Today, IBM announced the results of its 2008 X-Force Trend and Risk report, which found corporations put their own customers at risk for "cybercriminal activities" by failing to properly defend their servers against identified exploits.
Georgetown University has forbidden its students and faculty from utilizing the beta version of Microsoft's new Windows 7 operating system on school computers.
TG Daily observed additional problems with Google's servers today. Whereas Google News was affected yesterday, today it is the main Google search engine at www.google.com. Users searching for anything will find that all returned pages include a warning that the site may harm their computer. This effectively blocks the URL link from being a click operation, and now requires manual intervention to visit the site.
A new computer worm which bears the likeness of new American president Barack Obama has reportedly been discovered. It doesn't look to be a serious threat, though, said a distributor of AVG Internet Security Products, but it still shows how vulnerable computers can be.
An almost unbelievable flaw in Windows 7 beta and Microsoft's User Account Control (UAC) feature - the one designed to keep all of the annoying messages seen in Vista away from its users - allows its protection to be defeated by any malware which happens to infect the system. The malware needs only to send a series of false keystrokes from a Visual Basic script to activate the UAC dialog, move the slider bar to the disable position, and then save the changes. After that, the program can access protected functions or even reboot the system, thereby gaining full total system access on restart.
Today, Google's Enterprise blog posted an article which shows that spam is once again on the rise, up 156% since November following a massive sting which reduced spam email significantly. While no scales are specifically given, graphs indicate spam levels fell to roughly half of what they were prior to the November sting operation, but have once again risen to levels comparable with the lowest months seen in 2008 (August/September). And in 2009, the trend is still rising.
Monster.com, the employment seeker and recruiter site, reported last Thursday that its databases were hacked by outsiders who stole "Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data." No social security or financial data was compromised.
If you're among the many individuals that utilize Google Docs, you might need to go and check the permissions settings of shared documents immediately. Certain settings allow public access to what could be your sensitive data.
The United States Computer Emergency Readiness Team issued a warning on Tuesday, and updated it yesterday, regarding the Downadup worm that has infected over 10 million computers so far. They said Microsoft's original proposed fix does not address all versions of the Windows operating system.
A tool that has recently been utilized by terrorists is one that many feel needs to be eliminated. Among individuals who feel the need to shut down free and open Wi-Fi are the Mumbai police. The Times of India reported today that "several police teams, armed with laptops and Internet-enabled mobile phones, will randomly visit homes to detect unprotected networks."
Consumers fleeing from their homes in the wake of flooding waters may not think to grab external hard drives containing important data. The need falls then to have a consumer product which could withstand, at least for a period of time, exposure to extreme elements. That's the idea behind the new ioSafe Solo, which starts around $150.
A company called Lok8u (Locate You) has created a GPS Child Locator device called num8 (new mate) which attaches securely to a child's wrist. It contains an embedded GPS and cellular transeiver which broadcasts the child's location so long as it is on the child's wrist. If taken off, it immediately texts an emergency message to the programmed mobile phone showing the location via Google Maps.
Yesterday, the FBI announced it considers cyber attacks to be the third greatest threat to the security of the United States. The only two preceding it are nuclear war and weapons of mass destruction (WMD).
Netcraft provided more details on a critical digital certificate
vulnerability revealed last week. Although Microsoft downplayed the
problem by stating that the successful exploit was not published,
Netcraft found that 14% of SSL certificates use the vulnerable MD5
hashing algorithm. That number may provide a large enough target for
attackers to invest time into cracking MD5, while certificate
authorities will have a choice of using MD5 and hope that it will not
be cracked or transitioning to a stronger encryption technology such as
One of the cornerstones of Internet security may not be as solid as
generally believed: A team of researchers said they successfully
created a rogue certification authority (CA) to create digital
certificates that are accepted by all major web browser – and not just
those that are running on PCs. The discovery could prompt a new wave of
phishing attacks and the adoption of more secure cryptographic
standards on the Internet.
Today, Microsoft acknowledged that its business class SQL Server database software is vulnerable to the kinds of attacks which inject code into malformed requests. Affected versions include SQL Server 2000, 2005, as well as Windows Internal Database. Not affected are SQL Server 7.0 SP4, 2005 SP3 and 2008, which are immune to the flaw.
Yesterday, Microsoft made good on the quick patch promise they had made earlier in the day. It repairs a critical bug affecting Internet Explorer versions 5.01, 6, 7 and 8 Beta 2 which could allow remote code execution just by visiting an infected website.