security

Java SE6 is set to receive what is being called "significant security patches." The need for repair came after the US-CERT (United States Computer Emergency Readiness Team) warned that a number of vulnerabilities were in existence, allowing ... potential hackers to bypass authentication methods and execute arbitrary codes. One flaw exposes Java's audio system; if left unpatched, online deviants could be given access to a computer system without authorization. Another exploit provides root access to a vulnerable machine. Java Exploit Linked to ActiveX The most prominent flaw to be patched is ... (view more)

Though it's been out of the headlines for some time, the Conficker virus is alive and well. Researchers say it appears the virus has kept working despite little if any attention from its creators. According to Mikko Hypponen of F-Secure, one of the ... firms investigating the virus, there are still more than 5.5 million computers infected by Conficker, with Brazil, Vietnam and China particularly affected. That may be because computer owners there are less likely to be able to afford security software and more likely to be running pirated copies of Windows which are less likely to update Microsoft ... (view more)

With the release of Windows 7 just a few months away, security experts have begun touting the widespread positive impact Windows 7 will have on PC protection and the online community. Despite the occasional outbreak of critical security patches, ... Microsoft has been able to steadily improve its security image since launching the Trusted Computing initiative more than five years ago. (Source: eweek.com ) Win7 to Help Strengthen Security Purewire Principal Researcher Paul Royal touted three specific Windows 7 modifications that he believes will help thwart application vulnerabilities, rootkits ... (view more)

Security researchers have demonstrated how both Windows Mobile and iPhone handsets can be hacked simply be sending a text message. It's also emerged that a flaw in the way secure websites worked could cause problems for Firefox users. The news comes ... from the annual Black Hat security conference in Las Vegas, where it's joked that "black hat" hackers find these issues for criminal reasons, while "white hat" hackers are merely trying to improve security. However, it's generally understood that those who speak at the conference do so to highlight problems rather than exploit them. SMS from a SOB ... (view more)

Microsoft is releasing two emergency patches this morning outside of its usual Patch Tuesday rotation. The Redmond-based company has determined that fix addresses issues that require immediate attention. Microsoft usually releases a Patch Tuesday ... fix about once a month addressing security vulnerabilities marked "critical" or "important," the latter being regarded as slightly less concerning. However, it rarely releases a patch outside of the monthly rotation unless something is truly wrong. Emergency Fix Targets Visual Studio, IE At this point, the company hasn't fully disclosed the problem, ... (view more)

In computer security, a sandbox is a security mechanism for separating running programs. It is often used to execute untested code, or untrusted programs from unverified third-parties, suppliers and untrusted users. A sandbox in computing terms ... (also referred to as "sandboxing") provides a tightly-controlled set of resources for guest programs to run in, such as 'temporary' space on disk and memory. In such a scenario, network access and the ability to inspect the host system or read from input devices are disallowed or heavily restricted. In this sense, sandboxes are a specific example of ... (view more)

Microsoft has a reputation for rarely admitting or accepting defeat in any market. But the company is now waving the white flag of surrender after admitting that they can no longer keep up with hackers when discovering file format bugs in time to ... stop them from exploitation. That doesn't mean that Microsoft is prepared to let online deviants have their way with software vulnerabilities . Instead, the company has decided to take a " sandbox " approach to Office documents in the next version of the application suite. The Sandbox Technique The sandbox technique will be a new addition to Office ... (view more)

Adobe has vowed to fix a critical security hole in its Flash software within a week. But the Department of Homeland Security (DoHS) has taken the extremely unusual step of advising users to switch off the feature until the patch is available. The ... hole can be used for so-called 'drive by' attacks occurring when a user simply visits an infected website. However, the relevant code is also shared with Adobe's Acrobat software, meaning it can cause security problems through PDF documents which have Flash embedded in them for greater interactivity. That technique had already been criticized as a ... (view more)

When you can't get any states to participate in your flawed National ID scheme, what do you do? If you're the U.S. government, you change its name and try again. With the death of the REAL ID Act comes a replacement bill that poses many of the same ... threats, including what the Campaign for Liberty refers to as a federal grab for personal information. Now the act has been renamed and referred to as an enhanced or higher security driver's license. In reality, however, the only way to resolve the problem is to repeal it, not rename it. (Source: campaignforliberty.com ) After 9/11, the government ... (view more)

Google made quite the controversial statement recently after attempting to shed some light concerning their new Chrome operating system . Google has raised eyebrows after promising that their customers will no longer have to worry about viruses, ... malware and security updates. In a recent blog entry, Google announced that the company was prepared to "go back to the basics" and redesign the essential security foundations of the OS in such a way so that users would never again have to deal with viruses, malware and the need for constant updates. It didn't take long for a number of security ... (view more)