Security

Researchers have published a cryptographic algorithm and source code that could be used to duplicate smart cards used by several major transit systems, including Boston's Charlie Card and the London Oyster card.

Users should be on guard for spam touting the guilty verdict of former professional football star O.J. Simpson, a security company warned.

Internet infrastructure vendors are working on patches for a set of security flaws that could help hackers knock servers offline with very little effort.

The infamous Gpcode 'ransomware' virus that hit computers in July was the work of a single person who is known to the authorities, a source close to the hunt for the attacker has told Techworld.

After shelving plans to detail a browser clickjacking vulnerability that is indirectly related to Adobe Systems' products at the company's request earlier this month, a security researcher plans to detail the flaw next month.

CAPTCHA used to be an easy and useful way for Web administrators to authenticate users. Now it's an easy and useful way for malware authors and spammers to do their dirty work.

Fedora 9, released last month, included the first release of FreeIPA, a new free/open source project that comes out of Red Hat with the goal of becoming a complete and integrated security information management solution. In this article we take a look at exactly what FreeIPA is, both what it can do now and what its developers hope it will be capable of in the future. It seems destined to become a key feature of Red Hat Enterprise Linux 6, and with Fedora 9 released and FreeIPA tightly integrated, now seems to be the perfect time to explore this new technology.

SQL injection experiences.

This slideshow complements the interview with James Fallows, who has experienced "The Great Firewall of China" firsthand. What follows is a list of the differences between the Internet, as seen in the US vs. China.

Ah, youth. Ready to take on the world, today's generation of dynamic, tech-immersed youngsters have grown up alongside the Internet. Firsthand, and sometimes single-handedly, they have advanced some of today's hottest technology trends, from peer-to-peer networking, to massively multiplayer online games, to social networks and instant messaging. And along the way, a small, sociopathic number of them have behaved very, very badly.

VeriSign is in many ways synonymous with managing the Web, thanks to its handling of key DNS root servers and of name resolution for .com, .net, and other domains. In recent years, it's had both strong ups and strong downs.

James Fallows, national correspondent for US publication The Atlantic Monthly, has experienced "The Great Firewall of China" firsthand, an experience people from around the world will share this summer when the Olympics comes to that country. Based in Beijing, Fallows has researched the underlying technology that the Chinese use for Internet censorship, and he explained it in a recent article titled "The Connection Has Been Reset." We e-mailed Fallows questions about how the Chinese government controls Internet content available to its citizens, and here's what he had to say (Check out our slideshow on the 10 ways the Chinese Internet is different from yours).

Ever more computers are carrying ever more confidential data -- trade secrets, personal information of clients and constituents, and national security information. Encrypted hard disks requiring hardware keys or passwords are supposedly the way to keep that information safe.

Jonathan Oxer is technical director of a Web application development company called Internet Vision Technologies and for the past couple of years has been president of the Linux Australia community group. At January's Linux.conf.au in Melbourne he presented a tutorial entitled Hardware / Software Hacking: Joining Second Life to the Real World. Computerworld recently spoke to Oxer about how he is knocking down the boundaries between the real and virtual world. Oxer also sheds light on his how his lifetime obsession with electronics has transformed his home-life into a software controlled environment.

Window Snyder has the somewhat offbeat title of "chief security something-or-other" at Mozilla, where she is responsible for overseeing efforts to boost the security of the company's open-source offerings, including the Firefox browser.

What if I was to tell you that I have a secret that could end the Internet as you know it? What if I was only going to tell you at a fee-based conference once speculation had gone on for a month or more? How would you respond to that?

Reports of data losses and system breaches are almost becoming passe but from time to time events happen that take on a life of their own and have effects far beyond what the initial breach would normally represent.

Version 3.0 of BackTrack has been released. BackTrack is a Linux-based distribution dedicated to penetration testing or hacking (depending on how you look at it). It contains more than 300 of the world's most popular open source or freely distributable hacking tools.

If you are running a Debian-based Linux system and haven't already caught up with the announcement [1] that there was a major flaw with the generation of SSH, OpenVPN, DNSSEC, SSL/TLS session keys and X.509 certificate key material, you might want to update your system to address the problem.

I have this nosy but absent-minded Uncle. He likes to paw through my emails, peruse my web history, and tap my phones. But when it comes to protecting his own, more important secrets, he's mostly clueless.