 Oct 2009 19:25:07 -0500

Hacks targeting U.S. government computers are coming from China. We knew that. The Chinese hackers are relying on zero-day software vulnerabilities to exploit critical systems. So, tell me again: why aren't we doing more to require applications be built secure from the start?

My Hat Is Blue

Adam Ely — Thu, 22 Oct 2009 17:14:13 -0500

For the past two days I have been back in Seattle. It was almost two years ago I left the city, and was not sure when I'd get a chance to return. Microsoft's BlueHat security conference was a great reason to come back to my favorite rainy city.

What is BlueHat?

Gumblar: Back With A Vengeance

George Hulme — Tue, 20 Oct 2009 14:03:37 -0500

Earlier this year, the botnet Gumblar made a splash when it infected more than 2,300 Websites, including popular destinations such as Tennis.com, Variety, and Coldwellbanker.com. Now, security researchers say Gumblar is back in strength and is changing its tactics.

Scammers Up The �Rogueware� War

George Hulme — Sat, 17 Oct 2009 16:44:03 -0500

Attackers have been known to encrypt user files (such as happened with Gpcode), and then demand payment for the decryption key, for some time. These so-called rogueware, including scareware, attacks have been underway for some time. Now scammers have upped their attack tactics.

RAND: U.S. Should Not Prioritize Cyberwarfare

George Hulme — Tue, 13 Oct 2009 22:17:10 -0500

The think tank RAND came out with an Air Force funded paper that concludes spending money on operational cyberwarfare is a waste of budget. I agree.

InformationWeek's RSS Feed is brought to you by

Tue, 13 Oct 2009 22:17:10 -0500

Healthcare Reform Bill Means HIPAA Changes, Too

Marianne Kolbasuk McGee — Tue, 13 Oct 2009 16:59:25 -0500

The healthcare reform bill that passed a key Senate committee today contains several health IT related provisions. Among them are new rules regarding HIPAA, including a proposals allowing the periodic update of HIPAA standards, and fines to health plans that don't comply to HIPAA "operating rules" by April 2014.

October's Scary Patch Tuesday

George Hulme — Fri, 09 Oct 2009 13:14:27 -0500

Next Tuesday Microsoft plans to release 13 separate security bulletins that will cover more than 30 individual patches. More than half of the bulletins are ranked as "critical."

Amazon Web Services DDoS Attack And The Cloud

George Hulme — Wed, 07 Oct 2009 11:27:13 -0500

A suspected denial-of-service attack aimed at Amazon Web Services (AWS) this past weekend shut down a code hosting service for nearly 24 hours. I don't see this as a security issue specific to cloud computing, rather just another disruption to availability like all of the others.

U.S. Government Set To Clamp Down on P2P Networks

George Hulme — Tue, 06 Oct 2009 12:37:38 -0500

You've probably heard the horror stories around private and confidential files being exposed via peer-to-peer network sharing. Federal lawmakers are now stepping up their efforts to keep sensitive data from inadvertently leaking to the public.