Wednesday, April 29, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

ComputerWorldIndependent
admin

IDG Contributor Network: These are the threats that keep me awake at night

We have fortunately reached the date on the calendar when the myriad of articles predicting hot information security issues for 2017 have begun to wind down. I say fortunately, because I personally have never found much use for them.

In many cases, they predict things that are readily obvious — for example, ransomware will be a greater issue in 2017. I can all but guarantee that this prediction will come true, as can almost anyone in the industry. Since ransomware built momentum in the fourth quarter, it is unlikely to dissipate in 2017, despite California making it illegal

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

5 things DevOps must do to secure containers

Can’t we all get along
secure containers

Image by Pixabay

Do deepening adoption and broader deployment of container technologies (from the likes of Docker, CoreOS and others) threaten to escalate into the latest skirmish between operations, developers and information security? Certainly, the potential exists to widen the rift, but in fact there is far more common ground than would initially suggest. Containerization introduces new infrastructure that operates dynamically and is open in nature, with more potential for cross-container activity. Containerization presents an almost unprecedented opportunity to embed security into the software delivery pipeline – rather than graft on security checks, container monitoring and policy for access controls as an afterthought.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

WhatsApp reduces spam, despite end-to-end encryption

Can a spam filter work even without reading the content of your messages?

WhatsApp thinks so. Since last April, the messenger app has been successfully fighting spam abuse, even as it’s been using end-to-end encryption.

That encryption means that no one — not even WhatsApp — can read the content of your messages, except for the recipient.

More privacy, however, can raise issues about spam detection. If WhatsApp can’t scan your messages for suspicious content, say for advertisements peddling cheap Viagra, then how can it effectively filter them out?

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

In treason case, Russia alleges security experts aided U.S.

Two officers of the Russian Federal Security Service (FSB) and a cybercrime investigator from Kaspersky Lab have reportedly been charged with treason for helping U.S. intelligence services.

The arrests of Ruslan Stoyanov, the head of the computer incidents investigation team at Kaspersky, and Sergei Mikhailov, the deputy head of the Information Security Center at the FSB, happened in early December and were reported in the Russian media last week.

Since then, the arrest of a third FSB officer named Dmitry Dokuchayev, who also worked for the agency’s Information Security Center, came to light, and the investigation is said to have targeted even more people.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Cybersecurity and freedom of speech under President Trump

While President Donald Trump decided not to sign an executive order on cybersecurity (pdf), which would have required a review of the nation’s cyber vulnerabilities to be done in a mere 60 days, he told reporters, “I will hold my cabinet secretaries and agency heads accountable, totally accountable for the cybersecurity of their organization.”

8 months later, vulnerable Pentagon servers still not patched

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Mobile security firm offers cash to hackers for their old exploits

Mobile security firm Zimperium has launched an exploit acquisition program that aims to bring undisclosed attack code for already patched vulnerabilities out in the open.

Paying for old exploits might seem like a waste of money, but there are technical and business arguments to justify such an acquisition system and they ultimately have to do with the difference between exploits and vulnerabilities.

A vulnerability is a software defect with potential security implications, while an exploit is the actual code that takes advantage of that bug to achieve a specific malicious goal, often by bypassing other security barriers along the way.

In practice, many vulnerabilities that get reported to vendors are not accompanied by working exploits. Showing that a programming error can lead to memory corruption is typically enough for the vendor to understand its potential implications — for example, arbitrary code execution.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

How to make PC security alerts better? Make them twirl, jiggle

Have you ever ignored a security alert on your PC? You’re not the only one.

The warnings are designed to save us from malware infections and hacking risks, but often we’ll neglect them. It could be because we’re too busy or we’ve seen them too many times, and we’ve become conditioned to dismiss them — even the most serious ones, according to Anthony Vance, a professor at Brigham Young University.

Vance has been studying the problem and he’s found that introducing certain small but noticeable changes can make the alerts more useful — and harder to ignore.  

“Our security UI (user interface) needs to be designed to be compatible with the way our brains work,” he said at the USENIX Enigma 2017 conference on Tuesday. “Not against it.”

To read this article in full or to leave a comment, please click here

Read More