The greatest security risk facing large companies and individual Internet users over the next 10 years will be the increasingly sophisticated use of social engineering to bypass IT security defences, according to analyst firm Gartner.
Gartner defines social engineering as "the manipulation of people, rather than machines, to successfully breach the security systems of an enterprise or a consumer". This involves criminals persuading a user to click on a link or open an attachment that they probably know they shouldn't.
Google Inc. has fixed a security flaw in its Gmail Web-based e-mail service that allowed attackers to hijack users' e-mail accounts. "Google was recently alerted to a potential security vulnerability affecting the Gmail service. We have since fixed this vulnerability, and all current and future Gmail users are protected," Google spokesman Nathan Tyler said.
Tyler declined to discuss the nature of the problem, but a source close to Google confirmed that the flaw allowed an attacker to gain complete control over a user's account.
An increase in the usage of web applications is directly related to an increase in the number of security incidents for them. Today, web application security is finally getting more prominent attention. This attention comes with the benefit of it being addressed as a higher priority now, but with the drawback of still being in an emerging area of technology. This article highlights both technical and business trends in web application security. Traditionally, vulnerability analysis (and its management) has been focused at the network or operating system level.
So you’ve got a Gmail mail account? Or maybe you’ve just received an invitation? Well, we have some bad news for you: Your mail box is exposed. A major security hole in Google's mail service, allows full access to user accounts, without the need of a password.
Linux distributor Suse has warned of one of the most serious security holes to date in version 2.6 of the Linux kernel, which could allow attackers to shut down a system running 2.6-based software.
The 2.6 kernel, completed at the end of last year, brings a number of enterprise-friendly features to Linux, but is still in the early stages of rolling out in commercial products. While a number of Linux vendors have released software for technical enthusiasts running the new kernel, Novell-owned Suse is one of the few offering an enterprise product based on 2.6.