Stories by Robert Lemos

Many pcAnywhere systems still sitting ducks

Despite warnings from security software maker Symantec not to connect its pcAnywhere remote-access software to the Internet, more than 140,000 computers appear to remain configured to allow direct connections from the Internet, thereby putting them at risk.

Android's big security flaw, and why only Google can fix it

In August 2010, hackers bent on jailbreaking Android smartphones found a vulnerability in the way the Android debugger handled an overwhelming number of processes. The code designed to exploit the flaw, dubbed RageAgainstTheCage, allowed users to reflash their smartphone and install custom firmware.

Apple iOS: Why it's the most secure OS, period

In June 2007, Apple released the iPhone, and the device quickly took off to become a major brand in the smartphone market. Yet when the iPhone shipped, security on the mobile operating system was nearly nonexistent. Missing from the initial iOS (then called iPhone OS) were many of the security features that modern-day desktop software has as a matter of course, such as data-execution protection (DEP) and address-space layout randomization (ASLR). Apple's cachet lured security researchers to test the platform, and in less than a month, a trio had released details on the first vulnerability: an exploitable flaw in the mobile Safari browser.

Zeus leaks give tools to researchers, attackers

The source code and a manual to the popular crimeware creation kit Zeus has been leaked, perhaps giving defenders additional tools to fight infections but also raising concerns that criminals may use the source code to create a rapidly expanding compendium of variants.

HBGary's Hoglund identifies lessons in Anonymous hack

On Superbowl Sunday, HBGary CTO Greg Hoglund found himself locked out of his own e-mail account. As has since been widely reported in the media, the hacking group Anonymous leaked thousands of e-mail messages from the accounts of Hoglund and HBGary Federal's CEO Aaron Barr, chastising the company in a public statement.

Industry searches for lessons after RSA breach

Security company RSA's revelation that its network had been breached and information relating to its SecurID one-time password technology stolen has left customers and industry experts with more questions than answers.

DroidDream turns Androids into zombies

The malicious code that led Google to remove more than 50 Trojan applications from the Android Marketplace appears to mainly be a "dropper" -- a program designed to load other code to further compromise the affected smartphone, according to a security firm's analysis.

When clouds attack: 5 ways providers can improve security

Criminals intent on attacking others can lease networks of compromised computers, or botnets, from other criminals serving the underground community. These resources could be considered "clouds" in their own right, but researchers warn that operators of legitimate clouds need to worry about being used for illicit attacks as well.

Cloud Computing: Early Adopters Share Five Key Lessons

While some large enterprises have moved their information-technology infrastructure to a third-party managed service to save costs, small firms--especially startups--have come to rely on cloud services to cut initial outlays and help them focus on the core services and products.

Apple's MobileMe could be a headache for IT managers

When Apple initially rolled out its MobileMe service for synchronizing e-mail, contacts and calendars among computing devices, its tagline - "Exchange for the rest of us" - suggested that businesses might find some use for the technology.

[]