Privacy and security news and privacy and security widget

Security experts from PC Tools have pinpointed November 24 as potentially the peak of malicious activity for 2008. They reached their conclusion on the specific date after analyzing well over 500,000 machines from around the world.Guardian.co.uk states that "the number of people shopping online this Christmas is expected to grow again this year, with internet sales in the UK alone predicted to hit £13.16bn - an increase of 15% over 2007." It should be noted that November 28 will be the busiest shopping day of the year, a day so popular in fact that it even has its own name, "Black Friday". So logically thinking? the increase of malicious attacks, spam, spyware, and everything else evil should be expected to climb just mere days before people start entering in their private data for online purchases. Spam and all the other wrongdoing of others shouldn't sway anyone from shopping online, as this stuff is going on everyday. Just remember to use your common sense? if something sounds fi

A workaround emerged from Oracle as news circulated of a remotely exploitable flaw, without requiring authentication, involving the WebLogic platform.Both the WebLogic Server and WebLogic Express products, acquired by Oracle when the company purchased BEA, suffer from the newly disclosed vulnerability. SANS internet Storm Center said the problem stems from the Apache Connector used by the products. A WebLogic advisory noted the flaw could be exploited without authentication. Sites using Apache servers that are already configured with the mod_security module are protected from this vulnerability by the default core ruleset, according to the advisory. Using mod_security with the WebLogic plug-in for Apache serves as one workaround suggested by Oracle. The other workaround calls for an edit to httpd.conf and a restart: It is possible to configure Apache and avert this vulnerability by rejecting certain invalid requests. To do so, add the following parameter to the httpd.conf file and

When McColo was stopped in its tracks last week, most of the online world cheered. The rhyme and reason behind the development mattered little in light of seeing less spam. Only now, there's at least some question of whether or not things went through the right channels.McColo Takedown = Street Justice? No official ruling against McColo was involved, after all. Law enforcement officials weren't even in figurative sight, since a tip from The Washington Post was what spurred McColo's service providers to take action. McColo didn't get a chance to respond, and it might have just been oblivious to all the spammy activity. There's also a concern over what could be considered collateral damage. If not all of McColo's customers were involved in "bad" stuff, some of them must rightly view the situation they've been placed in as being rather unfair. Individuals participating in a Slashdot discussion tended to agree that what happened to McColo is not a case of vigilantism, however, sinc