New WordPress Plugin Locks Down Your Website's Security

You've got virus protection on all of your business computers, passwords in place on mobile devices and laptops, and even virus protection on your company smartphones. But have you looked at how secure your website is? If you rely on your site for any aspect of your business, a new plugin from 6Scan helps you find and manage vulnerabilities quickly and easily.

While WordPress and other content management systems including Drupal and Joomla are built to be secure, they're a prime target for hackers because so many websites run on them. I personally know of two CMS-based websites that have been compromised; one blog had to recover quickly from a major attack on its WordPress installation, and a friend who manages a local arts incubator had to have the organization’s website rebuilt from the ground up when a hacker took over its Joomla installation.

You'll find 6Scan Security in the WordPress Install Plugins section.
6Scan finds vulnerabilities on your WordPress website for free, and plugs them automatically for a small monthly charge.

Read more »


Apple, Google, and Others Agree to Limit App Privacy Invasions

If you've been waiting for government regulators to step in and do something about apps that collect and transmit your data without telling you, here's good news: The state of California, along with a number of major tech companies, together Wednesday agreed to strengthen privacy protections worldwide for consumers who buy smartphone and tablet apps.

According to a statement released by California Attorney General Kamala Harris, the state--with Apple, Amazon, Google, HP, Microsoft, and Research in Motion--will work together to make sure that any apps sold through the companies' respective app markets will conform to California state law.

California law requires that any app that collects personal information has to have a privacy policy that outlines what information it collects, and what it does with that info.

Read more »


When Is a Cybercrime an Act of Cyberwar?

There is growing talk of cyberwar, as opposed to run-of-the-mill cybercrime. There are also terms that lie somewhere in the middle like cyber espionage, and cyber hacktivism--which is sort of like cyber terrorism for good guys. At the heart of the debate is an attempt to define the scope of an appropriate response to each type of threat.

Former U.S. cyber-security tsar Richard Clarke describes scenarios in his book Cyber War: The Next Threat to National Security and What to Do About It of nationwide power blackouts, poison gas clouds and burning oil refineries, aircraft dropping from the sky and crashing subways. Those are the types of attacks that would seem to clearly indicate an act of cyberwar, but there are also many nuanced attacks in between that muddy the waters.

What is the goal of the attack: profit, information, or inflicting damage?
What Is In a Name?

Read more »


Microsoft Says 'Happy Valentine's Day' with Nine Security Bulletins

While you struggle to figure out whether your significant other would rather have jewelry, chocolate, flowers, or all of the above, Microsoft has an entirely different view on what to give for Valentine’s Day. Although we’re nearly half way through the month, it just so happens that today is the second Tuesday of February--and that means it’s Patch Tuesday.

As predicted in its Patch Tuesday preview last week, Microsoft released a total of nine new security bulletins today. Four of them are rated as Critical, and the remaining five are Important. I got some input from security experts to help you understand which updates are most urgent, and enable you to prioritize your patch management resources accordingly.

Microsoft wishes IT admins everywhere a 'Happy Valentine's Day' with nine security bulletins.
Andrew Storms, director of security operations for nCircle, doesn’t appreciate the show of love from Microsoft. He laments the lack of candy hearts, and stresses that users should pay particular attention to the Internet Explorer update—which applies to all versions of IE this month. “Typically, we expect newer versions of IE to be a little safer but that’s not the case this month.”

Read more »


Microsoft Ruining Valentine's Day with Nine Security Bulletins

Next Tuesday is a big deal. Yes, it is Valentine’s Day, but that’s not what I’m talking about. It is also the second Tuesday in the month of February which makes it Patch Tuesday. Microsoft revealed today that there are nine new security bulletins slated for next Tuesday. Happy Valentine’s Day?

Of the nine security bulletins, four are rated as Critical and the remaining five are all Important. Based on the limited information Microsoft shares in the Patch Tuesday preview, the security updates impact Windows, Internet Explorer, Microsoft Office, the .NET framework, Silverlight, and Microsoft Server software.

Instead of chocolate or roses, Microsoft is giving us nine security bulletins for Valentine's Day.
Qualys CTO Wolfgang Kandek declares in a blog post that the Internet Explorer update should get urgent attention. “There is the expected critical update to Internet Explorer which should be highest priority. After all, we saw last month how quickly attackers are incorporating browser based attacks into their toolkits; an exploit for MS12-004 was detected a mere 15 days after Patch Tuesday.”

Read more »


Hackers Ask 'Will You Be My Valentine?'

There are only five days to Valentine’s Day. Those of you who are shocked by that revelation are prime targets for Valentine’s Day related spam and phishing attacks as hackers hope to catch you with your guard down for this day of romance.

Messages targeting Valentine’s Day are expected to quadruple globally in the coming days – in part because cyber criminals are adept at targeting holidays and current events as bait for attacks. An offer for a dozen roses for $5 might get some traction any time of the year, but with the clock quickly counting down to Valentine’s Day it has much higher odds of duping frantic lovers in search of a last minute gift.

This McAfee chart depicts the rise in messages targeting the word "Valentine".
A blog post from McAfee warns, “Many consumers look for a little romance on Valentine’s Day, whether it is a thoughtful gift, a romantic getaway, or a heartfelt e-card, but if you’re looking for these things online, beware.”

Read more »


'Do Not Track' Tool Promises Page Loads Up to Four Times Faster

Do Not Track” technologies have become an increasingly standard part of the Internet today, offering users a variety of ways to protect their privacy as they surf the Web.

Yet while there are numerous anti-tracking tools out there to help users avoid being tracked--both within the leading browsers and as extra add-ons--many of them are browser-specific, confusing, or just plain difficult to use, according to a Carnegie Mellon University report from last fall.

A free new tool released on Thursday was built specifically to address many of the concerns raised in that study and to go well beyond what standard private browsing modes can do. It's called Do Not Track Plus, and it works seamlessly with Internet Explorer, Firefox, Chrome, and Safari; not only that, but it can increase page load speeds by up to four times, its maker says.

Read more »