Don't retire your home brewed aluminum foil deflector beanie just yet, there may be occasions where you'll still want to wear it. Take Symantec's source code snafu, for instance. When word got out that hackers had stolen certain source code from Symantec, the security firm initially brushed off the incident in the public eye saying the stolen code only applied to outdated software from several years ago.
Symantec had promised to release a security patch for its pcAnywhere software to neutralize known vulnerabilities arising from the theft of certain source code, and the security firm has now made good on its word. The first patch was actually rolled out on Monday, January 23, 2012 for pcAnywhere 12.5 users, but there's another update now available to support pcAnywhere 12.0 and 12.1.
You're not a rookie on the Internet anymore so it's inexcusable to lock down your online accounts with weaksauce passwords. We're sure your girlfriend's fly, but using her name as a password is a poor security practice, and so is using any of the commonly recognized passwords out there, like 123456 and iloveyou, to name just two. If you're serious about security, you're using multiple passwords that are difficult to guess, which can also be difficult to remember. Symantec wants to help.
The hardest part about watching a nerd fight is knowing which side to root for. Such is the position we find ourselves in as two security giants squabble over claims the other is making. What started the whole thing was Symantec telling Reuters in an interview earlier this week that it was snatching up antivirus market share from competitor McAfee.
Less than three weeks ago, security firm Symantec publicly downplayed the theft of a portion of its source code and said the stolen bits were from a 2006 enterprise version of its software. The message at the time was that the theft didn't affect Symantec's Norton products for consumer customers, nor were enterprise users as risk. In other words, chillax.
Before you go around scanning QR codes with your mobile device willy-nilly, you should read through AVG's threat report for Q4 2011. In it AVG provides insight and analysis on trending security threats, and highlights in this latest installment include risks of QR codes, stolen digital certificates bypassing security on mobile phones, and the persistence of rootkits.
Google earlier this week updated the Chrome Stable channel to 16.0.912.77 for Windows, Mac, Linux and Chrome Frame, patching four privately reported vulnerabilities in its browser. How come only four, you ask, when the headline clearly mentions five? Actually the fifth was patched a couple of weeks back, but Google mistakenly failed to include it in the release notes. Hit the jump for more.
Two security issues have been identified in McAfee's SaaS Total Protection anti-malware software suite, one of which could allow an attacker to misuse an ActiveX control to execute code and turn affected PCs into spam servers. The other vulnerability involves a misuse of McAfee's "rumor" technology to allow an attacker to use an affected machine as an "open relay," which could also be used to send spam. Fixes for both are coming.
An Indian hacking group known as "The Lords of Dharmaraja" celebrated swiping the Norton antivirus source code from Symantec earlier this month and promptly began releasing fragments to the public before promising to upload the full Monty on January 17, 2012. That's today, but rather than release the source code in its entirety, the hacking group decided now is not the time.
The thing about being a criminal is there's always the risk of being caught or otherwise exposed. This applies to the life of a cyber criminal as well. To wit, Facebook has identified five men it believes are behind the Koobface worm designed to burrow into various social networks like Facebook and Twitter in search of login information to help spread its related botnet far and wide.