Security

Three French journalists have been booted from a major security conference amid claims they were able to hack the laptops being used by fellow reporters. It's particularly embarrassing for those reporters, many of whom write for Global Security Mag, ... an official sponsor of the Black Hat Las Vegas event. Only one of the hackers, Mark Brami, has spoken out; though he blamed colleague Mauro Israel for the 'attack', he said it was meant as a prank. The men involved reportedly told organisers they were attempting to raise the issue of privacy risks among people using public Internet connections. ... (view more)

A new technique has reportedly been developed by two security researchers that bypasses all of the memory protection safeguards in Windows Vista. The tactic is expected to have far-reaching implications for Microsoft the rest of the tech industry. ... Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov of VMWare Inc. will discuss the new methods they've found to get around Vista's Address Space Layout Randomizations (ASLR), Date Execution Prevention (DEP) and other functions built into Windows Vista by using Java, ActiveX controls and .NET objects to load arbitrary content into ... (view more)

A hacker who allegedly crept his way through Pentagon computer systems shortly after the 9/11 attacks recently had his appeal against extradition to the United States dismissed by the British House of Lords. Called the "world's most dangerous ... hacker" by U.S. authorities, Gary McKinnon could soon face trial stateside for his actions. Despite the setback, McKinnon maintains his innocence -- and that Europe offers a better place to prove it. "It might be naive of me, but perversely, I think I might have more chance in Europe than I do in my own country." McKinnon, who has pled his innocence ... (view more)

Businesses' internal networks are becoming increasingly less secure, a new study shows. A scan of 100,000 corporate PCs and servers found that every single organisation was facing some form of security threat. The industries studied included ... healthcare, insurance, finance and manufacturing, with Promises Inc warning that the risk might extend outside the networks and out into the public domain among customers and clients. Security firm Promises Inc carried out the study between January and June this year. The research found even the most secure networks had at least three threats: the two ... (view more)

Online banking makes life easier, at least for those of us comfortable with the idea of transacting money from the home or office. Like most people, I assume that my bank's website is an extremely secure site, rigorously monitored to protect my ... money. Along with many other people, I may have been wrong. A University of Michigan study released last week suggests that, of 214 financial institutions' websites, every one had design flaws and over three-quarters contained at least one flaw that could potentially put customers at risk. (Source: cnet.com ) One of the larger problems seems to be the ... (view more)

In yet another case where government appears to be above the law, the Electronic Frontier Foundation (EFF) has issued a report warning that your printer may be spying on you. Some color laser manufacturers are encoding each page with identifying ... information -- secret code that could be used to identify the printer and, potentially, the person who used it. Without your knowledge or consent, an act you assume is private could become public. What's worse is that there are no laws to prevent abuse. There's little to stop the Secret Service from using printer codes to secretly trace the origin of ... (view more)

Users of some firewall software, including the popular Zone Alarm, have found Microsoft's latest security update works a little too well: it effectively blocks their Internet access completely. The offending update fixes a pretty serious flaw in ... Windows which would have allowed hackers to redirect network traffic. However, it's proved incompatible with the entire ZoneAlarm series of software, leaving its users unable to access websites, instant messaging, email or any other Internet services. (Source: channelregister.co.uk ) ZoneAlarm has published three possible solutions. The first is to ... (view more)

Security experts are warning that a major Domain Name Service (DNS) hole could have catastrophic results for the web in the near future. DNS, which is responsible for converting readable names into IP addresses for individuals and major firms alike, ... is nothing less than the Internet's phonebook. Without it, imagine the Information Superhighway littered with the overturned, flaming vehicles of visitors. What's wrong? So that names indexed by DNS are not repeated with every network connection, systems store the results in a cache for a temporary period. If a hacker could slip false addresses ... (view more)

Microsoft recently released another whack of updates to its software, and many will want to take notice. Of the ten listed vulnerabilities within this June offering are three deemed "critical", another three considered "important" and one ... "moderate". The patch released Tuesday includes three major fixes, including: A vulnerability in Bluetooth Stack that could allow a hacker to make a remote code execution A Cumulative Security Update for Internet Explorer Like the Bluetooth issue, there's also a fix that patches holes in DirectX which could allow someone to make a remote code execution A ... (view more)

A security firm claims Hong Kong is home to the Internet's biggest security holes, with 19% of sites using the .hk domain posing a security risk. The country has rocketed up (or down, depending on your perspective) the charts, having been ranked ... just 28th-most-risky last year. Second place in this year's study, which looks at 74 domains, went to China, which was 12th last year. Other countries which performed poorly included Romania, Russia, and the Philippines. Finland was ranked the safest, followed by Japan and Norway. The survey also looked at the generic domains (such as .com) which aren ... (view more)