Posted 11/06/09 at 08:02:36 AM by Paul Lilly

As part of a restructuring effort, Blue Coat Systems said it plans to slash nearly 20 percent of its workforce. The firm will issue about 280 layoffs in all and close its facilities in Riga, Latvia, South Plainfield, New Jersey, and Zoelemeer, Netherlands.

At the same time, Blue Coat announced plans to acquire S7 Software, a services company out of Banglaore, for $5.25 million in cash. The acquisition will also add 65 employees to Blue Coat's workforce.

"The combination of the restructuring program and the acquisition of S7 Software strikes an appropriate balance between profitability and investment for innovation," said Gordon Brooks, senior vice president and chief financial officer. "Together these actions will allow us to invest for future growth while aligning the Company’s cost structure to its current revenue level, which should drive higher and more consistent levels of profitability."

In addition to the layoffs, Blue Coat will relocate an undisclosed number of engineering jobs from its Sunnyvale, California, and Austin, Texas offices to S7's offices in Bangalore and a few other locations. After factoring in S7's employees and a few new hires, Blue Coat's workforce reduction will be closer to 10 percent.

Read More

Posted 11/06/09 at 08:02:23 AM by Paul Lilly

Microsoft's security team is having a busy month when that traditionally hasn't been the case in November. As such, IT departments need to prepare for six security updates next week to fix flaws in both Windows and Office.

"Six is the lucky number this month," said Andrew Storms, director of security operations at nCircle Network Security. "Really, anything less than 13 is a lucky number."

That's only half as many that were issued last month, which set the record for the most updates ever since Microsoft starting shipping the monthly patches six years ago. But next week's updates, which will patch 15 separate vulnerabilities, also sets a record for November, a month that's traditionally been pretty low-key.

On the bright side, none of next Tuesday's updates affect Microsoft's recently released Windows 7 operating system.

Read More

Posted 11/05/09 at 06:19:45 PM by Ryan Whitwam

Security firm Sophos recently took it upon itself to run some tests on Windows 7 sans anti-virus software. Sophos used ten unique viruses found in circulation and attempted to infect Windows 7. While many may have thought this would be a foregone conclusion, they wanted to make a point. Microsoft claims that User Account Control (UAC) is more secure in Windows 7. Does it actually make a difference?

Sure enough, eight out of ten viruses ran without problem on a stock install of Windows 7 without User Account Control. With UAC active, an additional threat was actually blocked, and the other two still failed to run. Overall, UAC didn’t make much difference in virus protection. So yes, you still need to run an anti-virus on Windows 7. There’s been a lot of positive buzz around Redmond’s new release, just don’t let that stuff go to your head. 

Read More

Posted 11/04/09 at 09:02:40 AM by Paul Lilly

There's a lot you can do with a jailbroken iPhone, and apparently, there's a lot others can do with your hacked smartphone as well. A hacker from the Netherlands made it his mission to alert modified iPhone owners via SMS that their security wasn't up to snuff.

The SMS contained a link to http://doiop.com/Hacked, which has since been eradicated from the Web. But before it was taken down, the site asked victims to send 5 euros (about $7.56 USD) to a Paypal account and then sit tight for email instructions on how to secure the hacked phone.

"If you don't pay, it's fine by me," the hacker's page said. "But remember, the way I got access to your iPhone can be used by thousands of others -- they can send text messages from your number (like I did), use it to call or record your calls, and actually whatever they want, even use it for their hacking activities! I can assure you, I have no intentions of harming you or whatever, but some hackers do! It's just my advice to secure your phone."

According to ArsTechnica, the hacker used port scanning to identify jailbroken iPhones on the T-Mobile network in the Netherlands with SSH running. The hack also relied on unchanged root passwords to gain access, which is where the real security risk came from.

So what can you do to secure your phone? The same hacker who tried to make a quick buck has apologized for his actions, promised to return what money he's made, and posted steps to secure your jailbroken iPhone, which you can find here.

Read More

Posted 11/02/09 at 12:35:03 PM by Paul Lilly

Phishing and worms go together like, well, fishing and worms. But unlike the latter, you're the prey, and it can be particularly dangerous swimming in social networking waters, suggests a new report by Microsoft and McAfee.

The two software makers noted a sizable spike in phishing attacks during the months of May and June, driven in large part by hackers concentrating their efforts on social networking sites. Other popular targets included gaming sites, banking portals, and e-commerce.

While Trojans still topped the charts, Microsoft noted that worms are becoming much more prevalent, rising from fifth place in the second half of last year to now being the second most prevalent category of threats. Much of the rise can attributed to Conficker, which still has most security experts puzzled.

For those still clinging to XP, Microsoft noted that infection rates for Vista were significantly lower than for XP.

Read More

Posted 10/30/09 at 08:04:30 AM by Paul Lilly

Security's always a hot topic in the business world, but eWeek.com's list of '10 Essential Things Companies Should Teach Employees About Security" comes particularly well timed. Why? Just recently, McAfee posted a survey suggesting that SMBs are spending less on security as the recession continues to force cuts to the budget, yet cybercrime is on the rise. That being the case, now more than ever the onus falls on employees to take certain precautions.

According to eWeek, companies need to go back to the basics when it comes to educating its staff on safe computing. No. 1 on eWeek's list is the need to remind employees to be weary of email attachments and to only open ones from trusted sources. The importance of creating strong passwords and avoiding shadier sides of the Web also made the list.

One entry that might not have existed five years ago is teaching employees the dangers of social networks. One wrong click can turn into a security nightmare for an IT staff working with a reduced security budget.

What it all boils down to is that workers need to be reminded every once in awhile of the dangers assumed to already be known.

Read More

Posted 10/29/09 at 12:15:44 PM by David Murphy

What a wonderful world that open and closed platforms have created on the World Wide Web. I can have an untold number of features and applications inserted into my Web browser without having to lift much more than a finger to access them. I can take my favorite Web platforms and expand their usefulness by linking them to other Web-based services. I can even download a variant of my Web browser of choice that bridges the best of two worlds under one new roof: new innovations mixed with standard familiarity.

So, what happens when these architectures fight back?

It's a stupid thing to say on its face, because I don't believe that it's up to a particular program or application to breach your defenses and fight its way into your cyber-life. Most, if not all instances of malware, spoofing, and hijacking (to name a few) can be directly traced to user stupidity in some fashion. Either a person leaves the ol' back door unlocked, fails to frisk the guests as they enter the home, or actively invites a heap of trouble to come on over for a party.

Simplified examples, perhaps, but the underlying fact remains a constant: You are the gatekeeper for your PC. Unfortunately, as we begin to adopt an "everyone's allowed" mindset for Web integration, we're only making it easier for the bad guys to do what they do best. Unfriendly, if not downright hostile bits of malware can be pushed back with but a few simple changes in behavior--are you as security-focused as you should be in today's cross-platform world?

Read More

Posted 10/28/09 at 02:35:12 PM by Bart Salisbury

Clearly there is nothing that hackers won’t go after in the attempt to monkey about with your computer’s innards. Any opening, no matter how insignificant, needs to be closed before it can be exploited. With this in mind Mozilla today released an update to Firefox, upping its version to 3.5.4, that patches 16 weaknesses, eleven of which are critical.

Hackers were busy on the obvious: the browser engine, JavaScript, and open-source media libraries; as well as the less obvious: the GIF color map parser and the string-to-number converter. In its security advisory, Mozilla reports: “Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code.”

Mozilla notes that the JavaScript vulnerabilities can cause browser crashes. Those not able or unwilling to upgrade are recommended to turn JavaScript off.

If you’re still hanging out in Firefox 3 you’ve also got a security patch waiting for you. Version 3.0.15 was released, addressing nine problems, four of which Mozilla tagged as critical.

Read More