Hackers are taking advantage of American Independence Day celebrations, by spamming out what pretends to be a link to a Fourth of July fireworks show, but is really an attempt to infect computers.

It seems that we in the information technology profession are just as fickle as the fashionistas strutting around Milan or New York. While we aren't quite as locked to a seasonal schedule, we do have a tendency to fawn over the latest technology advances as if they were changing colors or hem lengths. Some are new, some are old, some are incredibly useful, and others are completely frivolous, but we can't deny their ability to enter and steer our collective consciousness -- at least until the next spring. Take cloud computing.

When professionals without security awareness plan a project, security is often left out. The result costs money in the long run. What can we do to make it better?

The soapbox is a place I hate to be, but sometimes a topic just rubs me raw enough that I climb up to try and get my point across. The topic of bots, botnets, and their impact on corporate data is one of those issues.

Iran. You remember the place? Before several celebrities died in the past week, Iran's election aftermath gripped national attention. The more I found out about the election situation, the demonstrations, and the crackdown, the more I felt as if I were reading a political thriller. That's when the ugly side of our hyper-connected society reared its ugly head.

When performing incident response and forensics on a compromised system, the focus of analysis is on the most immediately available and relevant sources of evidence. Volatile data collected from a running system, the hard drive, network flow data, and logs collected on a central server all serve as useful sources for determining the particulars of the incidents. But what about incidents that go back further, requiring you to dig into backup tapes -- and potentially very old ones?

It took a mere eight hours for cybercriminals to take advantage of the death of pop superstar Michael Jackson.

I just took a close look at the Article 29 Data Protection Working Party's opinion report on online social networking. While some of its recommendations are what you'd expect, others came as a surprise.

Iranians are using proxies worldwide to circumvent government censorship.

Late last week I attended an event sponsored by IBM/Lotus and Technology Review. A very credible "End of the U.S." doomsday scenario tied to the public cloud was outlined that I believe warrants further thought.

Next-gen Web apps and virtualization are two topics much on the collective mind of CIOs and line-of-business leaders. Of course, they're seeing dollar signs from slick eye-candy RIAs and cramming 20 VMs on each physical server. Security? Meh.

Facebook's security has been called into question after the creators of a new blog discovered a hack that can expose private profile information of any user.

You know the military's ol' mantra about "loose lips sink ships"? Well, it's being redefined by sites like Twitter, Flickr, and Facebook, according to a great article from Federal Computer Week that discusses the threats social networks pose to operational security.

Facebook users are facing a new threat, 419 scams in chat form, masquerading as friends.

Securing our company's data is our job. We build up layers of defense to protect it when it is housed within our corporate network and corporate computer systems. Firewalls, VPNs, encryption, and data leakage prevention all help in some way to protect the data that we don't want anyone else to have. Sometimes, however, we are stuck in the situation where we don't control the network or systems that portions of our data ends up on.

Sources of online criminal activity, such as Atrivo/Intercage and McColo, are no longer around. While I am not quite willing to share the full story behind these takedowns just yet, I can say that community action was the key.

A good friend was telling me recently about a risk assessment he was involved with in which his organization found some vulnerabilities in the Web application. When they asked the developer about them, the response was, "What is cross site scripting?" Wow -- how is it that in this day and age that someone, who probably considers themselves to be a competent Web developer, doesn't know XSS? Ask them about SQL injection, and the response would probably be the same.

Today Dark Reading launches a new feature: the Database Security Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis specifically focused on the topic of database security.

When talking to sysadmins and developers about security of the new software they're looking to deploy, I often end up in a discussion in which at least one or two of the CIA (confidentiality, integrity, and availability) triad is left out.

Hackers have spammed out a widespread attack to unsuspecting computer users, disguised as an electronic greeting card.

A recent article on integrating the YubiKey, a USB token that can provide one-time passwords (OTP), and WordPress reminded me of how few people I know actually use multi-factor authentication to secure their resources. Instead, they rely on the passwords for users to authenticate to Websites and VPNs with nothing in between them and an attacker who might steal that password. The insecurity of passwords is a topic that's been beaten to death time and time again. So why is it that we haven't moved on?

Fueled by hype generated by celebrity devotees like Oprah, Ashton Kutcher, and Stephen Fry, it seems like everyone is jumping on board the Twitter train.

Last week, another company got egg on its face by running a "we're-so-secure-you-can't-hack-our-stuff contest." When are companies going to learn claims like that always backfire?

Well-respected, highly secure Websites commonly infect the people who surf them. So if they are so secure, then why does this keep happening?

Internet service provider Pricewert -- which trades under names such as 3FN and APS Telecom -- has been shut down and disconnected from cyberspace following allegations it was knowingly involved in major spam attacks, phishing campaigns, malware distribution, and child abuse.