Stories by Paul Roberts

Fewer permissions are key to Longhorn security

Software engineers who attend Microsoft's annual Windows Hardware Engineering Conference later this month could get their first taste of a new Windows user permissions model that could change the way thousands of programs are developed and run. But as the company prepares for the final Longhorn development push, questions remain about its plans for a new user privileges model called Least-Privilege User Account, or LUA.

Web postcards hide Trojan horse programs

Beware of Web postcards bearing greetings. That's the advice from The SANS Institute's Internet Storm Center (ISC), which is warning about e-mail messages that pose as Web postcards, then direct recipients to a Web site that installs a Trojan horse program.

DNS pharming attacks target .com domain

A new round of so-called "pharming" attacks is targeting the .com Internet domain, redirecting some Internet users who are looking for .com Web sites to Web pages controlled by the unknown attackers.

MessageLabs launches encryption service

A new service from e-mail security vendor MessageLabs uses encryption to protect e-mail sent between business partners over the Internet, the company announced Wednesday.

Symantec acknowledges two holes in AV products

Security software company Symantec acknowledged that software flaws in some of its antivirus products could allow malicious hackers to use denial of service (DOS) attacks to crash systems running the software, disrupting automatic protection features.

ISPs join to 'fingerprint' Internet attacks

Leading global telecommunications companies, ISPs (Internet service providers) and network operators will begin sharing information on Internet attacks as members of a new group called the "Fingerprint Sharing Alliance," according to a published statement from the new group.

Company backs off bounty for Mac OS X virus

A company that offered US$25,000 for the first virus that automatically spreads among Apple Computer computers running the OS X operating system cancelled the virus writing contest and retracted the offer of cash, citing concerns about legal liability.

Mozilla releases patch for another Firefox hole

The Mozilla Foundation issued a patch Wednesday for a previously undisclosed hole in its popular Firefox Web browser and is encouraging Firefox users to download the software update as soon as possible.

BMC buys OpenNetwork for $18 million

Enterprise management software company BMC Software is continuing its identity-management buying spree, announcing that it is buying OpenNetwork Technologies, a maker of Web access management and single sign-on technology, for US$18 million in cash.

Symantec: spam, phishing grow, botnets shrink in '04

A new report released by security company Symantec found that incidents of online identity theft scams, also known as "phishing attacks," skyrocketed in the second half of 2004, as did spam and new software vulnerabilities. But other Internet blights, such as zombie networks of compromised computers, or "bots," actually declined.

RFID crack raises spectre of weak encryption

With a little bit of technical acumen and a few hundred dollars, enterprising thieves can walk away with some late model cars and gas them up for free to boot, according to research published by computer security experts at The Johns Hopkins University (JHU) in Baltimore and RSA Security's RSA Laboratories in Bedford, Massachusetts.

Companies lining up to root out rootkits

Stealthy, remote system access programs called "rootkits" could fuel the next big wave of malicious code, and are already beginning to influence the design of new Internet worms and viruses, according to security experts. Now security software companies are sitting up and taking notice, releasing software that can spot and remove rootkits from infected systems.

Schneier: secure tokens won't stop phishing

Technology isn't going to protect e-commerce customers -- stronger government regulation is what will get the attention of online banks and merchants, forcing them to stop being casual about security, said Bruce Schneier, founder and chief technology officer of Counterpane Internet Security.