Read up on the latest ideas and technologies from companies that sell hardware, software and services. Mimosa™ NearPoint™ for Microsoft® Exchange Server: Email Archiving 101
Solve Exchange Mailbox Storage Issues Once and for All
Cutting printer costs
CRM your salespeople will love
Wireless LANs: Is my enterprise at risk?
Email Archiving Implementation: Five Costly Mistakes to Avoid
Strategies for Eliminating .PST Files
Vendor Influence Curves And How You Can Get The Best Value Out Of Your Network
Zones provide focussed content from Computerworld and leading technology partners.Newsletter Subscription
The Web sites of three of the security industry's best-known companies include security flaws that could be used to launch scams against customers, according to a new report.
The report, from security watchdog site XSSed, verified 30 cross-site scripting (XSS) vulnerabilities across the sites of McAfee, Symantec and VeriSign. The flaws could be used to launch scams or implant malicious code on the systems of visiting users, according to XSSed.
Recent research has shown that attackers are increasingly - even predominantly - now using legitimate sites to host their malware, a tactic that makes the malware distribution sites more difficult to shut down.
XSSed's results show that even major security firms are not exempt from the problem, according to XSSed.
In January XSSed found that 60 Web sites that had received a "Hacker Safe" certification from McAfee's ScanAlert service were in fact vulnerable to XSS attacks.
McAfee and other major security firms have downplayed the seriousness of XSS flaws, compared for instance to flaws that allow an attacker direct access to customer data stored on a server.
In recent months the real-world exploitation of XSS flaws has boomed, exploiting major Web sites such as MySpace, Paypal and a major Italian bank.
Last week ScanSafe reported that 68 percent of all malware it blocked in May was found on legitimate sites that had been hacked, more than quadruple the level of a year earlier.
Such flaws can be used to steal user cookies, to steal website login credentials and to exploit users' trust of a site in other ways, and in theory can be shut down quickly once the owner of the site is made aware of the problem.
However, the techniques used by hackers are highly automated, allowing them to "colonize" large numbers of vulnerable sites at once, ScanSafe noted. By contrast, the fixes are not necessarily so easy, researchers have noted.
In a research note in May, F-Secure noted that one legitimate site had been repeatedly hacked and used to spread malicious code, and each time it needed to be contacted to fix the problem.
"The site cannot simply be pulled offline without collateral damage to the legitimate business. So the website's administrator must be contacted to repair the damage," said F-Secure's Sean Rowe in the research note.
Computerworld Member Login
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
NetStar Networks Calls Brisbane Home 2008-10-13 12:01:00+10
New Verizon Business Managed Service Makes Collaboration Easier 2008-10-13 10:06:00+10
F-Secure achieves excellent results in Internet security suite comparison 2008-10-10 14:37:00+10
M2M Connectivity announces the new Sierra Wireless MC8792V embedded module for 900 MHz 3G/HSPA networks 2008-10-10 08:51:00+10
Pitney Bowes MapInfo Launches New Version of AnySite 2008-10-10 05:58:00+10
Strategies for Eliminating .PST Files
Join industry expert Martin Tuip to discover best practice strategy for the archival and removal of .PST files using email archiving. Learn how to ensure long-term email records are there when needed, and reduce the risk to your business and clients.
