With npm v12, dependency preinstall, install, and postinstall scripts will no longer execute automatically during package installation. Script execution will require explicit approval through new controls such as npm approve-scripts, with the change ...
Programs with known security vulnerabilities are currently one of the biggest security problems; many Windows PCs contain old versions of programs such as Java, Adobe Reader or Flash or are missing critical Windows updates. Such computers are easy prey for cyber criminals because simply visiting a crafted web page may be sufficient for infection with unseen malicious software that could spy on passwords and online banking transactions.
About a year after it first appeared as a Windows application, Google's Chrome browser is finally available in beta for Linux. Google had to limit its compatible distro list to a handful of popular Linux versions, but those who can use it will likely enjoy its speed, features and the hundreds of extensions Google has made available.
The Mozilla developers have released version 3.5.6 of their open source Firefox web browser to address a total of seven vulnerabilities, three of them critical. According to Mozilla, the release "is a short-cycle security and sustained engineering release to fix several top crashing bugs".
Adobe's Flash Player software is on 99 percent of Internet-connected desktops, offering up multimedia and video capabilities on a multitude of popular Web sites such as YouTube. But the Adobe Flash platform has been beset by a rash of security problems that give intruders potential access to computers running the software.
Microsoft said Wednesday it has reposted a tool to the Internet that aids installing Windows 7 on Netbooks and computers without an optical drive. The software maker pulled the Windows 7 USB/DVD Download tool off its Web site last month after it was pointed out that the software appeared to use open-source code licensed under the GNU Public License (GPL v2). Microsoft later apologized and said that the code did in fact use GPL code.
Google's new cloud-based Chromium operating system, slated to debut in the second half of 2010, may not immediately change the way attacks are carried out, but if the OS is successful in gaining broad adoption, it could have a far-reaching impact in the way security is deployed, says a group of Web security experts.
An Israeli mobile security firm that a month ago offered $100,000 in gold to anyone who could hack its voice encryption technology has upped the ante to $250,000. Gold Lock posted a sample of an encrypted voice conversation on its Website and is offering the golden reward to any hackers who can crack it and send the company a transcript of the call.
For US$34, a new cloud-based hacking service can crack a WPA (Wi-Fi Protected Access) network password in just 20 minutes, its creator says. Launched Monday, the WPA Cracker service bills itself as a useful tool for security auditors and penetration testers who want to know if they could break into certain types of WPA networks. It works because of a known vulnerability in Pre-shared Key (PSK) networks, usually used by home and small-business users.
Novell this week will lay out an ambitious plan to secure applications across heterogeneous virtualization platforms at customer sites and off-premises, an effort designed to play off Novell's strengths in network and identity management.
Yesterday, Google launched its new Public DNS service. Among the benefits that Google is claiming for the new service is that it helps to secure DNS for users. Is that an accurate claim?
If you haven't installed the latest security update for Mac OS X, now would be a good time. A security researcher has released a proof-of-concept attack that exploits critical vulnerabilities that Apple patched on Thursday. The vulns stem from bugs in the Java runtime environment that allow attackers to remotely execute malicious code. Sun Microsystems patched the flaws early last month.
Security is among a broad mix of jobs expected to receive hiring attention from CIOs, according to the latest IT Hiring Index and Skills Report. Chief information officers are planning to increase hiring -- although at a low rate -- in the first quarter of 2010 with traditional jobs in networking, security, and application development most in demand, according to the latest IT Hiring Index and Skills Report from employment specialist Robert Half Technology.
See the 2010 average starting salary for IT positions, with regional differences in IT salary levels and the value of specialty tech skills including Chief Technology Officer, Information Technology Manager, Developer/Programmer Analyst, Lead Applications Developer, Software Engineer, Systems Administrator, Database Manager, Senior Web Developer, Network Engineer, Project Manager/Senior Consultant, Systems Security Administrator, and Help Desk Manager. As one commentator wrote, "In your opinion, does 2010 bode well for Systems Architects? Not wanting to shoulder the yoke of the played out title of analyst (and never being paid for the arduous research, understanding and wasted effort of architecting solutions in a very complex multi-business environment), I am wondering if this the "systems architect" direction is a wise direction."
Google's Chrome OS has many virtues. Based on a solid foundation of Ubuntu Linux, it uses the Chrome Web browser as its interface to any and all applications. Chrome OS is also not so much a Windows replacement, as it's an attempt to get rid of the entire traditional idea of a PC desktop. If Google is successful with this, one big reason will be its vastly improved security.
VMware has advised of a total of 93 vulnerabilities in several of its products, including ESX Server, Server, VirtualCenter and vCenter. Most of the vulnerabilities are in Java, Tomcat and the kernel and have been known for some time. Some of them can be exploited to compromise a system, however, the advisory notes that flaws in the Service Console kernel and JRE can only be exploited when an attacker has access to the Service Console network.
With most computers threatened by attacks coming through Web applications, it's no surprise that security would be a key piece of Chrome OS, Google's browser-based operating system that stores data in the cloud. Google showed off its new lightweight operating system designed for Netbooks and cloud computing on Thursday. As anticipated, it will rely on many of the same security features and concepts used by the Chrome browser.
T security and data protection firm Sophos is warning that a new virus attacking the users of jailbroken iPhones is the most serious to date, since it makes infected iPhones into zombies, joining them to a botnet.
Unless you live in a cave, don't care at all about technology or have been distracted by Sarah Palin's publicity tour, you've probably heard that Google showed its Linux-based Chrome operating system to the world yesterday.
Joe Faulhaber of the Microsoft Malware Protection Center has made the interesting claim that 64-bit Windows 7 is actually safer than ordinary, 32-bit Windows. He's right. "64-bit Windows [does] has some of the lowest reported malware infection rates in the first half of 2009." But, that's not the whole story.
Google today has officially open sourced its under-development Chrome OS operating system under the Chromium OS project. The code is available now at: - I'm currently in the process of trying to build a full system now (so more to come from me soon). Right now the gziped Tarball is 232 MB (pretty small for an OS) and the official build milestone number is 0.4.22.8.
