Ars Technica - Security

Firefox 3.5.1 released to patch TraceMonkey vulnerability

segphault@arstechnica.com (Ryan Paul) — Mon, 20 Jul 2009 00:35:28 Z

Mozilla has announced the availability of Firefox 3.5.1, the first minor point release in the 3.5 series. The purpose of this release was largely to patch a critical security vulnerability that was found in the browser's new TraceMonkey JavaScript engine.

In a report submitted to Mozilla's bug tracking system on July 9, Firefox user "zbyte" described a bug that causes the browser to crash when text is typed into an input box in the site apport.ru. Firefox developers attempted to isolate the bug and produce a minimal test case that exhibits the crash. They determined that the apport.ru crasher was triggered by a certain usage of JavaScript's "escape" function, which performs string encoding. The underlying problem, however, is a tracing bug.

Click here to read the rest of this article

Microsoft warns of flaw in OWC, Office 2007 unaffected

emil.protalinski@arstechnica.com (Emil Protalinski) — Thu, 16 Jul 2009 18:30:04 Z

Microsoft has posted Security Advisory 9737472 to warn its users that it is responding to a privately reported flaw in Microsoft Office Web Components (OWC) that hackers are actively attempting to exploit. The vulnerability could allow for an attacker to gain the same user rights as the local user. To make matters worse, if the user is using Internet Explorer, code execution is remote and therefore may not require any user intervention. The list of Office software that this affects is as follows: Office XP, Office 2003, Office XP Web Components, Office 2003 Web Components, Internet Security and Acceleration Server 2004, Internet Security and Acceleration Server 2006, and Office Small Business Accounting 2006. The company also noted that it is currently working on a security update for Windows to address the flaw and will release it broadly once it has reached an appropriate level of quality.

Click here to read the rest of this article

12% of e-mail users have actually tried to buy stuff from spam

jacqui@arstechnica.com (Jacqui Cheng) — Wed, 15 Jul 2009 13:30:43 Z

Be honest: have you ever responded to a spam e-mail? Do you know anyone who has? If you're like most of us at Ars, you can't fathom why anyone would respond to most of the messages we get, but a new study released by the Messaging Anti-Abuse Working Group (MAAWG) shows that there are just enough people responding to make spamming worthwhile—especially since most spam these days is sent by botnets.

According to the group's latest report, a disturbing number of e-mail users respond to spam, and not just because they're dumb—some of them did so because they were actually interested in the product or service. Shocking, we know.

Click here to read the rest of this article

Microsoft reveals official names for "Stirling" and "Geneva"

emil.protalinski@arstechnica.com (Emil Protalinski) — Tue, 14 Jul 2009 21:10:00 Z

At this year's Worldwide Partner Conference, Microsoft announced pricing and the naming for its Forefront security solution (codenamed Stirling), the company's next version of a comprehensive protection solution across endpoints and servers. Stirling will be officially known as Forefront Protection Suite (FPS) and will include the products in the current suite, plus the Forefront Protection Manager (formerly known as the Stirling management console) and the Forefront Threat Management Gateway Web Security Service.

Here's how the naming scheme changes:

Click here to read the rest of this article

Ksplice: Update computers without rebooting

segphault@arstechnica.com (Ryan Paul) — Tue, 14 Jul 2009 14:30:00 Z

Every enterprise wants to harden its servers and increase uptime, but security updates often require reboots. Companies that want to please their customers need a better way to apply software updates. One potential solution for Linux servers is Ksplice, which can seamlessly apply live updates while the system is running.

The underlying technology behind Ksplice is highly sophisticated. To generate a live update, it compares compiled object code from before and after a source patch is applied, a technique that the developers refer to as "pre-post differencing." They take advantage of the -ffunction-sections and -fdata-sections options of the C compiler to eliminate some variance between the pre and post object code.

Click here to read the rest of this article

Microsoft Patch Tuesday for July 2009: six bulletins

emil.protalinski@arstechnica.com (Emil Protalinski) — Thu, 09 Jul 2009 20:40:14 Z

According to the Microsoft Security Response Center, Microsoft will issue six Security Bulletins on Tuesday, and it will host a webcast to address customer questions on the bulletin the following day (July 15 at 11:00am PST, if you're interested). Three of the vulnerabilities are rated "Critical," and the other three are marked as "Important." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least three of the six patches will require a restart.

Click here to read the rest of this article

Microsoft warns of Video ActiveX flaw; Vista unaffected

emil.protalinski@arstechnica.com (Emil Protalinski) — Mon, 06 Jul 2009 21:28:11 Z

Microsoft has posted Security Advisory 972890 to warn its users that it is responding to a privately reported vulnerability in the Microsoft Video ActiveX Control that hackers are actively attempting to exploit. The vulnerability could allow for an attacker to gain the same user rights as the local user if the victim is running Windows Server 2003 or Windows XP. The software giant emphasized that Windows 2000, Windows Vista, and Windows Server 2008 are not vulnerable. Furthermore, when using Internet Explorer, code execution is remote and may not require any user intervention. The company also noted that it is currently working on a security update for Windows to address the flaw and will release it broadly once it has reached an appropriate level of quality.

Click here to read the rest of this article

UK ISP drops Phorm behavioral ad tech—for now

jacqui@arstechnica.com (Jacqui Cheng) — Mon, 06 Jul 2009 16:50:08 Z

BT, the UK-based ISP that has been testing the behavioral advertising system Phorm, has announced that it no longer plans to deploy the technology after more than a year of controversy. The company did not offer many details as to why it decided to drop the project except to say that it wanted to rearrange resources "devoted to other opportunities."

The idea behind Phorm was hatched in early 2008 when the company said it had inked deals with a number of large ISPs in the UK to collect clickstream data from users and sell it to advertisers. This would enable advertisers to create highly-targeted ad campaigns based on users' own browsing history. One of the UK's largest ISPs, BT, was Phorm's headliner, conducting secret tests with the technology.

Click here to read the rest of this article

Apple patching critical SMS vulnerability in iPhone OS

chris.foresman@arstechnica.com (Chris Foresman) — Fri, 03 Jul 2009 14:26:19 Z

Security researcher Charlie Miller has revealed that Apple is working on a patch for a security flaw he identified in the iPhone's SMS implementation. The flaw can actually lead to arbitrary code execution, as he explained to Ars last month. Miller hasn't yet detailed the flaw, citing an agreement with Apple, though he and partner Vincenzo Iozzo plan to detail their discovery later this month at the Black Hat Security Conference in Las Vegas.

During a presentation at the SyScan security conference in Singapore, Miller explained that a vulnerability in the iPhone's handling of SMS messages makes it possible to send code instead of strictly text. Despite SMS's 140 byte size limitation, the iPhone can reassemble larger messages that are broken up to fit the limitation, which allows larger programs to be sent. The iPhone can be instructed to execute SMS data as code instead of text, and when it executes the code it does so with root privileges and without any interaction from the user.

Click here to read the rest of this article

Report: botnets sent over 80% of all June spam

jacqui@arstechnica.com (Jacqui Cheng) — Tue, 30 Jun 2009 01:38:00 Z

There's a ton of spam on the Internet—we all are painfully aware of this already. However, what once required an actual person to send is increasingly being taken over by botnets. A new report (PDF) from Symantec's MessageLabs says that more than 80 percent of all spam sent today comes from botnets, despite several recent shut-downs.

According to MessageLabs' June report, spam accounted for 90.4 percent of all e-mail sent in the month of June—this was roughly unchanged since May. Botnets, however, sent about 83.2 percent of that spam, with the largest spam-wielding botnet being Cutwail. Cutwail is described as "one of the largest and most active botnets" and has doubled its size and output per bot since March of this year. As a result, it is now responsible for 45 percent of all spam, with others like Mega-D, Xarvester, Donbot, Grum, and Rustock making up much of the difference.

Click here to read the rest of this article

Internet scareware scammers settle with FTC for $100,000

jacqui@arstechnica.com (Jacqui Cheng) — Fri, 26 Jun 2009 01:37:00 Z

The Federal Trade Commission has settled a case involving two scareware scammers. The settlement will relieve the two defendants of having to fork over almost $1.9 million as part of a judgment made against them, but will still require them to forfeit $116,697 in assets to the FTC.

The two defendants, James Reno and ByteHosting Internet Services, LLC, were based out of Cincinnati when they began their "massive deceptive advertising scheme." The two supposedly conned over a million customers into buying computer security software (such as WinFixer, WinAntivirus, DriveCleaner, XP Antivirus, and more) that ended up falsely claiming that they had found viruses, spyware, and porn on people's machines. The software would then ask for money in order to rid the computers of these fake viruses.

Click here to read the rest of this article

English Microsoft Security Essentials beta filled in <24 hours

emil.protalinski@arstechnica.com (Emil Protalinski) — Wed, 24 Jun 2009 21:20:00 Z

This morning, on the Microsoft Security Essentials (MSE) homepage, a message appeared explaining that the limited beta program has already filled up: "Alert! Thank you for your interest in joining the Microsoft Security Essentials Beta. We are not accepting additional participants at this time. Please check back at later a date for possible additional availability." The MSE beta was released yesterday at around 8am, and less than 24 hours later the English version of the beta was full (MSE was also made available in Brazilian Portuguese). When Ars asked for details, a Microsoft spokesperson explained how quickly the cap was reached:

Click here to read the rest of this article

China not backing off despite filter code post on Wikileaks

jacqui@arstechnica.com (Jacqui Cheng) — Tue, 23 Jun 2009 17:55:00 Z

China is filtering out criticism and diving in headfirst with its plan to roll out controversial filtering software on all PCs sold in China. The Chinese media quoted an unnamed source inside the Ministry of Industry and Information Technology, saying that the software will still come with all computers as of July 1 despite the discovery of massive security holes and vulnerabilities by security researchers.

News came out about China's plan to implement Internet access control software, called the "Green Dam Youth Escort" earlier this month. The Windows-only software provides a mix of features, including whitelists, blacklists, and on-the-fly content-based filtering. The blacklists can be updated remotely, however, making Green Dam quite an attractive option for a government that likes to keep tight control over what kind of content its citizens are exposed to.

Click here to read the rest of this article

Microsoft Security Essentials beta available (Updated)

emil.protalinski@arstechnica.com (Emil Protalinski) — Tue, 23 Jun 2009 15:19:00 Z

Microsoft today released the Microsoft Security Essentials (MSE) beta on microsoft.com/security_essentials (redirects to Microsoft Connect which requires a Windows Live ID). The signing up process for the beta includes a seven-question survey. MSE is the company's free, real-time consumer antimalware solution for fighting viruses, spyware, rootkits, and trojans. The beta is available in English and Brazilian Portuguese for the first 75,000 users, although Microsoft says this is a target number, and it is willing to increase it if necessary. The build number is 1.0.1407.00 (lower than the 1.0.2140.0 leaked build) and it comes in three flavors: for Windows XP 32-bit (7.51MB), for Windows Vista/7 32-bit (4.73MB), and for Windows Vista/7 64-bit (3.73MB). Before downloading, make sure your system satisfies the system requirements:

Click here to read the rest of this article

iPhone OS 3.0 patches 46 known security vulnerabilities

chris.foresman@arstechnica.com (Chris Foresman) — Fri, 19 Jun 2009 15:44:32 Z

Earlier this week we spoke with security researcher Charlie Miller, who plans to detail a possible method that could allow a hacker to remotely execute arbitrary code on an iPhone. He noted that his method would need to be combined with an exploit of a known vulnerability in the iPhone OS to get the code to execute. The good news for iPhone OS 3.0 users is that Apple has addressed 46 potential security vulnerabilities with the 3.0 update.

The majority of fixes involve the iPhone's Web-handling capability—WebKit alone got 21 patches while Mobile Safari specifically got two. Several fixes are designed to eliminate cross-site scripting attacks as well as plug memory issues that could potentially lead to arbitrary code execution. Fixes in XML and XLST handling prevent possible disclosure of private information, and a fix in the way JavaScript functions are assigned random IDs helps prevent tracking a user without using cookies. These fixes are especially important as browsers are the most common attack point for most malware.

Click here to read the rest of this article

Microsoft announces free antivirus, limited public beta

emil.protalinski@arstechnica.com (Emil Protalinski) — Thu, 18 Jun 2009 20:00:00 Z

Microsoft today officially announced Microsoft Security Essentials (MSE), its free, real-time consumer antimalware solution for fighting viruses, spyware, rootkits, and trojans. Currently being tested by Microsoft employees and a select few testers, MSE is Microsoft's latest offering intended to help users fight the threats that plague Windows PCs.

Microsoft notes that the threat ecosystem has expanded to include rogue security software, auto-run malware, fake or pirated software and content, as well as banking malware, and the company is aiming to help the users who are not well protected. A beta of MSE will be available in English and Brazilian Portuguese for public download at microsoft.com/security_essentials on June 23, 2009 for the first 75,000 users. This is a target number, but Microsoft is willing to increase it if necessary.

Click here to read the rest of this article

Leaked: Microsoft Security Essentials (codename Morro)

emil.protalinski@arstechnica.com (Emil Protalinski) — Wed, 17 Jun 2009 15:23:00 Z

Despite Microsoft's best efforts, the company's new antivirus product (codename Morro) has leaked. A leaked pre-beta indicates that the final name is Microsoft Security Essentials (MSE), and it will come with a brand new UI. Currently being tested by Microsoft employees and a select few testers, the free, real-time antimalware consumer solution (for fighting viruses, spyware, rootkits, and trojans) will be released in the second half of 2009.

When the first screenshots were showed off yesterday, it looked like an old build to us—and almost identical to Windows Defender.

Click here to read the rest of this article

Leaked: screenshots of Morro, Microsoft's free antivirus

emil.protalinski@arstechnica.com (Emil Protalinski) — Tue, 16 Jun 2009 18:55:00 Z

Morro is the codename for a free, real-time antimalware solution for consumers to be released in the second half of 2009. It will offer basic features for fighting viruses, spyware, rootkits, and trojans. Microsoft is getting ready to put Morro into testing over the next few weeks, but it appears that certain testers (including Microsoft employees) already have it and are taking it for a spin. Neowin managed to obtain three screenshots (one of which is shown above) of Morro, which has yet to get a final name.

Click here to read the rest of this article

Safari Charlie to reveal unsigned iPhone code exploit

chris.foresman@arstechnica.com (Chris Foresman) — Tue, 16 Jun 2009 16:28:52 Z

Security researcher Charlie Miller and Vincenzo Iozzo, a student at the University of Milan, recently discovered a repeatable method to trick the iPhone's processor to run unsigned code. The pair now plan reveal their work at the Black Hat Security Conference in Las Vegas next month.

There have been very few exploits for the iPhone thus far, since the iPhone's security system generally prevents running arbitrary code. However, Miller and Iozzo discovered a method to enable a working shell, which could let a hacker do virtually anything within the system, including copying private data. Their method, combined with an iPhone OS exploit, has the potential to allow hackers to run virtually any code they want on the device. We talked to Miller to get some more details about how this is possible.

Click here to read the rest of this article

Apple finally issues patch for "critical" Java vulnerability

jacqui@arstechnica.com (Jacqui Cheng) — Mon, 15 Jun 2009 20:59:46 Z

Apple has finally issued a patch for a critical Java vulnerability in Mac OS X that made headlines last month. The update comes as part of Java for Mac OS X 10.5 Update 4, a 158MB download from both Apple's website and Software Update and requires Mac OS X 10.5.7.

According to Apple, the update "delivers improved reliability, security, and compatibility for Java SE 6, J2SE 5.0 and J2SE 1.4.2." This includes one vulnerability related to de-serializing certain Java objects, which could result in arbitrary code running outside of the JVM's sandbox with the same privileges as the current user. It was reported to Sun in August 2008, and in December 2008 Sun disclosed the vulnerability and issued a patch. Despite recent security updates from Apple, however, researchers blasted Apple for not having patched the vulnerability in Mac OS X yet.

Click here to read the rest of this article

IT staff snooping HR and layoff lists, taking data with them

jacqui@arstechnica.com (Jacqui Cheng) — Fri, 12 Jun 2009 17:03:00 Z

It's no secret that the IT staff can see things like your on-the-job porn surfing habits, your e-mail exchanges, and whatever else you're doing on your PC during work hours. But, according to a new report by Cyber-Ark Software, the IT department may be snooping a little deeper than anyone expects. In a recent survey conducted on network admins and other IT staff, more than a third admitted to snooping into HR records, layoff lists, customer databases, and M&A plans.

The company surveyed more than 400 IT administrators during Infosecurity Europe 2009 and RSA USA 2009, and found that 35 percent of workers openly admitted to accessing the aforementioned company data without authorization. Another 74 percent said that they could easily circumvent the security measures in place to protect that kind of information.

Click here to read the rest of this article

Forefront Threat Management Gateway Beta 3 arrives

emil.protalinski@arstechnica.com (Emil Protalinski) — Wed, 10 Jun 2009 22:22:00 Z

Microsoft Forefront Threat Management Gateway (TMG) is a secure Web gateway that helps protect corporate assets and employees from Web threats while also delivering unified perimeter security to protect networks from attack. Beta 3 of Forefront TMG is available for download from the Microsoft Download Center (1062.7 MB) along with the accompanying release notes and deployment guide. This is the last planned beta; the final version is still slated for the first half of 2009.

Click here to read the rest of this article

Microsoft readying details on Morro

emil.protalinski@arstechnica.com (Emil Protalinski) — Wed, 10 Jun 2009 21:39:01 Z

Morro is the codename for a free real-time antimalware solution for consumers to be released in the second half of 2009. It will offer basic features for fighting viruses, spyware, rootkits, and trojans. I'm very interested in checking out Morro, if only because I see it as something like the free Windows Defender with a much wider scope. Microsoft has kept pretty quiet on Morro, but it appears that the software giant is getting ready to lift up the curtain. According to Reuters report, Morro will soon be going into test mode:

Click here to read the rest of this article

Microsoft Patch Tuesday for June 2009: 10 bulletins

emil.protalinski@arstechnica.com (Emil Protalinski) — Thu, 04 Jun 2009 18:23:00 Z

According to the Microsoft Security Response Center, Microsoft will issue 10 Security Bulletins on Tuesday, and it will host a webcast to address customer questions on the bulletin the following day (June 10 at 11:00am PST, if you're interested). Six of the vulnerabilities are rated "Critical," three are marked as "Important," and the last one is considered "Moderate." All of the Critical vulnerabilities earned their rating through a remote code execution impact, meaning a hacker could potentially gain control of an infected machine. At least seven of the 10 patches will require a restart.

Click here to read the rest of this article

AV-Comparatives May 2009 report: three winners

emil.protalinski@arstechnica.com (Emil Protalinski) — Mon, 01 Jun 2009 20:51:00 Z

AV-Comparatives is known for the thorough tests it does on security software. Following its February 2009 on-demand report, the company has released its May 2009 retrospective/proactive test. It is the second part of the previous report: the same 16 products (Command Anti-Malware was excluded), last updated on February 9, were set on the same highest detection settings. New samples from a week after the update were used in the test that looked at proactive detection capabilities. The detection rates (in percentage points) for the new malware were put into the following graph below:

Click here to read the rest of this article

Microsoft warns of DirectX flaw; Vista users unaffected

emil.protalinski@arstechnica.com (Emil Protalinski) — Fri, 29 May 2009 20:05:00 Z

Microsoft has posted Security Advisory 971778 to warn its users that it is investigating public reports of a new vulnerability in Microsoft DirectX (versions 7.0 through 9.0) that hackers are actively exploiting. The vulnerability could allow for remote code execution if a user running Windows 2000, Windows XP, or Windows Server 2003 opens a specially crafted QuickTime media file. The software giant emphasized that all versions of Windows Vista and Windows Server 2008 are not vulnerable. The company also notes that the investigation is ongoing and that it will either provide a security update on Patch Tuesday or issue an out-of-cycle security update if needed.

Click here to read the rest of this article

Report: spam-wielding botnets are working 9 to 5

jacqui@arstechnica.com (Jacqui Cheng) — Wed, 27 May 2009 19:33:00 Z

Spam levels have risen over the past month to more than 90 percent of all corporate e-mail, according to Symantec’s May 2009 MessageLabs Intelligence Report (PDF). The latest report effectively communicates the concept of "spam, boy there sure is a lot of it," but goes into detail about the latest trends in spamming activity like botnet activity and the use of social networks.

In May, spam rose by 5.1 percent over April, with 57.6 of it coming from known botnets. One particular botnet called Donbot was named as the most active, and is responsible for 18.2 percent of all spam. Symantec wrote that much of the remainder (42.4 percent) of spam originated out of smaller or unclassified botnets.

Click here to read the rest of this article

Microsoft cleans password stealer tools from 859,842 PCs

emil.protalinski@arstechnica.com (Emil Protalinski) — Thu, 21 May 2009 20:03:00 Z

The Malicious Software Removal Tool (MSRT) is a small program Microsoft pushes out to computers on Patch Tuesday to clean out a list of malware. Each month, the company adds removal information for more threats. On this month's Patch Tuesday, Microsoft added scans for the malware family Win32/Winwebsec, which the company ranked at #17 after finding 34,792 infected machines.

Click here to read the rest of this article

Apple has yet to patch "critical" Java vulnerability

chris.foresman@arstechnica.com (Chris Foresman) — Wed, 20 May 2009 16:05:00 Z

Mac OS X contains a serious security vulnerability in its implementation of Java, according to several security experts. The vulnerability remains in the software even after Sun had disclosed and patched the problem and Apple had been notified of the issue by at least one security researcher.

A vulnerability related to de-serializing certain Java objects can result in arbitrary code running outside of the JVM's sandbox with the same privileges as the current user. It was reported to Sun in August 2008, and in December 2008, Sun disclosed the vulnerability and issued a patch. Despite recent security updates from Apple, researches say this "critical" vulnerability still exists in Mac OS X.

Click here to read the rest of this article

Microsoft warns of security flaw in IIS

emil.protalinski@arstechnica.com (Emil Protalinski) — Wed, 20 May 2009 13:45:00 Z

Microsoft yesterday posted Security Advisory 971492, which contains information regarding a vulnerability in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0. Microsoft describes the vulnerability as follows: "An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication."

Microsoft says it will continue to monitor the situation and will either post a patch on Patch Tuesday or will release an out-of-cycle security update. Currently, the software giant notes it is not aware of attacks that attempt to use this vulnerability. The good news is that the vulnerability can only be exploited under very specific circumstances, according to Microsoft:

Click here to read the rest of this article

Password reminders: hard to remember, but easy to hack

jtimmer@arstechnica.com (John Timmer) — Wed, 20 May 2009 02:59:00 Z

Forgetting which password you used for a rarely used shopping site can be a pain, one that's often made worse by the fallback authentication method. If you're like me, you're often stumped by which of your past pets you considered your favorite two years ago, or whether you put a "the" in front of your favorite sports franchise when first registering. Those sorts of failures should be worth it, since they add an extra layer of security to the password recovery process.

Except they don't.

Click here to read the rest of this article

Google result-manipulating Gumblar exploit picking up steam

jacqui@arstechnica.com (Jacqui Cheng) — Tue, 19 May 2009 17:16:00 Z

Security researchers are stepping up their warnings about the Gumblar malware exploit as it continues to hijack webpages and manipulate Google results. Gumblar recently got the attention of the United States Computer Emergency Readiness Team (US-CERT), which noted on its website that Gumblar is alive and well and continues to circulate by hijacking vulnerable Web applications, poor configuration settings, or simply by stealing FTP credentials.

Experts who have been tracking Gumblar since March say that the malware directly manipulates files on Web servers after getting access to them. From there, the attack changes the files to inject scripts and distribute more malicious code out of gumblar.cn or from other, varying IP addresses. The code appears to target sites that show up in Google searches, according to the ScanSafe STAT Blog, and although Google began delisting compromised websites months ago, the code keeps changing, keeping Google on its toes.

Click here to read the rest of this article

Hackers crack flight sim community site, ruin it for everyone

chris.foresman@arstechnica.com (Chris Foresman) — Sun, 17 May 2009 20:00:00 Z

A website for flight simulator enthusiasts, originally launched in 1996, has been essentially "destroyed" by the shenanigans of hackers. Avsim had become an important resource for flight sim users over the last 13 years, but the site has been completely shut down after hackers essentially took down both the site's servers.

"The method of the hack makes recovery difficult, if not impossible," the site's founder, Tom Allensworth, said in a statement. "AVSIM is totally offline at this time and we expect to be so for some time to come. We are not able to predict when we will be back online, if we can come back at all."

Click here to read the rest of this article

Analyst: cyberwarfare arms race with China imminent

segphault@arstechnica.com (Ryan Paul) — Thu, 14 May 2009 19:35:00 Z

A congressional commission that reviews economic and security relations between the United States and China held a hearing last month on Chinese intelligence activities that impact national security. During this hearing, security expert Kevin G. Coleman of the Technolytics Institute think tank gave a presentation (PDF) on Chinese cyber-espionage efforts.

He warned that the United States is falling behind in technological defense capabilities and is largely unprepared for what he characterizes as the start of a cyber-warfare arms race. Coleman attempts to describe the threat posed by China's cybersecurity build-up, but how much of it is a sham? Some of his facts are misleading.

Click here to read the rest of this article

Apple hires former OLPC security head to harden Mac OS X

chris.foresman@arstechnica.com (Chris Foresman) — Thu, 14 May 2009 17:07:37 Z

Despite its assertion that Macs don't suffer from the viruses and malware that Windows does in a number of its "Get a Mac" ads, Apple has been criticized for not taking security seriously enough. This is particularly because Leopard does not implement (or implement fully) the same security measures as Windows Vista. Lest you think Apple is hoping that its relatively small market share will keep it safe forever, though, the company has hired former director of security architecture at One Laptop per Child, Ivan Krstić, to handle core security for its operating systems.

Krstić, who is an unabashed devotee of Linux and Python, created the Bitfrost security platform for the OLPC project. The system works by effectively running each application in its own sandboxed virtual machine. Each VM is equipped only with the hardware and network access approved either by a central authority server (such as in a school) or expressly permitted by the user. The system also includes an anti-theft mechanism that prevents a laptop from working once it has been reported stolen or otherwise can't check in with a central "leasing" server.

Click here to read the rest of this article