Automated traffic to Web sites has steadily increased, driven by legitimate search-engine indexing, questionable crawlers and malicious attackers — companies need to know which is which.
To that end, Web-security cloud service Incapsula launched a site on Wednesday for cataloging Web bots, the automated programs that crawl Web sties to index pages, grab competitive price information, gather information on social-networking users or scan for vulnerabilities. With the site, dubbed BotoPedia, the company is gathering data on the Internet addresses used by Web bots as well as the user-agent strings and any other identifying information. The catalog will be open, but moderated, in much the same way as Wikipedia, says Marc Gaffan, co-founder and vice president of business development for Incapsula. Continue reading Gather Intelligence On Web Bots To Aid Defense
Google has been forced to temporarily deactivate a security feature in Android 4.1 (Jelly Bean) intended to make it harder to pirate paid-for apps. The feature resulted in some purchased apps no longer working after devices on which they were installed on were restarted, requiring the user to reconfigure or even reinstall them. According to a bug report on Google Code, affected apps include several live wallpapers and applications with widgets or access to Google’s account system. Continue reading Google forced to temporarily deactivate copy protection for Android apps
Microsoft has released version 1.0 of of its Attack Surface Analyzer, bringing the application out of beta status. Attack Surface Analyzer was originally announced in January 2011 and is designed to give developers and system administrators the ability to gauge how installing a certain application will effect the attack surface of a Windows system.The company says that it has received “quite a bit of positive feedback” on the tool and is now ready to make it available to the wider public. Continue reading Microsoft’s Attack Surface Analyzer matures
NVIDIA has fixed the vulnerability in its proprietary graphics driver for Unix systems that was publicly disclosed by Linux kernel and X.org developer Dave Airlie a few days ago; apparently, NVIDIA had already known about the hole for a month. To close it, the company has, along with other drivers, released driver version 304.32, which is being deployed via NVIDIA’s knowledge base. Continue reading NVIDIA closes hole in proprietary Unix driver
IDG News Service – Oracle is planning to ship 14 patches related to Java SE on Tuesday, including a number with the highest level of severity under the CVSS (common vulnerability scoring system) framework, according to a pre-release announcement on the company’s website.
“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” Oracle said. Continue reading Oracle to issue 14 patches for Java SE
The creators of the Flame malware have sent a “suicide” command that removes it from some infected computers.
Security firm Symantec caught the command using booby-trapped computers set up to watch Flame’s actions.
Flame came to light after the UN’s telecoms body asked for help with identifying a virus found stealing data from many PCs in the Middle East. Continue reading Flame malware makers send ‘suicide’ code