Articles in Application Security
The firestorm over firewalls
I love offering opinions that generate comment after comment about how dumb I am, as my post “Why you don’t need a firewall” has achieved. Little do these detractors know that my family and classmates said much meaner things as I was growing up, so it’s like water sliding off a duck’s back. I appreciate most of the comments — because many were valid.
Some commenters, …
A tale of two Facebooks
I love Facebook. I also hate it. And sometimes I’m indifferent, but not often.
As the big IPO day looms closer, lots of folks are taking a second look at this thing that started out as kind of a goofy diversion for college kids and has grown into the beast with 900 million heads.
View full post on Security – Infoworld
Why you don’t need a firewall
Firewalls need to go away. I’m just saying what we all already know. Firewalls have always been problematic, and today there is almost no reason to have one.
Computer firewalls have been with us since the 1980s. Even early on it was pretty clear that they didn’t really work; if they did, we would have defeated malicious hackers and malware a long time ago. But at …
Why you don’t need a firewall
Firewalls need to go away. I’m just saying what we all already know. Firewalls have always been problematic, and today there is almost no reason to have one.
Computer firewalls have been with us since the 1980s. Even early on it was pretty clear that they didn’t really work; if they did, we would have defeated malicious hackers and malware a long time ago. But at …
Apple is asking Kaspersky for security advice
Apple, whose Mac OS was once known for its rock-solid security, is seeking outside help to root out vulnerabilities.
Kaspersky CTO Nikolai Grebennikov told U.K. publication Computing that Apple has invited the security vendor to help improve Mac OS security.
View full post on Security – Infoworld
Facebook proposes more changes to privacy policy
Facebook says it intends to make further changes to its privacy policy in order to respond to an audit by the Irish government, but privacy advocates saw the move as an inadequate attempt to quell privacy concerns prior to Facebook’s planned initial public offering.
View full post on Security – Infoworld
Companies slow to react to mobile security threat
Nearly nine in 10 executives and employees are using their personal smartphones or tablets for business and about half are doing so without the permission of their companies, a new study shows.
Making the situation even more precarious, less than half of the more than 4,000 mobile device users surveyed by Juniper Networks in the U.S., U.K., Germany, China and Japan took even the most basic …
Why voting machines still suck
Government is up to its neck in tech. From IRS computers calculating taxes to computerized parking meter systems all the way to modern weapons systems, government at every level is utterly tangled up in computing.
View full post on Security – Infoworld
Adobe backpedals, will now patch recent Creative Suite versions for free
After being pummeled by customers and security experts for telling users to spend hundreds of dollars on upgrades because it wasn’t going to patch critical bugs in older versions of its software, Adobe has reversed course.
The company will now fix the eight vulnerabilities in the one-year-old Illustrator and Flash Professional CS5.5, and the two-year-old Photoshop CS5, an Adobe spokeswoman said via email late Friday.
View full …
Facebook file-sharing could be security, piracy nightmare
Facebook has started to roll out a new file-sharing capability — and Dropbox shouldn’t be the only worried party. The addition of a low-security file-sharing tool to the world’s most popular social networking site could open a world of security pain on businesses and home users alike.
View full post on Security – Infoworld
APT attackers are increasingly using booby-trapped RTF documents
Booby-trapped RTF documents are one of the most common types of malicious Microsoft Office files that are used to infect computers with advanced persistent threats (APTs), according to security researchers from Trend Micro.
“Taking data from exploit documents gathered last April, we can see that the most exploited MS Office software is MS Word,” said Trend Micro senior threat researcher Ryan Flores, in a blog post …
Cloud Security Alliance pushes for open security certifications
If the cloud is to become a viable platform for the enterprise, security is critical.
View full post on Security – Infoworld
Twitter breached, 50,000 accounts posted to Internet
Twitter is investigating an apparent data breach that resulted in more than 50,000 user names and passwords being posted to the Internet. The data was posted across five pages (one, two, three, four, five) on Pastebin, a favorite site for hackers to post their ill-gotten gains.
View full post on Security – Infoworld
PHP patches critical CGI vulnerability
The PHP Group released PHP 5.4.3 and PHP 5.3.13 on Tuesday to address two remote code execution vulnerabilities, one of which is being actively exploited by hackers.
“The releases complete a fix for a vulnerability in CGI-based setups (CVE-2012-2311),” the PHP developers said in the release notes. Additionally, PHP 5.4.3 fixes a buffer overflow vulnerability, identified as CVE-2012-2329, in the apache_request_headers() function.
View full post on Security …
BlackBerry 10 OS will have multilayer security model
RIM’s upcoming BlackBerry 10 operating system is intended to be as secure, if not more so, than the OS running on RIM’s current crop of BlackBerry devices. Mobile security could become a major selling point for the new platform, for enterprises, carriers, and users alike.
View full post on Security – Infoworld
BlackBerry 10 OS will have multilayer security model
RIM’s upcoming BlackBerry 10 operating system is intended to be as secure, if not more so, than the OS running on RIM’s current crop of BlackBerry devices. Mobile security could become a major selling point for the new platform, for enterprises, carriers, and users alike.
View full post on Security – Infoworld
Security error in OS X 10.7.3 exposes passwords for legacy FileVault users
A security error in OS X 10.7.3 exposes passwords on systems with support for the pre-Lion FileVault home-directory encryption feature. This security flaw, apparently created when Apple left debugging code in the 10.7.3 update, is only triggered with Lion systems in which legacy support for the original FileVault is retained and when logging in with such an account.
View full post on Security – Infoworld
Avaya revs Identity Engines for more secure BYOD
Network and security vendors such as Cisco, Juniper, and Enterasys are lining up at Interop this week with products aimed at easing security admins’
Why you can’t dump Java (even though you want to)
Java’s direct responsibility in the recent Mac Flashback Trojan attacks have many calling for Java’s retirement, including InfoWorld’s own Woody Leonhard.
View full post on Security – Infoworld
BYOD will revive network-access control idea, Gartner predicts
Is the BYOD craze going to bring a revival of NAC, the policy-based network-access control that was hyped a decade ago but didn’t end up widely adopted for endpoint security?
View full post on Security – Infoworld
PHP working on new patch for critical vulnerability after initial one failed
The PHP Group plans to release new versions of the PHP processor on Tuesday in order to patch two publicly known critical remote code execution vulnerabilities, one of which was improperly addressed in a May 3 update.
One of the vulnerabilities is known as CVE-2012-1823 and is located in php-cgi, a component that allows PHP to run in a Common Gateway Interface (CGI) configuration. It was …
How to fight back against privacy pirates
Have you Googled yourself lately? Is the information about you accurate or full of inconsistencies, both of which can be devastating?
Accurate information that you’d rather be kept private can be used by stalkers to find where you are and by cyber criminals to steal your identity and empty out your bank account. While incorrect data that casts you in a bad light can cost you …
Hacker group The Unknowns claims high ground in exposing security holes
A group of hackers called The Unknowns claims to have hacked the systems of 10 prominent organizations worldwide, including NASA and U.S.
View full post on Security – Infoworld
IBM: Security execs move more toward active risk management
Security issues are exerting a ton of pressure and monetary concerns on the executives in charge of keeping corporate networks and assets safe.
View full post on Security – Infoworld
10 commandments for effective security training
Information security people think that simply making users aware of security issues will make them change their behavior. But security pros are learning the hard way that awareness rarely equals change.
View full post on Security – Infoworld
Microsoft IDs Chinese partner as source of leaked Windows exploit
Microsoft on Thursday identified a Chinese security partner as the source of a leak last March in its highly restricted vulnerability information-sharing program.
The company, Hangzhou DPTech Technologies, was tossed out of the Microsoft Active Protection Program (MAPP) for leaking the proof-of-concept exploit.
View full post on Security – Infoworld
