Network Security

  • Most Topular Stories

  • Clickjacking scams are still used on Facebook

    Spyware news
    gabriele
    4 Jan 2012 | 10:02 am
    New Year has come and hackers have started spreading new scams on Facebook. This time it’s another clickjacking scam that has been noticed circulating on this social network. Using the curiosity of Facebook users, it tricks them into clicking on links pretending to be liked by their friends. However, those ‘amazing’ and ‘surprising’ videos titled “Air Race Plan Crashed in the crowd during a show!” or “A Really Giant Baby!” are used for only redirecting victims to the splash pages pretending to contain interesting videos but filled with web based advertisements…

  • Best Book Bejtlich Read in 2011

    TaoSecurity
    9 Jan 2012 | 8:40 pm
    It's time to name the winner of the Best Book Bejtlich Read award for 2011! I've been reading and reviewing digital security books seriously since 2000. This is the 6th time I've formally announced a winner; see my bestbook label for previous winners.Compared to 2010 (31 books), 2011 saw a decrease to 22 books. Remember all reading is neither equal nor fast. When I review a book, I am sure to read it and not just skim it. For 10 books last year, I chose not to read them but to instead post impressions. Posts called "impressions" provide my sense of the book but I do not publish them in my…

  • Google’s ‘Good to Know’ Campaign Touts Online Privacy

    Private WiFi
    Elaine Rigoli
    26 Jan 2012 | 12:09 am
    Google has launched its “Good to Know” advertising campaign to help educate consumers about how to protect themselves online. According to this eWeek article, “the multimillion-dollar Good to Know initiative includes privacy and security tips, such as how to use two-step verification, how to lock a computer when it’s in public but not in use, and how to make sure website connections are secure via HTTPS encryption.” The Good to Know campaign is aimed at the casual Internet user and defines cookies and IP addresses, and explains how Google and other service…

  • Tripwire Names Bejtlich #1 of "Top 25 Influencers in Security"

    TaoSecurity
    6 Dec 2011 | 8:52 pm
    I've been listed in other "top whatever" security lists a few times in my career, but appearing in Tripwire's Top 25 Influencers in Security You Should Be Following today is pretty cool! Tripwire is one of those technologies and companies that everyone should know. It's almost like the "Xerox" of security because so many people equate the idea of change monitoring with Tripwire. So, I was happy to see my twitter.com/taosecurity feed and the taosecurity.blogspot.com blog make their cut.David Spark asked for my "security tip for 2012," which I listed as:Improve your incident detection and…

  • Even Facebook Doesn’t Like IE7

    Worst Tech!
    Adil
    31 Dec 2011 | 5:45 am
    About an year ago we came to know that YouTube, Facebook and other major websites stopped the support for IE6. Now because it was obsolete but due to the vulnerability of the browser from the Redmond giant. Now what? It has been reportedly said that Facebook will not support IE7 anymore, it has been decided [...]
 
 
 
  • add this feed to my.Alltop

    Network Security Blog

  • Standing Desk 2.0

    netsecpodcast@mckeay.net (Martin McKeay)
    26 Jan 2012 | 8:59 pm
    If you follow the blog, you may remember several months ago that I built myself a standing desk out of some cheap lumber and plywood I had in the garage.  It took an afternoon to build and was a proof of concept as to whether or not I’d actually like working at a standing desk.  The funny part of the project was that it took me longer to draw it up in Google SketchUp than it did to actually put the desk together itself.  After several weeks of working on the desk I decided I really liked it and wanted a more permanent version of the desk that I could feel was an actual…

  • Kill pcAnywhere right now!

    netsecpodcast@mckeay.net (Martin McKeay)
    25 Jan 2012 | 8:40 pm
    If you haven’t already heard, the code base for Symantec’s pcAnywhere was stolen in 2006, and bad guys are now using that code against the installed base of users in the wild.  This sort of compromise really isn’t anything that new or different.  But what is different is that Symantec is now telling users to flat out disable pcAnywhere until a fix is released.  Which is a good, smart move, but a better move would be to remove pcAnywhere and never, ever start it up again! I remember the first time I used pcAnywhere; I was working my first helpdesk job and they…

  • Network Security Podcast, Episode 265

    netsecpodcast@mckeay.net (Martin McKeay)
    24 Jan 2012 | 8:04 pm
    Unless you were hiding under a rock the last few weeks you’ve probably heard about the Stop Online Piracy Act (SOPA), Protect IP Act (PIPA) and their even more evil brother Anti-counterfiting Trade Agreement (ACTA).  Many sites went dark last week, including Securosis, in protest and SOPA/PIPA were at least stalemated for the moment, if not entirely defeated.  And since it’s a big story, we decided to discuss it at great length, probably saying many things that have been said by much smarter people than us.  At least we hope it’s the smart people we’re agreeing…

  • SOPA was only an opening salvo

    netsecpodcast@mckeay.net (Martin McKeay)
    20 Jan 2012 | 8:41 am
    I generally try to stay out of the political arena on the blog, mostly because politics is such a contentious topic in and of itself.  And I’ve been staying away from SOPA in particular because there’s been so much coverage that one more voice added to the choir wouldn’t have done anything.  The music and movie companies once again tried to introduce legislature that made pirating content a crime and gave the entertainment industry incredible power to police the internet and block any site they felt *might* link to copyrighted content.  But we, the Internet,…

  • Network Security Podcast, Episode 264

    netsecpodcast@mckeay.net (Martin McKeay)
    10 Jan 2012 | 6:10 pm
    As Zach prepares for his jaunt down to Miami Beach, Rich waxes paranoid about his newfangled Microsoft-powered car — and the prospect of Martin remotely hacking throttling the engine.  It’s hard to imagine a few of Rich’s ‘friends’ won’t try hard to get their hands on his new remote and the system port on his car. (Also, check out our nomination in the Social Security Bloggers Awards — and vote if you’re eligible to do so!) Network Security Podcast, Episode 264, January 10, 2012 Time: 37:31 Show Notes: Exploit Code Released for ASP.NET Flaw…
  • add this feed to my.Alltop

    Post Politics: Breaking Politics News, Political Analysis & More - The Washington Post

  • Gingrich professes shock at Romney’s ‘dishonest’ debate performance

    Amy Gardner, Philip Rucker
    27 Jan 2012 | 10:30 pm
    MIAMI — Former House speaker Newt Gingrich spent Friday struggling to fend off the perception that his presidential campaign has stalled after a flat debate performance on Thursday and fresh polling data showing his support slipping in Florida. Read full article >>

  • Romney says Gingrich is ‘like Goldilocks’

    Philip Rucker
    27 Jan 2012 | 8:47 pm
    ORLANDO – After getting the better of Newt Gingrich in Thursday night’s debate, Mitt Romney is trying to rub it in.  The increasingly confident, and increasingly punchy, former Massachusetts governor took a fresh swipe at the former House speaker at a campaign rally here Friday night, likening him to the fairy tale character “Goldilocks.” Read full article >>

  • Obama ally suggests administration is undermining Endangered Species Act

    Juliet Eilperin
    27 Jan 2012 | 7:52 pm
    The Obama administration is setting too high a threshold for listing an imperiled plant or animal under the Endangered Species Act, according to Rep. Edward J. Markey (D-Mass). Markey, one of the White House’s closest congressional allies, late Thursday sent a letter to Dan Ashe, director of the U.S. Fish and Wildlife Service, questioning a draft policy the agency issued last month with the National Oceanic and Atmospheric Administration. Read full article >>

  • Rick Perry’s back in Texas, and some wonder if he’s lost political power there

    Melinda Henneberger
    27 Jan 2012 | 7:44 pm
    Yes, to the non-Texan eye, it looks like Republican Gov. Rick Perry has slunk home from his last rodeo, having humiliated himself and his home state with a presidential run that will go down in history as one big “Oops.” Read full article >>

  • Obama, Biden rally Democrats at annual retreat

    Felicia Sonmez
    27 Jan 2012 | 7:23 pm
    CAMBRIDGE, Md. — President Obama and Vice President Biden on Friday worked to rally congressional Democrats preparing to do battle with Republicans leading into the 2012 election. In remarks at the annual House Democratic retreat near the shore of the Chesapeake Bay, Obama rallied the House Democrats with a campaign-style speech in which he defended Democrats’ legislative accomplishments over the past three years, acknowledged that lawmakers have had to make some “tough decisions” and reprised many of the arguments he made in Tuesday’s State of the Union address. Read full article…
  • add this feed to my.Alltop

    Techworld.com security

  • Angry Facebook sues firm for alleged 'likejacking' scam

    27 Jan 2012 | 1:39 pm
    Facebook’s zero tolerance policy against those it believes are abusing its network has seen it file a lawsuit against a company it accuses of using a ‘clickjacking’ scam to trick users into divulging personal information.

  • O&O AutoBackup review

    27 Jan 2012 | 10:11 am
    O&O AutoBackup (free in January 2012; $30 with a 30-day free trial starting in February 2012) is a generally easy-to-use backup program with one feature especially handy for frequent users of external drives. It will back up any data you choose, automatically, without user intervention, when you insert a removable drive you've defined as the repository for your backup. That's a neat trick, but the program is otherwise limited in ability, suffers a number of design oversights, and occasionally employs unexplained and possibly confusing language.

  • Lawmakers seek answers from Google on new privacy measures

    27 Jan 2012 | 8:00 am
    Google's decision this week to share user data across its online services has caught the attention of eight members of the US House of Representatives, with the lawmakers asking whether the changes will compromise privacy.

  • European Parliament website taken offline in retaliation of ACTA

    27 Jan 2012 | 5:01 am
    The European Parliament's website fell under a distributed denial-of-service attack (DDOS) on Thursday in what the organisation classified as retaliation for the shutdown of the Megaupload file-sharing site and an anti-counterfeiting trade agreement.

  • Zscaler launches free link malware scanner Zulu

    27 Jan 2012 | 4:22 am
    Cloud security vendor Zscaler has launched a new free-to-use online service called Zulu that can assess the security risk associated with URLs by analysing the content they point to, as well as the reputation of their corresponding domain names and IP addresses.
 
  • add this feed to my.Alltop

    Hot Security News

  • Expert Web Security Protection For Joomla and Drupal Hosting Platform

    3 Jan 2012 | 3:37 pm
    CNP Integrations brings on the New Year announcing an unmatched hosting platform. CNP Integrations has launched a new strategic hosting platform featuring; SecureLive Security Monitoring, RackSpace cloud hosting combined with the world class web application support services from the CNP Integrations team.

  • Panda Security Launches Beta Version of Panda Cloud Office Protection 6.0

    23 Dec 2011 | 6:01 pm
    Panda Security, The Cloud Security Company, today announced the beta release of Panda Cloud Office Protection (PCOP) 6.0, its cloud-based security service for PCs, servers and corporate laptops managed remotely through a web-based console. The beta software can be downloaded for free at http://www.pandasecurity.com/promotions/betatest/pcop

  • Online Shopping Requires Increased Attention

    23 Dec 2011 | 5:08 pm
    VASCO Data Security International, Inc., a leading software security company specializing in authentication products cautions both consumers and employers to be extra vigilant for cyber criminality in the build-up to the festive season.

  • Panda Global Protection 2012 Wins -Best Security Software- Award from PC World LA

    28 Nov 2011 | 3:29 pm
    Panda Security today announced that Panda Global Protection 2012 has won the 2011 Best Security Software Award given by the prestigious PC World Latin America magazine. The award was received by Eduardo D’Antona, Panda Security’s General Manager for Latin America, in a gala held on November 3rd at the Conrad Hotel in Miami

  • 2012 Internet Security Predictions by Websense Security Labs

    28 Nov 2011 | 3:17 pm
    With all of the crazy 2011 security breaches, exploits and notorious hacks, what can we expect for 2012? We asked the top researchers of the Websense Security Labs™ to take a few minutes and provide their top predictions for the coming year. Last year’s Websense Security Labs predictions were very accurate, so these predictions should provide very useful guidance for security professionals.
  • add this feed to my.Alltop

    Crave: gorgeous gadgets and other crushworthy stuff. - CNET

  • Adobe shows the raw, dark side of Photoshop CS6

    28 Jan 2012 | 5:19 am
    Photoshop CS6 will get a new dark look, but it's not required. This view also shows the visual and numeric information about brush settings. (Click to enlarge.) (Credit: screenshot by Stephen Shankland/CNET) Adobe Systems has published a glimpse of the forthcoming Photoshop CS6, an update that brings the dark workspace and raw-image editing tools from the new beta of its sister program, Lightroom 4. Bryan O'Neil Hughes, an Adobe senior product manager, showed off a bit of the new software in a YouTube video published yesterday. Photoshop CS6 is set to debut along with the sixth version of…

  • Stickman games that shine on iOS

    27 Jan 2012 | 7:25 pm
    (Credit: CNET) Sometimes the bare essentials are all it takes to make a great video game. In this collection, our hero is the stickman. Everyone knows that in today's hottest games (for any platform), high-quality graphics are at a premium. Whether it's a first-person shooter, an MMORPG, or even a console golf game, realism and fancy graphics seem to be key to getting people to buy the product. But if you've played games for a while, you know that graphics aren't everything. A whole slew of games in the iTunes App Store have enjoyed a ton of success by completely ignoring fancy graphics and…

  • Take a tour of BMW's new Mog online music system

    27 Jan 2012 | 6:59 pm
    BMW is the first automaker to integrate an online music selection service into a production car. (Credit: James Martin/CNET) My iPhone, with 8GB of memory, can hold about 1,700 tracks. A BMW's internal hard drive has room for almost 3,000 tracks. Now, BMW's new Mog integration puts 14 million tracks at a driver's fingertips. I sat in the driver's seat of a 2012 BMW 650i, with Robert Passaro, the head of BMW's App Center, in the passenger seat. But we weren't going anywhere. Our entire focus was on the stereo. Passaro slotted an iPhone 4S into the BMW's cradle, nestled in the console…

  • What's a PS Vita game cost? Ask again tomorrow

    27 Jan 2012 | 6:51 pm
    Hanging out with Nathan Drake sure is expensive. (Credit: Sony Computer Entertainment) Several PlayStation Vita games are seeing preorder price cuts (and one disappointing price increase) before the launch of the next-generation handheld gaming device planned of February 22. Little Deviants, Wipeout 2048, Modnation Racers: Road Trip, Reality Fighters, and Hot Shots Golf: World Invitation, which cost $39.99 previously, are currently available for $29.99 (via Amazon, GameStop and others). Sadly, it seems that the highly anticipated Uncharted: Golden Abyss for Vita rose in price from $39.99 to…

  • D-Link HD Media 2000 DIR-827 router review: So many firsts

    27 Jan 2012 | 6:49 pm
    The Amplifi HD Media Router 2000 DIR-827 from D-Link. (Credit: Dong Ngo/CNET) The $145 D-Link Amplifi HD Media Router 2000 DIR-827 is the third I've reviewed in D-Link's Amplifi family of wireless routers, but it comes with lot of firsts. This is the first true dual-band router from D-Link that I'm aware of that comes with internal antennas, making it much more compact than previous true dual-band routers, such as the DIR-855. It's the first on the market to come with a USB 3.0 port, instead of USB 2.0. And finally, it's the first I've seen to come with an SD card slot, in case you want to…
  • add this feed to my.Alltop

    Security - RSS Feed

  • Google Privacy Policy Update Challenged by Lawmakers

    28 Jan 2012 | 6:00 am
    Google is under fire in Congress for its new privacy policy changes to unify user information from 60 Web services under one single policy. - Several U.S. senators Jan. 26 fired off a bipartisan letter to Google CEO Larry Page, asking for more information about the search engine provider's revised privacy policy. Google Jan. 24 announced that it will aggregate 60 of its Web services under one single privacy policy. Under this new...

  • Verdasys Offers Enterprise Data Leak Protection as Managed Service

    26 Jan 2012 | 4:44 pm
    It seems every IT function can now be offered on-demand. Verdasys is launching its enterprise data leak protection system, Digital Guardian, as a managed security service. - Verdasys is moving its data leak prevention portfolio to the cloud to help enterprises protect their data stored on its networks and still reduce costs. The company introduced two new offerings Verdasys Managed Service for Information Protection (MISP) and Verdasys Information Protection as a S...

  • EU 24-Hour Data Breach Notification Rule 'Unworkable': ATandT Executive

    26 Jan 2012 | 12:21 pm
    AT&T's chief privacy officer says the 24-hour deadline to notify customers of a data breach that is set by new European Union data privacy regulations is "absolutely unworkable" and would end up forcing companies to notify all possible customers about a breach rather than just those affected. - New data privacy regulations being implemented by the European Union will present serious complications for U.S. companies doing business in Europe, according to an IT security and data privacy executive who took part in a panel at the George Washington University School of Law in…

  • Catbird Unveils vSecurity 5.0 for Virtualized and Cloud Computing

    26 Jan 2012 | 7:50 am
    Catbird's vSecurity 5.0 is built on industry-standard, network-based security technologies for a set of services protecting virtual, cloud and physical networks. - Catbird, a specialist in security and compliance for virtual, cloud and physical networks, announced the next generation of its vSecurity platform, vSecurity 5.0, which integrates directly with the hypervisor to provide automated control, visibility and efficiency. Its vCompliance engine monitor...

  • Symantec Warns pcAnywhere Users to Disable Tool Due to Source Code Theft

    25 Jan 2012 | 9:06 pm
    Symantec has confirmed that pcAnywhere users are at "increased risk" because attackers have stolen source code to the remote control tool. - The saga over Symantec's stolen code took another twist as the company acknowledged that pcAnywhere customers are at risk for man-in-the-middle attacks and new exploits. The breach actually occurred on Symantec servers in 2006, and attackers stole source code to several Norton security product...
 
  • add this feed to my.Alltop

    Techwatch: Tech News

  • Nintendo Wii U confirmed for Xmas 2012

    Darren Allan
    27 Jan 2012 | 5:17 am
    Some more information has emerged about the Wii U console. And the biggest snippet is the fact that Nintendo’s sequel has been confirmed as launching before the end of 2012. The company has learned “bitter” lessons from the 3DS launch, which failed to make the Christmas launch window and slipped to March, with sales suffering as a result. Hopefully they’ll have learned pricing lessons as well, as the 3DS had too steep a price tag for many when it was first out. The Wii has always been a competitive piece of hardware, of course, but the Wii U boasts higher-end technology…

  • Nokia loses €1bn in Q4 2011

    Adam Smith
    27 Jan 2012 | 2:57 am
    Nokia has suffered a large loss in its latest financial results, with the company’s operating profit dropping by €950 million in the fourth quarter of 2011. That’s a complete reversal of the situation in 2010, when the firm posted a profit of almost €900 million. Revenue dropped 21% year-on-year, from €12.6 billion to €10 billion. However, Nokia was keen to point to net cash and other liquid assets of €5.6 billion, and also a “solid” fourth quarter performance in mobile phones, driven by the launch of its new Windows Phone handsets led by the Lumia 800. The Finnish…

  • Apple iPad now has 58% market share

    Adam Smith
    27 Jan 2012 | 2:31 am
    The latest figures for the tablet market have been published by Strategy Analytics. And the analyst firm has recorded more slippage in slate market share for Apple. The figures are for Q4 2011 market share, and show that the iPad has dropped to 58% from 68% in the final quarter of 2010. That’s a considerable chunk of the market to lose to Android, which now holds 39%, up 10% year-on-year. The 40% mark is a figure that, earlier last year, some analysts were predicting Android would only reach in 2014. Apparently the Kindle Fire and Nook budget Android slates represent some 40% of the…

  • Alan Wake and I Am Alive coming to XBLA

    Darren Allan
    26 Jan 2012 | 3:13 am
    Microsoft has announced the exact dates on which its so-called ‘House Party’ games are coming to Xbox Live. The Xbox Live House Party 2012 is another collection of bundled games being released over February and March onto XBLA, and punters who buy all four titles will receive a bonus 800 MS Points (in other words, one of the cheaper games for free). The party kicks off with Warp, a puzzle based action-adventure, on February 15th priced at 800 MS Points. Next up is the one we’ve been waiting for, Alan Wake’s American Nightmare, a standalone adventure in the spooky…

  • Anonymous launches attack against ‘Irish SOPA’

    Adam Smith
    26 Jan 2012 | 2:46 am
    Anonymous, the collective of internet activists, has struck again with its latest cause – action against copyright legislation in Ireland. Currently, a statutory instrument – a change in law which doesn’t require approval from Parliament – is being pushed through swiftly over in Ireland. And that instrument aims to achieve SOPA-like goals of making it easier for copyright holders to block websites deemed to have violated their intellectual property. There’s currently concern over whether this, like SOPA, is a rather blunt instrument which is overreaching and could be abused…
  • add this feed to my.Alltop

    Network Security Podcast

  • Network Security Podcast, Episode 265

    martin
    24 Jan 2012 | 8:03 pm
    Unless you were hiding under a rock the last few weeks you’ve probably heard about the Stop Online Piracy Act (SOPA), Protect IP Act (PIPA) and their even more evil brother Anti-counterfiting Trade Agreement (ACTA).  Many sites went dark last week, including Securosis, in protest and SOPA/PIPA were at least stalemated for the moment, if not entirely defeated.  And since it’s a big story, we decided to discuss it at great length, probably saying many things that have been said by much smarter people than us.  At least we hope it’s the smart people we’re agreeing…

  • Network Security Podcast, Episode 264

    quine
    10 Jan 2012 | 6:10 pm
    As Zach prepares for his jaunt down to Miami Beach, Rich waxes paranoid about his newfangled Microsoft-powered car — and the prospect of Martin remotely hacking throttling the engine.  It’s hard to imagine a few of Rich’s ‘friends’ won’t try hard to get their hands on his new remote and the system port on his car. (Also, check out our nomination in the Social Security Bloggers Awards — and vote if you’re eligible to do so!) Network Security Podcast, Episode 264, January 10, 2012 Time: 37:31 Show Notes: Exploit Code Released for ASP.NET Flaw…

  • Network Security Podcast, Episode 263

    rmogull
    3 Jan 2012 | 9:01 pm
    It’s our first show of the New Year… wherein Rich describes server upgrades good and bad, being a victim in a data breach, and we discuss the rest of the latest news. We have to say, it’s a weird start to the year. Network Security Podcast, Episode 263, January 3, 2012 Time: 36:45 Show Notes: Most websites vulnerable to single-source, low-bandwidth DoS attack. Stratfor breached over the holidays. Hackers in space? China all annoyed they have data breaches like the rest of the world. Tonight’s Music:  Trouble in Mind by Cephas and Wiggins

  • Southern Fried Network Security Podcast

    martin
    20 Dec 2011 | 6:28 pm
    This is Martin, and while I know we said we weren’t going to do another podcast this year, I got started talking to Martin Fisher over at the Southern Fried Podcast and we decided, “What the heck, let’s do one more this year and thank all our listeners for supporting us!”  It was supposed to just be the two of us, but Rich happened to be available.  It was also only supposed to be a few minutes, but when you get the three of us going, it obviously has the potential for going long. All three of us are very greatful to our audiences, and I think I can say the same on…

  • Network Security Podcast, Episode 262

    quine
    13 Dec 2011 | 6:13 pm
    A discombobulated Martin and a sleep-deprived Zach get together for the final episode of 2011 (and Rich isn’t around to join us — tsk tsk). This week’s stories seem to be more of the same — surveillance, leaks, and dumb legislation. Here’s to hoping for a brighter 2012. Network Security Podcast, Episode 262, December 13, 2011 Time: 30:00 Show Notes: DNS Hijacks Now Being Used to Serve Black Hole Exploit Kit Who Knows What Youhavedownloaded.com? Carrier IQ: Bug made some keypresses, message data accessible The Infosec Naughty List & The Twelve Charlatan’s of…
 
  • add this feed to my.Alltop

    About.com Internet / Network Security

  • 5 Must-have Security Apps for iPhone

    21 Jan 2012 | 10:29 am
    Have you ever gone on vacation and forgot to arm your home security system? Have you ever wanted to check in on your pet while you were away from home? If you answered yes to either of these questions,  you will definitely want to check out our featured article on 5 Must-have Security Apps for iPhone. We'll also take a look at apps that can encrypt phone calls from your iPhone and track your phone if it's lost or stolen....Read Full Post

  • How to Scam-proof Your Brain

    16 Jan 2012 | 9:36 am
    Can you spot a phishing scam e-mail from a mile away? Are you a human scam detector? The focus of this week's featured article is on How to Scam-proof Your Brain. ...Read Full Post

  • Protect Your Smartphone From Malicious QR Codes

    8 Jan 2012 | 11:13 am
    Quick Response or QR codes like the one in the picture above seem to be popping up everywhere these days. They are great for advertisers and marketers because they allow users to obtain product information and website addresses by scanning the multidimensional bar code with their smartphone's camera. Unfortunately hackers and criminals are also using QR codes to trick users into installing malware, or handing over personal information....Read Full Post

  • How to Secure Your New Facebook Timeline

    31 Dec 2011 | 10:23 am
    Did you enable the new Facebook Timeline feature yet? The new Timeline lets you, your friends and, depending on your privacy settings, complete strangers flip through your Facebook history like a digital scrapbook. It has a newspaper-like appearance and all is easily navigated. Simply click on the year you are interested in and it jumps to all your old posts for that time frame....Read Full Post

  • Hack Your Holiday Party With Some Spicy Password Crackers

    31 Dec 2011 | 4:55 am
    If you're looking for a last minute dish to make for a New Years party, try making some Spicy Password Crackers. They are both delicious and addictive. I call them password crackers because someone would likely hand over their password just so they could have another one....Read Full Post
  • add this feed to my.Alltop

    Tenable Network Security

  • #7 Nessus Versus Malware - Top Ten Things You Didn't Know About Nessus

    Paul Asadoorian
    27 Jan 2012 | 8:08 am
    Nessus has several different plugins and techniques for helping you with the fight against malware. The video below is part 7 in our series of the top ten things you didn't know about Nessus and covers 3 different ways Nessus can be used to help detect malware: Below are a few more examples of how Nessus can detect malware: 1. Nessus Network Checks Nessus plugins in the "Backdoor" plugin family detect certain types of generic behavior on listening services that are indicative of malware. For example, plugin #35322 detects the presence of an HTTP backdoor. Nessus detects the web server…

  • Tenable Network Security Podcast 110

    Paul Asadoorian
    24 Jan 2012 | 1:44 pm
    Welcome to the Tenable Network Security Podcast Episode 110 Hosts Paul Asadoorian, Product Evangelist Carlos Perez, Lead Vulnerability Researcher Ron Gula, CEO/CTO Jack Daniel, Product Manager Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We recently added a 38-minute tutorial of Nessus, covering most of the basic features. We're hiring! - Visit the Tenable website for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at…

  • Tenable Network Security Episode 109

    Paul Asadoorian
    18 Jan 2012 | 10:47 am
    Welcome to the Tenable Network Security Podcast Episode 109 Hosts Paul Asadoorian, Product Evangelist Carlos Perez, Lead Vulnerability Researcher Ron Gula, CEO/CTO Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We recently added a 38-minute tutorial of Nessus, covering most of the basic features. We're hiring! - Visit the Tenable website for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at…

  • Tenable Network Security Podcast Episode 108

    Paul Asadoorian
    12 Jan 2012 | 8:31 am
    Welcome to the Tenable Network Security Podcast Episode 108 Hosts Paul Asadoorian, Product Evangelist Jack Daniel, Product Manager Carlos Perez, Lead Vulnerability Researcher Ron Gula, CEO/CTO Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We recently added a 38-minute tutorial of Nessus, covering most of the basic features. We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at…

  • Microsoft Patch Tuesday - January 2012

    Paul Asadoorian
    11 Jan 2012 | 11:16 am
    The first round of security bulletins from Microsoft this year raises some interesting questions about the vulnerabilities being patched. I found the following three advisories particularly interesting: From MS12-002: The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. MS12-002 is ranked by Microsoft as important. Sure, it does…
 
  • add this feed to my.Alltop

    Team Cymru Internet Security News

  • FBI developing social networking spy app

    28 Jan 2012 | 4:00 am
    "The Federal Bureau of Investigation (FBI) is planning to develop an application that can track the public's postings to Facebook, Twitter and other social networks, in order to aid how it predicts and reacts to criminal behaviour, including public disorder and terrorism. An FBI request for information document has been published, asking potential contractors to contact the bureau by February 10. The FBI wants respondents to the document to outline how they would build such a system and how much it would potentially cost...."

  • Lawmakers seek answers from Google on new privacy measures

    28 Jan 2012 | 3:58 am
    "Google's decision this week to share user data across its online services has caught the attention of eight members of the US House of Representatives, with the lawmakers asking whether the changes will compromise privacy. The eight lawmakers, three Republican and five Democrats, said the move raises questions about consumer privacy. The eight, including Republican Representatives Cliff Stearns of Florida and Joe Barton of Texas, and Democrats Edward Markey of Massachusetts and Henry Waxman of California, sent a letter raising their concerns to Google CEO Larry Page on…

  • Password Sharing Among American Teenagers

    28 Jan 2012 | 3:57 am
    ""It's a sign of trust," Tiffany Carandang, a high school senior in San Francisco, said of the decision she and her boyfriend made several months ago to share passwords for e-mail and Facebook. "I have nothing to hide from him, and he has nothing to hide from me.""That is so cute," said Cherry Ng, 16, listening in to her friend's comments to a reporter outside school. "They really trust each other."We do, said Ms. Carandang, 17...."

  • The LWOT: Guilty plea in Maryland terrorism case

    28 Jan 2012 | 3:54 am
    "U.S. citizen and Muslim convert Antonio Martinez pleaded guilty on January 26 to one charge of attempting to use a weapon of mass destruction against a government installation for trying to detonate what he believed was a car bomb outside a military recruitment center on the outskirts of Baltimore, Maryland in December 2010, in retaliation for what he perceived as an American war against Islam (AP). An FBI informant began communicating with Martinez on Facebook after seeing posts "espousing his extremist views," and on Martinez's orders filmed a video statement of him pledging…

  • US lawmakers question Google over privacy policy

    28 Jan 2012 | 3:52 am
    "Google is insisting that its new privacy policy will still give its users control, after criticism in a letter from US members of Congress. The lawmakers wrote to Google to express concern that users wouldn't be able to opt-out of the new data sharing system when using Chocolate Factory products."We believe that consumers should have the ability to opt out of data collection when they are not comfortable with a company's terms of service and that the ability to exercise that choice should be simple and straightforward," the letter said. Google already said when introducing…
  • add this feed to my.Alltop

    WindowSecurity.com blogs

  • Symantec source code exposed!

    George Chetcuti
    9 Jan 2012 | 4:01 am
    Symantec admits that parts of the source code of two of their older enterprise products have been obtained by third parties illegitimately! Although, the exposed source code may be old, this remains a case of IP theft and Symantec should not downplay the risks of this incident and should take serious action! According to Symantec, the exposed code was for Symantec Endpoint Protection (SEP) 11.0 - which is used to block outgoing data from being leaked. more...

  • More malware using social networks to reach victims!

    George Chetcuti
    6 Jan 2012 | 4:21 am
    The major social networking platform Facebook is infected once more after last November's outbreak! The Ramnit worm hijacked some 45,000 user accounts on Facebook which presumably can lead the attackers to more sensitive accounts of users that happen to use the same email address and password all over the web. more...

  • Vulnerabilities in .NET Framework

    George Chetcuti
    3 Jan 2012 | 6:29 am
    A security issue affecting Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. more...

  • HP releases firmware "mitigation" for LaserJet vulnerability

    Debra Shinder
    31 Dec 2011 | 5:26 am
    We reported a while back that a security vulnerability had been discovered in some Hewlett-Packard LaserJet printers that could render them vulnerable to unauthorized access, although HP said there had been no real-world cases of such access occurring. The problem was that the software that enables updates over the Internet doesn’t verify the authenticity of those updates, so an attacker could apply a malicious update. more...

  • WPS vulnerability puts wi-fi networks at risk

    Debra Shinder
    31 Dec 2011 | 4:47 am
    US-CERT has released a report on a vulnerability in Wi-Fi Protected Setup (WPS), a feature that makes it easier to set up wireless networks and devices, but – it turns out – can also expose them to the risk of an attacker gaining full access to the network by using a brute force attack to discover the PIN. WPS is a feature on many of today’s wireless devices so researchers say millions of devices could be affected and it could take a long time to fix them all. more...
  • add this feed to my.Alltop

    TaoSecurity

  • Best Book Bejtlich Read in 2011

    9 Jan 2012 | 8:40 pm
    It's time to name the winner of the Best Book Bejtlich Read award for 2011! I've been reading and reviewing digital security books seriously since 2000. This is the 6th time I've formally announced a winner; see my bestbook label for previous winners.Compared to 2010 (31 books), 2011 saw a decrease to 22 books. Remember all reading is neither equal nor fast. When I review a book, I am sure to read it and not just skim it. For 10 books last year, I chose not to read them but to instead post impressions. Posts called "impressions" provide my sense of the book but I do not publish them in my…

  • Telling a Security Story with Charts

    8 Jan 2012 | 4:10 pm
    The image at left appeared in the 31 December 2011 edition of The Economist magazine in the article Economics focus -- How to get a date: The year when the Chinese economy will truly eclipse America’s is in sight. It depicts 15 measurements of the US and Chinese economies, with historical and projected data. There is a version available at this page with more statistics comparing the two nations. The Economist presents these charts for the following reason:In the spring of 2011 the Pew Global Attitudes Survey asked thousands of people worldwide which country they thought was the leading…

  • Happy 9th Birthday TaoSecurity Blog

    8 Jan 2012 | 3:07 pm
    Today, 8 January 2012, is the 9th birthday of TaoSecurity Blog. I wrote my first post on 8 January 2003 while working as an incident response consultant for Foundstone. 2843 posts later, I am still blogging. Looking at all 9 years of blogging, I averaged 315 per year, but in the age of Twitter (2009-2011) I averaged only 171 blog posts per year. I plan to continue blogging, but I expect around the same number as last year -- somewhere in the 60 to 100 post range. I spend a lot more time expressing my views to the press and market researchers and analysts, so I'm often less inclined to do more…

  • Mandiant Webinar Wednesday; Help Us Break a Record!

    6 Dec 2011 | 9:06 pm
    I'm back for the last Mandiant Webinar of the year, titled State of the Hack: It's The End of The Year As We Know It - 2011. And you know what? We feel fine! That's right, join Kris Harms and me Wednesday at 2 pm eastern as we discuss our reactions to noteworthy security stories from 2011. Register now and help Kris and me beat the attendee count from last month's record-setting Webinar. If you have questions about and during the Webinar, you can always send them via Twitter to @mandiant and use the hashtag m_soh.TweetCopyright 2003-2011 Richard Bejtlich and TaoSecurity…

  • Tripwire Names Bejtlich #1 of "Top 25 Influencers in Security"

    6 Dec 2011 | 8:52 pm
    I've been listed in other "top whatever" security lists a few times in my career, but appearing in Tripwire's Top 25 Influencers in Security You Should Be Following today is pretty cool! Tripwire is one of those technologies and companies that everyone should know. It's almost like the "Xerox" of security because so many people equate the idea of change monitoring with Tripwire. So, I was happy to see my twitter.com/taosecurity feed and the taosecurity.blogspot.com blog make their cut.David Spark asked for my "security tip for 2012," which I listed as:Improve your incident detection and…
 
  • add this feed to my.Alltop

    Jon's Network

  • Finding pcAnywhere in your Organization

    Jon
    27 Jan 2012 | 8:36 am
    Symantec announced that hackers have had the source code for remote access software pcAnywhere since 2006. It can’t be trusted until they issue a patch. Some organizations may be anxious to see how many of their machines have pcAnywhere installed. If you have an application aware firewall like Palo Alto Networks, you can see if there is pcAnywhere traffic on the network easily. To find out where it’s installed but not in use, most are probably using software like Altiris, Tivoli, etc. One tool that can find pcAnywhere (or any software for that matter) is Tanium – and it can…

  • Note on M86 Authentication

    Jon
    4 Nov 2011 | 7:00 pm
    M86 authenticator and web-based authentication should work fine side by side. If you are using web-based authentication ONLY for ipad/iOs devices, then use Tier2 instead of Tier3 as it does not include Java Applet. Instead they configure authentication session retention time in the filter i.e. keep profile active for 60 minutes once authenticated. In WFR 4.2, you will be allowed to select Tier 3 Web Based Authentication so PC/Macs running java can leverage the session based authentication, while iOS/Android devices will fall back to the Tier 2 setting. Here’s what you need to know about WF…

  • TinEye

    Jon
    20 Oct 2011 | 10:38 pm
    TinEye TinEye is a reverse image search engine. You can submit an image to TinEye to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions. TinEye is the first image search engine on the web to use image identification technology rather than keywords, metadata or watermarks. It is free to use for non-commercial searching.

  • USB to Serial Driver for Mac OS X Lion

    Jon
    18 Oct 2011 | 11:14 pm
    I use and highly recommend MacWise for connecting to network devices via a console on a Mac. The driver I had for the USB to Serial device I have stopped working after my recent upgrade to Lion. The following fix worked like a dream: OS X Lion PL2303 Driver

  • Find Files with No User or Group

    Jon
    20 Aug 2011 | 6:21 pm
    This command can yield some interesting information: find / -nouser -o -nogroup Learned about it while playing with NeXpose today.
  • add this feed to my.Alltop

    Roger's Security Blog

  • 10 Years of Trustworthy Computing at Microsoft

    rhalbheer
    12 Jan 2012 | 1:48 pm
    Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? Why? A security guy? Joining Microsoft? hmm… So, these reactions came from the time immediately before we launched Windows XP (you are not on XP today, are you? If you are, read this article). Microsoft…

  • 10 Reasons to migrate off Windows XP

    rhalbheer
    22 Dec 2011 | 4:24 am
    I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the speed of your Internet connection (I think for me it was ISDN-Dial-Up). This was the time Windows XP was designed. Windows XP was launched in 2001 and – judging by its success – it was a really great piece of…

  • Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security

    rhalbheer
    16 Dec 2011 | 7:11 am
    A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major cloud productivity service that enables HIPAA compliance. The Office 365 Trust Center provides in-depth information about the privacy and security practices for Office 365 and was recently redesigned to be more accessible and easy to…

  • Implementing the Top 4 Defense Strategies

    rhalbheer
    13 Dec 2011 | 7:46 am
    The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting Looking at these 35 strategies, the DSD claims that While no single strategy can prevent this type of malicious activity, the effectiveness of implementing the top four strategies remains unchanged. Implemented as a package, these strategies would have prevented at least 70% of the intrusions that DSD analysed and…

  • Council of Europe Octopus Conference- Some Thoughts

    rhalbheer
    23 Nov 2011 | 5:23 am
    l am still sitting in the parliament room of the Council of Europe at the celebration event for the Budapest Convention. It was another very good event advancing the challenges fighting Cybercrime. Let me try to summarize a few thoughts: The Budapest Convention is probably the best convention out there allowing a wide adoption of a harmonized legislation to fight Cybercrime internationally. A lot of countries outside the Council adopted or are in the process adopting the convention It balances the fight against criminals with the protection of Privacy and Human Rights. The willingness and the…
  • add this feed to my.Alltop

    Spyware news

  • Kelihos botnet operator was technical expert at Antivirus company

    gabriele
    24 Jan 2012 | 8:33 am
    Yesterday Microsoft reported about surprising findings in one of Russian antivirus firms – according to the announcement, one of its former technical experts, Andrey N. Sabelnikov, was found to be included in a coordination of the global spam machine called the Kelihos botnet. Thanks to Microsoft, this Botnet was taken down one year ago. According to Microsoft Blog, a 31-year-old man from St. Petersburg, Russia, was found to be responsible for the botnet’s operations and also worked at a company selling firewall, antivirus and security software. Though it is not specified where…

  • Don’t fall for Metropolitan Police misleading alert

    gabriele
    17 Jan 2012 | 6:24 am
    Metropolitan Police alert, also called the Ukash virus, is one of the latest scams that are used for trying to swindle the money from PC users. This scam, also distributed in Spanish, French, German, Portuguese and other languages, is even capable to lock the desktop on the compromised machine for making its victim believe that he has really made something illegal, like watching videos with adult content or banned scenes against other people. However, Metropolitan Police international affair should be ignored  no matter how trustworthy it may look for you. Based on faked information, it also…

  • SpyEye trojan is used to hide fraudulent money transfers

    gabriele
    10 Jan 2012 | 9:05 am
    Some months ago we have warned you about the dangerous banking trojan called SpyEye. Additionally to its malicious features, such as HTML injection and others, it has been also found to have another feature helping for the scammers to hide the fraud and all the changes made on the compromised acount. This seems to be borrowed from Zeus trojan. As you have already heard, SpyEye is especially dangerous for its ability to inject new fields into a page and make it ask for specific information which wouldn’t be normally asked from the user. For example, because of this virus, baking page can…

  • Clickjacking scams are still used on Facebook

    gabriele
    4 Jan 2012 | 10:02 am
    New Year has come and hackers have started spreading new scams on Facebook. This time it’s another clickjacking scam that has been noticed circulating on this social network. Using the curiosity of Facebook users, it tricks them into clicking on links pretending to be liked by their friends. However, those ‘amazing’ and ‘surprising’ videos titled “Air Race Plan Crashed in the crowd during a show!” or “A Really Giant Baby!” are used for only redirecting victims to the splash pages pretending to contain interesting videos but filled with web based advertisements…

  • Be Sure to Avoid Au Pair/Nanny Scams

    gabriele
    22 Dec 2011 | 7:36 am
    If you are looking for a job, don’t fall into those emails that spread around offering unreal nanny/au pair job offers that can be turned down only by the crazy ones. Promising £2700 per month plus £700 per week for expenses and many other things for carting two kids to school, these letters are clearly used by scammers to swindle the money. Who knows how many letters have been spread? Such scam letters include such and similar good-looking points: Schedule Your job is not a hard one,I do not believe in supervising or monitoring people to do their job.I believe people should be giving a…
 
  • add this feed to my.Alltop

    Uncommon Sense Security

  • Bumper Sticker “wisdom”

    23 Jan 2012 | 10:11 am
    I saw a bumper sticker the other day that made me think about the trite things often said in InfoSec.  The bumper sticker said (paraphrasing): “War never solved anything, except ending communism, fascism, nazism, and slavery” While somewhat nonsensical, I’m sure a lot of folks cheer the sentiment.  I really wasn’t in the mood to interrupt my vacation to discuss the state of global communism, the fall (and pending rise) of Russia; China, its sphere of influence, and the economic power wielded there.  Nor did I wish to engage on fascism’s passing due to natural causes…

  • InfoSec career attitudes survey

    7 Jan 2012 | 11:07 am
    I have a favor to ask- please consider taking a survey on attitudes about your career in Information Security.  I’m helping a group of smart folks look into what makes InfoSec folks tick, and what makes us twitch.This survey is mostly focused on your current situation, and this specific survey was selected because it is a standard measurement recognized by folks who study such things; this means aggregated results can be used for comparison with other professions (where there is survey data available) and averages.The survey is copyrighted, and has some license restrictions imposed on…

  • Compensating, or compounding?

    26 Dec 2011 | 2:09 pm
    Back in the Dark Ages I managed parts departments for a few car dealerships.  This was back in the land before time, when dinosaurs, Renaults, and even worse-Peugeots, roamed the US. (Not this long ago) One of the lessons I learned was about the curious views some people have about errors.  My introduction to this was during a discussion of inventory results with another manager.  Using made up numbers- let’s say we have $100,000 in inventory on the books, we count everything, make all the required adjustments, and end up with $99,000 in inventory.  There’s a grand…

  • The Pandering Pentagram of Prognostication

    20 Dec 2011 | 6:03 pm
    This seems to be the year for ridiculing predictions, but I’m not jumping on that bandwagon.  I am here to help you get the most from the meaningless drivel you spew in the name of prediction (and more importantly, page views).  I have invented a brilliant methodology for measuring (because it is all about the metrics, isn’t it?) your drivel, and the drivel of others, in this most festive time of the year.  No, not the “Judeo-Christian-Pagan-Northern Hemisphere Damn it’s getting cold and dark Holiday season”, but the “I’m too sick of this crap to write anything…

  • Are you positive?

    21 Nov 2011 | 4:20 am
    It will not die, and this won’t end it, but I have to try.  “False positive” findings are hotly debated by some folks, but that debate often centers on erroneous definitions or assumptions.  Regardless of the type of system we are discussing, IDS, Anti-Virus, vulnerability tool, whatever- there are some basic ideas involved.   The Basics: There is a defined condition which either exists, or it doesn’t. The tool or utility detects it, or it doesn’t. This gives us a pretty simple set of situations, expressed in the table below:   Detected Not Detected Condition:…
  • add this feed to my.Alltop

    cissp CISSP training Certified Information Systems Security Professional

  • Modeling Security Pentests - New Issue of WebAppPentesting is Out!

    Posted by
    25 Jan 2012 | 11:54 am
    Inside Web App Pentesting: Open Source Web Application Security Testing Tools by Vinodh Velusamy Author shows the significance of Open Source Web Application Security Testing Tools. As he claims „When you choose and use good tools, you’ll know it. Amazingly, you’ll minimize your time and effort installing them, running your tests, reporting your results – everything from start to finish. Most importantly, with a good web vulnerability scanner you’ll be able to maximize the number of legitimate vulnerabilities discovered to help reduce the risks associated with…

  • Sykipot variant hijacks DOD and Windows smart cards

    Posted by cdupuis
    23 Jan 2012 | 8:49 am
    January 12th, 2012 | Posted by jaime.blasco  Defenses of any sort, virtual or physical, are a means of forcing your attacker to attack you on your terms, not theirs. As we build more elaborate defenses within information security, we force our attacker’s hand. For instance, in many cases, implementing multi-factor authentication systems just forces the attacker to go after that system directly to achieve their goals. Take the breach at RSA, for example. It has been attributed to attackers who needed the SecurID information to go after their real targets in the defense industry.

  • SOPA and PIPA -- What`s in it for you

    Posted by cdupuis
    19 Jan 2012 | 1:20 pm
    As seen on one of my hosting company mailing list: Greetings Site5 Customers! The U.S. Congress is currently considering two bills -- one in the House of Representatives called SOPA (Stop Online Piracy Act) and another in the Senate called PIPA (Protect IP Act). These bills both attempt to use similar methods to further criminalize and police intellectual property infringement. Although protecting intellectual property is important, these bills would use heavy-handed tactics that would censor and splinter the Internet. SOPA and PIPA would grant the U.S. government the ability to block almost…

  • DARPA set to develop super-secure "cognitive fingerprint"

    Posted by cdupuis
    18 Jan 2012 | 9:26 am
    By Layer 8 Created Jan 17 2012 - 12:54pm   Developers at the Defense Advanced Research Projects Agency want to build information technology security [1] that goes beyond simply recognizing complex passwords but rather gets in your head to confirm your identity before you get access or continue to have access to important information. Specifically, the agency's Active Authentication program looks to develop what DARPA calls "novel ways of validating the identity of the person at the console that focus on the unique aspects of the individual through the use of software-based biometrics."…

  • New Issue of PenTest Extra Magazine is available

    Posted by cdupuis
    16 Jan 2012 | 10:34 am
    New Issue of PenTest Extra Magazine is available! Download the Free Sample Issue to check the content and read Free article, just click here. Read free article "XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications" by Marsel Nizamutdinov The goal of this article is to demonstrate the real danger of post-authenticated vulnerabilities. The author will not explain the basics of web application attacks in this article, as that has already been done many times before by others. He will focus on a practical way to exploit post-authentication XSS's and…
  • add this feed to my.Alltop

    Hackers For Charity

  • Handmade Ugandan iPhone cases!

    Johnny
    24 Jan 2012 | 4:34 am
    One more item for Shmoocon! Handmade iPhone cases! These cases fit iPhone 3, 4 and 4S. Each one is unique, hand stitched with Velcro fasteners and two loops on the back for attaching to belts or straps. Again, quantities will be limited. Come by the booth early!

  • Shmoocon schwag

    Johnny
    24 Jan 2012 | 3:17 am
    I’m bringing something new to Shmoocon this year and I think it’s something that will appeal to the grrlz even more than the guys. These are handmade iPad/iPad 2 cases and laptop cases. The cases are hand stitched and quilted and are lined with fabric to keep your electronics safe and sound. Each case is different and all are made from African fabrics. Some are made with a water resistant core that’s also pretty unique: A Jinja Pure Cane Sugar bag! The cases close with either a button and hoop or with Velcro strips. Quantities are rather limited so come by the booth early if…

  • Shirt Leak #2

    Johnny
    21 Jan 2012 | 1:33 am
    Here’s a preview of the new run of shirts, first available at Shmoocon. We’ll be selling a version of this through the year alongside our custom con shirts. Quantities will be limited. Don’t adjust your sets. They aren’t black! =O

  • The Jan, 2012 “Beg List”

    Johnny
    20 Jan 2012 | 2:38 pm
    As I plan to hop the flight for Shmoocon, I’m starting to make a list of things we need in Uganda. Some inexpensive creature comforts I’ll be able to get from the CVS around the corner from the con. Other things are either too expensive or too hard to get a hold of. So, as always, we’re looking for some oddball donations. Every little bit helps, so if you have something on the list and you’re either coming to the con or know someone who is, would you consider donating it to us? Thanks in advance! Motorcycle gear: We’re traveling a lot more by motorcycle because…

  • Shmoocon 2012

    Johnny
    19 Jan 2012 | 12:54 am
    Thanks to the generosity of SANS, who is again paying for my flight, I’ll be joining the HFC crew at Shmoocon 2012 in Washington DC. We’re less than a week away from the show, so I’ll be posting a few teasers and some updates that have been sitting in my drafts queue for WAY too long. For our first teaser, here’s a mockup of the new Shmoocon shirt. This shirt will only be available at the con (no online sales) so if you want one and can’t make the show, be sure to tap a friend to hook you up.
 
  • add this feed to my.Alltop

    Schneier on Security

  • Password Sharing Among American Teenagers

    schneier
    27 Jan 2012 | 6:39 am
    Interesting article from the New York Times on password sharing as a show of affection. "It's a sign of trust," Tiffany Carandang, a high school senior in San Francisco, said of the decision she and her boyfriend made several months ago to share passwords for e-mail and Facebook. "I have nothing to hide from him, and he has nothing to hide from me." "That is so cute," said Cherry Ng, 16, listening in to her friend's comments to a reporter outside school. "They really trust each other." We do, said Ms. Carandang, 17. "I know he'd never do anything to hurt my reputation," she added. It doesn't…

  • Evidence on the Effectiveness of Terrorism

    schneier
    26 Jan 2012 | 10:36 am
    Readers of this blog will know that I like the works of Max Abrams, and regularly blog them. He has a new paper (full paper behind paywall) in Defence and Peace Economics, 22:6 (2011), 583–94, "Does Terrorism Really Work? Evolution in the Conventional Wisdom since 9/11, Defence and Peace Economics": The basic narrative of bargaining theory predicts that, all else equal, anarchy favors concessions to challengers who demonstrate the will and ability to escalate against defenders. For this reason, post-9/11 political science research explained terrorism as rational strategic behavior for…

  • Federal Judge Orders Defendant to Decrypt Laptop

    schneier
    25 Jan 2012 | 1:56 pm
    A U.S. federal judge has ordered a defendent to decrypt her laptop.

  • Supreme Court Rules that GPS Tracking Requires a Warrant

    schneier
    25 Jan 2012 | 12:54 pm
    The U.S Supreme Court has ruled that the police cannot attach a GPS tracking device to a car without a warrant. EDITED TO ADD (1/26): It seems I was wrong when I said that the ruling forces the police to get a warrant before placing a GPS tracking device on a car. The ruling is much more complicated and nuanced.

  • Research into an Information Security Risk Rating

    schneier
    25 Jan 2012 | 6:44 am
    The NSF is funding research on giving organizations information-security risk ratings, similar to credit ratings for individuals: Existing risk management techniques are based on annual audits and only provide a snapshot of a partner's security posture. However, new vulnerabilities are discovered everyday and the industry needs a solution that enables a business to continuously monitor changing risk posture of all its partners and proactively manage assumed risks. The Phase II research objective is to build a scalable fully-automated ratings system. The research will focus on identifying and…
  • add this feed to my.Alltop

    Security Uncorked

  • Please excuse the mess…

    jj
    26 Jan 2012 | 7:31 pm
    I’m in the process of updating Wordpress versions, so some plugins and pages may be broken for a short period of time. Thanks for puttin’ up with my mess! -jj

  • Final days to vote- SBN Blog & Podcast Awards

    jj
    24 Jan 2012 | 3:08 pm
    It’s Tuesday, January 24th, which means there are just 4 days left to vote for your top blogs and podcasts finalists for the Security Bloggers Network Awards, to be presented at RSA Conference USA 2012. If you’re a member blogger of the SBN, then you’re eligible to vote. Finalists were selected from a panel of outstanding judges (kept secret until after the nominations and finalists were announced). 2012 SBN Awards Judges (they selected finalists) Kelly Jackson Higgins Bill Brenner Larry Walsh and guest judge: Wendy Nather SBN Bloggers and Podcasters can vote until 1/27 at…

  • Why more APs aren’t always better

    jj
    19 Jan 2012 | 6:00 am
    Lately, I’ve been forced to dispel a volume of wireless myths, both in way of technology and vendors. I’m not sure if it’s a full moon, or some other astrological occurrence, but it’s gotten a little crazy recently. So, I thought I’d take a few blog posts to address some wireless myths, in brief, to keep in the back of your head as you explore wireless solutions and upgrades in your environment. Here’s a thought on why more APs aren’t always better. The other day someone said “that’s fine, if that happens, we can just add more APs,…

  • SOPA Blackout - 10+ reps already withdraw support

    jj
    18 Jan 2012 | 8:41 pm
    There are enough people writing about SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act), and I don’t intend to add unnecessary commentary to the anti-SOPA movement. And yes, I am anti-SOPA. Instead, I encourage you to check out this post by EFF, see how you can contribute to the effort, if you are also against the SOPA act. https://www.eff.org/deeplinks/2012/01/thank-you-internet-and-fight-continues  Thanks to all these efforts, the NY Times reports that at least 10 representatives have withdrawn their support, as of 9pm Eastern January 18th. Read the full article here:…

  • Understanding collisions and duplex in wireless

    jj
    18 Jan 2012 | 8:15 pm
    For whatever reason, we all seem to live with the delusion that wireless networking works like a wired connection, but over the air. And, in that world, we also have leprechauns. The truth is the layer 1 (physical) properties of wireless and RF are completely different; polar opposites in some cases. And, in comparison to our long-loved wired technologies and standards, RF is inherently flawed in design, in many ways. I’ll address that another day. For now, let’s talk about the duplex properties of wireless. And by talk about them, I mean, discuss the lack of. Wireless is…
  • add this feed to my.Alltop

    Infosec Events

  • Week 3 in Review – 2012

    Roxanne
    24 Jan 2012 | 10:50 am
    Event Related Infiltrate  Conference “Voight-Kampff’ing The BlackBerry PlayBook” at INFILTRATE 2012 – intrepidusgroup.com We gave a talk at Immunity’s awesome INFILTRATE conference in Miami Beach, FL. Our presentation, “Voight-Kampff’ing The BlackBerry Playbook”, discussed some of the blackbox style, independent research we performed on the BlackBerry PlayBook. Infiltrate Wrap Up – blog.opensecurityresearch.com Our industry is getting over saturated with conferences that are filled with stale and sometimes uninspiring content.  If we cannot collectively raise the bar,…

  • Information Security Events For January

    Glenn Santos
    16 Jan 2012 | 10:04 am
    Here are information security events in North America this month:   DoD Cybercrime Conference 2012: January 20 to January 27 in Atlanta       ShmooCon USA : January 27 to Januaryin Washington, DC       And here are the information security events in the other parts of the world: BSides Vienna: January 21 in Vienna       eCrime Germany: January 31 in Frankfurt

  • Week 2 In Review

    Glenn Santos
    16 Jan 2012 | 9:15 am
    Resources How Modern Cars Can Be Cracked – autosec.org SOURCE Barcelona Resources from September 2011 – sourceconference.com Links, articles, and media from the event. OSCP-My Review – proactivedefender.blogspot.com The OSCP certification is an offensive security course which teaches the attacking side of Information Security and is largely aimed at those wanting to become penetration testers. My personal motivation for taking the course and exam were to better understand the methodology, tools and techniques that attackers employ to breach networks and systems. Tools…

  • Week 1 In Review

    Glenn Santos
    9 Jan 2012 | 12:00 pm
    Events Related Highlights from the 28th Chaos Communications Congress – advocacy.globalvoicesonlne.org The Chaos Communications Congress is the annual meetup of Germany’s Chaos Computer Club, one of the oldest hacker collectives in the world. It takes place in Berlin every year at the height of the holiday season between Christmas and New Year’s Eve, a time when only the dedicated European computer obsessive would leave their family and friends to spend four days in a conference centre with like-minded hackers and geeks. 28th Chaos Communication Congress & Berlin Sides…

  • Week 52 In Review

    Glenn Santos
    2 Jan 2012 | 2:23 pm
    Events Related Chaos Communications Congress Debriefing(s) …dedicated to information about the conferences and events of the CCC. Being our most important event, the annual Chaos Communication Congress is usually the main focus. But we provide announcements and background information for other CCC events as well – be it regional or international. Crypto talk at 28C3: Implementation of MITM Attack onHDCP-secured Links, Day 3, 18:30, Saal 1 – events.ccc.de Crypto talk at 28C3: TRESOR: Festplatten sicher verschlüsseln, Day 3, 14:30, Saal 2 – events.ccc.de Crypto talk at…
 
  • add this feed to my.Alltop

    Dr Anton Chuvakin Blog PERSONAL Blog

  • Links for 2012-01-25 [del.icio.us]

    Anton Chuvakin
    26 Jan 2012 | 2:00 am
    Someone Finally Makes “Shit Silicon Valley Says”

  • Links for 2012-01-12 [del.icio.us]

    Anton Chuvakin
    13 Jan 2012 | 2:00 am
    Hunting trips: network traffic log analysis | Overhack First, and most importantly, always keep in mind that we’re only identifying anomalies, not automatically classifying “bad” traffic.

  • Links for 2012-01-11 [del.icio.us]

    Anton Chuvakin
    12 Jan 2012 | 2:00 am
    Browsing Security Predictions for 2012 « Il Blog di Paolo Passeri Rare Legal Fight Takes On Credit Card Company Security Standards and Fines

  • Links for 2012-01-09 [del.icio.us]

    Anton Chuvakin
    10 Jan 2012 | 2:00 am
    Paybacks are hell: Parental spying prompts infiltration of German police system

  • Annual Blog Round-Up – 2011

    4 Jan 2012 | 1:11 pm
    Here is my annual "Security Warrior" blog round-up of top 10 popular posts/topics in 2011. This list covers the posts most popular in 2011, not necessarily only those written in 2011. Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. “Simple Log Review Checklist Released!” was again the most popular this year. The checklist, a list of critical things to look for while reviewing  system, network and security logs when responding to a security incident PCI DSS…
  • add this feed to my.Alltop

    Verizon Business Security Blog

  • Weekly Intelligence Summary: 2012-01-27

    Dave Kennedy
    27 Jan 2012 | 3:50 pm
    In terms of risk to Verizon Security customers, the most significant developments this week revolve around governance issues in Europe. Data protection, privacy and anti-piracy laws, regulations and agreements are in flux and regardless of the final outcomes, the changes themselves are costly. Predictably, Anonymous finds only fault with these developments, thus attacks and threats of attacks are among this week’s intel collections. The RISK Team had to dip into our reserves of skepticism in the face of reports of railway hacking in the the northwestern US. Early reports have…

  • Considering Vulnerability Disclosure in the Realm of SCADA Systems

    admin
    24 Jan 2012 | 3:19 pm
    Every once in a while, a vulnerability disclosure incident occurs that significantly changes the game. Recently, Digital Bond released vulnerability information in conjunction with exploit code packaged in Metasploit for 6 different SCADA system devices. This time around, the stakes have been raised with much bigger consequences. ¬† With consequences this high, it is worth re-evaluating the impact of vulnerability disclosure on risk in the IT environment. ¬† First, a brief reminder about how risk works. Even though we can‚Äôt measure it with precision, we can do a fairly good job in…

  • Weekly Intelligence Summary: 2012-01-20

    Dave Kennedy
    20 Jan 2012 | 4:14 pm
    The period of tedium in risk intelligence ended last week. An already busy week was capped when Digital Bond announced serious, but non-specific vulnerabilities in six control systems. This happened at their S4 conference under the auspices of creating a “Firesheep moment.” We could interpret that to mean some sort of wake up call to the industry, but happily (for them) it also self-serves to drive business for Digital Bond and attendance at future conferences. In conjunction with Rapid7, PLC exploit modules are being released increasing risk in the short-term for any…

  • Weekly Intelligence Summary: 2012-01-13

    Dave Kennedy
    13 Jan 2012 | 3:26 pm
    Paraphrasing Lenin: the last couple weeks nothing has happened; in all likelihood, we’ll soon pay for them with a week when decades happen. The significant InfoSec risk data point this week was Microsoft Tuesday with seven bulletins and one Adobe bulletin. In the coming week, Oracle will release a CPU with 78 fixes for vulnerabilities in Oracle, PeopleSoft and Sun Solaris product lines. Wired declared Anonymous to be the net’s immune system. But an analyst is compelled to assess if Anonymous is becoming symptomatic of an autoimmune disease. This week, an entity self-identifying as…

  • Weekly Intelligence Summary: 2012-01-06

    Dave Kennedy
    6 Jan 2012 | 4:01 pm
    0.006 Percent. Technical media headlines exploded Thursday night after Seculert blogged that the Ramnit worm had compromised 45,000 Facebook users. But the headlines don’t read “Six one-thousandths of one percent of Facebook users infected!” One cannot make reasonable intelligence assessments while running around with one’s hair on fire upon seeing the number 45,000 in a headline. Sorry, Seculert, but our assessment is “noted.” The RISK Team regards it as a teaching opportunity. Analysts should avoid the seductive pull big numbers have. One must also assess context to…
 
  • add this feed to my.Alltop

    symantec.com

  • MIDI exploit in the wild

    Shunichi Imano
    27 Jan 2012 | 7:06 am
    Symantec Security Response is aware of in-the-wild malware exploiting the Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Buffer Overflow Vulnerability (BID 51292). read more

  • Android.Counterclank Found in Official Android Market

    Irfan Asrar
    27 Jan 2012 | 6:49 am
    Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. read more

  • Indian Movie "Bodyguard" Featured in Phishing

    Mathew Maniyara
    26 Jan 2012 | 6:13 pm
    Co-Author: Avdhoot Patil read more

  • Insight into Sykipot Operations

    Symantec Security Response
    26 Jan 2012 | 6:33 am
    The Sykipot campaign has been persistent in the past few months targeting various industries, the majority of which belong to the defense industry. Each campaign is marked with a unique identifier comprised of a few letters followed by a date hard-coded within the Sykipot Trojan itself. read more

  • Feb 14 Is Here Again!

    Samir Patil
    25 Jan 2012 | 6:22 am
    Spam levels always rise when a holiday or special event approaches. Symantec researchers are observing a surge of spam as Valentine’s Day gets closer and closer. Unbelievable discounts on jewelry, dinners, and expensive gift articles are the key themes for the Valentine’s Day related spam. read more
  • add this feed to my.Alltop

    Optimal Security

  • Exploring 2012 Data Privacy Threats: Part 2 of 3

    Jennifer LeClaire
    27 Jan 2012 | 9:43 am
    This is part two in a series of three on data privacy. Read Pat’s first interview here. Are we desensitized to hack attacks despite the headline-making stories featuring Anonymous last year? What can we expect in 2012 on the data privacy threat front? And where are the weakest links in the enterprise? Veteran technology journalist Jennifer LeClaire had questions, and Lumension CEO Pat Clawson offered some insightful answers in part two of this three-part series on data privacy. Looking back over the past year, what were the most significant changes in the data privacy landscape? Clawson…

  • Your Data Privacy Day: 1 of 3

    Jennifer LeClaire
    16 Jan 2012 | 4:41 pm
    How Private Is Your Data, Really? How private is your data? If you are like most people—and even many corporations—you can’t offer a solid answer. Yet one person’s lack of knowledge about data privacy can send a ripple effect through the world as malicious hackers work to steal valuable information from individuals, companies and governments. Lumension is taking an active role in the January 28 Data Privacy Day, working to help raise awareness of the issue and how to combat it. Veteran technology journalist Jennifer LeClaire caught up with Lumension CEO Pat Clawson to discuss…

  • Cyber Security and Hollywood: More In Common Than You May Think

    Pat Clawson
    12 Jan 2012 | 4:54 pm
    Several months ago, I discussed the decline of the U.S as an innovator as part of my Industry Evolution: Innovation vs. Spending series. While a tough pill to swallow, it was true then and it continues to be the case today – the U.S. is lagging in innovation and our title of world thought leader is being stripped away by other countries. I’m not the only one that’s caught onto this trend. Hollywood is in the midst of a vigorous battle against innovation thieves distributing their Intellectual Property (be it films, music, games or other forms of creative expression) via the web.

  • January 2012 Patch Tuesday Security Briefing

    Paul Henry
    10 Jan 2012 | 3:18 pm
    Paul Henry, Security and Forensics Analyst for Lumension, discusses the impact of the January 2012 Patch Tuesday releases.

  • Microsoft Slays The Beast

    Paul Henry
    10 Jan 2012 | 12:28 pm
    In the first Patch Tuesday of 2012, Microsoft has addressed 1 critical issue and 6 important. It’s interesting to note that despite all of the media hype over “The Beast”, attacks have simply never materialized and the issue has retained its “Important” classification from Microsoft. Overall, we saw a reduction in the number of critical issues from Microsoft in 2011. To that end, we can anticipate Microsoft will bolster defense-in-depth efforts and will likely increase the numbers of important issues like privilege escalation. Looking at the details: MS12-004 Critical –…
  • add this feed to my.Alltop

    Sourcefire, Inc. News Release

  • Sourcefire FireAMP Delivers Advanced Malware Protection with Unprecedented Visibility and Control

    23 Jan 2012 | 8:01 am
    New Solution Gives Large Enterprises the Power to Discover, Understand and Block Advanced Malware Utilizing Big Data Analytics COLUMBIA, Md.--(BUSINESS WIRE)--Jan. 23, 2012-- Sourcefire, Inc. (Nasdaq: FIRE), a leader in intelligent cybersecurity solutions, today introduced FireAMP™ advanced malware protection, a malware discovery and analysis solution that analyzes and blocks malware by utilizing big data analytics. Designed for large enterprises, FireAMP delivers unprecedented visibility and the control needed to block threats missed by other security layers. FireAMP is the latest…

  • Sourcefire Schedules Fourth Quarter and Full Year 2011 Financial Results Conference Call

    6 Jan 2012 | 7:30 am
    COLUMBIA, Md.--(BUSINESS WIRE)--Jan. 6, 2012-- Sourcefire, Inc. (Nasdaq: FIRE), a leader in intelligent cybersecurity solutions, today announced that it will release its fourth quarter and full year 2011 financial results after the market closes on Tuesday, February 21, 2012. That evening at 5:00 p.m. Eastern Time, Sourcefire will host a conference call to review these results. A listen-only web cast of the session will be available at www.sourcefire.com/investors. Those wishing to participate in the live session should use the following dial-in numbers: Calling from the United States or…

  • Sourcefire Introduces Industry’s First Next-Generation Firewall with Integrated Next-Generation IPS

    5 Dec 2011 | 8:02 am
    New Universal Platform Surpasses Existing Solutions with Increased Awareness, Automation and the Industry’s Best Threat Prevention COLUMBIA, Md.--(BUSINESS WIRE)--Dec. 5, 2011-- Sourcefire, Inc. (Nasdaq: FIRE), a leader in intelligent cybersecurity solutions, today announced its latest innovation, the Sourcefire Next-Generation Firewall (NGFW). Building on Sourcefire’s Next-Generation IPS (NGIPS) technology leadership and leveraging its high-performance FirePOWER™ platform, the Sourcefire Next-Generation Firewall combines the world’s most powerful IPS threat prevention, integrated…

  • Sourcefire to Present at the Barclays Capital Global Technology Conference

    30 Nov 2011 | 3:05 pm
    COLUMBIA, Md., Nov 30, 2011 (BUSINESS WIRE) --Sourcefire, Inc. (Nasdaq: FIRE), a leader in intelligent cybersecurity solutions, today announced its participation at the Barclays Capital Global Technology Conference, being held at The Palace Hotel in San Francisco. Sourcefire's presentation is scheduled for Wednesday, December 7, 2011 at 3:30 p.m. Pacific Time. A live web cast will be available on the "Investors" page of the Company's website (www.sourcefire.com) and a replay will be archived on the website as well. About Sourcefire Sourcefire, Inc. (Nasdaq:FIRE), a world leader in intelligent…

  • Sourcefire's Immunet Anti-Malware Solution Surpasses 2 Million Endpoints

    28 Nov 2011 | 8:02 am
    Big Data Analysis Fuels Intelligent Protection from Advanced Threats COLUMBIA, Md., Nov 28, 2011 (BUSINESS WIRE) --Sourcefire, Inc. (Nasdaq: FIRE), a leader in intelligent cybersecurity solutions, today announced that Immunet(R), the company's advanced anti-malware solution, has surpassed 2 million installed endpoints. Immunet achieved this milestone due to its "big data" approach to endpoint security, which allows it to provide an additional layer of protection not afforded by traditional anti-malware technologies. "The rapid adoption witnessed with Immunet demonstrates that users are…
 
  • add this feed to my.Alltop

    Naked Security - Sophos

  • What do I do if my Twitter account is hacked?

    Chester Wisniewski
    27 Jan 2012 | 8:50 pm
    Many Naked Security readers ask for assistance when their accounts are hacked, or when their friends, family and colleagues need assistance. This article explains the steps needed to safely reacquire control of your Twitter account.

  • Facebook sues alleged clickjacking firm

    Graham Cluley
    27 Jan 2012 | 5:54 am
    Facebook has filed a law suit a firm who, they say, bombarded users with clickjacking scams that earned $1.2 million a month.

  • Poll reveals widespread concern over Facebook Timeline

    Graham Cluley
    27 Jan 2012 | 4:13 am
    Over 50% of people polled said they are worried about the Facebook Timeline. But will it be the catalyst for people to leave the site?

  • US Police use games consoles in crime investigations

    Lachlan Urquhart
    26 Jan 2012 | 10:49 am
    Police in the US use XBox 360 and PS3s as key parts of investigations. With police now cooperating more closely with companies like Microsoft, is it time to ask for greater transparency about their relationships?

  • Opinion: Google's privacy change - evil or business as usual?

    Lisa Vaas
    26 Jan 2012 | 8:49 am
    Google says it will start tracking us across all its services - Gmail, Search, YouTube, etc. - and that it will share data on our activity across all of them. Does it put into question Google's motto, "Don't be evil"
  • add this feed to my.Alltop

    Naked Security - Sophos

  • What do I do if my Twitter account is hacked?

    Chester Wisniewski
    27 Jan 2012 | 8:50 pm
    Many Naked Security readers ask for assistance when their accounts are hacked, or when their friends, family and colleagues need assistance. This article explains the steps needed to safely reacquire control of your Twitter account.

  • Facebook sues alleged clickjacking firm

    Graham Cluley
    27 Jan 2012 | 5:54 am
    Facebook has filed a law suit a firm who, they say, bombarded users with clickjacking scams that earned $1.2 million a month.

  • Poll reveals widespread concern over Facebook Timeline

    Graham Cluley
    27 Jan 2012 | 4:13 am
    Over 50% of people polled said they are worried about the Facebook Timeline. But will it be the catalyst for people to leave the site?

  • US Police use games consoles in crime investigations

    Lachlan Urquhart
    26 Jan 2012 | 10:49 am
    Police in the US use XBox 360 and PS3s as key parts of investigations. With police now cooperating more closely with companies like Microsoft, is it time to ask for greater transparency about their relationships?

  • Opinion: Google's privacy change - evil or business as usual?

    Lisa Vaas
    26 Jan 2012 | 8:49 am
    Google says it will start tracking us across all its services - Gmail, Search, YouTube, etc. - and that it will share data on our activity across all of them. Does it put into question Google's motto, "Don't be evil"
  • add this feed to my.Alltop

    TRUSTe Blog

  • TRUSTe Starts 2012 With A Bang

    John Gamble
    26 Jan 2012 | 3:09 pm
    Chris Babel CEO | TRUSTe Image Credit We started 2012 out with a bang, moving into new offices (stop by if you happen to be in the Moscone Center or Union Square area) and announcing our $15 million Series C funding led by Baseline Ventures and supported by existing investors Accel, DAG and Jafco. This investment … Continue reading »

  • The Need For A Flexible Compliance Strategy in Europe

    John Gamble
    25 Jan 2012 | 12:00 pm
    Chris Babel CEO | TRUSTe The new EU privacy directive (a.k.a. the “Cookie Directive”) has more than a few executives concerned over how to comply and protect their brand in Europe. While there has been a lot of industry debate over compliance technologies and mechanisms – as well as the requirements of the Directive itself, brands … Continue reading »

  • Ads About Ads (and Privacy)

    John Gamble
    20 Jan 2012 | 3:58 pm
    Matthew Shevach Director, Product Marketing | TRUSTe @matthewshevach The Digital Advertising Alliance (DAA), a self-regulatory body of the online advertising industry, has launched a new ad campaign and consumer facing website. The new campaign, titled ‘Your AdChoices’, is a public education campaign that will run across media channels with creative produced pro bono by the Salt … Continue reading »

  • What Companies Can Learn From FTC Privacy Cases in 2011

    John Gamble
    5 Dec 2011 | 11:08 am
    John Gamble Marketing Associate | TRUSTe @johnaddison Earlier this week the Federal Trade Commission (FTC) announced a settlement with Facebook over charges that the company deceived consumers by changing privacy settings without first giving prominent notice and obtaining their consent. With this settlement the Commission completes the trifecta of taking on three of the largest online … Continue reading »

  • Best Practices for Using Cookies

    John Gamble
    2 Dec 2011 | 4:43 pm
    Joanne Furtsch, CIPP, CIPP/C Director of Product Policy  @privacygeek Websites today are rarely a single-party affair. On any given website consumers typically interact with a number of third parties who collect data about them, whether they realize it or not. When third parties collect consumer data through technologies that are not readily apparent to consumers, … Continue reading »
 
  • add this feed to my.Alltop

    Worst Tech!

  • Access Wikipedia During Its 24-Hours Blackout

    Aisha Mazhar
    18 Jan 2012 | 6:27 am
    In protest to the anti-piracy US laws, a lot of popular websites including Wikipedia have planned to stop serving the site for 24 hours. Hoping that the normal users may get to know, and they fight for their right in providing information for free. Accessing Wikipedia from your machine will now be displaying a blackout [...]

  • Siri spits out Obnoxious Sentences

    Aisha Mazhar
    12 Jan 2012 | 12:47 am
    Another complain from the Apple’s Siri app. A 12-year-old Briton Charlie Le Quesne was with his mother at a Tesco store in the UK when he grabbed a 4S for a demo. He questioned ‘how many people there were in the world’, the response was “I’m not sure what you said there, Shut the F**k [...]

  • Even Facebook Doesn’t Like IE7

    Adil
    31 Dec 2011 | 5:45 am
    About an year ago we came to know that YouTube, Facebook and other major websites stopped the support for IE6. Now because it was obsolete but due to the vulnerability of the browser from the Redmond giant. Now what? It has been reportedly said that Facebook will not support IE7 anymore, it has been decided [...]

  • Jon Bon Jovi Died at 49 [Facebook Scam]

    Adil
    21 Dec 2011 | 11:11 am
    After showing the carelessness of the celebrities on television; hackers are now responsible for calling the celebrities dead! This is just another scam from the cyber crooks which says that great singer Jon Bon Jovi died at the age of 49. This Hoax is spreading like a fire on popular social networking websites like Facebook [...]

  • Top Christmas Scams of 2011

    Aisha Mazhar
    17 Dec 2011 | 12:10 pm
    For the next 250 words you would come to know about the top Christmas scams of 2011. Some of them are spreading via mobile OS, some through social networks and some of them via email messages. So below are the top 8 Christmas scams. 1. Mobile malware: First in the list is the mobile malware [...]
  • add this feed to my.Alltop

    Networking

  • Education

    21 Jan 2012 | 7:22 am
    How value is our education system in modern days as compared to certification of today and its impact.

  • Successful IT Service Assurance: Built on a Virtualization, Network and Application Foundation

    29 Dec 2011 | 3:45 am
    The services IT Admins provide rest on three pillars: infrastructure, network and the applications.

  • Hurry and Catch-Up!

    7 Nov 2011 | 9:50 am
    Given this re-occurring theme of “introduce the technology first and pick up the pieces later”, our goal at Network Instruments is to seek additional insight into how these emerging technologies so often cause IT systems to stumble and those responsible to suffer.

  • End to 2 weeks of NAS Hell

    13 Sep 2011 | 7:59 am
    It was a journey, it was bad, and still not great when it ended.

  • The "Clouds" are moving in!

    17 Aug 2011 | 4:27 am
    Multiprotocol Label Switching or more widely known as a “MPLS Cloud” are starting to become more and more of an option and preference for IT managers across the nation and world.
  • add this feed to my.Alltop

    SecurityWeek RSS Feed

  • SEC Takes Action Against Hacker

    Steve Ragan
    27 Jan 2012 | 9:03 am
    The U.S. Securities and Exchange Commission (SEC) has charged a trader and four firms for what it calls a “brazen and systematic scheme”, which involved more than $850,000 in ill-gotten funds, and more than $2 million in customer compensation. read more

  • Investors Warned of Financially Motivated Email-based Attacks and Account Hijacking

    Steve Ragan
    27 Jan 2012 | 8:33 am
    The Financial Industry Regulatory Authority (FINRA), the largest independent regulator for all securities firms doing business in the United States, has issued an investor alert and a regulatory notice about an increase in financially motivated attacks, targeting the email accounts used by investors to initiate transactions. Similar warnings were recently issued by the FBI and the Financial Services Information Sharing and Analysis Center (FS-ISAC). read more

  • The Zappo's Breach - When Bad Things Happen to Good Companies

    Alan Wlasuk
    26 Jan 2012 | 8:55 pm
    Who doesn’t love Zappos? They are one of the friendliest Internet stores in the US. Zappos started in 1999 by Nick Swinmurn, a truly great guy, who grew the company to $1 billion in sales by 2008. It has been a few years, but I still remember those giant boxes of Zappos shoes my wife and daughter would order – lots of styles in several sizes each. The shoe ceremony would take an hour, with all but two, maybe three pair being returned with a pre-paid shipping voucher. We are a Zappos family. read more

  • Symantec: pcAnywhere Users at Increased Risk

    Brian Prince
    26 Jan 2012 | 5:33 pm
    Symantec has found itself in the unusual position of having to warn users about its own software. read more

  • Corporate Video Conferencing Systems Fail Secure Implementation

    Robert Vamosi
    26 Jan 2012 | 11:38 am
    State of the art teleconferencing equipment is a must for most organizations today but few have installed it correctly, according to researchers at Rapid 7. The security company reported on Monday that conference boardrooms around the world were vulnerable to hacking. H.D. Moore, Rapid 7′s chief security officer and creator of Metasploit, said he found 5,000 wide-open conference rooms just within a 2-hour scan of the Internet. read more
 
  • add this feed to my.Alltop

    Free IT - Security Magazines and Downloads from alltop.tradepub.com

  • An Overview of Okta's Multifactor Authentication Capability

    25 Jan 2012 | 2:00 am
    Historically, organizations have used Multifactor Authentication (MFA) to secure their most sensitive data. However, as cloud applications (Salesforce.com, Google Apps, WebEx, etc.) are adopted, the sensitive data they contain no longer resides in IT-owned datacenter environments where IT can control and enforce security policies. As a result of being physically in different locations, cloud applications leverage different authentication protocols that have previously made MFA extremely cumbersome to deploy for one app, let alone the suites that many organizations leverage today. This white…

  • Moving Your Business to the Cloud with NetSuite and Google Apps

    24 Jan 2012 | 5:20 pm
    Whether through native security tools and group policies, Postini, or other third-party tools, Google Apps has a robust set of features that bring enterprise security to organizations of all sizes. But can these tools really stand up to enterprise demands?Request Free!

  • Security White Paper: Google Apps Messaging and Collaboration Products

    24 Jan 2012 | 5:20 pm
    The security controls that isolate data during processing in the cloud were developed alongside the core technology from the beginning. Security is thus a key component of each of Google's cloud computing elements, such as compartmentalization, server assignment, data storage, and processing.Request Free!

  • Joomla! 1.7: Access Control Lists in Depth

    23 Jan 2012 | 2:00 am
    The course also includes tips and tricks for styling the offline access page and working with the ACL Manager extension. Exercise files accompany the course.Topics include:Introduction to ACLDefining usersDefining access levels and their roleAssigning access levels to modulesTesting loginsAlong with the free video training tutorials you will also receive monthly offers, tips, and insider information you won't hear elsewhere--including special discounts extended to newsletter subscribers.After taking advantage of the free video training, you can access all of the video tutorials by becoming a…

  • Why Business Managers Must Prioritize Remote Backup

    16 Jan 2012 | 6:20 pm
    Given that almost all crucial and sensitive data is being stored by management via internal hard drives, it quickly becomes apparent that sudden data loss can cripple a company's short-term progress and long-term success. This guide provides basic insights to the benefits of backing up your data and help you learn what you can do to protect you businesses information as well as several no-obligation price quotes from pre-screened and industry-certified Data Storage Remote Backup companies.Request Free!
  • add this feed to my.Alltop

    IT-Security

  • HIPAA Security Reminder – Sanction Policy

    bchaput
    27 Jan 2012 | 12:00 pm
    This entry is part 11 of 19 in the series HIPAA Security Reminders Both the HIPAA Security Final Rule and the HIPAA Privacy Final Rule require Covered Associates and Business Associates to have and apply sanctions against members of the workforce who violate the respective regulations.  OCR auditors look for these policies and procedures and will consitinue to do so as enforcement amps up.  What’s required and where do you stand? Have you reminded your workforce of your policy and sanctions? Learn more… The Privacy Final Rule requirement: 45 CFR § 164.530 (e)(1) Standard:…

  • Security Incident Management Meets Breach Notification

    bchaput
    25 Jan 2012 | 12:00 pm
    All healthcare Covered Entities and their Business Associates and subcontractors will experience “operational issues” that may or may not be “security incidents” that may or may not be “breaches”.  The HIPAA Security Final Rule and HITECH Breach Notification Interim Final Rule meet and compliment each other to set your requirements.  Learn more… Becuase of the certainty of security incidents affecting healthcare organizations and the stiff penalties and embarrassment associated with breaches, your organization needs to be equipped with a formal and…

  • HIPAA Security Risk Analysis Tips – Recommended Documentation

    bchaput
    23 Jan 2012 | 12:00 pm
    This entry is part 14 of 17 in the series HIPAA Security Risk Analysis Tips Nine (9) essential elements of an acceptable Risk Analysis are cited in the final “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”.  The first one addresses the scope of the analysis; that is, what information assets should be included in the review.   Then the question arises: how should I inventory and document these assets?  Here’s today’s big tip – Take advantage of the time investment and document thoroughly. Learn the guidance; Here’s how… Excerpts from…

  • Summary of Recent HIPAA Compliance Legal and Enforcement Actions

    bchaput
    20 Jan 2012 | 12:00 pm
    In a recent live web event, several attendees asked what HIPAA HITECH legal or regulatory enforcement actions have happened recently.  We’ve created a list that is illustrative of both actions by the Office for Civil Rights, State AGs and attorneys filing class action suits.  You’ll undoubtedly recognize some names. Last week, in an interview with Deputy Director Susan McAndrew, Esq., from the HHS Office for Civil Rights went on record in an interview with HealthCareInfoSecurity.com to comment on the upcoming agency audits.  She said, “This is just another opportunity for…

  • HIPAA Security Assessment Software Demonstration

    bchaput
    18 Jan 2012 | 12:00 pm
    Do you know if you are in compliance with the HIPAA Security Final Rule?  Are you at risk for data breaches and the associated cost and loss of reputation?  Are there gaps in your organization’s compliance program?  Do you have an action plan to address your organizations deficiencies?   In this brand new webinar, you will learn about a powerful Software as a Service that will enable you to affordably and quickly determine how you stack up against the actual law and focus your improvement efforts. Webinar slide materials Upcoming HIPAA HITECH Blue Ribbon Live Web Events Upcoming Live…
  • add this feed to my.Alltop

    Social Exploits

  • A Facial Expression for Anxiety?

    Mike Murr
    17 Jan 2012 | 6:30 am
    MedicalXpress is reporting on a paper that suggests a facial expression for anxiety:Researchers from the Institute of Psychiatry (IoP) at King’s College London have, for the first time, identified the facial expression of anxiety. The facial expression for the emotion of anxiety comprises an environmental scanning look that appears to aid risk assessment.Per the abstract, researchers presented 8 volunteers with emotional scenarios and had them pose facial expressions.  Photographs and videos of the posed expressions were shown to 40 participants.  The participants were asked to match…

  • Hotspot and Facial Expression Resources

    Mike Murr
    16 Jan 2012 | 1:59 pm
    Here are a couple of resources to help with recognizing hotspots and facial expressions of emotion.Humintell has compiled a list of videos with examples of microexpressions, hotspots, gestures, and emotions.Here at Social Exploits we’ve been slowly building a library of “interesting faces”.  The collection includes various facial expressions of emotion from a variety of cultures.   1If you have anything you’d like to see added to this list, let us know.Fingerprint: 8796436E15AD44EED45758CE7D8EAB22Notes:Many of the images also make good material for practicing FACS…

  • What Are Facial Expressions?

    Mike Murr
    3 Jan 2012 | 7:58 am
    Facial expressions are a vital part of communication.  What’s funny is that most people talk about facial expressions, but they don’t really know what they are.  This post examines what facial expressions are in the context of nonverbal communication.Facial MovementsBefore we can even get into what facial expressions are, we have to understand the idea of “facial movements”.  A facial movement is the movement of one or more facial muscles. 1  For example the zygomatic major muscles contract to pull the lip corners up and back towards the ear when a person smiles.

  • The Facial Action Coding System Explained

    Mike Murr
    13 Dec 2011 | 4:12 pm
    The Facial Action Coding System (FACS) is a scientific system designed to measure human facial movements. 1 FACS is an anatomically-based comprehensive system.  This means FACS can be used to describe any possible set of facial movements.  Originally developed by Dr. Paul Ekman, Dr. Wallace Friesen, and Dr. Joseph Hager, the latest version of the FACS manual can be purchased online at face and emotion.Facial Action Coding System FundamentalsThe basic unit of measurement in FACS is the action unit. (AU)  An AU represents the muscular activities that produce momentary changes in facial…

  • The Truth About Micro Expressions

    Mike Murr
    7 Nov 2011 | 4:35 pm
    There has been a lot of talk lately about the idea of micro expressions.  TV shows like Lie to Me and Psych include elements based on the concept of micro expressions.  The problem is that a lot of the material out there is wrong.  I wrote this post to help explain what micro expressions really are, and to help separate some of the fact from fiction that is floating around the web.What are micro expressions?First of all let’s get a proper understanding of what constitutes a micro expression.  A micro expression is a very brief (1/2 a second or less) facial expression of one of…
 
  • add this feed to my.Alltop

    Infosec Communicator

  • 2012 Speaking Schedule, January through June

    Ben Woelk
    11 Jan 2012 | 9:01 pm
    I’ll be speaking at the following events this winter and spring. Watch for my presentation materials on SlideShare. January 9: HEISC (Higher Education Information Security Council), Town Hall. Recording available. January 30:  Bullet Proofing Your Career Online (with Hannah Morgan, @careersherpa), ABCPNG (Always Be Connecting Power Networking Group), First Unitarian Church, Rochester, New York Description: What are the 10 key steps to building and securing your online reputation? A security professional and a career sherpa provide their perspectives on how to create an online presence…

  • Making Information Security Fun

    Ben Woelk
    27 Oct 2011 | 9:25 am
    I shared this presentation at the October program meeting of the Rochester Chapter of the Society for Technical Communication. The presentation demonstrates how the Information Security Office at the Rochester Institute of Technology used marketing techniques to reinforce key messages to raise awareness around information security concerns such as phishing. To see more about how we’re using blogging to raise awareness in a specific academic course, visit the RIT Cyber Self Defense blog.

  • Announcing the RIT Cyber Self Defense Student Blog

    Ben Woelk
    4 Sep 2011 | 9:52 pm
    Image via Wikipedia I teach a section of Cyber Self Defense, a security awareness course at the Rochester Institute of Technology. We always have a number of interesting discussions about current infosec issues. I believe these discussions would be of interest to a wider audience, and especially to readers of the Infosec Communicator blog. This fall, we’ve created a blog for the students to share their thoughts on various information security topics. We’re requiring the students to blog weekly, so we’re hoping to generate a good amount of traffic to and discussion on the…

  • Top Ten Tips for Safe(r) Social Networking

    Ben Woelk
    8 Jul 2011 | 4:11 pm
    Did you know you’re a target every time you go online? Did you know that cyber criminals are targeting social networking sites? Do you know how to recognize a phishing attempt? Following these tips will help make your use of social networking sites safer. (Unfortunately, there’s no way to guarantee that you can use them safely.) Tip #1: Use strong passwords/passphrases. It’s important to use strong passwords because automated “cracking” programs can break weak passwords in minutes. At a minimum, you should use 8 characters (preferably 15 or more), mixing upper and lower case letters…

  • Updated: Choosing the Safest Browser, Part One

    Ben Woelk
    30 Jun 2011 | 2:35 pm
    This post provides an update to last year’s Choosing the Safest Browser post. Let’s take a look at what’s changed since June 2010. Browsers Last year, we looked at the following browsers to discuss which would be the safest: Opera Firefox Safari Internet Explorer Google Chrome Number of Vulnerabilities How do you decide which browser is the safest? One way is to look at the vulnerabilities that were disclosed for each one. Attackers may exploit these vulnerabilities to place malicious code onto your computer. In Spring 2010, my Cyber Self Defense class ranked the browsers in…
  • add this feed to my.Alltop

    Infosec Communicator

  • 2012 Speaking Schedule, January through June

    Ben Woelk
    11 Jan 2012 | 9:01 pm
    I’ll be speaking at the following events this winter and spring. Watch for my presentation materials on SlideShare. January 9: HEISC (Higher Education Information Security Council), Town Hall. Recording available. January 30:  Bullet Proofing Your Career Online (with Hannah Morgan, @careersherpa), ABCPNG (Always Be Connecting Power Networking Group), First Unitarian Church, Rochester, New York Description: What are the 10 key steps to building and securing your online reputation? A security professional and a career sherpa provide their perspectives on how to create an online presence…

  • Making Information Security Fun

    Ben Woelk
    27 Oct 2011 | 9:25 am
    I shared this presentation at the October program meeting of the Rochester Chapter of the Society for Technical Communication. The presentation demonstrates how the Information Security Office at the Rochester Institute of Technology used marketing techniques to reinforce key messages to raise awareness around information security concerns such as phishing. To see more about how we’re using blogging to raise awareness in a specific academic course, visit the RIT Cyber Self Defense blog.

  • Announcing the RIT Cyber Self Defense Student Blog

    Ben Woelk
    4 Sep 2011 | 9:52 pm
    Image via Wikipedia I teach a section of Cyber Self Defense, a security awareness course at the Rochester Institute of Technology. We always have a number of interesting discussions about current infosec issues. I believe these discussions would be of interest to a wider audience, and especially to readers of the Infosec Communicator blog. This fall, we’ve created a blog for the students to share their thoughts on various information security topics. We’re requiring the students to blog weekly, so we’re hoping to generate a good amount of traffic to and discussion on the…

  • Top Ten Tips for Safe(r) Social Networking

    Ben Woelk
    8 Jul 2011 | 4:11 pm
    Did you know you’re a target every time you go online? Did you know that cyber criminals are targeting social networking sites? Do you know how to recognize a phishing attempt? Following these tips will help make your use of social networking sites safer. (Unfortunately, there’s no way to guarantee that you can use them safely.) Tip #1: Use strong passwords/passphrases. It’s important to use strong passwords because automated “cracking” programs can break weak passwords in minutes. At a minimum, you should use 8 characters (preferably 15 or more), mixing upper and lower case letters…

  • Updated: Choosing the Safest Browser, Part One

    Ben Woelk
    30 Jun 2011 | 2:35 pm
    This post provides an update to last year’s Choosing the Safest Browser post. Let’s take a look at what’s changed since June 2010. Browsers Last year, we looked at the following browsers to discuss which would be the safest: Opera Firefox Safari Internet Explorer Google Chrome Number of Vulnerabilities How do you decide which browser is the safest? One way is to look at the vulnerabilities that were disclosed for each one. Attackers may exploit these vulnerabilities to place malicious code onto your computer. In Spring 2010, my Cyber Self Defense class ranked the browsers in…
  • add this feed to my.Alltop

    Kindsight Blog

  • Kindsight Launches Security Analytics to Help Service Providers

    kindsight
    25 Jan 2012 | 8:27 am
    hide Today, we launched Kindsight Security Analytics, a new platform for service providers to analyze network traffic for malware and aggregate security statistics onto a single web-based dashboard. The new platform provides unparalleled insights into subscriber infections, enabling Internet service providers and mobile operators to reduce risk within the network and diminish the malicious consumption of network resources. read more

  • The Anatomy of a Phishing Attack

    kindsight
    19 Jan 2012 | 9:55 am
    Show in Security Labs As many of us do, before blindly purging Spam folders, you scan for senders that may have been dumped there inadvertently by the Spam filters. Other than a larger amount of emails that are unreadable for a number of reasons, you don’t notice anything unusual. But wait, what’s this email from the New York State Department of Transportation - “I am in arrears and that I should follow the embedded link to resolve issues.” Since you were in New York State just weeks before, you pause but click on the link in the email anyway. DO NOT FOLLOW THESE NEXT STEPS.

  • Threats in the News for December

    kindsight
    13 Jan 2012 | 9:33 am
    hide Mobile and identity theft attacks, sometimes combined, top the list of threats in the news for December. While Android malware continues to steal headlines, and not in a good way, we did see a Windows Phone vulnerability make the news last month. On the identity theft front, Zeus continues to be a major concern and the attacks are getting more sophisticated as it was combined with a DDoS attack to hide the fraudulent transfers. read more

  • 2012 Predictions for Mobile Malware and Botnets

    kindsight
    6 Jan 2012 | 9:37 am
    Show in Security Labs Last year we looked into our crystal ball to make some predictions for 2011, including mobile devices and Macs becoming the target of malware and the expansion of banking trojans. All of these came true so we are going to put our perfect record on the line and make some new predictions for 2012. While mobile malware grew substantially in 2011, most of the attacks lacked sophistication and the ability to make money for the cybercriminals. We see these mobile attacks evolving considerably in 2012, especially for the Android platform. We also saw the takedown of…

  • Was Mobile Malware a Problem in 2011?

    kindsight
    21 Dec 2011 | 9:46 am
    Show in Security Labs Last year, we predicted that mobile malware, particularly on the Android platform, would be one of the major trends in 2011. As the year draws to a close, we wanted to check to see if our crystal ball was accurate in this prediction. In November, Juniper reported a 472% growth in Android samples since July 2011, a stat that speaks for itself. But, Chris DiBona from Google responded on his blog saying that “No major cell phone has a ‘virus’ problem in the traditional sense…” and that “virus companies are playing on your fears”.  So…
 
  • add this feed to my.Alltop

    Networking Exchange Blog » Topics » Security

  • The Value of an Enterprise Security Assessment

    John Savarese
    26 Jan 2012 | 4:30 am
    Over the past several years I’ve had the pleasure of meeting with many Enterprise Customers who have INFOSEC Responsibility, and representing almost any vertical market segment you could imagine. I’ve often found, however, a pattern where customers may not always initiate very fundamental aspects of information security, that when executed, would help  lower their overall risk. This is the first of  a series of articles where I’ll do my best to articulate  these common areas of improvement based on my numerous discussions with security leaders. With security breaches now becoming  a…

  • 6 Ways Social Media Impacts Security For Business

    Bindu Sundaresan
    13 Jan 2012 | 4:43 am
    Social media has definitely transcended the generation gap. My parents have taken to Facebook to keep in touch with extended family and to learn of updates of the second generation. The other day I was talking to a friend of mine, who said to me, that her brother was making plans to go to India on a month long trip and that instead of telling her about it personally, he figured she may have read in on a facebook page. It got me thinking harder on how we have come to accept this technology in our day to day lives.  Truly, Social networking has transformed the way the connected masses…

  • A Feast For the Mind: Enrich Yourself as a Security Professional

    Bindu Sundaresan
    6 Jan 2012 | 9:30 am
    I was inspired to write this post after reading an article my husband, Bharath Ramamoorthy, an architect wrote to inspire his team to take up courses as part of continuing education. Humans, by nature, are curious. The inherent curiosity to know more about things around us is the primary driver for learning. To be curious is to be open to new ideas, new resources and new perspectives. To be curious, means not to be afraid to ask questions, to say, I don’t know and most importantly I would like to know! Being curious should almost be second nature to us, there are so many things around us…

  • 5 New Year’s Security Resolutions

    Jim Knopka
    5 Jan 2012 | 9:51 am
    The New Year promises a fresh start  and like most of you I am looking forward to all that goes with it, while at the same time frantically running around trying to accomplish many things at once. This not only includes various responsibilities, but also meeting friends and family, dinners, decorating, and shopping for gifts- in person and online. As the old saying goes, “haste makes waste”, so this is also a good time to take a minute and catch our breath, figuratively and literally! With all that is going on, here are some basic security awareness tips that can help safeguard you now,…

  • Editorial Review of 2011 – Security

    Terry L. Brock
    28 Dec 2011 | 4:34 am
    Security is one of those subjects we often don’t like to pay much attention to — until something goes wrong.  When everything is fine, i.e. Security professionals are doing their job, we don’t notice it.  This is the way it should be.  However, if a security breach is discovered, we know the critical importance of having professionals standing by get the job done, patch up leeking holes and fix the problem. Many today are seeing security as more than just a “fix it” strategy.  When a security plan is in place to provide better protection than an alternative, it becomes a…
  • add this feed to my.Alltop

    Email management, storage and security for business email admins

  • 5 Common Outlook Errors and How to Fix Them

    Jeff Orloff
    27 Jan 2012 | 8:00 am
    Email is one of the most important communications tools for businesses. When it stops working, people start to get nervous. While there are many things that a user can do to mess up their email, many of these problems can be resolved with a restart of the software or the computer. However when the old standby of restarting doesn’t work, it is time for the email administrator to start looking into the issue a bit more deeply. Here are some of the more common errors found in Outlook 2007 along with some of the ways you can make things right again: 1. Error message that reads: “Cannot open…

  • Troubleshooting Exchange Networking: Firewalls (Part 3)

    Casper Manes
    26 Jan 2012 | 9:19 am
    Often, Exchange administrators will receive escalated help desk tickets from users complaining that Exchange is “slow” and demanding resolution. These sorts of tickets (slow being at best a relative term and never specific enough about what precisely is considered to be slow) can be extremely challenging to work, since the subjective nature of slowness is often combined with an inability to replicate the problem, or the problem is intermittent. The Exchange admin can take a look at the server(s) for high CPU utilization, low memory conditions, disk and network queue lengths exceeding the…

  • Google Deserts Exchange Users by Killing Message Continuity

    John P Mello Jr
    24 Jan 2012 | 10:00 am
    Google recently hung a ‘going out of business’ sign on its Message Continuity service for users of Microsoft Exchange. Google will continue to provide the service to its users until their contracts run out, but after that, they’re on their own. Since the service was launched a little over a year ago, “hundreds” of businesses have subscribed to the offering, which uses Google’s cloud to provide email continuity when a Microsoft Exchange environment is interrupted for any reason. Hundreds of users, though, can’t compete with the “millions”…

  • 7 Reasons Public Folders Need to Go Away

    Casper Manes
    23 Jan 2012 | 8:00 am
    If you are still on an Exchange 2003 or 2007 platform and are starting to plan your upgrade to Exchange 2010 (or your to the cloud), you are probably looking at your public folders and thinking to yourself: “oh gods no please don’t make me go through them! I promise I will be good from now on and eat my vegetables and clean my room please oh please oh please don’t make me deal with the public folders and please don’t send me to the cornfield!”. Okay, you might not have quite that, emotional reaction, but if you aren’t dreading the task, you haven’t started to think about it yet.

  • Microsoft’s Trustworthy Computing Program Turns 10

    John P Mello Jr
    20 Jan 2012 | 8:00 am
    Gates: Momentous security memo For computer security experts, January 15 marked the anniversary of a red letter day. It was the 10th anniversary of the day that Microsoft decided to get serious about security. On that day in 2002, a memo from Bill Gates to Microsoft employees declared the company would be entering a new era, an era of “Trustworthy Computing.” “In the past,” Gates wrote, “we’ve made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We’ve done a terrific…
  • add this feed to my.Alltop

    Anti spam and general email security in a business environment

  • Phishing Scam Targets Victims Using Better Business Bureau

    Jeff Orloff
    27 Jan 2012 | 11:00 am
    This past holiday season showed that spending in brick and mortar stores was significantly off targeted projects. People just weren’t spending as much money in the malls and department stores. However every single study of consumer spending did show that companies with a strong online presence had a significant boost in sales this past year, including the holiday shopping season. In fact during December alone, non-store sales rose 10.6 percent from the same time one year ago. Even automobile sales online boasted a 9.5 percent increase. To make sure they can stay competitive in the online…

  • Go Phish Yourself?

    Sue Walsh
    27 Jan 2012 | 9:00 am
    A new open source toolkit is designed to provide a way for companies to educate their employees on how to spot phishing scams, but it may give scammers a lot of help as well. The open source Simple Phishing Toolkit includes a scraper that will quickly clone any website and create a phishing lure. It also comes with tools that allow administrators to track how many employees click on the lure, what links they followed, when they did so, and even their IP addresses, browser info and operating systems. Naturally, such tools would be very useful for IT departments and system administrators to…

  • Several New Phishing Campaigns Going Strong

    Sue Walsh
    26 Jan 2012 | 11:00 am
    Several new phishing campaigns have been spotted in the wild. The first one is a new incarnation of an old scam. Emails that look like they’ve come from your friends arrive with an urgent message about them being on a trip to a far flung place such as Madagascar, London, or Berlin and needing help. You see, they were mugged/assaulted and all of their money and documents were stolen, and they really need to go home but there’s the matter of their hotel bill. The messages generally ask for about $1600 to be sent via Western Union. Of course it’s just a variation of a 419 scam. If…

  • Kelihos Actions Continue: New Defendant Named

    Casper Manes
    26 Jan 2012 | 9:00 am
    Last September we reported on Microsoft’s actions in taking down the Kelihos Botnet, and the civil actions pending against alleged perpetrators including Czech citizen Dominique Alexander Piatti and the dotFREE Group SRO. We then followed up with a story on the settlement reached and the dismissal of charges againt Piatti. Today Microsoft announced new actions in the legal followup to the botnet takedown. The Microsoft Digital Crimes unit has continued its investigation into the perpetrators behind Kelihos, and today filed an amended complaint in the U.S. District Court for the Eastern…

  • Week in Review: You Can’t Spell Twitter Without ‘Twit’

    Malcolm James
    25 Jan 2012 | 9:00 am
    The year’s off to a rousing start, with all sorts of interesting security news this week: Wikipedia led a temporarily successful foray against SOPA and PIPA by joining numerous websites that went dark for a day; the founder of Megaupload had his hands slapped when law enforcement officials told him resoundingly, “no, you can’t pirate copyrighted material” – insult was heaped upon injury when dozens of expensive cars were towed away to show him they were right; and Koobface – the Facebook botnet that has been harassing Zuckerberg for years – was taken down by its own creators…
 
  • add this feed to my.Alltop

    Networking Exchange Blog » Topics » Security

  • The Value of an Enterprise Security Assessment

    John Savarese
    26 Jan 2012 | 4:30 am
    Over the past several years I’ve had the pleasure of meeting with many Enterprise Customers who have INFOSEC Responsibility, and representing almost any vertical market segment you could imagine. I’ve often found, however, a pattern where customers may not always initiate very fundamental aspects of information security, that when executed, would help  lower their overall risk. This is the first of  a series of articles where I’ll do my best to articulate  these common areas of improvement based on my numerous discussions with security leaders. With security breaches now becoming  a…

  • 6 Ways Social Media Impacts Security For Business

    Bindu Sundaresan
    13 Jan 2012 | 4:43 am
    Social media has definitely transcended the generation gap. My parents have taken to Facebook to keep in touch with extended family and to learn of updates of the second generation. The other day I was talking to a friend of mine, who said to me, that her brother was making plans to go to India on a month long trip and that instead of telling her about it personally, he figured she may have read in on a facebook page. It got me thinking harder on how we have come to accept this technology in our day to day lives.  Truly, Social networking has transformed the way the connected masses…

  • A Feast For the Mind: Enrich Yourself as a Security Professional

    Bindu Sundaresan
    6 Jan 2012 | 9:30 am
    I was inspired to write this post after reading an article my husband, Bharath Ramamoorthy, an architect wrote to inspire his team to take up courses as part of continuing education. Humans, by nature, are curious. The inherent curiosity to know more about things around us is the primary driver for learning. To be curious is to be open to new ideas, new resources and new perspectives. To be curious, means not to be afraid to ask questions, to say, I don’t know and most importantly I would like to know! Being curious should almost be second nature to us, there are so many things around us…

  • 5 New Year’s Security Resolutions

    Jim Knopka
    5 Jan 2012 | 9:51 am
    The New Year promises a fresh start  and like most of you I am looking forward to all that goes with it, while at the same time frantically running around trying to accomplish many things at once. This not only includes various responsibilities, but also meeting friends and family, dinners, decorating, and shopping for gifts- in person and online. As the old saying goes, “haste makes waste”, so this is also a good time to take a minute and catch our breath, figuratively and literally! With all that is going on, here are some basic security awareness tips that can help safeguard you now,…

  • Editorial Review of 2011 – Security

    Terry L. Brock
    28 Dec 2011 | 4:34 am
    Security is one of those subjects we often don’t like to pay much attention to — until something goes wrong.  When everything is fine, i.e. Security professionals are doing their job, we don’t notice it.  This is the way it should be.  However, if a security breach is discovered, we know the critical importance of having professionals standing by get the job done, patch up leeking holes and fix the problem. Many today are seeing security as more than just a “fix it” strategy.  When a security plan is in place to provide better protection than an alternative, it becomes a…
  • add this feed to my.Alltop

    Redspin Security Blog

  • HIPAA Security Risk Analysis. – Are You One Of The 3,300?

    Dan Berger
    25 Jan 2012 | 1:06 pm
    Get ‘er Done! I’m referring of course to the HIPAA Security Risk Analysis requirement of the Stage 1 EHR Meaningful Use Incentive Plan. Between 85%-90% of the 5,000+ eligible hospitals say they plan to qualify for Stage 1, yet data from the Centers for Medicare &Medicaid Servicesshows less than 25% have attested and received payment as of November 30, 2011. So for the 3,300 or so other hospitals – this is no time to procrastinate. Time flies, whether you’re having fun or not. You’ll need to plan your 90-day qualification period and be ready to attest before the 2012…

  • How An Internal Penetration Test Can Help Your Organization

    John Abraham
    22 Dec 2011 | 11:29 am
    Every IT department faces the challenge of having to apply limited resources (headcount, technology, 3rd party assessments) against a plethora of potential security risks. Choosing wisely is often the difference between an effective security strategy and an ineffective one. With that in mind and a number of possible assessment approaches available, what benefits can be gained from an internal penetration test? First, since security terminology is often misunderstood, let’s first define internal penetration testing. An internal pen test is a very specific scope of work where a security…

  • “Enforcement Promotes Compliance” – HIPAA Audits Just Around the Corner

    Dan Berger
    22 Nov 2011 | 7:01 pm
    Earlier this month, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released further details on its plan to audit 150 covered entities under its pilot HIPAA audit program. Periodic audits of the HIPAA privacy, security and breach notification standards are required of the HHS Secretary under Section 13411 of the 2009 HITECH Act (2009). In June of 2011, OCR awarded a $9.2 million contract to the consulting firm KPMG to develop an audit methodology and pilot program, and to conduct the first 150 audits. (Ironically, KPMG was selected despite having been…

  • Healthcare IT Security – Who is Responsible, Really?

    Chris Brown
    15 Nov 2011 | 10:11 am
    In any complex, cross-functional business challenge, responsibility and authority must be distributed intelligently while at the same time prove a process of internal dispute resolutions. An information security program is one such complex and multifarious business necessity. At its heart, information security is a method of managing risk to information and information systems, and reducing uncertainty relative to organizational objectives; it is a balance. But the success of an information security program depends upon the ability of an organization to establish a set of controls based on a…

  • The “Yelp for Security Tools” – SecTools.Org 2011 Update

    Mark Marshall
    4 Nov 2011 | 8:21 pm
    Gordon Lyon, better known by his online alias of Fyodor and as the creator of the very popular (and awesome) tool Nmap has released the results of the Nmap 2010 User Survey which he performs every couple of years. The survey is filled out by members of the Nmap-Hackers mailing list, one of several mailing lists that Fyodor maintains which is made up of many smart minds in the security world. The 2010 survey had more than 3000 participants throw their vote in for the most popular security tools in the industry, both commercial and opensource. The votes are then tabulated and revealed in a…
  • add this feed to my.Alltop

    F-Secure Antivirus Research Weblog

  • Facebook Spammers Use Amazon's Cloud

    26 Jan 2012 | 6:03 am
    Facebook is recently doing a decent job at keeping survey spam posts at bay (all things considered).So, what's an entrepreneurial Facebook spammer to do? Well, some have tweaked their master plan, and have expanded their use of "cloud" services.Using Amazon's S3 file hosting service solves quite a few problems for these perpetrators. Number 1, Amazon's S3 web service is pretty inexpensive to set up, therefore they can still earn from the surveys. Number 2, because Facebook has been pretty successful at blocking suspicious URLs linked to spam, hosting their scam's code in a safe and popular…

  • 440,783 "Silent SMS" Used to Track German Suspects in 2010

    26 Jan 2012 | 6:03 am
    The 28th Chaos Communication Congress (28C3) is currently underway in Berlin and on Tuesday, researcher Karsten Nohl gave a presentation called: Defending mobile phones. If you have an hour, it's worth watching.Initial press reports focused on Nohl's revelation that hackers can potentially sniff numerous phone IDs and network authentications from an advantageous point, and because network authentications aren't frequently refreshed (depending on the network operator), an attacker could make expensive premium rate calls and bill them to other persons. GSM network specifications allow for every…

  • Cracking Polish Passwords

    26 Jan 2012 | 6:03 am
    Many of the sites that we blogged about on Monday are still offline after being targeted by DDoS attacks. Hackers have promised to continue until the 26th.According to Polskie Radio: "Over a thousand people gathered in Warsaw, Tuesday evening, to oppose the anti-internet piracy ACTA agreement, which PM Tusk confirmed that Poland will sign on Thursday."The signing is scheduled to take place in Tokyo, Japan.#Insert joke here:How do you hack a Polish government official's laptop?…the username and password are written on the sticker. On 25/01/12 At 06:34 PM

  • Cheap Professional DDoS Service

    26 Jan 2012 | 6:03 am
    Now here's something that you don't see everyday, a YouTube video in which a young woman advertises DDoS services, with a smile."Hello, Hackers."The video links to a forum thread that lists the attacker's rates:Just $2 per hour…Also, easy payment options. On 05/01/12 At 06:26 PM

  • Pole Position: Poland Attacked by Anti-ACTA Hackers

    26 Jan 2012 | 6:03 am
    There's breaking news coming out of Poland. Hackers, reportedly associated with Anonymous, have been attacking Polish government websites to protest this week's scheduled signing of the Anti-Counterfeiting Trade Agreement (ACTA).ACTA is an intellectual property treaty. Poland announced on January 19 that it would sign the treaty on January 26, 2012.A Twitter account called @AnonymousWiki called for action against the Polish government.All of this follows on the heels of SOPA protests and Anonymous attacks against US government websites due to the FBI's takedown of Megaupload.Websites targeted…
 
  • add this feed to my.Alltop

    Pcthreat.com

  • Worm.Nenebra.A

    27 Jan 2012 | 11:49 pm
    Worm.Nenebra.A is a computer worm that can eventually lead to an ultimate system crash, if you allow this malware to remain in your computer. This worm usually spreads via removable and fixed drives. If the...

  • Security Sphere 2012

    27 Jan 2012 | 11:49 pm
    It can be easy to fall for the clever lies used by Security Sphere 2012 to rip you off. The truth is this rogue antispyware application derives from the same family of rogues as the hotly detested Personal...

  • System Fix

    27 Jan 2012 | 11:49 pm
    System Fix is a fake defragger that derives from the same harmful rogues as the FakeHDD family of rogues. It will proceed to mess with your computer and eventually will lead to your system’s downfall if you...

  • Trojan.Nedsym

    27 Jan 2012 | 11:49 pm
    There are all types of annoying malware infections that can turn your daily life into hell. Trojan.Nedsym is one of them. This Trojan is responsible for an endless flood of spam email messages. Since a lot of...

  • Privacy Protection

    27 Jan 2012 | 11:49 pm
    When looking for a user friendly and reliable security tool to complement your PC’s security, then you will certainly want to steer well clear of Privacy Protection. This rogue antispyware application, which...
  • add this feed to my.Alltop

    threatpost - The First Stop for Security News

  • FBI Looking for App to Monitor Twitter and Facebook For Threat Data

    Dennis Fisher
    27 Jan 2012 | 10:05 am
    The FBI is in the early stages of developing an application that would monitor sites such as Twitter and Facebook, as well as various news feeds, in order to find information on emerging threats and new events happening at the moment. The tool would give specialists the ability to pull the data into a dashboard that also would include classified information that's coming in at the same time.read more

  • Attackers Targeting Windows Media Bug With Malware

    Dennis Fisher
    27 Jan 2012 | 7:03 am
    Security researchers have seen attackers going after the newly patched CVE-2012-0003 vulnerability in the Windows Media Player. The flaw, which was patched earlier this month by Microsoft, is a critical one that can enable remote code execution, and it affects a wide range of Windows systems.read more

  • Malware Poses as Phony Google+ Plug-In

    Brian Donohue
    26 Jan 2012 | 12:55 pm
    Spammers are cashing in on the (modest) popularity of Google+ by sending out fake emails inviting users to try out Google+ Hangouts by downloading a malicious file posing as a Google+ Hangout plug-in.read more

  • Hawaii Bill Would Require Internet Data Retention For Two Years

    Dennis Fisher
    26 Jan 2012 | 10:38 am
    A Hawaiian legislator has introduced a broadly worded data-retention bill that require ISPs and other service providers to retain their customers' Internet activity records for at least two years. The bill, introduced by state Rep. John Mizuno, does not have any provisions for exclusions or privacy considerations and would force the ISPs to hold the customer data, but it does not make any mention of how the data should be protected.read more

  • Slideshow: Scenes from S4 2012

    Paul Roberts
    25 Jan 2012 | 1:30 pm
    VIEW SLIDESHOW Scenes from S4 2012S4 is a conference hosted by Digital Bond, a security consulting firm based in Sunrise, Florida. Now in its fifth year, the S4 draws some of the world's top experts in securing industrial control systems to sunny Miami Beach to discuss the state of the art. read more
 
  • add this feed to my.Alltop

    VRT

  • A New Hope

    Matt Olney
    5 Jan 2012 | 9:00 am
    Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD) know a secret:  The Federal government is REALLY good at watching people, much better than, say, the private sector.  So they asked themselves (at least they did in my mind), "Why not share some of that information in order to protect American businesses from the ubiquitous cyber-security threat?"Hey guys…that’s a damn good idea!Seriously, I thought it was a great idea.  So it was with a good deal of enthusiasm that I printed out H.R. 3523, or to use its more sexy name, the “Cyber Intelligence Sharing and…

  • Cross-Platform Single-Request Web Server DoS From CCC

    Alex Kirk
    28 Dec 2011 | 2:08 pm
    Security never sleeps, even if it is the week between Christmas and New Year's, and most of you are on vacation, enjoying time with your family, or just goofing off because the office is empty. Today's reminder of that reality comes from Alexander Klink and Julian Walde, who presented yesterday at the 28th Annual Chaos Communication Congress a method of consuming a web server's entire CPU with a simple, low-bandwidth POST request. In fact, according to the advisory they released after the talk, as little as 30k/sec could be necessary to occupy a single i7 core, depending on the target…

  • Malware Mythbusting

    Alex Kirk
    18 Nov 2011 | 7:25 pm
    The malware sandbox that I've previously discussed on this blog has made for a lot of useful Snort rules - but it's also helped get me some excellent speaking slots around the world this year. This time, I've just wrapped up a presentation titled "Malware Mythbusting" at Ruxcon, Australia's premier technical security conference.The premise of the talk was simple: there's a lot of hype surrounding malware, and if you're someone tasked with keeping a network secure, there's generally not a lot of good information about the nature of the threat. Can I cut off China and Russia and make all the…

  • Microsoft Security Advisory 2639658

    Nigel Houghton
    8 Nov 2011 | 1:51 pm
    Microsoft recently added a new initiative to its Microsoft Active Protection Program (MAPP), called the Advisory Initiative program, which gives partners up to 96 hours to provide protection for discovered vulnerabilities. Microsoft piloted the program with an advisory release on the Win32K TrueType font parsing engine, related to the Duqu malware (CVE-2011-3402). Sourcefire released its protections for this threat within the first 48 hours, as noted on the MAPP site http://technet.microsoft.com/en-us/security/advisorymapp:SID: GID 3, SID…

  • Android Malware Analysis: A How-To

    Alex Kirk
    3 Nov 2011 | 2:00 pm
    While mobile malware comprises only a tiny fraction of the overall landscape in terms of volume, it is fast becoming essential to address from an enterprise security standpoint. Unfortunately, very few people would even have a clue where to start if charged with analyzing a program on a smart phone. This disconnect provided the rationale for a presentation I recently gave at Hack in the Box Malaysia on how to go from "I've got an Android APK file, now what?" to full static and dynamic analysis.The slides, available here, contain links to a number of useful tools. The good news for longtime…
  • add this feed to my.Alltop

    VRT

  • A New Hope

    Matt Olney
    5 Jan 2012 | 9:00 am
    Rep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD) know a secret:  The Federal government is REALLY good at watching people, much better than, say, the private sector.  So they asked themselves (at least they did in my mind), "Why not share some of that information in order to protect American businesses from the ubiquitous cyber-security threat?"Hey guys…that’s a damn good idea!Seriously, I thought it was a great idea.  So it was with a good deal of enthusiasm that I printed out H.R. 3523, or to use its more sexy name, the “Cyber Intelligence Sharing and…

  • Cross-Platform Single-Request Web Server DoS From CCC

    Alex Kirk
    28 Dec 2011 | 2:08 pm
    Security never sleeps, even if it is the week between Christmas and New Year's, and most of you are on vacation, enjoying time with your family, or just goofing off because the office is empty. Today's reminder of that reality comes from Alexander Klink and Julian Walde, who presented yesterday at the 28th Annual Chaos Communication Congress a method of consuming a web server's entire CPU with a simple, low-bandwidth POST request. In fact, according to the advisory they released after the talk, as little as 30k/sec could be necessary to occupy a single i7 core, depending on the target…

  • Malware Mythbusting

    Alex Kirk
    18 Nov 2011 | 7:25 pm
    The malware sandbox that I've previously discussed on this blog has made for a lot of useful Snort rules - but it's also helped get me some excellent speaking slots around the world this year. This time, I've just wrapped up a presentation titled "Malware Mythbusting" at Ruxcon, Australia's premier technical security conference.The premise of the talk was simple: there's a lot of hype surrounding malware, and if you're someone tasked with keeping a network secure, there's generally not a lot of good information about the nature of the threat. Can I cut off China and Russia and make all the…

  • Microsoft Security Advisory 2639658

    Nigel Houghton
    8 Nov 2011 | 1:51 pm
    Microsoft recently added a new initiative to its Microsoft Active Protection Program (MAPP), called the Advisory Initiative program, which gives partners up to 96 hours to provide protection for discovered vulnerabilities. Microsoft piloted the program with an advisory release on the Win32K TrueType font parsing engine, related to the Duqu malware (CVE-2011-3402). Sourcefire released its protections for this threat within the first 48 hours, as noted on the MAPP site http://technet.microsoft.com/en-us/security/advisorymapp:SID: GID 3, SID…

  • Android Malware Analysis: A How-To

    Alex Kirk
    3 Nov 2011 | 2:00 pm
    While mobile malware comprises only a tiny fraction of the overall landscape in terms of volume, it is fast becoming essential to address from an enterprise security standpoint. Unfortunately, very few people would even have a clue where to start if charged with analyzing a program on a smart phone. This disconnect provided the rationale for a presentation I recently gave at Hack in the Box Malaysia on how to go from "I've got an Android APK file, now what?" to full static and dynamic analysis.The slides, available here, contain links to a number of useful tools. The good news for longtime…
  • add this feed to my.Alltop

    Private WiFi

  • Google’s ‘Good to Know’ Campaign Touts Online Privacy

    Elaine Rigoli
    26 Jan 2012 | 12:09 am
    Google has launched its “Good to Know” advertising campaign to help educate consumers about how to protect themselves online. According to this eWeek article, “the multimillion-dollar Good to Know initiative includes privacy and security tips, such as how to use two-step verification, how to lock a computer when it’s in public but not in use, and how to make sure website connections are secure via HTTPS encryption.” The Good to Know campaign is aimed at the casual Internet user and defines cookies and IP addresses, and explains how Google and other service…

  • No, You Didn’t Win the Lottery

    Nikki Junker
    25 Jan 2012 | 8:36 pm
    Have you ever received an email from the United Nations compensation Fund about a large sum of money that you are entitled to? The author may have had some incredible title with far too many words like, President Executive Director of International Compensation and Recovery, which makes the author sound mighty important. Maybe it is an urgent message from the Federal Bureau of Investigation, Internal Revenue Service or Secret Service stating that you are under investigation for money laundering, or even that there is a problem with your income tax returns? At one point or another, we have all…

  • Facebook to Live Stream Official Data Privacy Day Event

    Elaine Rigoli
    25 Jan 2012 | 12:22 am
    Online privacy and security have become a central part of our new digital reality, and the fifth-annual Data Protection Day this Saturday, January 28 is a great opportunity to foster a societal debate around data privacy issues. Last year we chatted with Leonardo Cervera, the man responsible for the first Data Privacy Day event in the United States. He spoke at length about data privacy and his overall background and interest in keeping people safer online, among other topics. Cervera noted that, “As a consumer, I am concerned that business considerations might prevail over my dignity…

  • What It’s Really Like to Suffer Identity Theft

    Elaine Rigoli
    24 Jan 2012 | 12:30 am
    Victims of identity theft describe it almost universally as an incredibly traumatic experience. That’s the key takeaway from an interactive message board that invited a host of opinions and stories from people who have experienced such fraud. In the opinion of one professional adviser who posted in the forum, unlike victims of more traditional crimes, there’s no single group or agency that can address all identity-theft issues. Matt Davis, the security adviser with the Identity Theft Resource Center, noted the following: “Identity theft often spans multiple jurisdictions or…

  • Celebrate Data Privacy Day with 50% off PRIVATE WiFi

    Jillian Ryan
    23 Jan 2012 | 8:36 pm
    As the international community celebrates Data Privacy Day on Saturday, January 28, 2012, PRIVATE WiFi, in hopes of raising awareness for privacy education, is offering a one-day coupon for 50% off of an annual subscription to its personal VPN software. Use the coupon code CPNPRIVACYDAY during the purchase process to receive a half-off discount. The annual subscription rate is normally $84.95, but with this special deal in celebration of Data Privacy Day, the full 12 months is only $42.50! If you want to try PRIVATE WiFi before your use the coupon code, visit our Try Page to download a free…
 
Log in