Microsoft announced a new version of its EMET (Enhanced Mitigation Experience Toolkit) software at the Blackhat conference in Las Vegas. What’s unique about the EMET 3.5 Technology Preview is that it includes new defenses inspired by one of Microsoft’s BlueHat Prize finalists.
EMET is a free utility from Microsoft that adds an extra layer of defense to prevent vulnerabilities from being successfully exploited. The software is a collection of tools and mitigation techniques that can be applied to protect against attacks.
One class of attacks that previous versions of EMET have not been armed to defend against effectively is Return Oriented Programming (ROP) attacks. Thanks to ROPGuard--a defense technology submitted for Microsoft’s BlueHat contest--EMET 3.5 will have the tools available to defend against ROP attacks.
According to sources with access to the developer beta of iOS 6, the next version of Apple’s mobile operating system will allow users to download and install free apps without requiring a password. If Apple doesn’t fix that before iOS 6 is officially launched, it will significantly impair the security of iOS devices.
iOS has established a reputation as the more secure mobile platform. The walled garden of the Apple App Store, and the scrutiny apps must go through before they’re available provide additional layers of defense lacking in other mobile operating systems.
In this case, though, Apple seems to be choosing functionality and expediency over security. It’s a decision that could come back to haunt Apple, and all iOS users.
Normally if you find a rogue outlet strip, or a user happens to bring his or her own surge protector to use you might not think much of it. Thanks to a new device called the Power Pwn, though, it might soon be cause for concern.
A company called Pwnie Express is taking pre-orders for the device. According to the company’s website, “Pwnie Express specializes in innovative, rapid-deployment cyber security products for the IT security professional.”
The idea of a power source that doubles as hacking or penetration-testing toolkit isn’t new to Pwnie Express. It also offers a smaller unit that simply plugs into an outlet. However, the Pwn Plug Mini may draw more attention than the Power Pwn, which by all outward appearances is simply a run-of-the-mill surge protector outlet strip.
Grum--the third largest botnet in existence, and the source of nearly twenty percent of all spam traffic online--has been taken offline by authorities. In some ways the takedown is significant, but it may not change much in the grand scheme of things. Let’s take a closer look at the botnet, and what the takedown means for all of us.
Perhaps you’ve heard Grum. I’ll be honest, I hadn’t. But, when a single botnet is responsible for one-fifth of all spam traffic it gets the attention of security researchers and law enforcement agencies. The cooperative, collaborative effort involved in this multi-national sting is impressive in its own right, but don’t expect spam to suddenly stop.
Adam Wosotowsky, messaging data architect at McAfee Labs, doesn’t consider the Grum takedown to be all that significant in the overall history of botnets, however, he still believes the effort is worthy of praise. “I'm not trying to take anything away from it, but I think that this is just one more step in the right direction and that there were many steps to get here and there will be many steps to go. It shows that the "red line" where botnet behaviors trigger a coordinated international response that takes the botnet down is getting more and more aggressive.”
A week from today all eyes will be on London and the opening ceremonies of the 2012 Summer Olympics. More than any prior Olympic games, the 2012 London Olympics will be watched and followed over the Internet and on mobile devices from around the world.
Of course, the cyber criminals know this as well, and cyber criminals tend to be adept at capitalizing on breaking news and major events as bait for unsuspecting victims. ThreatMetrix published a list of the top threats users should be aware of. If you want to enjoy the London Olympics safely from your PC or mobile device, avoid these five security risks:
By now you’ve probably heard that hackers were able to breach a Yahoo server and expose more than 450,000 account passwords. No server or network is impervious, but Yahoo’s negligence or incompetence made this attack possible.
It may seem like a wake-up call for protecting servers better, and improving network security, but the reality is that it’s just a reminder that common sense and basic security practices could probably prevent this—and most other—attacks.
Where did Yahoo go wrong? Well, according to Jason Rhykerd, an IT security expert with SystemExperts, Yahoo made three serious mistakes.
It’s the second Tuesday in July, and you know what that means: it’s Microsoft Patch Tuesday. Today, Microsoft released nine new security bulletins as predicted in the advance notice last week. Some updates are more urgent than others, though, so we turn to security experts for insight and analysis to help guide your patching efforts.
Of the nine security bulletins, three are rated as Critical while the remaining six are ranked as merely Important. Of course, Important still suggests a sense of urgency that shouldn’t be ignored.
The three Critical bulletins address the vulnerability in Windows XML core services, and flaws in Internet Explorer 9 and Microsoft Data Access Components (MDAC). The Important updates fix a range of issues affecting Windows, Office, Office for Mac, and SharePoint.