LinuxSecurity.com

LinuxSecurity.com: A hacker released the source code for antivirus firm Symantec's pcAnywhere utility on Tuesday, raising fears that others could find security holes in the product and attempt takeovers of customer computers.

LinuxSecurity.com: Digital Certificate Authority (CA) Trustwave revealed that it has issued a digital certificate that enabled an unnamed private company to spy on SSL-protected connections within its corporate network, an action that prompted the Mozilla community to debate whether the CA's root certificate should be removed from Firefox.

LinuxSecurity.com: From the start, Google's Safe Browsing API was designed to spot malicious web pages so users wouldn't get trapped in them. Google identifies these sites through its own algorithms and user notification.

LinuxSecurity.com: In a story published yesterday your humble Reg writer wrongly confused Mozilla's Telemetry project with the open-source outfit's so-called Metrics Data Ping proposal. Mozilla has been in touch to clear things up.

LinuxSecurity.com: In the network security world, nmap is the king for fingerprinting systems and services over the network. It can help identify the operating system (OS), type, and version of a network service, and vulnerabilities that might be present.

LinuxSecurity.com: Every day, we hear another story about a company whose sensitive data has been breached. Press releases, tweets, customer support email, and followup articles all provide insight into the kind of information that's been compromised, the company's plans to investigate, and how affected parties can protect themselves.

LinuxSecurity.com: A key part of any information security strategy is disposing of data once it's no longer needed. Failure to do so can lead to serious breaches of data-protection and privacy policies, compliance problems and added costs.

LinuxSecurity.com: As part of a sting operation, Symantec told a hacker group that it would pay $50,000 to keep the source code for some of the its flagship security products off the Internet, the company confirmed to CNET this evening.

LinuxSecurity.com: One of the more widespread malware efforts over the past few years was the DNSChanger scam, which installed a Trojan horse that would change the DNS server settings on affected computers to divert traffic to rogue servers.

LinuxSecurity.com: One of the principle maintainers of the Linux kernel, Greg Kroah-Hartman, has joined the Linux Foundation as a fellow, the same position held by Linux creator Linus Torvalds, the foundation announced. Kroah-Hartman previously worked at Suse Linux, also as a fellow.

LinuxSecurity.com: The PHP developers are working to fix a critical security vulnerability in PHP that they introduced with a recent security patch. The current stable release is affected; however, it is not yet clear whether the questionable patch was also applied to older versions.

LinuxSecurity.com: Mozilla has released the latest version of its browser, Firefox 10, with fixes for nine security flaws, including five critical vulnerabilities.

LinuxSecurity.com: In a world that is constantly connected, it seems these days you are never alone, whether you know it or not. "People are online around the clock," said computer expert Jake DeWoskin. DeWoskin is with the Twin Cities business consulting firm KDV.

LinuxSecurity.com: A member of the computer hacking group Anonymous has hacked into a telephone conference between the FBI and Scotland Yard and posted it on the internet.

LinuxSecurity.com: Several successful hacks of VeriSign's network, in 2010, might have compromised critical information relating to the Internet's domain name system (DNS).

LinuxSecurity.com: Following a joint operation by Microsoft and Kaspersky Lab last September to disrupt Kelihos, the botnet is now said to be making a comeback and using new techniques. According to a report on Securelist, which is run by Kaspersky Lab, new samples of the Kelihos botnet have been discovered that appear to be "very similar to the initial version".

LinuxSecurity.com: It's been known for some time that there are security issues associated with the increasing use of RFID tags in credit cards, but this past weekend afforded a fresh demonstration of just how easy it is for hackers to take advantage of them.

LinuxSecurity.com: On the night of Monday, January 23, the hacktivist group UGNazi hijacked Coach.com, the Internet domain name of luxury goods manufacturer Coach. For several hours, fashionistas who wanted to ogle Coach's new Willis handbag on Coach.com or get a deal on its Penelope shoulder bag at Coachfactory.com were redirected to UGNazi's cryptic website.

LinuxSecurity.com: I am honoured to have been invited back to present at the prestigious e-Crime Congress to be held in London, March this year. However it caused a flash-back to the last occasion I presented at Congress in 2009, when things seemed to be very different.