Adobe has reported a major security breach. According to the FAQ:
Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration
…continue reading Adobe’s security calamity: 2.9 million customer account details accessed
I’m just back from AVG’s press event in New York, where new CEO Gary Kovacs (ex Mozilla) presented the latest product suite from the company.
Security is a huge topic but I confess to being something of a sceptic when it comes to PC security products. Problems include performance impact, unnecessary tinkering with the
…continue reading Does anti-virus work? Does Android need it? Reflections on AVG’s security suite
If you could describe the perfect document security system, it might go something like this. “I’d like to share this document with X, Y, and Z, but I’d like control over whether they can modify it, I’d like to forbid them to share it with anyone else, and I’d like to be able to destroy
…continue reading Hands on with Microsoft’s Azure Cloud Rights Management: not ready yet
Canonical has announced a comprehensive security breach of its forums.
Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database. The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one
…continue reading Ubuntu forum hack sets same-password users at risk
I attended Mobile World Congress in Barcelona, where (among many other things) numerous security vendors were presenting their latest mobile products. I took the opportunity to quiz them. Why do smartphone users need to worry about security software, which many users were glad to leave behind with their PC? I observed that whereas I have
…continue reading What is mobile security? And do we need it?
The New York Times has described in detail how it was hacked by a group looking for data on Chinese dissidents and Tibetan activists. The attack was investigated by security company Mandiant.
Note the following:
Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products
…continue reading Another reason to use tablets: desktop anti-virus does not work
A security issue has been discovered in Ruby on Rails, a popular web application framework. It is a serious one:
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a
…continue reading Got a Ruby on Rails application running? Patch it NOW
A principal engineer at Nokia, Justin Angel, has written a piece showing how to hack apps on Windows 8, undermining their potential revenue for the app vendors. “This is an educational article written in the hope both developers and Microsoft can benefit from an open exchange of knowledge,” he says, adding that the article was
…continue reading Trial apps and in-app purchases easy to hack on Windows 8 says Nokia engineer
Today I came across the certification requirements for Windows 8 desktop apps. This is the successor to the Windows 7 Logo program, and represents a set of best practices required for software to display the official Windows logo.
In practice, I am not sure how many buyers check that software is certified before buying, though
…continue reading Microsoft toughens logo requirements for Windows 8, forbids startup apps
Someone trying out Windows 8 release preview brought her machine to me to look at. She was having trouble with an email attachment. The email was in fact carrying a virus, one that purported to be from booking.com though it had nothing to do with that company. The supposed booking is in an attached zip
…continue reading Windows 8 defeats booking.com virus