The latest best practices and technologies for securing endpoints.
In the modern world of web development, there are a set of new and emerging specifications sometimes grouped under the moniker HTML5. One of those specifications is the WebSocket API, which enables two-way communications. WebSockets offer the promise of faster communications than traditional TCP — but according to a pair of security researchers, there is…
LAS VEGAS. For the last decade, Apache web server users have been able to benefit from the open source ModSecurity Web Application Firewall (WAF). At the Black Hat security conference this week, ModSecurity developers will for the first time make their WAF available for the Microsoft IIS web server as well as the nginx open…
What happens to the confidential data on hard drives and other storage media in your organization when you replace them? It’s a vital question to ask – because unless the data is completely erased, there’s a good chance that it could come back to haunt you. As a quick Google search will confirm, there’s no…
McAfee’s Endpoint Protection Suite (EPS) relies on standard anti-virus technologies to protect Windows-based desktops, laptops, and servers. It is aimed at small to mid-sized and larger enterprises with between 100 and 1000 users, but can be used in even smaller organizations or scale to many thousands of users. Signature-based virus protection is an area in…
Like most of the network protocols and systems in widespread use today, the Domain Name System (DNS) harbors significant security vulnerabilities. Though DNS provides a deceptively simple service — translating human-friendly website addresses such as http://www.cnn.com into computer-friendly numerical IP addresses such as http://157.166.255.19 — the system’s integrity is a crucial cornerstone of Internet operations…
Speaking at the RSA Conference in San Francisco yesterday, researchers at Accuvant Labs presented the results of a three-month security evaluation of Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer. The goal of the study was to determine which browser is the most secure against attack — an important consideration, given that browsers continue to…
Computer forensics firm Passware has released software capable of circumventing Apple’s FileVault disk encryption in under an hour. “Technology from Passware is reportedly capable of capturing the content of a Mac machine’s memory, via Firewire interfaces, before extracting encryption keys,” writes The Register’s John Leyden. “Passware’s software previously included the ability to extract Mac passwords…
Hackers have successfully deployed the Kindle Fire’s Silk browser on other Android devices. “The hack requires a rooted device, and some mucking about with apk files, but does share the Silk love,” writes The Register’s Bill Ray. “XDA-Developers member TyHi initially hacked the Silk browser into the popular CyanogenMod Android distribution, but others have tested…
A study [PDF file] conducted by Accuvant on behalf of Google has determined that Google Chrome is the most secure browser, thanks to its sandboxing tech. “The evaluation was based on the premise that anti-exploitation technology, such as sandboxing, reduces the vulnerability of a browser to a single exploit or an entire class of exploits,”…
MoboTap, which makes the Dolphin Browser for iOS and Android, has acknowledged that the newest version of the Android app transmits the address of every Web site a user visits back to the company’s servers. “The privacy and security implications arise when a user connects to a secure Web site (usually shown by ‘https://’ and…