Stories by Robert Lemos

Many pcAnywhere systems still sitting ducks

Despite warnings from security software maker Symantec not to connect its pcAnywhere remote-access software to the Internet, more than 140,000 computers appear to remain configured to allow direct connections from the Internet, thereby putting them at risk.

Android's big security flaw, and why only Google can fix it

In August 2010, hackers bent on jailbreaking Android smartphones found a vulnerability in the way the Android debugger handled an overwhelming number of processes. The code designed to exploit the flaw, dubbed RageAgainstTheCage, allowed users to reflash their smartphone and install custom firmware.

Apple iOS: Why it's the most secure OS, period

In June 2007, Apple released the iPhone, and the device quickly took off to become a major brand in the smartphone market. Yet when the iPhone shipped, security on the mobile operating system was nearly nonexistent. Missing from the initial iOS (then called iPhone OS) were many of the security features that modern-day desktop software has as a matter of course, such as data-execution protection (DEP) and address-space layout randomization (ASLR). Apple's cachet lured security researchers to test the platform, and in less than a month, a trio had released details on the first vulnerability: an exploitable flaw in the mobile Safari browser.

Zeus leaks give tools to researchers, attackers

The source code and a manual to the popular crimeware creation kit Zeus has been leaked, perhaps giving defenders additional tools to fight infections but also raising concerns that criminals may use the source code to create a rapidly expanding compendium of variants.

DroidDream turns Androids into zombies

The malicious code that led Google to remove more than 50 Trojan applications from the Android Marketplace appears to mainly be a "dropper" -- a program designed to load other code to further compromise the affected smartphone, according to a security firm's analysis.

When clouds attack: 5 ways providers can improve security

Criminals intent on attacking others can lease networks of compromised computers, or botnets, from other criminals serving the underground community. These resources could be considered "clouds" in their own right, but researchers warn that operators of legitimate clouds need to worry about being used for illicit attacks as well.

Cloud Computing: Early Adopters Share Five Key Lessons

While some large enterprises have moved their information-technology infrastructure to a third-party managed service to save costs, small firms--especially startups--have come to rely on cloud services to cut initial outlays and help them focus on the core services and products.

When the FBI Raids a Data Center: A Rare Danger

As part of coordinated raids in early April, FBI agents seized computers from a data center at 2323 Bryan Street in Dallas, Texas, attempting to gather evidence in an ongoing investigation of two men and their various companies accused of defrauding AT&T and Verizon for more than US$6 million.

Market Place

[]