KMIP: Controversy brewing between security standards bodies

Last week, TG Daily wrote an article about a new KMIP security protocol wherein companies like Brocade, EMC, HP, IBM, LSI, Seagate and Thales had unveiled Key Management Interoperability Protocol (KMIP) which aimed to simplify the process of encrypting data and storing keys. Today, some controversy has broken out over KMIP.

UPDATED: Facebook changes policy, now owns rights to your content forever

February 4th brought a change in the Terms of Use (ToU) at Facebook. The majority of users didn't even notice. I know I wasn't notified, so I had no idea -- that was until the blogs began buzzing and users became outraged. Facebook's Terms of Use has quickly become the meme of the moment.

Apple patches RSS feed vulnerability in Windows Safari

As part of Apple's first OS X security update in 2009, the company has posted an updated version of Windows Safari to address the same vulnerability found in both Mac and Windows version of the browser. The issue, reported by three developers, could allow a hacker to execute arbitrary code through maliciously crafted URLs associated with RSS feeds. Users are encouraged to update their Windows Safari quickly.

Android: Browser so vulnerable users urged not to use it

At the Schmoocon hacker conference in Washington D.C., Charlie Miller, security researcher presented a new vulnerability in Google's mobile OS Android, which lets hackers take control of the phone's web browser and other processes from a remote location. Once an individual's phone has been compromised the hackers are capable of gaining access to saved credentials stored in the browser and the browsers history.

KMIP: New security encryption protocol created

A new encryption protocol specification developed by Brocade, EMC, HP, IBM, LSI, Seagate and Thales has been unveiled this week. Dubbed Key Management Interoperability Protocol, or KMIP, the specification aims to simplify the process of encrypting important data, as well as maintaining keys.

Reward: $250,000 bounty for Conficker creator

Microsoft said it has organized a global response to the Conficker (Downadup) worm to disable domains targeted by Conficker. For the fifth time, Microsoft announced a $250,000 bounty to find the source of the worm – a strategy that's worked four times already, and most recently led to the conviction of the author of the Sasser worm back in 2005.

Apple fixes OS X exploits, and some in Java

Apple has kicked off 2009 with the first security update that patches critical vulnerabilities in desktop and server versions of both OS X Leopard and Tiger for Intel- and PowerPC-based Macs, including the latest Java updates which improve overall stability and fix security-related issues. The security update also patches a serious Safari RSS vulnerability discovered last month that could allow malicious users to execute arbitrary Javascript code. Apple recommends all users apply the update.

Phishing scam asks MobileMe users for their credit card info

Apple's MobileMe, a paid suite of cloud services that, among other things, syncs information between desktop and mobile devices, has become the target of an elaborate phishing scam that aims to dupe users into revealing their credit card information. As is usual in this type of scams, the email communication painstakingly recreates the design of official Apple communication and leads to an equally elaborate online destination which appears as the bona fide MobileMe service page. 

Claim: Google Latitude is dangerous, a tool for the sinister

Only about 48 hours have passed since Google launched Google Latitude, a feature designed for Google Maps on mobile devices which allows users to find and track their family and friends via a laptop, smartphone, or desktop computer. Since then a privacy group has spoken out with great criticism of the application, claiming it's dangerous, and could leave users vulnerable.

IBM X-Force report: Corporations are own worst security threat

 Today, IBM announced the results of its 2008 X-Force Trend and Risk report, which found corporations put their own customers at risk for "cybercriminal activities" by failing to properly defend their servers against identified exploits.

Georgetown bans use of Windows 7 Beta on school's computers

 Georgetown University has forbidden its students and faculty from utilizing the beta version of Microsoft's new Windows 7 operating system on school computers.

Google search inoperable, reporting unfounded errors

 TG Daily observed additional problems with Google's servers today. Whereas Google News was affected yesterday, today it is the main Google search engine at www.google.com. Users searching for anything will find that all returned pages include a warning that the site may harm their computer. This effectively blocks the URL link from being a click operation, and now requires manual intervention to visit the site.

Mostly harmless Obama worm surfaces

 A new computer worm which bears the likeness of new American president Barack Obama has reportedly been discovered. It doesn't look to be a serious threat, though, said a distributor of AVG Internet Security Products, but it still shows how vulnerable computers can be.

Windows 7 beta UAC completely vulnerable to malware

 An almost unbelievable flaw in Windows 7 beta and Microsoft's User Account Control (UAC) feature - the one designed to keep all of the annoying messages seen in Vista away from its users - allows its protection to be defeated by any malware which happens to infect the system. The malware needs only to send a series of false keystrokes from a Visual Basic script to activate the UAC dialog, move the slider bar to the disable position, and then save the changes. After that, the program can access protected functions or even reboot the system, thereby gaining full total system access on restart.

Google: Spam on rise again after bust in November

 Today, Google's Enterprise blog posted an article which shows that spam is once again on the rise, up 156% since November following a massive sting which reduced spam email significantly. While no scales are specifically given, graphs indicate spam levels fell to roughly half of what they were prior to the November sting operation, but have once again risen to levels comparable with the lowest months seen in 2008 (August/September). And in 2009, the trend is still rising.

Monster.com hacked: User ids, names, passwords and more compromised

 Monster.com, the employment seeker and recruiter site, reported last Thursday that its databases were hacked by outsiders who stole "Monster user IDs and passwords, email addresses, names, phone numbers, and some basic demographic data." No social security or financial data was compromised.

Google setting could make your documents a public affair

 If you're among the many individuals that utilize Google Docs, you might need to go and check the permissions settings of shared documents immediately. Certain settings allow public access to what could be your sensitive data.

US-CERT: Microsoft issued faulty fix for Downadup virus

 The United States Computer Emergency Readiness Team issued a warning on Tuesday, and updated it yesterday, regarding the Downadup worm that has infected over 10 million computers so far. They said Microsoft's original proposed fix does not address all versions of the Windows operating system.

Fast spreading Windows virus already compromised 9 million computers

Panel concludes technology alone can't protect kids, parents needed