Robert Lemos

Sony Pictures, news site Gawker, and social networking site RockYou -- following each high-profile breach, hackers released the password file and lit off a round of analysis of users' password choices. The most common conclusion from researchers: Users select poor passwords.

Yet, in the real world, choosing weak passwords is much less dangerous than reusing the same password at multiple sites. In a recent paper, researchers from Florida State University, Cisco, and security firm Redjack found that passwords not guessed by cracking dictionaries can survive brute-force attempts quite well.

Companies that move to the cloud have a whole host of decisions, one of the first being whether to develop their own software on top of a cloud infrastructure or to attempt to customize an existing cloud service.

Aquent, a global staffing firm specializing in design and marketing professionals, decided to port its own back-office system in 2010, after successfully moving other information systems to the cloud. The company had already made the most obvious cloud choices, moving its e-mail system to Google and it phone system to a voice-over-IP service in early 2010, saving hundreds of thousands of dollars a year in the process.

In March, Microsoft, the U.S. Federal Marshal service and security firm FireEye took down the Rustock botnet, a network of a million compromised computers surreptitiously managed by a group of criminal bot operators.

While the takedown resulted in spam dropping by nearly a third, it netted an unintended side effect: An increase in the volume of email messages with malicious links or attachments. Security experts theorize that the takedown of the Rustock botnet has left a deep pit in the supply of compromised computers and that bot operators are scrambling to build bigger botnets.

Updating data center operations was a key goal when the integrated healthcare system for New York City's hospitals embarked on its five-year $824 million capital investment plan.

The NY City Health and Hospitals Corp. manages the $6.7 billion healthcare system that connects the metropolitan area's 11 hospitals as well as nursing homes, treatment centers and 80 city clinics. The data centers serving the hospitals had reached the end of their usefulness and required a large number of staff to support, says Corey Cush, assistant VP of infrastructure services for NY City Health and Hospitals Corp. Rather than renovating the 11 data centers, the NYC HHC decided on consolidation.

The Internet's security infrastructure is under attack. Two major incidents against Comodo and RSA have raised the question of not just whether the enterprise can withstand hacker attacks but if the security firms we all count on to guard the infrastructure can protect themselves.

The malicious code that led Google to remove more than 50 Trojan applications from the Android Marketplace appears to mainly be a "dropper" -- a program designed to load other code to further compromise the affected smartphone, according to a security firm's analysis.

The code, dubbed "DroidDream," attempts to use two exploits to gain root privilege on a compromised smartphone by breaking out of the sandbox designed to limit what applications can do on Android devices, mobile security firm Lookout stated in its most recent analysis. While the vulnerabilities targeted by the program were patched by Google last year, the majority of phones do not have the update yet, allowing the attack to compromise more than 260,000 phones, Google said in a statement.

On Monday, Google expanded its bug bounty program, which the company has used to secure its Google Chrome browser, giving permission to researchers to poke into applications hosted on Google.com, YouTube.com, Blogger.com, and Orkut.com. The invitation is an important acknowledgement that hackers and third-party security researchers are a valuable resource.

The problem with PCs infected with bots has stymied security professionals ever since botnets came into wide use among cyber criminals. Attempts to shut down the command-and-control servers only temporarily have any effect, and investigators take months -- or years -- to nab the those responsible for the attacks.

Now Microsoft is arguing that the security community needs to develop a collective health policy to restrict sick PCs -- those infected with malware -- from connecting to the Internet.

Users no longer have to click on a link to have their system hacked. Now they only have to hover over the link with their on-screen pointer.

The latest security vulnerability on Twitter's website highlights that some attacks don't require a user to do something questionable. All a user needs to do is hover over a specially crafted link to run an attacker's Javascipt. So far, security firms have not seen truly malicious attacks using the technique, but jokesters and miscreants were rampantly using the attack to send followers to porn sites or, more kindly, to pop up a message on their screen. Some links would propagate virally as well.

In 2007, travel booking and expense firm Concur Technologies was growing at a rapid clip, but maintaining the IT infrastructure to serve its customers travel-booking and expense-tracking needs required an increasing amount of manpower and time.

The company regularly pushed out changes to its software, issuing a major feature release, which often encompassed more than a week of preparation, every month, and smaller bug fixes several times a week. The updates required patching the software on each of the physical servers in the company's data centers, an activity fraught with the potential for manual errors.

While many companies are considering moving applications to the cloud, the security of the third-party services still leaves much to be desired, security experts warned attendees at last week's Black Hat Security Conference.

The current economic downturn has made cloud computing a hot issue, with startups and smaller firms rushing to save money using virtual machines on the Internet and larger firms pushing applications such as customer relationship management to the likes of Salesforce.com. Yet, companies need to be more wary of the security pitfalls in moving their infrastructure to the cloud, experts say.

Despite the down economy this holiday season, netbooks are finding strong demand. The computers, which weigh less than most textbooks, are proving popular with high-school and college students. Consumers who might have balked at spending $800 or more for a full-featured laptop appear willing to pay half that for less features in a smaller package. Business people are buying the computers, not as primary work machines, but as personal machines or secondary machines for those times when sleeker is better.

Netbook computers, which Gartner refers to as "mini notebooks," have already changed quite a bit in the year since they were first introduced. When netbooks hit the market last year with Asus's release of the Eee PC, they typically had 7- to 8-inch screens. Despite the $300 price tag, consumers found the screens too small. And most shipped with the Linux, an operating system considered daunting by most consumers.