Security and the Net

News and opinions about security, the internet and more

Entries for January, 2009

Google admits the internet is a dangerous place

A small human error caused Google to mark every site in its search results as “dangerous” earlier today. Even worse, according to some reports users were unable to bypass the warning and continue to the website. 

Comments (1)

Enhancing Blackberry security

While I don’t like to read press releases, let alone quote them, this one managed to catch my attention. It introduces a product called “Mobile PKI” for Blackberry’s, that promises to enhance the security of communications between Blackberry devices and your company’s servers:

Comments (1)

Planning for failure

Andrew Storms at nCircle has a very special offer for you: the 5 steps to accepting a data breach. It includes important steps such as preparing your press statements: Step 4. Develop a security failure crisis communications strategy now. Those silly IT incident plans include pages of technical jargon, why not have the PR team [...]

Leave a Comment

Mac malware getting serious

There were two separate news items this week that together show MacOS X has finally become an attractive platform for malware makers. The first was reported by several news sites: pirated copies of iWork were found to contain malware. From the advisory: The installer for the Trojan horse is launched as soon as a user [...]

Leave a Comment

Cisco “improves” website security

Cisco has just “enhanced” the security of their website by forcing you to enter two secret questions and answers when you register for an account. To quote Bruce Schneier: It’s a great idea from a customer service perspective — a user is less likely to forget his first pet’s name than some random password — [...]

Comments (1)

33 high-profile Twitter accounts hacked

Hot on the heels of yesterdays news about large-scale phishing attempts targeting Twitter users, Twitter just announced that a number of high-profile accounts were hacked.

Leave a Comment

Law enforcement versus antivirus vendors

Both the Independent and the Times Online reported yesterday that the UK police wants to be able to search computers remotely, without the need for a search warrant. Some of the methods that might be used include installing keyloggers, hacking wireless networks and installing backdoors on the suspect’s PC: Police might also send an e-mail [...]

Leave a Comment

FUD about “unsafe” SSL certificates

Since the publication of the attack against RapidSSL’s certificate issuing process, numerous stories have been published about how many SSL certificates are suddenly “unsafe”. The best (or worst) example I’ve seen so far is this one at TG Daily. It starts with the following statement:

Leave a Comment

Zune: small programming errors that have big consequences

Microsoft has just shown the world what the consequences of a relatively small programming mistake can be. In this case, it’s a classic “off-by-one” error in the clock driver of the Zune mediaplayer: year = ORIGINYEAR; /* = 1980 */ while (days > 365) { if (IsLeapYear(year)) { if (days > 366) { days -= [...]

Comments (1)