Some people view vulnerability researchers such as HD Moore as knights in shining armour for their efforts to discover security flaws in software products. Since launching the controversial Metasploit Project in 2003, HD Moore and a group of independent bug hunters have publicly posted information that makes it easier to develop and test code that can be used to attack software vulnerabilities.
A U.S. government plan to use radio frequency identification (RFID) chips in a proposed passport card program for U.S. citizens is drawing fire from some quarters. The identification cards would be needed by residents who don't have passports for verifying their identity at land and sea border crossings.
A bug hunter who had promised to disclose one zero-day bug in Oracle databases every day for a whole week in December has abruptly canceled his plans to do so.
Despite its public statements, Microsoft so far has not given security vendors any specifics on its plans to release code that will allow them to work around a kernel protection technology called PatchGuard in the upcoming Vista operating system.
The U.S. Department of Homeland Security's Office of the Inspector General, which is responsible for auditing the agency's IT security practices, took itself to task for doing a poor job of protecting sensitive data on laptop PCs in a report released last week.
Hewlett-Packard would apparently find plenty of support in the boardrooms at other US companies for its attempts to identify the source who was leaking confidential information to the media.
IT managers should focus on issues such as business risk, customer impact, regulatory requirements and due diligence when demonstrating the value of IT security investments to senior executives. That’s the view of several IT managers at the recent Security Standard conference in Boston.
The California Highway Patrol (CHP) is investigating the apparent hacking of a computer in Governor of California, Arnold Schwarzenegger's office.
The cost of data breaches may be getting a lot higher for IT professionals who are deemed to be responsible for failing to properly secure information.
IBM has announced it plans to acquire Internet Security Systems of Atlanta for US$1.3 billion (NZ$2.05 billion) in cash.
Visa U.S.A. Inc. has changed the way it classifies some merchants under the Payment Card Industry data security program, a move that will require about 1,000 retailers and other businesses to meet more-rigorous standards for validating their compliance with the PCI edicts.
New encryption and policy control functions being built into Microsoft’s Vista operating system will help make it easier for enterprises to protect against data compromises such as the one involving the US Department of Veterans Affairs publicised last week, a company executive says.
Antivirus software firm Sophos PLC usually issues advisories about software vulnerabilities and threats in third-party products. This week the company warned enterprises of a vulnerability affecting a wide range of its own products.
Westchester County, New York, has recently enacted a new law that requires local businesses to implement “minimum security measures” for protecting their wireless networks.
The Social Security numbers, driver’s licence information and bank account details belonging to, potentially, millions of current and former residents of Florida’s Broward County are available to anyone on the internet because sensitive information has not been removed from public records being posted on the county’s website.