I attended Mobile World Congress in Barcelona, where (among many other things) numerous security vendors were presenting their latest mobile products. I took the opportunity to quiz them. Why do smartphone users need to worry about security software, which many users were glad to leave behind with their PC? I observed that whereas I have
…continue reading What is mobile security? And do we need it?
The New York Times has described in detail how it was hacked by a group looking for data on Chinese dissidents and Tibetan activists. The attack was investigated by security company Mandiant.
Note the following:
Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products
…continue reading Another reason to use tablets: desktop anti-virus does not work
A security issue has been discovered in Ruby on Rails, a popular web application framework. It is a serious one:
There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a
…continue reading Got a Ruby on Rails application running? Patch it NOW
A principal engineer at Nokia, Justin Angel, has written a piece showing how to hack apps on Windows 8, undermining their potential revenue for the app vendors. “This is an educational article written in the hope both developers and Microsoft can benefit from an open exchange of knowledge,” he says, adding that the article was
…continue reading Trial apps and in-app purchases easy to hack on Windows 8 says Nokia engineer
Today I came across the certification requirements for Windows 8 desktop apps. This is the successor to the Windows 7 Logo program, and represents a set of best practices required for software to display the official Windows logo.
In practice, I am not sure how many buyers check that software is certified before buying, though
…continue reading Microsoft toughens logo requirements for Windows 8, forbids startup apps
Someone trying out Windows 8 release preview brought her machine to me to look at. She was having trouble with an email attachment. The email was in fact carrying a virus, one that purported to be from booking.com though it had nothing to do with that company. The supposed booking is in an attached zip
…continue reading Windows 8 defeats booking.com virus
Remember the Concept virus? Someone wondered if you could make a self-replicating virus with a Microsoft Word macro. It worked; and the proof of concept soon became a real virus causing the usual mayhem and spoiling our clever VBA templates.
Microsoft locked down Office macros fairly effectively; but the idea lived on and has re-emerged
…continue reading Macro virus reborn: ACAD/Medre.A steals drawings using AutoCAD AutoLISP
I have been trying out Microsoft’s ForeFront Unified Access Gateway (UAG) recently, partly because it is the only supported way to publish a SharePoint site for Windows Phone. This was my first go with the product, though I am already familiar with the Threat Management Gateway (TMG) and its predecessor Internet Security and Acceleration Server
…continue reading The confusing state of Microsoft’s TMG and UAG firewall and proxy software
Several well-known web sites including The Register, The Daily Telegraph, UPS.comn and Acer.com suffered a DNS hack on Sunday evening. The consequence is that visitors to the sites may see a Turkish hack message.
The hacked sites share a common registrar, Ascio Technologies, and were registered through NetNames. Both NetNames and Ascio are brands
…continue reading Internet security hangs on a DNS thread, as hacks of The Register, Telegraph, Acer sites demonstrates
I’ve just set up Parallels Desktop 6 on a Mac, in preparation for some development work. Installed Parallels, created a new virtual machine, and selected a Windows 7 Professional with SP1 CD image downloaded from Microsoft’s excellent MSDN subscription service.
The way this works is that you install the Parallels application and the create a
…continue reading Parallels Desktop 6 for Mac: nice work but beware Windows security settings