June, 2010

Google's encrypted search engine, launched in May, has moved to a new Web address that isn't as convenient as its original one but that gives organizations the option to block the site for their users without locking them out of other Google services.

Originally offered at google.com, the encrypted search engine has been relocated to encrypted.google.com, a move prompted primarily by the requirement of schools and universities to block encrypted search engines for their students.

Educational institutions often ban encrypted search engines because students can use them to bypass the Web content filters of their schools and universities.

However, blocking google.com also interferes with other encrypted Google products, like the hosted Apps communication and collaboration suite, which many educational institutions offer for their staff and students.

The Kraken botnet, believed by many to be the single biggest zombie network until it was dismantled last year, is staging a comeback that has claimed almost 320,000 PCs, a security researcher said.

Since April, this son-of-Kraken botnet has infected an estimated 318,058 machines - about half as big as the original Kraken was at its height in the middle of 2008, according to Paul Royal, a research scientist at the Georgia Tech Information Security Center.

Like its predecessor, the new botnet is a prodigious generator of spam, with a single machine with average bandwidth able to send more than 600,000 junk mails per day.

Microsoft's creaking Internet Explorer 6 is more secure and popular than either Google's Chrome or Opera US banking giant Chase has determined.

The bank's therefore decided its online baking services will continue to support aging the IE 6 but drop support for Chrome and Opera.

IE 6 is nine years old and even Microsoft is now desperately speaking out against the browser, to get individuals and businesses to move on to IE 8.

Micosoft's Australian business unit recently equated using IE 6 to being as risky as drinking - or maybe, eating - a carton of nine-year-old milk as it lacked up-to-date cross-site scripting and anti-malware protection among other defenses.

The Software

Blackberry ER an application by PocketMac was primarily designed to locate a stolen BlackBerry handset. The application is designed to send a text message to the registered phone number in case the SIM is changed. It goes a step further by including the GPS location in the text.

The owner may use this information and with the help of local authorities, recover his stolen Blackberry.

VeriSign and one of its partners have come under fire for publicly exposing webpages used to process customer security certificates, a practice a competitor claims puts some of the biggest names on the web at risk of serious targeted attacks.

According to Melih Abdulhayoglu, CEO of internet security firm Comodo, publicly accessible pages such as those here and here needlessly disclose sensitive internal information about VeriSign customers Bank of America and the Commonwealth of Massachusetts respectively. By exposing the email address of the organizations' security certificate managers and providing a comprehensive list of web addresses that use secure sockets layer protection, VeriSign puts them at risk of targeted phishing attacks, he said.

I once read a book that said, among other things, “You can never truly give money away.” The point it was making was that the act of giving has a certain responsibility – if you hand a large wad of cash to a charity, for example, you will want to know that the money is being spent wisely.

A good theory perhaps, but it doesn’t fit very well with the golden rule of IT security – that the things we dislike, or don’t know how to deal with, can quickly be categorised as somebody else’s problem. In business as in daily life, people will – in principle – pay to have certain problems dealt with by others, with a flick of the hand and a cry of “make it go away”.

Just how much does this principle apply in security today? Well, like all good researchers, we thought we would ask the Reg audience in the form of a mini-poll.

Security research teams monitoring the relative strength and activity of some of the world's largest botnets  are confined by legal restraints making them virtually powerless to stop them, according to a researcher at Kaspersky Lab Japan.

The botnet ecosystem is flourishing as a result of ineffective measures being undertaken by security researchers to get them shut down, Vitaly Kamluk, chief security expert at Kaspersky, told hundreds of incident response team members, Wednesday, at the Forum of Incident Response and Security Teams (FIRST) Conference 2010. Kamluk painted a bleak picture of the rising sophistication of botnets and the underground business environment that fuels them.

According to Goode Intelligence's Mobile Security Survey (Part Three) 40 percent of organisations are planning to deploy mobile phone data encryption. Of these organisations, one hundred percent plan to include encryption on employees’ mobile phones from September 2010 onwards.

This survey, carried out in partnership with Acumin Consulting is the most comprehensive vendor-independent survey on mobile phone security to date and provides a snapshot of the state of mobile security within organisations across the globe.

“The threat of data loss from a mobile phone is still relatively low but with the rising adoption of data-centric applications on smartphones, including enterprise applications and financial services, we feel that the threat will rise from the second-half of 2010 onwards” said Alan Goode, Managing Director, Goode Intelligence.

A recently published e-book penned by the self-proclaimed “world's No. 1 hacker” is rocking the security community with back-and-forth allegations of plagiarism, racism, and even threats against a security podcaster and his family.

How to Become the World's No. 1 Hacker is purportedly written by Gregory D. Evans, an animated felon who went on to become CEO of Ligatt Security International, a publicly traded company worth about 0.0002 cent per share that bills itself as a full-service computer security firm.

Released by the obscure Cyber Crime Media publishing house, the 342-page PDF is a comprehensive, step-by-step guide for consumers who want to learn how to harden their networks against attackers. Unix security, Wi-Fi cracking, and web service configuration are all covered.

Three out of four companies will soon face more security risks because they continue to run the soon-to-be-retired Windows XP Service Pack 2 (SP2), a report published today claimed.

Toronto-based technology systems and services provider Softchoice Corp. reports that 77% of the organizations it surveyed are running Windows XP SP2 on 10% or more of their PCs. Nearly 46% of the 280,000 business computers Softchoice analyzed rely on the aged operating system.

"This is a red alert," said Dean Williams, services development manager at Softchoice. "This isn't something you can safely ignore, like you might have before."