Brian Prince

A recent audit from the office of the U.S. Department of Energy’s Inspector General painted a not-so-rosy picture of efforts to secure the nation’s power grid. But it also highlighted something of a conundrum in the world of compliance-how to take a truly risk-based approach when organizations have an incentive to underreport risk. Inside the […]

Microsoft is contending the botnet other researchers have tied to the theft of FTP server credentials is not Waledac but a close relative. Microsoft is calling the botnet Kelihos. According to the company, the botnet shares large portions of its code with Waledac, and may be the result of collaboration. “Microsoft researchers and security community […]

Hacktivists in the loosely affiliated group “Anonymous” painted a bull’s eye this week on Websites belonging to the governments of Yemen and Egypt. Members of the group launched DDoS (distributed denial of service) attacks against a number of sites, including the Egyptian Ministry of Communications and Information Technology and the country’s Ministry of Interior. “Welcome […]

The annual Pwn2Own contest always claims a number of victims, from the Apple iPhone to Microsoft Internet Explorer. But Google, whose Chrome browser emerged untargeted and unscathed last year, is feeling confident. How else to explain their decision to offer a $20,000 reward for the researcher who can exploit the Chrome browser? “Kudos to the […]

Mozilla is taking a more proactive approach to secure its applications against attacks. The company is calling this approach “attack aware.” The idea, explained Mozilla Web security specialist Michael Coates, is to make applications able to identify unusual actions by the user that are deliberate attacks on applications. The goal is to detect attempts to […]

Microsoft may have started 2011 slowly in regards to Patch Tuesday fixes, but this month will be the exact opposite. Next week, Microsoft plans to release 12 security bulletins, including three that are rated “Critical.” All totaled, the bulletins will address 22 vulnerabilities spanning Windows, Internet Explorer, Microsoft Office, Visual Studio and IIS. “As part […]

A pair of researchers from the Indiana University uncovered a vulnerability in Facebook that allowed attackers to get their hands on user data. Students Rui Wang and Zhou Li found a flaw in the Facebook platform code that enables a malicious site to impersonate other Websites and obtain the same access permissions those sites receive. […]

Spammers have control of thousands of IP addresses assigned to the wife of Egyptian President Hosni Mubarak and the science center that bears her name. According to the Spamhaus Project, spammers hijacked IP addresses assigned to Suzanne Mubarak and the Suzanne Mubarak Science Exploration Center. The move is typical of spammers trying to get their […]

Last year, Microsoft made a splash when it led a legal charge against Waledac’s operators and gained control of 276 domains belonging to the botnet. But Waledac does not die easily, something underscored recently by researchers at The Last Line of Defense, which uncovered a trove of nearly 124,000 FTP credentials stolen by the botnet. […]

Federal authorities unsealed an indictment Feb. 1 in Detroit accusing stock broker Gregg M. Berger of New York of running a multimillion-dollar “pump-and-dump” scam for more than two years. The superseding indictment accuses Berger, 47, of conspiring with Alan Ralsky, Francis Tribble, How Wai John Hui, Scott Bradley and others to carry out the scheme […]