The independent Financial Industry Regulatory Authority has fined two units of E-Trade Financial a total of US$1 million for failing to implement adequate anti-money laundering (AML) procedures between Jan. 1, 2003 and May 31, 2007.
Read more »Regulator fines E-Trade units US$1 million
SSL Crack Shows You Must Advance Your Security
The successful creation of a rogue certificate authority by researchers using a colliding certificates attack demonstrates that if you're not moving forward with your security-related standards then you're moving backwards. Everything gets cracked over time, so you have to keep improving your defenses. - It's just one embarrassment after another for the digital certificate business lately. First, lax procedures at a Comodo affiliate resulted in the sale of a quot;mozilla.com quot; certificate to someone unaffiliated with that group. Now a more serious technical problem has developed with the way so...
Read more »Microsoft Urges Organizations Patch Vulnerability as New Round of Attacks Surface
Microsoft is again urging users to apply a patch for a vulnerability in the Windows Server service. The company reported earlier this week that a new variant of the Conficker worm has surfaced to target the flaw. - Microsoft advised organizations yet again to deploy the patch for a flaw affecting the Windows Server service that was fixed in October.
The latest attacks are coming courtesy of a new variant of the Conficker worm, identified by Microsoft as Win32/Conficker.B. According to the company, the variant...
With Gaza conflict, cyberattacks come too
The conflict raging in Gaza between Israel and Palestine has spilled over to the Internet.
Read more »Psychic predictions for tech in 2009
Countless people are trying to predict what 2009 could hold for the world of technology. Of course, it's all just guesswork -- these pundits aren't working with a crystal ball. So we decided to find someone who was.
Read more »11 in China sentenced for software piracy
A court in Shenzhen, China, sentenced 11 members of a software counterfeiting operation Wednesday, with the defendants getting between one and a half and six and half years in prison, according to Microsoft.
Read more »Security vendors ready fix for 'Curse of Silence' SMS attack
A single malformed text message can prevent some Nokia smartphones from receiving further messages via SMS (Short Message Service) -- and the offending message can be sent from almost any Nokia phone, even non-smartphone models, a German security researcher demonstrated Tuesday.
Read more »Watch out for hidden cookies
By now, most of us are aware of the potential privacy risks posed by Web cookies. But according to a new paper published by security consultancy iSec Partners, traditional browser-based cookies aren't the only technology used to store user data anymore. A number of browser plug-ins offer similar capabilities -- and because plug-ins are nonstandard browser components, users are often unaware that these silent conversations are even taking place.
Read more »Enterprise Security in the Year 2008
The economy may have slowed, but the security needs of businesses did not. From Symantec to McAfee to Sophos, security vendors have not been shy about putting new products out on the market to help companies fight malware, data breaches and unauthorized intrusion. Here are a few of the products from security vendors that hit the market in 2008 and were aimed at enterprises. - ...
Read more »Security Outlook 2009
In this IT Link podcast hosted by Mike Vizard, Websense CTO Dan Hubbard says that while security as a whole has improved, the increased sophistication of digital criminals means that IT organizations can expect to have their hands full in 2009. - Audio Podcast Content....
Read more »Symantec Wins Court Battle Over Software Piracy
Symantec won a $12 million court judgment against a software distributor accused of copyright infringement. According to Symantec, the judgment is one of the largest the company has ever won in a case of software piracy. - Symantec announced Dec. 18 the company won a victory in the battle against piracy when
a court awarded it $12 million in damages against a distributor selling
counterfeit Symantec software throughout North America.
The verdict was handed down by the U.S. District Court for the
Central Distric...
A Managed Approach to Security
In this IT Link podcast hosted by Mike Vizard, the project lead for managed security services for Tata Communications, Eric Hemmendinger, explains why leveraging a carrier's infrastructure to enhance enterprise security makes a whole lot of sense in this economic climate. - Audio Podcast Content....
Read more »Top 10 Security Stories of 2008
White hats and black hats alike were busy this year. From hacking the personal e-mail account of then-vice presidential candidate Sarah Palin to Microsoft's decision to phase out Windows Live OneCare, there has been no shortage of security things for us to write about. Here are some of the top security stories from 2008. - Some cool hacks, panic in San Francisco
and the shutdown of a notorious Web hosting firm there were several interesting
security stories that made headlines in 2008. Good guys and bad guys both had
their hands full as the cat-and-mouse game between vendors and cyber-crooks
continued.
So without...
Anonymity Is a Problem and an American Tradition
Technology allows for both freedom and abuse, and the law attempts to walk the line between them. - It didn't take long for anonymity on the Internet to become a contentious issue, and for good reason. Anonymity is problematic.
It is usually possible, even easy, for users on the Internet to hide
their true identities to a degree. Most Internet protocols have weak or
no authentication in them an...
Microsoft Disputes Claim of Windows Media Player Vulnerability
Microsoft says reports of a remote code execution vulnerability in Windows Media Player are false. Rumors of the flaw surfaced last week on the Web. - Microsoft
is denouncing a security researchers claim of a remote code execution flaw
affecting Windows Media Player.
Reports of the vulnerability surfaced last week on the SecurityTracker
vulnerability notification service. According to the initial report, a bug
in Windows Media Player could b...
SSL Certificate Vendor Sells Mozilla.com Cert to Some Guy
In the absence of standards for applicant verification for standard SSL certificates, CAs need to promulgate strong policies and publicize their contractual obligations for resellers, and they need to audit those relationships. - The SSL infrastructure is based, in a large sense, on trust. We
trust that vendors of the software that checks certificates will only
trust the roots of certificate authorities that are trustworthy, and
that means CAs that check to see that the applicant for a certificate
is who he says he is.
...
How to Protect Data During Financial Mergers and Acquisitions
With current economic conditions greasing the skids for a merger frenzy, the combination of massive financial institutions raises important questions about the handling of sensitive financial data. Financial institutions simply cannot overlook the technology and business processes needed to protect sensitive data and maintain a competitive advantage. Knowledge Center contributor Dave Meizlik explains how organizations can protect their sensitive data during a merger and acquisition. -
Todays financial climate is fueling a wave of mergers and acquisitions,
particularly among financial institutions. With an infusion of fresh cash from
the federal government, in the next six to 12 months we are likely to see
weaker banks snapped up by larger institutions. This fire sale econo...
Balancing Risk and the Budget
In this eWeek podcast hosted by Mike Vizard, PacketMotion CEO Paul Smith says IT organizations in 2009 will increasingly need better classes of IT tools to keep pace with a much tougher regulatory environment. - Audio Podcast Content....
Read more »Kaspersky Lab to Bring Application Assessment, Whitelisting to its Enterprise Portfolio
Anti-malware vendor Kaspersky Lab is planning to build application vulnerability assessment and whitelisting into its enterprise products. The company already has whitelisting features in its consumer products. - In a market still dominated by security vendors Symantec and McAfee, Moscow-based Kaspersky Lab made solid gains in 2008 through its consumer business.
With 2009 around the corner, Kaspersky is looking to take elements of its consumer products to enterprise desktops. In an interview with eWEE...
Check Point Sees Better Product through Nokia Acquisition
Check Point channel chief Amnon Bar-Lev believes the acquisition of Nokias security appliance unit will decrease the number of products that partners service and customers buy, while increasing functionality and usability. - Check Point Software Technologies acquisition of Nokias
security appliance unit will expand the security companys expertise and value of
its product line, creating greater value for partners and customers, says the
companys channel chief Amnon Bar-Lev.
In an interview with Channel Insider, Bar-L...