You are looking at all articles with the topic "Computer Security". We found 24 matches.

Hint: To view all topics, click here. Too see the most popular topics, click here instead.

A scandal erupted in 2005 regarding Sony BMG's implementation of copy protection measures on about 22 million CDs. When inserted into a computer, the CDs installed one of two pieces of software that provided a form of digital rights management (DRM) by modifying the operating system to interfere with CD copying. Neither program could easily be uninstalled, and they created vulnerabilities that were exploited by unrelated malware. One of the programs would install and "phone home" with reports on the user's private listening habits, even if the user refused its end-user license agreement (EULA), while the other was not mentioned in the EULA at all. Both programs contained code from several pieces of copylefted free software in an apparent infringement of copyright, and configured the operating system to hide the software's existence, leading to both programs being classified as rootkits.

Sony BMG initially denied that the rootkits were harmful. It then released an uninstaller for one of the programs that merely made the program's files visible while also installing additional software that could not be easily removed, collected an email address from the user and introduced further security vulnerabilities.

Following public outcry, government investigations and class-action lawsuits in 2005 and 2006, Sony BMG partially addressed the scandal with consumer settlements, a recall of about 10% of the affected CDs and the suspension of CD copy-protection efforts in early 2007.

Zombie Zero is an attack vector where a cyber attacker utilized malware that was clandestinely embedded in new barcode readers which were manufactured overseas.

It remains unknown if this attack was promulgated by organized crime or a nation state. Clearly there was significant planning and investment in order to design the malware, and then embed it into the hardware within the barcode scanner. Internet of things (IoT) devices may be similarly preinstalled with malware that can capture the network passwords and then open a backdoor to attackers. Given the high volume of these devices manufactured overseas high caution is to be exercised before placing these devices on corporate or government networks.

In information security, a confused deputy is a computer program that is tricked by another program (with fewer privileges or less rights) into misusing its authority on the system. It is a specific type of privilege escalation. The confused deputy problem is often cited as an example of why capability-based security is important.

Capability systems protect against the confused deputy problem, whereas access-control list–based systems do not.

The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage is a 1989 book written by Clifford Stoll. It is his first-person account of the hunt for a computer hacker who broke into a computer at the Lawrence Berkeley National Laboratory (LBNL).

Stoll's use of the term extended the metaphor Cuckoo's egg from brood parasitism in birds to malware.