A week in security: Google tightens up Apps

Google took steps to improve the security of its Apps service this week

It's been fairly quiet on the security front this week. Microsoft has announced that its next Patch Tuesday update will be fairly light, while Google has tightened up its cloud security, and new research from VeriSign and Symantec Hosted Services proves that there is still a lot to keep security professionals busy.

First up is the news that a college student is facing over 20 years in jail and huge fines after guessing the password to the Yahoo email account of onetime vice presidential candidate Sarah Palin.

David Kernell was convicted of obstruction of justice and using unauthorised access to obtain information from a computer, which comes with a maximum term of 20 years in jail. He was found innocent of wire fraud, and a charge of identity theft was dismissed after a retrial.

Google, meanwhile, has released a new tool that allows administrators at firms using Google Apps to remotely reset cookies to ensure that sensitive data cannot be accessed if a device is lost or stolen.

Google Apps software engineer Will Smit said in a blog post that the feature offers improved cloud security for organisations concerned that more information is being stored in the cloud than ever before.

Also this week, the perils of Facebook were highlighted again in a new survey which found that almost a quarter of Facebook users do not do enough to protect their own data on the social networking site.

Web authentication firm VeriSign published a report this week offering advice on how to guard against the growing threat of distributed denial-of-service attacks. The DDoS Mitigation report is designed to guide enterprises through the minefield of internet security, which VeriSign said had changed dramatically over the past 12 months.

Meanwhile, Symantec Hosted Services released new research indicating that a lack of knowledge and awareness about how to use Linux mail servers could be contributing to the disproportionately large number of Linux machines being exploited to send spam.

"One reason there is so much spam from Linux could be that many companies that have implemented their own mail servers, and are using open-source software to keep costs down, have not realised that leaving port 25 open to the internet also leaves them open to abuse," said malware data analyst Mat Nisbet.

Finally, Microsoft has published its advance notification for this month's Patch Tuesday update on 11 May. Security administrators will be pleased to hear that it will be a relatively light affair with fixes for two critical vulnerabilities in Windows and Office.