InfoWorld Security

& lt;!--paging_filter-- & gt; & lt;div style= & quot;padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px; & quot; & gt; & lt;img src= & quot;http://www.infoworld.com/sites/infoworld.com/files/media/image/virus_code_hp.jpg & quot; alt= & quot;Skyrocketing viruses, less danger? & quot; width= & quot;243 & quot; height= & quot;182 & quot; align= & quot;right & quot; / & gt; & lt;/div & gt; & lt;p & gt;In 2008, antivirus firm Sophos processed about 20,000 & quot;new & quot; pieces of & lt;a href= & quot;http://www.infoworld.com/t/malware & quot; & gt;malware & lt;/a & gt; every day. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Spam hit an all-time high this year, with more unwanted messages pouring in from a smorgasbord of countries, thanks in part to globalization. Such are the findings of a recent and comprehensive & lt;a href= & quot;http://www.infoworld.com/d/security-central/sun-microsoft-and-mozilla-leave-the-most-vulnerabilities-unpatched-389 & quot; & gt;report on all things security-related from IBM X-Force & lt;/a & gt;. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Microsoft on Tuesday again abstained from naming which of its Windows programs, if any, contain bugs that could lead to & lt;a href= & quot;http://www.infoworld.com/d/security-central/windows-dll-exploits-boom-296 & quot; & gt;widespread & quot;DLL load hijacking & quot; attacks & lt;/a & gt;. & lt;/p & gt; & lt;p & gt;Also on Tuesday, the company published an automated tool to make it easier for users to block attacks exploiting vulnerabilities in a host of Windows applications. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Virtual appliances are great for the same reasons physical appliances took the IT world by storm: They make deployment a snap -- even instantaneous -- while at the same time reducing costs. It & #039;s a formula that made hardware-based appliances immensely popular for network security, backup, storage networking, file services, email, and many other single-focus solutions. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;div style= & quot;background: none no-repeat scroll center top #ffffff; float: right; width: 243px; position: relative; height: 182px; padding: 8px; & quot; & gt; & lt;img src= & quot;http://www.infoworld.com/sites/infoworld.com/files/media/image/Security_lock_2_hp.jpg & quot; alt= & quot;What it takes to shut down a botnet & quot; width= & quot;243 & quot; height= & quot;182 & quot; align= & quot;right & quot; / & gt; & lt;/div & gt; & lt;p & gt;A botnet shutdown makes for a great story. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Google on Monday said that & lt;a href= & quot;http://www.infoworld.com/d/security-central/sun-microsoft-and-mozilla-leave-the-most-vulnerabilities-unpatched-389 & quot; target= & quot;_self & quot; & gt;a recent report & lt;/a & gt; claiming it failed to patch a third of the serious bugs in its software had the facts wrong. & lt;/p & gt; & lt;p & gt;IBM & #039;s X-Force security company, which released the report last week, acknowledged the error and issued a revised chart that shows Google patched all the vulnerabilities rated & quot;critical & quot; or & quot;high & quot; in its online services. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Scammers are trying to take advantage of the fact that many users will soon have to update their version of the TweetDeck Twitter software. & lt;/p & gt; & lt;p & gt;On Monday, TweetDeck warned that some Twitter messages were advising people to upload an untrustworthy executable file, called tweetdeck-08302010-update.exe. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;The Windows DLL library loading vulnerability & lt;a href= & quot;http://www.infoworld.com/t/malware/heads-whole-new-class-zero-day-windows-vulnerabilities-looms-071 & quot; & gt;is gaining hacker attention & lt;/a & gt;. Although no one can accurately predict the next & quot;big one, & quot; malicious cyber fiends are likely to use this exploit method against innocent computer users. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;In security circles, the talk on mobile centers around mobile management, protecting access to and use of corporate information by smartphone users. This summer & #039;s & lt;a href= & quot;http://www.infoworld.com/d/mobilize/iphone-management-tools-step-it-ios-4-751 & quot; & gt;iOS 4 has been a game-changer for most IT organizations & lt;/a & gt;, giving the Apple iPhone, iPad, and iPod Touch security capabilities equivalent to those of Windows Mobile and meeting the needs of most BlackBerry users, ending the main objection at many companies for allowing iOS devices in. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Cisco has fixed a bug in its IOS (Internetwork Operating System) router software that contributed to a & lt;a href= & quot;http://www.computerworld.com/s/article/9182558/Research_experiment_disrupts_Internet_for_some & quot; target= & quot;_blank & quot; & gt;brief Internet blackout & lt;/a & gt; last week, thought to have affected about 1 percent of the Internet. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;div style= & quot;padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px; & quot; & gt; & lt;img src= & quot;http://www.infoworld.com/sites/infoworld.com/files/media/image/virus_code_hp.jpg & quot; alt= & quot;No good can come of a malware convention & quot; width= & quot;243 & quot; height= & quot;182 & quot; align= & quot;right & quot; / & gt; & lt;/div & gt; & lt;p & gt;Anyone who was ever concerned by the concept of hacking conventions & lt;a href= & quot;http://www.infoworld.com/t/hacking/black-hat-and-defcon-focus-critical-infrastructure-955 & quot; & gt;such as Black Hat & lt;/a & gt; -- which has evolved into a reputable venue for security defenders -- should & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;div style= & quot;padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px; & quot; & gt; & lt;img src= & quot;http://www.infoworld.com/sites/infoworld.com/files/media/image/windows_security_hp.jpg & quot; alt= & quot;How to thwart the new DLL hijacks & quot; width= & quot;243 & quot; height= & quot;182 & quot; align= & quot;right & quot; / & gt; & lt;/div & gt; & lt;p & gt;Earlier this week I wrote in Tech Watch about & lt;a href= & quot;http://www.infoworld.com/t/malware/heads-whole-new-class-zero-day-windows-vulnerabilities-looms-071 & quot; & gt;a whole new class of Windows zero-day vulnerabilities & lt;/a & gt;, warning that a wave of attacks would arrive soon. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;A new version of the & lt;a href= & quot;http://www.infoworld.com/d/security-central/microsoft-says-malware-causing-blue-screen-crashes-207 & quot; & gt;malware that crippled Windows PCs last February & lt;/a & gt; sidesteps safeguards designed to block rootkits from hijacking machines running 64-bit editions of Windows, researchers said Thursday. & lt;/p & gt; & lt;p & gt; & quot;A new era has officially dawned; the era of x64 rootkits, & quot; said Prevx researcher Marco Giuliani in a post to the & lt;a href= & quot;http://www.prevx.com/blog/154/TDL-rootkit-x-goes-in-the-wild.html & quot; target= & quot;_blank & quot; & gt;company & #039;s blog & lt;/a & gt; yesterday. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;div style= & quot;padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px; & quot; & gt; & lt;img src= & quot;http://www.infoworld.com/sites/infoworld.com/files/media/image/Security_lock_2_hp.jpg & quot; alt= & quot;The Pentagon plays security catch-up & quot; width= & quot;243 & quot; height= & quot;182 & quot; align= & quot;right & quot; / & gt; & lt;/div & gt; & lt;p & gt;Individual & lt;a href= & quot;http://www.infoworld.com/t/hacking & quot; & gt;hackers & lt;/a & gt; can hurt national computer systems. Attackers have the advantage over defenders. Attributing attacks to specific groups is difficult. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Looking to broaden access to its security practices for software development, Microsoft plans to shift the licensing for its Security Development Lifecycle (SDL) documentation to the more accessible Creative Commons License, the company said on Thursday. & lt;/p & gt; & lt;p & gt; & lt;a href= & quot;http://www.infoworld.com/d/developer-world/microsoft-seeks-secure-software-development-869 & quot; & gt;SDL & lt;/a & gt; is Microsoft & #039;s blueprint for incorporating security into applications. It has been available under an exclusive Microsoft license. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Sun is the king of unpatched software vulnerabilities followed closely by & lt;a href= & quot;http://www.networkworld.com/news/2010/082310-microsoft-wont-patch-critical-dll.html?source=nww_rss & quot; target= & quot;_blank & quot; & gt;Microsoft & lt;/a & gt; and Mozilla, according to the mid-year security report by IBM & #039;s X-Force. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Some of the world & #039;s most popular & lt;a href= & quot;http://infoworld.com/microsoft & quot; & gt;Windows & lt;/a & gt; programs are vulnerable to a major bug in how they load critical code libraries, according to sites tracking attack code. & lt;/p & gt; & lt;p & gt;Among the Windows applications that can be exploited using a systemic bug that many have dubbed & quot;DLL load hijacking, & quot; are the Firefox, Chrome, Safari and Opera browsers; Microsoft & #039;s Word 2007; Adobe & #039;s Photoshop; Skype; and the uTorrent BitTorrent client. & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Gripe Line reader Scott recently sent out a challenge to find out & lt;a href= & quot;http://www.infoworld.com/d/adventures-in-it/readers-sound-dell-ubuntu-support-adobe-reader-updates-249?page=0,1 & quot; & gt;what & #039;s going on with all those pesky Adobe Reader updates & lt;/a & gt;. & lt;/p & gt; & lt;p & gt; & quot;The frequency of these updates is getting quite ridiculous, & quot; he laments. & quot;This is worse than Microsoft ever was before they started their monthly updates. Can someone please find out why they are sending out so many updates lately? & quot; & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;p & gt;Acknowledging a reported hacking of its new Android Market licensing server, Google maintained this week that the licensing service represents a & quot;significant step forward in terms of protection. & quot; & lt;/p & gt;

& lt;!--paging_filter-- & gt; & lt;div style= & quot;padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px; & quot; & gt; & lt;img src= & quot;http://www.infoworld.com/sites/infoworld.com/files/media/image/Garbage-Voting_hp.jpg & quot; alt= & quot;Pac-Man for president & quot; width= & quot;243 & quot; height= & quot;182 & quot; align= & quot;right & quot; / & gt; & lt;/div & gt; & lt;p & gt;In a continuing effort to highlight the vulnerability of paperless touchscreen -- or direct recording electronic (DRE) -- voting systems, Alex Halderman of the University of Michigan and Ariel Feldman of Princeton University reprogrammed one such system, the Sequoia AVC Edge, to pl & lt;/p & gt;