Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Security Response
Showing posts tagged with Security Risks
Showing posts in English
Abdul Nabi | 03 May 2006 07:00:00 GMT | 0 comments

“Microsoft Windows Vista is the most secure and trustworthy Windows operating system yet.” This notion seems to be the foundation of the many media articles on the upcoming Windows Vista release that have been written over the past year or so. This tagline is probably a fairly accurate statement based on general testing of the Vista Community Technology Preview (CTP) distributions and on the functional security feature set provided in Vista, as specified by Microsoft. Windows Vista will likely be more secure out of the box than Windows 2003, XP, 2000, or NT were during their initial releases.

However accurate the above notion is, the technology industry pundits, editorialists, and “expert” analysts have managed to translate the aforementioned would-be truth about Vista into a more general statement. This statement is that Vista is a highly secured and hardened operating system that may well be impenetrable and impervious to attack, one that solves our...

Zulfikar Ramzan | 02 May 2006 07:00:00 GMT | 0 comments

Collin Jackson, Dan Boneh, and John Mitchell of Stanford have developed a neat system, called Spyblock, for entering sensitive information into Web browsers so that it can’t be sniffed by spyware. Users browse the Web in a virtual machine (VM). However, sensitive information is only entered in secure environment (outside the VM, but typically on the user’s same machine) and injected into the outgoing data stream. A browser extension is used to facilitate the transactions between the secure and insecure environments.

Spyblock also includes a number of other features:

1) A “transaction confirmation” feature so a user can detect the presence of active malware (i.e., malware that tries to conduct malicious transactions surreptitiously by piggybacking on top of an existing user session).

2) Support for password authenticated key exchange (PAKE), which provides added security against dictionary attacks and also provides mutual authentication.

3) Support for...