Jun 30
Monday, June 30th, 2008
Businesses, governments and universities reported a record number of data breaches in the first half of this year, a 69 percent increase over the same period in 2007 driven by a spike in data thefts attributed to employees and contractors, according to an analysis by identity theft experts. The San Diego-based Identity Theft Resource Center tracked 342 data breach reports from Jan. 1 to June 27. Nearly 37 percent of reports came from businesses — an increase from almost 29 percent last year. Data breach reports from health care providers (14.9 percent of the total) and banks (10 percent) continued to rise, while the share of breaches from educational institutions (21.3 percent of the total) government entities and the military (17 percent) declined for the third year in a row, the ITRC found. Hacking was the least-cited cause of data breaches in the first six months of 2008 (11.7 […]
Read more…
Posted in News, Security | No Comments »
Jun 30
Monday, June 30th, 2008
Passwords are so passé
A group of software and online payment companies are teaming up to find a better way than passwords to protect, and prove, your identity online.…
Read more…
Posted in News, Security | No Comments »
Jun 28
Saturday, June 28th, 2008
Security Fix has often lamented the lack of decent point-and-click software tools to help Microsoft Internet Explorer Web browser users kill insecure “ActiveX controls,” plug-ins for IE that have traditionally been among the biggest avenues of attack from spyware and adware. That’s why I’m pleased to call attention to a free new tool called “AxBan,” which helps neuter insecure ActiveX plug-ins installed by some of the most widely used third-party software applications. ActiveX is a Microsoft creation woven into both IE and the Windows operating system. It was designed to allow Web sites to develop interactive, multimedia-rich pages. However, such powerful features rarely ever come without security trade-offs. Poorly designed ActiveX controls can be an extremely potent weapon for cyber crooks, since most ActiveX controls distributed with third party software are marked “safe for scripting.” This means that they will run when invoked and without requiring the user’s permission. As
Read more…
Posted in News | No Comments »
Jun 27
Friday, June 27th, 2008
Over the past six months, millions of Web pages have been hacked and seeded with malicious software, and in a great many cases the sites were hacked because their curators failed to put in place even basic database security measures. In most of these compromises, the hackers broke in using an attack called SQL injection. Rather than attacking specific software security vulnerabilities, SQL injection attacks target configuration weaknesses in the database layer of the site’s Web application, be it ASP, CGI, or PHP. While most SQL attacks are automated with the help of scanning tools, SQL attacks can be carried out using nothing more than a Web browser. An injection vulnerability most commonly exists when a site accepts input from a visitor — such as through a search or login box — but fails to filter out potentially harmful instructions, non-standard characters or computer code. Successful SQL attacks can […]
Read more…
Posted in News, Spam | No Comments »
Jun 26
Thursday, June 26th, 2008
Adobe has issued a security update for its Adobe Acrobat and free Adobe Reader applications. The patch plugs a critical flaw that Adobe said attackers could leverage to take control of a vulnerable system. The latest update, available here for both Microsoft Windows and Mac OS X systems, applies to the most recent versions of Acrobat and Reader (v. 8.1.2). It also plugs the vulnerability in the following Adobe products: -Adobe Reader 7.0.9 and earlier -Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2 -Adobe Acrobat Professional, 3D and Standard 7.0.9 and earlier If you have any of these products installed, take a moment now to update them. As the SANS Internet Storm Center rightly notes, malicious software writers have traditionally been quick to incorporate critical Adobe vulnerabilities into their creations, so it’s probably best not to let any grass grow under your feet on this one.
Read more…
Posted in News, Security, Virus, Spam, Spyware | 1 Comment »
