security

User Account Control (UAC) is a technology and security infrastructure introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more refined version also present in Windows 7 and Windows Server 2008 R2. The UAC ... aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges, and malware should be kept from compromising the operating system. User Account Control (UAC ... (view more)

Microsoft has confirmed it's investigating yet another large-scale bug affecting all supported editions of Windows. At the same time, it's ruled out issuing an emergency patch for the kernel-related issue that emerged just last week. On Tuesday, ... Microsoft issued a record-breaking monthly Patch Tuesday update containing a record 14 security bulletins. When that was announced, it looked as if it would be network administrators who'd be in for a particularly busy time, while Microsoft security staff could at least have some breathing room. That turned out not to be the case. Bogus Color Data ... (view more)

Microsoft is reportedly investigating a new kernel flaw affecting all versions of the Windows operating system (OS), including the new Windows 7. The investigation began on Friday after an Israeli researcher alerted Microsoft to the issue. In ... computing, the kernel is the central component of an operating system which is responsible for bridging software programs to hardware inside the computer. Microsoft says it is working on the issue and will release a patch once it's ready. "Microsoft is investigating reports of a possible vulnerability in Windows Kernel," said the software company's Jerry ... (view more)

Microsoft has changed the its guidelines for reporting security flaws. It's a move that could bring Adobe into an industry-wide collaboration to share information about security risks. From now on, Microsoft will no longer urge security researchers ... to follow a "responsible disclosure" policy, in which it asked those who discovered flaws to keep them completely under wraps until a full fix had been found, tested and readied for distribution. Many security experts have claimed such a policy delayed Microsoft's response to security threats. They also felt not being able to talk about bugs made ... (view more)

Business users may love their BlackBerry smartphones, but governments in the Middle East are not so keen. Three countries have issued different degrees of bans on the devices' functions. The biggest conflict comes in the United Arab Emirates (UAE), ... where officials there accuse the device of breaching local laws on data security. The problem is that messages sent on a BlackBerry are encrypted and immediately sent to servers in Canada for processing and storage. BlackBerry maker Research in Motion is based in Waterloo, Ontario, Canada. The UAE frowns upon such activity because it demands the ... (view more)

Windows XP continues to represent the single biggest target for hackers , according to security experts who also suggest these threats could initiate a considerable push for home and business users to upgrade to Windows 7. The recent discussion is ... based on Microsoft's early 2010 "Security Intelligence Report Volume 8," or SIRv8, which covered the six-month period July 2009 to December 2009. The report found that the United States continues to be the top spot for malware threats, with populous China running second, just in front of Brazil. WinXP Vulnerabilities Behind Push to Windows 7 An ... (view more)

Mozilla and Google have taken an interesting approach to ensuring that flaws, bugs and other problems associated with their Internet browsers are reported on in a timely manner. The two companies are paying outside researchers as added motivation, ... with the belief being that if a bonus is attached for their efforts, more individuals will be willing to offer up their time to discover new errors. Not All Researchers Financially Motivated Microsoft employees need not get too excited with the news, as company representatives announced that no such bonuses will be given to their researchers. ... (view more)

A serious security flaw affecting Windows shortcuts could pose a significant risk to critical global infrastructure, says a new report from security research firm Sophos. Power grids and manufacturing plants could soon be targeted by a flaw that ... researchers say has already been exploited by hackers. "Early versions of the malware have been programmed to seek out SCADA software (Supervisory Control And Data Acquisition) by Siemens Corporation, which is used in managing industrial infrastructures, such as power grids and manufacturing plants," said Sophos. Security Firms Fear Growing Threat ... (view more)

Microsoft has issued an automated workaround for a Windows shortcut flaw that security researchers yesterday flagged with a yellow alert. The workaround is a temporary measure while the company works furiously to provide a more permanent patch. The ... Windows shortcut flaw affects files with the .LNK extension (otherwise known as "shortcut files"). The zero-day vulnerability could allow cyber criminals to seize control of victim PCs. A similar and more public version of the exploit affected Siemens industrial automated systems just last week. Temporary Fix Alters Icons, Leaving them ... (view more)

In computer security, "sandboxing" is a security term used to describe the separation of running programs on an operating system. A sandbox, as it is also referred to, is often used to execute untested computer programs to ensure that they do not ... overstep their boundaries and cause harm to the system. The sandbox typically provides a tightly-controlled set of resources for guest programs to run in, such as scratch space on disk and memory. Network access and the ability to inspect the host system or read from input devices are usually disallowed or heavily restricted. In this sense, sandboxes ... (view more)