ComputerSecurity
Latest
This is the Modem World: I hate passwords
Each week Joshua Fruhlinger contributes This is the Modem World, a column dedicated to exploring the culture of consumer technology. I get it: The Internet is a dangerous place. People want my stuff. There are bad people out there, yadda yadda yadda. But the password requirements and security verification processes in place are Kafkaesque, mind-bending, and straight-up annoying. Every time I need to access my online mortgage account, I am forced to reset my password because, without fail, I enter the wrong one three times. I couldn't tell you what my Apple ID is because it has an even itchier verification trigger finger, especially when you have more than one device accessing the same account. Get it wrong on one, and all your devices are borked.
Microsoft offers 'mad loot' Bluehat prize to entice security developers (video)
Mere numbers aren't enough to describe cash prizes for Microsoft, it seems. The firm's inaugural Bluehat security competition's introduction video opted for a clearer term: "mad loot, lots of it." The big M hopes the hefty first prize of $200,000 will inspire the creation of the next generation of defensive computer security technology. The most innovative "novel runtime mitigation technology designed to prevent the exploitation of memory safety vulnerabilities" (phew!) will take home the aforesaid mad loot, while second and third places will receive $50,000 and an MSDN Universal subscription, respectively. The winner won't be announced until Blackhat 2012, of course, and applicants have until April to submit their prototypes and technical descriptions. Hit the break for the official announcement video, complete with CG backgrounds and prize euphemisms.
Microsoft to malware: your AutoRunning days on Windows are numbered
Beware, malware. The Windows AutoRun updates for Vista and XP SP3 that Microsoft released in February have so far proven successful in thwarting your file corrupting ways. Although Windows 7 was updated to disable AutoPlay within AutoRun for USB drives -- freezing the ability for a virus to exploit it -- the aforementioned versions had remained vulnerable up until right after January. Fast-forward to the period between February and May of this year, and the updates have reduced the number of incidents by 1.3 million compared to the three months prior for the supported Vista and XP builds. Amazingly, when stacked against May of last year, there was also a 68 percent decline in the amount of incidents reported across all builds of Windows using Microsoft's Malicious Software Remove Tool. There's another fancy graph after the break to help illustrate, and you'll find two more along with a full breakdown by hitting the source link down under.
More security warnings from Blizzard
Blizzard seems to be getting more serious about security awareness. It wasn't that long ago that Nethaera was warning us about a specific keylogger threat, but this Friday Eyonix has alerted us to a new security risk that could land keyloggers on your computer. The issue? This time it's not a specific threat or even a vulnerability specifically aimed at Warcraft players. Instead, Eyonix directs us to information on this Microsoft vulnerability which, if exploited, could allow malicious code (like a keylogger) to execute on your computer by simply clicking a web link. As there is not presently a patch available to fix this issue, users are advised to take caution in clicking on links in web pages and e-mails. What do we mean by cautious? Well, just be careful not to click on links from sources you don't trust or that link to sites you aren't familiar with. And while some forum posters point out the irony in Eyonix's warning about clicking on links followed by a link to Microsoft's web site, I have to say that I don't think Blizzard would joke about security issues -- this is serious stuff!
Is Your Warcraft Account More Valuable Than Your Credit Card Info?
Microsoft has caught on to what many Warcraft players already realized - our characters and in-game items are valuable. And for some, the value of your account itself is higher than that of the credit card you use to play the game with, making account theft a lucrative target. And, while Blizzard can help restore stolen in-game goods, once your account has been compromised, it's a long and tedious process to get it back. So in all cases, it's better to protect your account before-hand - while most of it's common sense, Blizzard has some good advice on that front.[Fan art by Sarah Jaffe]
