Stories about: Internet Security Systems

Only 59.1 percent of people use up-to-date, fully patched Web browsers, putting the remainder at risk from growing threats from diligent hackers, according to a new study published by researchers in Switzerland.

A SQL injection attack that has affected at least a half-million Web sites has entered a "third wave" that's more resistant than previous versions to traditional security measures, according to IBM security researchers.

Hackers now mask virtually every Web browser exploit as part of their normal procedure to evade detection by security software, said IBM's X-Force research team Tuesday.

A set of newly discovered flaws in components of VMware's virtual machine software has called attention to some of the security risks associated with the practice of running virtual computers on a single system.

A self-proclaimed hacker crew calling itself "clpwn" -- as in "clown" -- that's been bragging about how it's defaced sites such as CNN and Playboy Casino isn't doing anything earth-shattering, said a security researcher Wednesday. But the group is a reminder of how things once were, when true hackers plied their trade for notoriety rather than profit.

In the same way some e-commerce sites serve up customized content based on a user's profile, cybercriminals are increasingly using personalization techniques to more effectively attack those who visit their Web sites.

Whatever happened to Christopher Klaus, the cybersecurity whiz who founded Internet Security Systems and sold it to IBM last year for US$1.3 billion? Today, he's spending most of his time in a virtual world called Kaneva. He recently spoke with Senior Editor Carolyn Duffy Marsan about his latest venture.

A planned talk on RFID security by a security researcher has been pulled from this week's Black Hat Federal security conference after secure card maker HID claimed the talk violated the company's patent rights and threatened to take legal action against Chris Paget, the researcher, and IOActive, Paget's employer, if the talk went forward.

A flaw in Snort, the popular open-source intrusion detection system, could be used by attackers to run malicious code on vulnerable machines, several security organizations reported Monday.

In the first half of 2006, desktop filtering software maker Websense counted a 100 percent rise in Web sites that contained code potentially harmful to visitors. The company declined to reveal how many Web sites it tallied, but it did say that 40 percent of the sites were hacked -- that is, they had their site code altered by outsiders. Of those hacked Web sites, the vast majority (91 percent) were commissioned to install Trojan horses that take control of visiting computers to turn them into bots -- to relay spam, wage denial-of-service attacks or carry out ID theft schemes -- or use them as bases for spreading malicious programs such as worms and keyloggers inside the enterprise.

The number of new software security vulnerabilities identified by security experts, hackers and others during the first eight months of this year has already exceeded the total recorded for all of 2005, according to Internet Security Systems.