Brian Prince

Hewlett-Packard (HP) released a patch Dec. 20 to cover a remote code execution vulnerability in its StorageWorks Storage Mirroring software. The software is used to provide host-based replication and failover. Details on the exact cause of the vulnerability were not available. According to an advisory from VUPEN Security, which rated the vulnerability “critical,” the issue […]

Holiday spam just isn’t what it used to be. According to security vendors, the amount of Christmas-related spam has dwindled significantly for 2010. While the end of the year has traditionally been a time for an upsurge in Christmas holiday spam, it now accounts for less than 1 percent of all the spam making the […]

The onset of the new year will bring with it new compliance regulations. The updated version of the Payment Card Industry Data Security Standard (PCI DSS) will go into effect Jan. 1. Though companies technically have until 2012 to implement any changes-validation against the previous version of the standard will be allowed until Dec. 31, […]

Facebook has updated its bug disclosure policy in a bid to get more researchers to come forward with security vulnerabilities. Facebook has long encouraged researchers to let the company know about security issues they uncover and give the social networking giant time to address them before going public. However, due to its wording, there was […]

Gawker Media has implemented a number of changes to tighten security, according to a staff memo posted online on a Poynter Institute blog. The changes follow a recent hack that compromised user passwords and corporate communications. Gawker did not respond to a request for comment on the memo, but in the message, Gawker CTO Tom […]

It was a busy week in IT security, starting with news that Gawker Media had been compromised. The hack on Gawker Media’s servers exposed e-mail addresses and passwords belonging to users of Gawker Media Websites, including Lifehacker, Gizmodo, Deadspin, and obviously Gawker.com itself. The incident highlighted issues of password security, as many people who used […]

Compromises can happen quickly – a fact the folks at Sentrigo were recently reminded of when attackers came knocking on their digital door. On Dec. 1, the company deployed an instance of the Oracle database running on Amazon EC2. Six days later, it was pwned. Fortunately, no production data was in it – just testing […]

Google has added extra notification to search results to alert users when they are in danger of traveling to a compromised site. When Google believes a site has been hacked, a sentence will appear under the search result stating, “This site may be compromised.” Google provides a similar warning to steer users away from sites […]

The National Security Agency appears to be taking some old advice to heart-assume your organization will be compromised. Debora Plunkett, head of the NSA’s Information Assurance Directorate, said as much Dec. 16 at a cyber-security forum sponsored by the Atlantic and Government Executive media organization. “We have to build our systems on the assumption that […]

Protecting PCs doesn’t stop when they are still being used by employees; it continues to the very end of a machine’s life-the day when it heads to the dump. This was underscored recently by a NASA audit that revealed a number of security failures connected to machines slated for disposal. At NASA’s Ames Research Center […]