Microsoft today released security updates to fix at least three vulnerabilities in its Windows operating systems, including one labeled “critical,” the company’s most serious rating. However, none of the patches address five zero-day flaws that can be used to attack… Read More »
Google has added a new security and anti-spam feature to its search engine that promises to increase the number of Web page results that are flagged as potentially having been compromised by hackers.
A new online resource aims to make it easier to gauge the relative security risk of using different types of popular software, such as Web browsers and media players.
Adobe has at long last released Reader X, a fortified version of its PDF Reader software that is built to withstand attacks from the sort of zero-day security vulnerabilities that repeatedly have threatened its user base over the past several years.
Last month, I published evidence suggesting that future development of the ZeuS banking Trojan was being merged with that of the up-and-coming SpyEye Trojan. Since then, a flood of new research and resources has been published about SpyEye, including a new site that helps network owners track the location of SpyEye control networks worldwide.
“Firesheep,” a new add-on for Firefox that makes it easier to hijack e-mail and social networking accounts of others who are on the same wired or wireless network, has been getting some rather breathless coverage by the news media, some… Read More »
Comcast, the nation’s largest residential Internet service provider, announced last week that it is expanding an initiative to contact customers whose PCs appear to be infected with a malicious bot program.
The Philadelphia-based cable Internet company is expanding nationwide a pilot program that began in Denver last year, which automatically informs affected customers with an e-mail urging them to visit the company’s security page. The system also sends the customer’s browser a so-called “service notice,” a semi-transparent banner that overlays a portion of whatever page is being displayed in the user’s Web browser.
Google said today that it will begin offering users greater security protections for signing in to Gmail and other Google Apps offerings. This “two-step verification” process — which requires participating users to input a user ID, password and six-digit code sent to their mobile phones — effectively means Google will be offering more secure authentication than many U.S. financial institutions currently provide for their online banking customers.
Security vulnerability research firm Secunia has released a public beta of its Personal Software Inspector tool, a program designed to help Microsoft Windows users keep their heads above water with the torrent of security updates for third-party applications. The new beta version includes the promised auto-update feature that can automatically apply the latest patches for a growing number of widely-used programs.
Microsoft Windows users seeking more certainty about the security and integrity of downloaded files should take a look at a free new offering from Internet security research firm Team Cymru (pronounced kum-ree) that provides a solid backup to anti-virus scans.
The tool is actually an extension of an anti-malware service that Team Cymru has offered for several years, known as the “Malware Hash Registry.” The MHR is a large repository of the unique fingerprints or “hashes” that correspond to millions of files that have been identified as malicious by dozens of anti-virus firms and other security experts over the years. The MHR has been a valuable tool for malware analysts, but until now its traditional command-line interface has placed it just outside the reach of most average computers users.
