Information freedom for open source users.

Hackers appear to be increasingly counting on configuration problems and programming errors rather than software vulnerabilities in order to steal information from computer systems, according to a new study from Verizon.

Is your company’s data under surveillance by foreign spybots looking for any competitive advantages or weaknesses they can exploit? This might sound farfetched, but such electronic espionage is real. It’s an insidious security threat that’s a lot more common than you probably realize.

As an IT or security executive, determining whether your organization is under attack via this seemingly undetectable threat — and putting in place adequate technology and procedural safeguards — should be a high priority. The stakes are too high to ignore the problem.

Is your company’s data under surveillance by foreign spybots looking for any competitive advantages or weaknesses they can exploit? This might sound farfetched, but such electronic espionage is real. It’s an insidious security threat that’s a lot more common than you probably realize.

As an IT or security executive, determining whether your organization is under attack via this seemingly undetectable threat — and putting in place adequate technology and procedural safeguards — should be a high priority. The stakes are too high to ignore the problem.

Researchers at Eset have discovered a second variant of the Stuxnet worm that uses a recently disclosed Windows vulnerability to attack Siemens industrial machines .

The second variant, which Eset calls “jmidebs.sys,” can spread via USB drives, exploiting an unpatched flaw in Windows involving a malicious shortcut file with the “.lnk” extension.

IBM announced it has added capabilities for Web application protection and data-loss prevention (DLP) to the basic technology platform for its intrusion-system prevention (IPS) product line.

Security managers are often concerned about employees who use Facebook at work and fall for the 419 “I’m trapped in London and need money” scam. Others might still have some in their organization who are convinced it is the Prince of Nigeria who wants to share his fortune. And with spear phishing, a targeted email attack in which messages are created to look like they come from an employer, bank or other trusted source, now a common criminal technique, the need for effective awareness programs for employees has become paramount.

Oracle released a set of 59 patches on Monday to fix security vulnerabilities across its entire range of database, application, and middleware products.

The patches include fixes for three critical flaws affecting virtually every supported version of the company’s Database Server technology.

A recent Forbes magazine article advised readers to assume that their companies have been hacked. Some readers have asked me to weigh in, and here’s my assessment: The article is slightly hyperbolic, but all in all, it’s a pretty accurate assessment. Most companies are actively hacked, and their sensitive data is being stolen and leaked to outsiders.

Websense Thursday is announcing that it’s making its data-loss prevention (DLP) suite free for 30 days under a “DLP for Download” program.

The roughly 600MB download available at the Websense.com site is the full enterprise Websense Data Security Suite. The download can be installed in a VMware-based environment and is intended to provide a quick way to evaluate the effectiveness of the software for stopping unauthorized transmission of data.

Businesses worried about keeping tabs on the latest Apple iPhone will soon be able to remotely interact with the devices in the event of theft, loss or mishap, Absolute Software has announced.

Using an update due in the next quarter, Absolute Software will enable Apple iPhones running iOS 4 to be remotely managed like any other portable computer using the company’s Absolute Manage system, the company said.

For all its promise of revolution, the computing industry often lags behind expectations. After all, your netbook is really just a laptop, only smaller and cheaper. The chip that powers your PC today has a direct lineage back to the Pentiums of yesterday. Your latest hard drive might hold 2TB, but it’s still just a hard drive. Where’s the real innovation?

In the labs, of course.

The hack of iPad user info on the AT&T site may be much worse than an embarassment, according to a security researcher who specializes in mobile devices.

This hasn’t been AT&T‘s month. First, security researchers found a loophole in the company’s Website that could be used to reveal email addresses for tens of thousands of Apple iPad customers.

The Windows XP exploit that was published by a Google engineer last week is now being exploited in the wild, according to researchers at Sophos Labs.

The vulnerability, which could allow remote code execution if a user views a specially crafted Web page using a Web browser, or clicks a specially crafted link in an e-mail message, was published by Tavis Ormandy just five days after he alerted Microsoft to the problem.

Apple’s reputation for security continues to take hits as hacker group Goatse Security today accused the company of failing to patch a flaw in Safari — known

AT&T issued an apology on Sunday for a hack that exposed thousands of iPad customers’ email addresses last week and vowed to work with law enforcement to prosecute those responsible.

Getting a chance to bash AT&T twice in two weeks is like getting to hit a pinata filled with $100 bills. Hand me the stick and stand back, boys.

The harvesting of over 100,000 iPad 3G owners’ email addresses was not a hack or a classic data breach, but a brute force attack of a minor feature AT&T offered to Apple customers, experts said Wednesday.

According to New York-based Praetorian Security Group, which obtained a copy of the PHP script used to scrape email addresses from AT&T’s servers, the attack succeeded because the mobile carrier used poorly designed software.

There they go again: Trying to scare business and IT executives into buying yet more security tools.

It used to be a luxury to own a smartphone. Now everyone seems to have one, and can’t seem to do their jobs without it.