Google roughed up, Microsoft battles a botnet

For those of you who enjoy security news, this week offered plenty of topics to digest. Microsoft attempted to shut down a botnet network by obtaining a court order that called for the closing of nefarious .com domains. Attackers are exploiting flaws in multimedia software, but overall instances of buggy software decreased last year, according to an IBM study. And not to frighten you, but the U.S. would lose a cyberwar, according to a security expert. Finally, we need to mention Google and its challenging week. In one day, three of its executives were convicted of privacy violations and European regulators announced an antitrust review of its search rankings. And the spat between the company and China still isn't resolved, resulting in Google supposedly canceling a Beijing developers event.

1. IBM: Vulnerabilities fell in 2009, but other risks abound: An IBM security study offered mixed news on security vulnerabilities. The report found that the number of software flaws decreased in 2009, but the amount of flaws in multimedia applications and document readers, which IBM classifies as client vulnerabilities, increased by 50 percent. Browsers, though, had the most client-side flaws, with Mozilla's Firefox having twice as many critical to high vulnerabilities as Microsoft's Internet Explorer.

2. Support decision looms for SAP users: The deadline for SAP customers to select standard support or Enterprise Support, which offers more features for a higher price, is nearing. Businesses that move from standard support to the more advanced support before March 15 receive a pricing discount. An analyst divided SAP customers into four groups and offered advice for users in each category.

3. Web app developers showered with advice: Web application developers should discuss ideas with people, since this provides feedback, and save time by using existing technologies to automate work. This was just some of the advice offered by successful developers at a Web application conference this week. While we sometimes dismiss advice, we'd be more inclined to heed these words since they came from the founders of Mint and Reddit, startups that were both sold to major businesses.

4. US government to review Toyota electronics:The U.S. government will review the electronics in Toyota automobiles to determine if faults in those systems caused the company's cars to rapidly accelerate, the country's transportation secretary told a Congressional committee. Toyota claims floor mats or sticky accelerators, not the vehicles' electronic braking systems, caused the unwanted accelerations. However, the U.S. Department of Transportation received enough input from drivers to launch a review of the cars' electronics systems.

5. Mobile carriers defend early termination fees: If you like buying a smartphone at a reduced price then you have to accept early termination fees, mobile-phone carriers told the U.S. Federal Communications Commission this week. The agency requested comments from the carriers and Google, which sells the Nexus One smartphone, on why customers are charged what some label excessive fees for exiting a contract early. The carriers responded that the charges are necessary to subsidize the handset's cost and without the fees, customers would pay much more for a phone.

6. Source: Google cancels Android developer event in China, Google hit with antitrust probe in Europe and Three Google execs convicted over Italian bullying video: The week proved challenging for Google, which appeared a few times in the headlines for less-than-positive reasons. On Wednesday the European Commission announced that it launched an antitrust probe after receiving three complaints about Google's search engine results. That same day an Italian judge found three company executives guilty of privacy violations related to a Google Video video showing a handicapped boy being bullied. Finally, Google's clash with the Chinese government over Internet freedom allegedly resulted in Beijing being dropped as a stop on an Android developer tour.

7. Security expert: US would lose cyberwar: The U.S. government won't bolster the nation's cybersecurity defenses until after a major "catastrophic" attack on the Internet, a security expert told Congress. Moreover, the U.S. would not win a cyberwar if attacked today, said Mike McConnell, a former U.S. director of national intelligence. Another speaker also called for government regulation of cybersecurity, saying that the private sector's defense efforts have proved ineffective.

8. Court order helps Microsoft tear down Waledac botnet: Microsoft turned to the U.S. court system to help it take down the Waledac botnet, which spreads spam and malicious software. In a lawsuit Microsoft argued that Verisign, which manages the .com domain, can cut off the domains associated with the botnet, severing the link between the servers and the infected machines that sent the spam. Verisign then cut off 277 .com domains associated with the botnet, which sent approximately 1.5 billion spam messages each day, according to Microsoft.

9. Baidu: Registrar 'incredibly' changed our e-mail for hacker: Finding quality customer service usually proves challenging, but a tech support representative for U.S. domain name registrar Register.com proved too accommodating. Last month a Register.com worker unknowingly helped a hacker take down China's top-ranked search engine, Baidu.com., according to a complaint the company filed in the U.S. court system. The staff member changed the e-mail address to a bogus one requested by the hacker, even after the attacker failed to answer security questions correctly. The hacker then reset the password for Baidu's account and, in less than an hour, changed the account settings to send visitors to different Web pages.

10. Are Hollywood hackers bogus or bright?: While reading this week's column may give the impression that security stories are only about botnets and cyberwar, we give you some lighter fare on how movies portray hackers. A college lecturer watched several hacker movies in an effort to understand why computer attackers are portrayed as acne-plagued teenagers and wrote an academic paper on the subject.

Copyright © 2010 IDG Communications, Inc.

9 steps to lock down corporate browsers
  
Shop Tech Products at Amazon