Security pro says new SSL attack can hit many sites
A Seattle computer security consultant says he's developed a new way to exploit a recently disclosed bug in the SSL protocol, used to secure communications on the Internet. The attack, while difficult to execute, could give attackers a very powerful phishing attack. Read more...

UK police reveal arrests over Zeus banking malware

64-bit Windows safer, claims Microsoft

SSL flaw could have been used to hack Twitter

Microsoft confirms first Windows 7 zero-day bug

Fake Verizon 'balance-checker' is a Trojan

Spam campaign targets payment transfer system

Flash flaw puts most sites, users at risk, say researchers

How to DDOS a federal wiretap

Unpatched SMB bug crashes Windows 7, researcher says

More Spam, Malware and Vulnerabilities Stories

Bugs & Fixes: What bugs Mac OS X 10.6.2 tackles
Mac OS X 10.6.2 came out Monday, and while Macworld's Dan Moren detailed the changes in this latest update to Snow Leopard, I wanted to check out which bugs cited in previous Bugs & Fixes entries have been eradicated by Mac OS X 10.6.2.

Review: Whitelisting security software comes of age
Remarkably good packages from Bit9, CoreTrace, Lumension, McAfee and SignaCert show that whitelisting may be the new best defense against modern malware.

UTM performance: The yo-yo effect
In our testing of the SonicWALL TZ200 and TZ210 systems, we discovered a significant performance impact when UTM features were enabled on typical Internet traffic.

FreeFixer
If you suspect your PC has been invaded by malware, FreeFixer can help you find it. It shows you a wealth of information about what's running on your PC, but the data is meant primarily for security gurus.

Trend Micro CEO: hackers hitting AV infrastructure
It's become an all-too-common scam: A legitimate Web site pops up a window that looks just like a real security warning. It says there's something wrong with the computer, and click here to fix it. A few clicks later, the victim is paying out US$40 for some bogus software, called rogue antivirus.

Baited and Duped on Facebook
Social networking raises the specter of employees divulging sensitive information outright or revealing enough about themselves or their workplaces to give cybervillains a way in. Experts offer tips to foil the bad guys.

How Hackers Find Your Weak Spots
A look at some of the ways hackers use social networking tools to gain access to victims' systems.

Forging a Web 2.0 Shield
BT Global Services, an early adopter of Web 2.0 security tools, uses a set of URL filtering and security technologies to protect customers and employees from the threats posed by Web-based communities and other interactive sites.

Your Own Worst Enemy
Recent breaches have put a spotlight on Web 2.0 applications security. John Viega, a security expert at McAfee, says both software developers and end users must share some of the blame.

Visitors Under Attack
Some malware attacks target site visitors rather than the site brands themselves.

Editors' Picks

Getting to know Windows 7? Don't stop now: From speeding up taskbar thumbnails to reining in UAC, here are 20 ways to make Windows 7 act the way you want. Is Motorola's new Droid good enough to vanquish iPhone envy? To find out, we took it on a 3-day trip. Sure, you could always use Linux as a desktop OS, but Corel Linux 1.0 was the first distro designed for ordinary users. It's been a long, strange trip since then. New touch-screen laptops from Fujitsu, HP and Lenovo take advantage of Microsoft Windows 7's touch-friendly infrastructure.

hot topics

Get the latest news, reviews and more about Microsoft's newest desktop operating system.

• Apple
• Microsoft
• Google
• iPhone
• Mac A to Z

special report topics

General Mills, Genentech, San Diego Gas & Electric, University of Pennsylvania and Monsanto top the list.

"A man and a woman have been arrested in England, for allegedly spreading banking malware. They were charged with using..." Read more "In a previous..." Read more More Security Blogs See all Computerworld Blogs

In Security Stripping away the trappings of applications, systems and networks, information is the core asset of most organizations. Our columnist describes how asserting the importance of information governance is crucial to making that asset tangible, addressable and protected. Click here to read the latest column by Jon Espenschied

The Spy Files For Congress to do anything that helps protect consumers and the critical Internet infrastructure as a whole, it must pass laws that require proactive processes to protect computers, not that tell people how to deal with the resulting mess, says Ira Winkler. Click here to read the latest column by Ira Winkler