In partnership with indie security consultant Rich Mogull (left) Mozilla has launched a valuable Security Metrics Project that could help to -- we can only hope -- put an end to the silly notion that patch-counting helps to determine a product's security posture.The idea is to develop a metrics model that goes beyond simple bug counts to accurately reflect the effectiveness of secure development efforts and the relative risk to users over time.
Staying on top of the latest in software/hardware security research, vulnerabilities, threats and computer attacks.
Violet Blue is the author of The Smart Girl's Guide to Privacy. She contributes to ZDNet, CNET, CBS News, and SF Appeal.
Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years
It's getaway day and as we prepare to hit the road, trudge through airport security and snag that car rental, spare a thought for the valuable data that travels with you on that trusty old laptop.According to a recent study by the Ponemon Institute, more than 637,000 notebooks vanish each year in mid-to-large airports.
NoScript plugin writer Giorgio Maone posted a commentary on IE 8's new filters, drawing comparisons to his own widely popular NoScript Firefox plugin. Maone writes:I’m happy to learn that IE8 is going to implement a less ambitious version of a feature which NoScript users have enjoyed for more than one year now.
Breaking Gmail, Yahoo and Hotmail's CAPTCHAs, has been an urban legend for over two years now, with do-it-yourself CAPTCHA breaking services, and proprietary underground tools assisting spammers, phishers and malware authors into registering hundreds of thousands of bogus accounts for spamming and fraudulent purposes.
Jouko Pynnonen posted a message to the Full-Disclosure mailing list today, citing multiple "script injection" vulnerabilities within Facebook. I'm not sure if this is a surprise to anybody out there, it's certainly not to me, as numerous web applications have major problems with Cross-site Scripting vulnerabilities, but I think this is important to note due to the widespread use of Facebook.
Kaspersky's most recent product launch of the Kaspersky Internet Security 2009, is featuring a virtual keyboard "a secure pop-up that enables logins, passwords, bank card details and other important personal information to be entered safely to prevent the theft of confidential information" aiming to protect users from keyloggers, and consequently provide a safer Ebanking experience.
The firewall is one of the few security tools that has been proven to be very effective at improving a company's security posture. However, staying on top of policies -- and responding to change requests -- while trying to manage multiple firewalls from different vendors can be a never-ending nightmare for IT admins.
A recently accepted legislation in Lithuania banning communist symbols across Lithuania, has prompted Pro-Russian hackers to start defacing Lithuanian sites, an indication of the upcoming attack was detected last week with active discussions around Russian forums greatly reminding us of the Russia vs Estonia cyberattack sparkled due to the removal of a Red Army memorial from the capital Tallinn.
Guest Editorial by Tiller BeauchampEarlier this month I had the opportunity to present RE:Trace at the Recon conference, a reverse engineering conference held every other year in Montreal, Canada. The conference consisted of three days of training and three days of talks in a single track.
Mozilla has shipped a high-priority update for Firefox 2, warning that there are at least five serious vulnerabilities that could lead to code execution attacks.With Firefox 2.