ReadWriteWeb

Today eEye Digital Security released the results of a survey of over 1,600 IT administrators, managers and C-level executives about their top security concerns. Most respondents said that high profile malware like Project Aurora and Stuxnet were either small or very small threats to their enterprises. Slightly more were concerned about government or state sponsored hacking. But most still saw this as a low priority.

So what are they actually worried about?

Dropbox Reader is a set of Python scripts for forensic investigators. The scripts provide investigators with information about a particular Dropbox user's account and activities, such as the registration e-mail, Dropbox identifier and most recently changed files.

Dropbox Reader was created by Cybermarshal, the computer forensics wing of ATC-NY.

Mobile security startup Lookout is adding a new function to its suite of products today by releasing a "safe browsing" feature to its Android application. Lookout is also partnering with Sprint to make access to the application easy through the Sprint Zone or Tab in the Android Market.

The traditional problems that personal computers face in terms of security - malware, viruses, Trojans - that lead to compromised data and security problems are rapidly shifting to mobile devices. Data and identity villains will always go after the richest targets. Phones were not a not a rich target ... until they became smart.

While the Homeland Security Department no longer color-codes its threat levels, several security vendors offer up their own dashboards with all sorts of eye candy designed to keep track of which viruses and malware are heading yourway. Here is a brief rundown of the more popular services. All of them rely on agents and collection points scattered across the major Internet peering points and other critical junctions to watch for particular traffic patterns. The idea here is to gain insight into what is happening before something enters your network and starts to hose your equipment or steal your data.

Today's successful businesses run at the speed of light, requiring employees and corporate assets to be available and accessible 24/7. Enterprises need to find a way to allow rapid, flexible access while protecting themselves from serious risk. When employees travel with corporate data on laptops and other portable devices it becomes increasingly harder to manage, and control such data, or even know if it's being protected, thereby creating a "mobile blind spot" that has the potential to wreak havoc on your corporate communications network.

Identifying key mobile blind spots and taking steps to protect data in transit is critical to protecting your business. This paper outlines five real-world tactics that you can use to enhance mobile security in your organization. These tactics will help provide your workforce with the flexibility it needs to be productive anywhere, anytime, while protecting valuable corporate assets and the enterprise network against imminent security breaches and risk in an expanding mobile world.

A new report from Forrester focuses on the topic of building secure applications for the iPhone and iPad. Given iOS's popularity among enterprise and consumers alike, it's important for developers to understand the best practices for ensuring that mobile apps handle sensitive data appropriately. This is especially true when building apps for the financial sector.

But the finance and payments industry aren't the only ones who can benefit from a better understanding of security management - anyone building an app that handles customers' private data should be aware of iOS's data protection features and guidelines.

Facebook changed the security options of millions of international users today. The photo-tagging facial recognition program that Facebook unveiled to North American in July 2010 has arrived in most of the rest of the world today, according to security company Sophos.

Facebook does not tag people in photos automatically, but prompts users to tag friends that the facial recognition system recognizes. The service is opt-out in Facebook's security settings as opposed to opt-in. That aspect of the facial recognition feature and Facebook's approach to privacy altogether is what bothers privacy and security advocates like Sophos.

Between 30,000 and 120,000 users of Android devices are believed to have been affected by new mobile malware which has its roots in an earlier scourge known as Droid Dream. This variant, called Droid Dream Light, appears to have been created by the same developers whose malware had infected over 50 applications back in March. According to Lookout Security, the new malware was found in over 25 mobile applications, all of which Google has since removed from the Android Market.

The security researchers at F-Secure have discovered several phishing sites hosted on Google Docs, Google's online office suite. This is not an uncommon occurrence, it seems. According to a new blog post on the security firm's site, the team says "we regularly see phishing sites via Google Docs spreadsheets and hosted on spreadsheets.google.com."

The dangerous thing about these attacks is that they're hosted on a google.com domain, which gives these nefarious pages an air of legitimacy. One form even had the researchers themselves stumped as to whether it was phishing or not!

A sophisticated new hack has emerged as a zero-day exploit for all versions of Internet Explorer. Dubbed "cookiejacking," it is a way for hackers to take control of users browser identities and thus be able to impersonate them on Facebook, Twitter or any encrypted bank or retail site.

A play off the now familiar "clickjacking" term, cookiejacking happens when a hacker gets a user to drag and drop an item on a website enabled for the hack. It was discovered by Italian security researcher Rosario Valotta, who presented his findings it at two European security conferences earlier this year before publishing them on his blog. Given the nature of the attack and specificity of the attack, is this something that Internet Explorer users really need to worry about?