Security

Five Essential Steps to Secure Your Home PCs & Network

When we buy an appliance, we expect to be able to take it home, take a brief glance at the instructions for setting it up, plug it in and go. For most things, this expectation is fulfilled, even, unfortunately, for the home PC. In fact, once you get a few things plugged into the back of it all you...

“Victim” of Cybercrime Found Searching for Illegal Porn

Talk about irony. You get infected by a cybercriminal's illegal bot (Ozdok/Mega-D in this case) which takes a screen shot that shows you searching for illegal underage porn; then, security researchers get hold of some screen shots from the bot's command and control (C&C) server; while going...

Using the Malicious Software Removal Tool (MSRT) from the Command Line

In my September 13, 2008 post, "Software for Secure Computing: Microsoft Malicious Software Removal Tool," I said, "Many people...

Will They Ever Learn to Patch?

The latest mass infection to hit the Internet is the Win32/Conficker/Downadup Worm, estimated to have already infected between 500,000 and 8.9 million PCs, depending on whose numbers you believe. This is astounding, considering that the worm exploits a vulnerability in Windows that Microsoft

The Great Drive Wiping Controversy Settled at Last

How many times do you have to overwrite a hard drive in order to securely wipe it? This question has been at the center of an ongoing controversy for a long time. On the one hand, we've had Peter Gutmann saying it takes 35 passes (Gutmann, P.  (1996) “

Software for Secure Computing: Exploit Prevention Labs Link Scanner

With cybercriminals now actively poisoning search results and legitimate websites--unbeknownst to the webmasters--you can't be too careful when clicking on links. Take a look at this video library presented by

MD5 Hashing Algorithm No Longer Safe

Just last week, two German security researchers, Alex Sotirov and Jacob Appelbaum, made a surprising announcement at the Chaos Communication Conference in Berlin: they had created a fraudulent Certificate Authority (CA) that had a valid signature from a root CA, Equifax, one of the oldest. The...

CastleCops Shuts Down Operations

CastleCops, the largest and most effective volunteer security community on the Internet, has shut down operations. Their website has this announcement posted:

You have arrived at the CastleCops website, which is currently offline. It has...

Microsoft Releases Security Advisory (961040)

Microsoft's latest Security Advisory (961040) covers a vulnerability in SQL Server that could allow remote code execution:

Microsoft is investigating new public reports of a vulnerability that could allow...

No More Security Updates for Firefox 2

Security Fix reports that on December 16, Mozilla released its final update to Firefox 2, and plans no...