.
Anatol Hug (1), Andreas Hirstein (5), ANW (1), Brian Krebs (7), Brian Proffitt (1), Bruce Schneier (3), Business Technology (1), C. Walsh (1), CHS (1), Dan Goodin (2), Dan Raywood (2), Daniel Bachfeld (4), djwm (1), Franziska Schmid (1), Gregg Keiser (2), Gunter Ollmann (3), Jacqui Cheng (1), Jeremy Kirk (3), Joel Hruska (1), John Leyden (4), John P. Mello (1), John Suffolk (1), John Timmer (1), Jürg Müller (1), Jürgen Schmidt (1), Lucian Constantin (1), Lukas Mäder (1), Manfred Kloiber (1), Mark Long (1), Mathias Röckel (1), Maurizio Minetti (1), Michael Winter (1), Peter Rüegg (1), Robert Lemos (4), Robert Vamosi (2), Samuel Schläfli (1), Scott Orgera (1), Steve Ragan (3), Thomas Claburn (1), Thomas Dubendorfer (1), Timothy (1), Will Knight (1), Zonk (1)
Wegen der rasenden Geschwindigkeit der Digitalisierung sind sichere IT-Systeme eine Illusion. Wirtschaft und Politik sollten weniger den perfekten Schutz anstreben, als die Handhabung von Gefahren verbessern.
Es gibt verschiedene Arten von Programmen, welche Softwareschwachstellen („Bug Bounty Program“) aufkaufen. Zwei bekannte Anbieter von Sicherheitssoftware und Diensten betreiben seit zehn Jahren Aufkaufprogramme.
Frei proposes creating a multi-tiered, “international vulnerability purchase program” (IVPP), in which the major software vendors would be induced to purchase all of the available and known vulnerabilities at prices well above what even the black market is willing to pay for them
An interesting research paper documents a "honeymoon effect" when it comes to software and vulnerabilities: attackers are more likely to find vulnerabilities in older and more familiar code. It's a few years old, but I haven't seen it before now. The paper is by Sandy Clark, Stefan Frei, Matt Blaze, and Jonathan Smith: "Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities”.
Frei also took stock of the software vulnerabilities collected by these two companies, and found that between 2010 and 2012, the ZDI and VCP programs together published 1,026 flaws, of which 425 (44 percent) targeted flaws in Microsoft, Apple, Oracle, Sun and Adobe products. The average time from purchase to publication was 187 days.
Security exploits don't have expiration dates - why you can't count on a multi-vendor, multi-layer "kill chain" to protect your company
In a presentation to the RSA Conference, Dr Stefan Frei, the Research Analyst Director at Secunia, a Danish computer security service provider, articulated how the threat environment is changing from script-kiddies undertaking hacking for curiosity to experts developing a means for others to implement for personal gain.
Security firm Secunia finds that the most popular three-dozen programs account for 80 percent of vulnerabilities. Better patching could help security, but not everyone agrees.
Wovor Sicherheitsexperten seit Jahren warnen, das ist nun eingetreten: Erstmals ist ein Computerschädling aufgetaucht, der digitale Steuerungen von Industrieanlagen angreift.
«Kassensturz» zeigt, wie leicht es ist, gestohlene Kreditkarten-Daten im Internet zu kaufen und mit ihnen teure Waren zu bestellen. Sicherheitsexperte Stefan Frei von der ETH Zürich erklärt, dass Hacker heute nicht mehr über viel Computerwissen verfügen müssen, um solche Schadprogramme zu erstellen, und zeigt in einer live Demo wie das geht.
The Swiss Institute of Technology, Google and IBM conducted the study and found 600 million users had not updated their browsers. "Failure to apply patches promptly or missing them entirely is a recipe for disaster," the report said.
A study by the Swiss Federal Institute of Technology, Google and IBM found more than 600 million outdated Internet browsers were at risk this year, with plug-ins adding to the problem. The study praised the auto-update mechanism in Firefox for both the browser and its plug-ins, and said Firefox updates are more frequent than for Internet Explorer.
Firefox users were far and away the most likely to use the latest version, with an overwhelming 83.3 percent running an updated browser on any given day
Regelmässig wird über Sicherheitslücken in Internetbrowsern berichtet. Dennoch dauert es immer noch zu lange, bis die Mängel beseitigt werden. Viele Hacker nutzen indes die Zeit, um die publizierten Schwächen zu nutzen.
The security researchers reckon browser makers could improve internet security by taking a leaf from the book of food manufactures and applying a "best before" date to browser and plug-in software. The theory is that a built-in expiry date would ensure that more users update in a timely fashion.
Updated your Web browser lately? Ever? If not, you and 637 million other Net surfers with outdated, insecure browsers are inviting criminal hackers into your computer, researchers warn.
Using data collected by Google from January 2007 to June 2008, the researchers compared the major and minor version numbers of the browsers used by visitors with the most up-to-date version of their software at that time.
A comprehensive new study of online surfing habits released today found that only 60 percent of the planet's Internet users surf the Web with the latest, most-secure versions of their preferred Web browsers
Weltweit benutzen mehr als 600 Millionen Internetuser zum Surfen nicht die sicherste Version ihres Webbrowsers. Im Bestreben um mehr Sicherheit im Internet empfiehlt nun eine Studie der ETH Zürich, ein «Verfallsdatum» für Webbrowser einzuführen und dieses deutlich sichtbar auf der Benutzeroberfläche zu placieren.
.