security

A hole allowing hackers to take control of Microsoft Exchange was just one "critical" issue the Redmond-based company promises it has fixed with a patch correcting a total of eight vulnerabilities in its programs, including the Internet Explorer ... browser, Office, and its SQL Server . Three of the eight vulnerabilities patched yesterday were marked "critical". The most concerning is an issue with Exchange that would allow attackers to take over an Exchange server by simply forwarding a carefully crafted message to a corporate mail server. Microsoft has admitted that the vulnerability can be ... (view more)

Microsoft has agreed to tweak the User Account Control (UAC) system in Windows 7 to avoid an inherent security risk . During the production of Windows 7 , Microsoft decided to change the default UAC so that it no longer asks for confirmation when a ... user adjusts his or her Windows settings. Security experts suggest that these settings include UAC itself, meaning rogue software could turn this protection off completely without the user knowing. Microsoft argued that this was not a true vulnerability because one can only take advantage by getting the victim to run the rogue software; for example ... (view more)

A new analysis claims that over 90% of the Windows security vulnerabilities reported last year were made worse by users logged in with administrative privileges -- an issue Microsoft has been hotly debating recently. BeyondTrust Corp. (BTC), a ... software development company specializing in enterprise rights management, has indicated that the act of giving users administrative rights may leave systems more open to risk. The report issued by BTC was prepared by assessing security vulnerability bulletins released by Microsoft in 2008, and identifying specific "mitigating factors" (those that could ... (view more)

Malware was on the rise last year, and 2009 doesn't look much better. Reports from two different security companies, AVG and F-secure, are painting an increasingly dangerous picture of our online world. F-secure, makers of real-time virus protection ... software, reports that detections of malware have tripled since 2007. Topping their list were botnets -- a network of infected computers, sometimes called zombies -- which can be remotely controlled by hackers without the knowledge of the computer's owner. There is no hard data on how many zombified computers are out there, but by F-secure's ... (view more)

A malicious Internet worm known as Conficker, Downadup, or Kido that spreads through low security networks, memory sticks and PCs without the latest security updates, is infecting machines by the millions. (Source: bbc.co.uk ) The worm was first ... discovered in October 2008 and a security patch by Microsoft was issued at that time. However, a recent, new strain of the worm was developed and has managed to infect an estimated 9 million machines with 1 million new infections per day. (Source: sfgate.com ) Microsoft says the worm works by searching for a windows executable file named "services.exe ... (view more)

Despite the efforts of the computer security industry, malicious software is reportedly spreading faster than ever and security researchers have acknowledged that they cannot seem to get ahead of the onslaught. Internet security is broken and it ... appears that nobody knows quite how to fix it. This so-called malware surreptitiously takes over a PC then uses it to spread more malware to other machines exponentially. (Source: informationweek.com ) A conservative estimate by the Organization for Security and Cooperation in Europe says that as more businesses and people move onto the Web, criminals ... (view more)

Microsoft has reached a deal with a leading security firm that could give corporate users the ability to tighten up their defenses. The benefits could even extend to Windows home users. The deal has been made with EMC Corporation, a firm which ... produces the data storage system used by many large organisations. Microsoft has signed a deal with EMC's security division to licence the forthcoming DLP suite, a package designed to prevent data loss. The package will be used in Microsoft's server products. It allows users to find and monitor data across one or more networks and control who is able to ... (view more)

Not long after reports surfaced describing Apple's first-ever recommendation that owners of its computers use antivirus software, the company has pulled that very statement from its official web site. The admission that users should use an antivirus ... program when using a Macbook was especially surprising to Mac and even PC owners. For years, Apple has proudly flaunted the fact that few viral or spyware threats exist for the niche computer line. However, as early as Tuesday night Apple ripped that warning down, dismissing it as "old and inaccurate", according to one spokesperson for the company ... (view more)

Radio-frequency-identification (RFID) is an automatic identification method, relying on storing and remotely retrieving data using devices called RFID tags or transponders. (Source: wikipedia.org ) Researchers at RSA Laboratories and the University ... of Washington recently released a report which studies the privacy and security vulnerabilities of the RFID tags embedded in the state of Washington's Enhanced Driver's License and Electronic U.S. Passport Cards. Electronic Product Code and RFID Electronic Product Code, or "EPC tags," are industry-standard RFID devices created as the ... (view more)

An official report says two IRS computer systems have serious security weaknesses. It also warns information about taxpayers is at risk of falling into the wrong hands. The report, by the Treasury Inspector General for Tax Administration, a federal ... agency which monitors IRS performance, details problems with a new billion dollar system which will eventually manage the data for all taxpayers. The Customer Account Data Engine (CADE) already handles 28 million tax returns, around a fifth of the total. The report also covers the Account Management Services (AMS) system, which provides quicker ... (view more)