Internet Security and Programming

Apple’s iPhone runs a miniature version of OS X, the operating system that powers Mac computers. So it’s fitting that Apple designed the iPhone to check for security updates whenever users fire up iTunes with their iPhone attached. But it might surprise iPhone users to learn that the latest security update available for the iPhone dates back to February, and that a number of serious security vulnerabilities that Apple long ago patched in OS X remain unaddressed in the most recent version of the iPhone. In seeking confirmation of this, I spoke recently with Charlie Miller, one of the foremost OS X and iPhone security researchers. Miller confirmed that the iPhone updater tells users that if they have version 1.1.4 installed then they are running the most current version. The problem is that this update does not include fixes for a slew of security holes in the Safari Web […]

Read more…

A data breach at a California company that administers benefit plans to businesses across the country involved personal information on all Google employees hired prior to Dec. 31, 2005, the search engine giant said. Google’s disclosure came in a letter (PDF) to the New Hampshire Attorney General, which revealed that Google was a victim of a break-in at Colt Express Outsourcing Services Inc.. Last month, Colt warned that the theft of computer equipment from its offices resulted in the loss of the names, birth dates and Social Security numbers of 6,500 CNET Networks employees. Google said that same information from its employees also was included on the missing equipment. The letter notes that while “the break-in did not occur on Google property, and did not involve any computers, facilities or data associated with Google products,” the company has nonetheless engaged Kroll Inc. — a New York-based risk consulting firm […]

Read more…

Apple on Monday issued software updates to plug more than two dozen security holes in its OS X operating systems and various software applications. The company also issued a patch to fix a security vulnerability in Safari for the Mac (this issue was already addressed in a previous update for Windows XP and Vista versions of Safari). The updates are available through Apple Software Update or directly from Apple Downloads. Apple does not apppear to have fixed the rather serious vulnerability in its Apple Remote Desktop program, which allows any program to run on a Mac user’s machine without first prompting the user to enter his or her user name and password. Given that a team of hackers has now released a Trojan toolkit that can be used to seamlessly piggyback malicious software onto any downloadable application, I half expected Apple to fix that vulnerability, as the fix itself […]

Read more…

A comprehensive new study of online surfing habits released today found that only 60 percent of the planet’s Internet users surf the Web with the latest, most-secure versions of their preferred Web browsers. The study (PDF), conducted by researchers from Google, IBM and the Communication Systems Group in Switzerland, relied on data from server logs provided by Google for search requests between Jan. 2007 and June 2008. The researchers found that of the 1.4 billion Internet users worldwide at the end of March 2008, 576 million surfed with outdated versions of Web browsers. The researchers also concluded that as a group, Mozilla Firefox users were the most likely to be using the latest, most secure and stable version of the browser: 83.3 percent of Firefox users were found to have the latest version installed at any given time. That’s notably more than Web surfers using the latest versions of […]

Read more…

Businesses, governments and universities reported a record number of data breaches in the first half of this year, a 69 percent increase over the same period in 2007 driven by a spike in data thefts attributed to employees and contractors, according to an analysis by identity theft experts. The San Diego-based Identity Theft Resource Center tracked 342 data breach reports from Jan. 1 to June 27. Nearly 37 percent of reports came from businesses — an increase from almost 29 percent last year. Data breach reports from health care providers (14.9 percent of the total) and banks (10 percent) continued to rise, while the share of breaches from educational institutions (21.3 percent of the total) government entities and the military (17 percent) declined for the third year in a row, the ITRC found. Hacking was the least-cited cause of data breaches in the first six months of 2008 (11.7 […]

Read more…