Despite warnings from security software maker Symantec not to connect its pcAnywhere remote-access software to the Internet, more than 140,000 computers appear to remain configured to allow direct connections from the Internet, thereby putting them at risk.
Stories by Robert Lemos
In August 2010, hackers bent on jailbreaking Android smartphones found a vulnerability in the way the Android debugger handled an overwhelming number of processes. The code designed to exploit the flaw, dubbed RageAgainstTheCage, allowed users to reflash their smartphone and install custom firmware.
In June 2007, Apple released the iPhone, and the device quickly took off to become a major brand in the smartphone market. Yet when the iPhone shipped, security on the mobile operating system was nearly nonexistent. Missing from the initial iOS (then called iPhone OS) were many of the security features that modern-day desktop software has as a matter of course, such as data-execution protection (DEP) and address-space layout randomization (ASLR). Apple's cachet lured security researchers to test the platform, and in less than a month, a trio had released details on the first vulnerability: an exploitable flaw in the mobile Safari browser.
The source code and a manual to the popular crimeware creation kit Zeus has been leaked, perhaps giving defenders additional tools to fight infections but also raising concerns that criminals may use the source code to create a rapidly expanding compendium of variants.
Companies that move to the cloud have a whole host of decisions, one of the first being whether to develop their own software on top of a cloud infrastructure or to attempt to customize an existing cloud service.
On Superbowl Sunday, HBGary CTO Greg Hoglund found himself locked out of his own e-mail account. As has since been widely reported in the media, the hacking group Anonymous leaked thousands of e-mail messages from the accounts of Hoglund and HBGary Federal's CEO Aaron Barr, chastising the company in a public statement.
Security company RSA's revelation that its network had been breached and information relating to its SecurID one-time password technology stolen has left customers and industry experts with more questions than answers.
The malicious code that led Google to remove more than 50 Trojan applications from the Android Marketplace appears to mainly be a "dropper" -- a program designed to load other code to further compromise the affected smartphone, according to a security firm's analysis.
When Biogen Idec considered a move to the cloud, cost savings was not the primary concern. For a biotechnology company that lives and dies by its research division, the ability to quickly spin up computer resources for its scientists was far more important.
An old standby of cyber criminals -- the denial-of-service attack -- has become a new worry for data center operators.
Criminals intent on attacking others can lease networks of compromised computers, or botnets, from other criminals serving the underground community. These resources could be considered "clouds" in their own right, but researchers warn that operators of legitimate clouds need to worry about being used for illicit attacks as well.
In the past, companies built data centers like parents buy clothes for their children: Buy big and wait for the kids to grow into them.
Driven to austerity in an economy that only recently appears ready to expand again, companies will likely hire slightly more data center workers this year, according to experts.
While some large enterprises have moved their information-technology infrastructure to a third-party managed service to save costs, small firms--especially startups--have come to rely on cloud services to cut initial outlays and help them focus on the core services and products.
When Australian firm WesTrac needed to expand its data center capacity quickly, the company bought the equivalent of a Band-Aid for its server needs: A containerized data center.