'Mebroot' proves to be a tough rootkit to crack

A rootkit uncovered in the wild in December is proving to be a real headache to detect, according to Finnish security company F-Secure. ...continue reading ''Mebroot' proves to be a tough rootkit to crack'

Windows hacked in seconds via Firewire

A New Zealand security researcher has published a software tool allowing attackers to quickly gain access to Windows systems via a Firewire port. ...continue reading 'Windows hacked in seconds via Firewire'

Mac attack: Vendors mull security software for OS X

Russian security vendor Kaspersky Lab has a prototype version of its virus protection software waiting in the wings in case Apple Mac OS X suddenly becomes a target of choice for hackers. ...continue reading 'Mac attack: Vendors mull security software for OS X'

Hackers ramp up Facebook, MySpace attacks

Hackers are actively exploiting an Internet Explorer plug-in that's widely used by Facebook Inc. and MySpace.com members with a multi-attack kit, a security company warned Friday. ...continue reading 'Hackers ramp up Facebook, MySpace attacks'

Hard drive encryption has Achilles heel

If you think that encrypting your laptop's hard drive will keep your data safe from prying eyes, you may want to think again, according to researchers at Princeton University. ...continue reading 'Hard drive encryption has Achilles heel'

Attack code posted for Microsoft Works bug

Just one day after Microsoft issued a massive set of security patches for its software, hackers have begun posting code showing how to exploit one of the flaws. ...continue reading 'Attack code posted for Microsoft Works bug'

Valentine's Day-themed Storm worm attacks

A Valentine's themed outbreak of the Storm worm has been detected. Malicious emails are being received across the globe - they contain a weblink, which directs users to a website where they can supposedly download a Valentine's card, but in fact are infected with the Storm bug. The virus mirrors the fake Christmas and New Year messages seen in previous months. ...continue reading 'Valentine's Day-themed Storm worm attacks'

Encryption could make you more vulnerable, warn experts

The use of data encryption could make organizations vulnerable to new risks and threats, a panel of security experts warned Monday. ...continue reading 'Encryption could make you more vulnerable, warn experts'

Facebook privacy chief: Data portability dangers overlooked

The launch of Facebook's Beacon advertising system in November put the social networking site in the middle of a controversy over privacy, as Beacon was criticized for being too aggressive and stealthy in collecting and broadcasting information about users' activities online. For that reason, few people would probably envy the job of Chris Kelly, Facebook's chief privacy officer and the person most responsible for explaining the site's policies to the public. In this interview, Kelly answers questions about Beacon and other hot topics, including the company's efforts to protect minors from sexual predators, and data portability. ...continue reading 'Facebook privacy chief: Data portability dangers overlooked'

Attacks aimed at Adobe Reader, Acrobat flaws intensify

The flaws disclosed last week in Adobe System's Reader and Acrobat programs have been used to exploit computers since at least January via malicious banner advertisements, security analysts are reporting. ...continue reading 'Attacks aimed at Adobe Reader, Acrobat flaws intensify'

Mozilla patches three critical Firefox flaws

Mozilla issued 10 patches on Friday for its Firefox browser, including three for critical vulnerabilities. The latest version of Firefox is now 2.0.0.12. ...continue reading 'Mozilla patches three critical Firefox flaws'

Antivirus company's Web site serves up malware

The Web site for Indian antivirus vendor AvSoft Technologies has been hacked and is being used to install malicious software on visitors' computers, security researchers said Thursday. ...continue reading 'Antivirus company's Web site serves up malware'

Microsoft preps 7 critical security updates

After kicking off 2008 with just two security updates in January, Microsoft plans to release one of its largest bundles of patches ever next Tuesday. ...continue reading 'Microsoft preps 7 critical security updates'

Apple fixes critical QuickTime bug

Apple has released a security fix for its QuickTime media player software, fixing a critical bug that had been worrying security experts for nearly a month. ...continue reading 'Apple fixes critical QuickTime bug'

Adobe fixes undisclosed vulnerabilities in Reader

Adobe released on Wednesday an update that fixes vulnerabilities in its widely used Reader document viewing program. ...continue reading 'Adobe fixes undisclosed vulnerabilities in Reader'

IT pros, remote workers fess up to security lapses

Two separate security surveys this week on network access control reach similar conclusions: Employees have immoderate access rights, and management should face up to the challenge of reining in out-of-control access without sacrificing productivity gains. ...continue reading 'IT pros, remote workers fess up to security lapses'

Adobe fixes undisclosed vulnerabilities in Reader

Adobe released on Wednesday an update that fixes vulnerabilities in its widely used Reader document viewing program. ...continue reading 'Adobe fixes undisclosed vulnerabilities in Reader'

One year after Mac hack contest, Linux & Vista may be tested

One year after launching a controversial Macintosh hacking contest, the promoters of the CanSecWest security research conference are thinking about giving hackers another shot at cracking the Mac. Only this time, they're looking to broaden the field. ...continue reading 'One year after Mac hack contest, Linux & Vista may be tested'

Skype plugs critical cross-zone scripting hole

Skype Ltd. Tuesday patched a critical vulnerability that forced it to dump several features from its VoIP and chat software to prevent attackers from hijacking Windows PCs. ...continue reading 'Skype plugs critical cross-zone scripting hole'

Software sucks on purpose

James Gaskin, ITworld

The sad state of software - full security holes and bugs, yet thrown into the market anyway, where consumers are expected to pay for upgrades that should by right be considered patches is well known. One solution is something that might be unpopular in traditionally libertarian tech circles: Stronger consumer protection laws for software. ...continue reading 'Software sucks on purpose'