New Year has come and hackers have started spreading new scams on Facebook. This time it’s another clickjacking scam that has been noticed circulating on this social network. Using the curiosity of Facebook users, it tricks them into clicking on links pretending to be liked by their friends. However, those ‘amazing’ and ‘surprising’ videos titled “Air Race Plan Crashed in the crowd during a show!” or “A Really Giant Baby!” are used for only redirecting victims to the splash pages pretending to contain interesting videos but filled with web based advertisements…
Network Security
-
Most Topular Stories
-
Clickjacking scams are still used on Facebook
Spyware news4 Jan 2012 | 10:02 am -
Best Book Bejtlich Read in 2011
TaoSecurity9 Jan 2012 | 8:40 pmIt's time to name the winner of the Best Book Bejtlich Read award for 2011! I've been reading and reviewing digital security books seriously since 2000. This is the 6th time I've formally announced a winner; see my bestbook label for previous winners.Compared to 2010 (31 books), 2011 saw a decrease to 22 books. Remember all reading is neither equal nor fast. When I review a book, I am sure to read it and not just skim it. For 10 books last year, I chose not to read them but to instead post impressions. Posts called "impressions" provide my sense of the book but I do not publish them in my… -
Google’s ‘Good to Know’ Campaign Touts Online Privacy
Private WiFi26 Jan 2012 | 12:09 amGoogle has launched its “Good to Know” advertising campaign to help educate consumers about how to protect themselves online. According to this eWeek article, “the multimillion-dollar Good to Know initiative includes privacy and security tips, such as how to use two-step verification, how to lock a computer when it’s in public but not in use, and how to make sure website connections are secure via HTTPS encryption.” The Good to Know campaign is aimed at the casual Internet user and defines cookies and IP addresses, and explains how Google and other service… -
Tripwire Names Bejtlich #1 of "Top 25 Influencers in Security"
TaoSecurity6 Dec 2011 | 8:52 pmI've been listed in other "top whatever" security lists a few times in my career, but appearing in Tripwire's Top 25 Influencers in Security You Should Be Following today is pretty cool! Tripwire is one of those technologies and companies that everyone should know. It's almost like the "Xerox" of security because so many people equate the idea of change monitoring with Tripwire. So, I was happy to see my twitter.com/taosecurity feed and the taosecurity.blogspot.com blog make their cut.David Spark asked for my "security tip for 2012," which I listed as:Improve your incident detection and… -
Even Facebook Doesn’t Like IE7
Worst Tech!31 Dec 2011 | 5:45 amAbout an year ago we came to know that YouTube, Facebook and other major websites stopped the support for IE6. Now because it was obsolete but due to the vulnerability of the browser from the Redmond giant. Now what? It has been reportedly said that Facebook will not support IE7 anymore, it has been decided [...]
-
Network World on Security
-
Researchers unearth more Chinese links to defense contractor attacks
27 Jan 2012 | 10:35 amSymantec researchers have uncovered additional clues that point to Chinese hacker involvement in attacks against a large number of Western companies, including major U.S. defense contractors. -
Drive-by-download attack exploits critical vulnerability in Windows Media Player
27 Jan 2012 | 9:48 amSecurity researchers from antivirus vendor Trend Micro have come across a Web-based attack that exploits a known vulnerability in Windows Media Player. -
How to Prevent Thumb Drive Security Disasters
27 Jan 2012 | 8:56 amSmall USB flash drives can cause big security headaches. Learn how four very different organizations have managed to balance the need to allow employees to transfer files for legitimate business purposes with the need to prevent data leaks. -
CloudPassage launches new security product for public clouds
27 Jan 2012 | 7:39 amCloudPassage is launching a new security product for virtual servers in public clouds such as Amazon Web Services that it says takes care of the all-important need for security when using services from infrastructure providers. -
Lookout Security rebuts rival's Android malware claims
27 Jan 2012 | 6:13 amResearchers from Lookout Security disagreed with rival Symantec that 13 apps on the Android Market were malicious, instead saying that they showed the same behaviors as other ad-supported apps.
-
Computerworld Network Security News
-
Alcatel-Lucent, Arbor Networks partner on DDOS mitigation
18 Jan 2012 | 12:22 pmAlcatel-Lucent is now offering a router with technology from Arbor Networks that defends against distributed denial-of-service attacks, the two companies said on Wednesday. -
Sykipot Trojan hijacks DoD smart cards
13 Jan 2012 | 7:29 amA variant of the Sykipot Trojan Horse hijacks U.S. Department of Defense (DoD) smart cards in order to access restricted resources. -
Oracle's latest Java moves frustrate users and vendors
10 Jan 2012 | 5:24 amThe company is under fire for modularization, licensing, and security issues -
Security Manager's Journal: BYOD planning gets a big boost
9 Jan 2012 | 5:00 amA virtual desktop infrastructure will be the security key to reaching the CIO's goal of allowing personal devices on the corporate network. -
2012 Outlook: The end of everything?
8 Jan 2012 | 11:30 pmGibbs reviews last year's predictions and sees that the end could be nigh ...
-
Computerworld Security News
-
Lookout Security rebuts rival's Android malware claims
27 Jan 2012 | 6:52 pmResearchers from Lookout Security disagreed with rival Symantec that 13 apps on the Android Market were malicious, instead saying that they showed the same behaviors as other ad-supported apps. -
Adscend denies Facebook, AG allegations
27 Jan 2012 | 3:41 pmAdscend Media, the defendant in lawsuits filed this week by Facebook and the Washington attorney general, on Friday denied the allegations in the complaints and shifted blame to its affiliates. -
Researchers unearth more Chinese links to defense contractor attacks
27 Jan 2012 | 11:18 amSymantec researchers have uncovered additional clues that point to Chinese hacker involvement in attacks against a large number of Western companies, including major U.S. defense contractors. -
Drive-by-download attack exploits critical vulnerability in Windows Media Player
27 Jan 2012 | 10:48 amSecurity researchers from antivirus vendor Trend Micro have come across a Web-based attack that exploits a known vulnerability in Windows Media Player. -
The real reasons why SOPA and PIPA are real bad
27 Jan 2012 | 9:20 amA reader letter makes Gibbs sum up why SOPA and PIPA are such bad ideas.
-
SearchSecurity: Network Security Tactics
-
Exploring Google Chromebook security for the enterprise
23 Jan 2012 | 11:47 amThe Chromebook is unique among new entrants in the mobile device arena. Mike Cobb breaks down the key Google Chromebook security issues enterprises need to know. -
Android security settings and controls for Android enterprise security
23 Jan 2012 | 9:38 amCan Androids ever be secure enough for corporate use? Learn about Android security controls to enable effective Android enterprise security. -
EDRM-DLP combination could soon bolster document security management
20 Dec 2011 | 8:00 amThe integration of enterprise digital rights management solutions and data loss prevention tools could bring a level of automation to document security management. -
How EDRM can bolster enterprise content management security
15 Dec 2011 | 11:00 pmLearn about implementing enterprise EDRM and how this technology combo supports enterprise content management security. -
P2P encryption: Pros and cons of point-to-point encryption
6 Dec 2011 | 8:00 amP2P encryption is an emerging technology; one that may be helpful for many companies, especially merchants. Mike Chapple dissects the pros and cons.
-
SearchSecurity: Security Wire Daily News
-
Malicious Android applications may have infected millions, Symantec warns
27 Jan 2012 | 3:19 pmMore than a dozen malicious Android applications on the Android Market contain a hidden Trojan that can steal information, download more files and display advertisements on the device. Presented By: The next level in education with NEC We bring you tailor-made solutions built on an in-depth understanding of your unique needs. Learn how NEC?s solutions and expertise in voice and data communications, networks and data storage can elevate your performance at www.nec.com/education www.nec.com/education Ads by Pheedo -
Fake Firefox update delivers malware, exploit kits
27 Jan 2012 | 11:38 amMalicious webpages masquerading as browser updates are being used by attackers as launch pads for Trojan viruses and exploit kits. -
McAfee adds SMS filtering, smartphone threat intelligence to Android security app
27 Jan 2012 | 8:31 amMobile application supports Android smartphones and tablets with virus scanning and protection from Web threats and SMS attacks. -
Understanding data security breaches eclipses preventing them
26 Jan 2012 | 2:46 pmCompanies are spending more time investigating the source of data breaches and their impacts to reduce expenses, says a survey. -
Symantec pulls pcAnywhere, man-in-the-middle attacks are possible
25 Jan 2012 | 3:18 pmSource code theft from Symantec?s systems in 2006 places pcAnywhere software at risk of being attacked. Company says software is bundled with many of its products.
-
Network Security Blog
-
Standing Desk 2.0
26 Jan 2012 | 8:59 pmIf you follow the blog, you may remember several months ago that I built myself a standing desk out of some cheap lumber and plywood I had in the garage. It took an afternoon to build and was a proof of concept as to whether or not I’d actually like working at a standing desk. The funny part of the project was that it took me longer to draw it up in Google SketchUp than it did to actually put the desk together itself. After several weeks of working on the desk I decided I really liked it and wanted a more permanent version of the desk that I could feel was an actual… -
Kill pcAnywhere right now!
25 Jan 2012 | 8:40 pmIf you haven’t already heard, the code base for Symantec’s pcAnywhere was stolen in 2006, and bad guys are now using that code against the installed base of users in the wild. This sort of compromise really isn’t anything that new or different. But what is different is that Symantec is now telling users to flat out disable pcAnywhere until a fix is released. Which is a good, smart move, but a better move would be to remove pcAnywhere and never, ever start it up again! I remember the first time I used pcAnywhere; I was working my first helpdesk job and they… -
Network Security Podcast, Episode 265
24 Jan 2012 | 8:04 pmUnless you were hiding under a rock the last few weeks you’ve probably heard about the Stop Online Piracy Act (SOPA), Protect IP Act (PIPA) and their even more evil brother Anti-counterfiting Trade Agreement (ACTA). Many sites went dark last week, including Securosis, in protest and SOPA/PIPA were at least stalemated for the moment, if not entirely defeated. And since it’s a big story, we decided to discuss it at great length, probably saying many things that have been said by much smarter people than us. At least we hope it’s the smart people we’re agreeing… -
SOPA was only an opening salvo
20 Jan 2012 | 8:41 amI generally try to stay out of the political arena on the blog, mostly because politics is such a contentious topic in and of itself. And I’ve been staying away from SOPA in particular because there’s been so much coverage that one more voice added to the choir wouldn’t have done anything. The music and movie companies once again tried to introduce legislature that made pirating content a crime and gave the entertainment industry incredible power to police the internet and block any site they felt *might* link to copyrighted content. But we, the Internet,… -
Network Security Podcast, Episode 264
10 Jan 2012 | 6:10 pmAs Zach prepares for his jaunt down to Miami Beach, Rich waxes paranoid about his newfangled Microsoft-powered car — and the prospect of Martin remotely hacking throttling the engine. It’s hard to imagine a few of Rich’s ‘friends’ won’t try hard to get their hands on his new remote and the system port on his car. (Also, check out our nomination in the Social Security Bloggers Awards — and vote if you’re eligible to do so!) Network Security Podcast, Episode 264, January 10, 2012 Time: 37:31 Show Notes: Exploit Code Released for ASP.NET Flaw…
-
Post Politics: Breaking Politics News, Political Analysis & More - The Washington Post
-
Gingrich professes shock at Romney’s ‘dishonest’ debate performance
27 Jan 2012 | 10:30 pmMIAMI — Former House speaker Newt Gingrich spent Friday struggling to fend off the perception that his presidential campaign has stalled after a flat debate performance on Thursday and fresh polling data showing his support slipping in Florida. Read full article >> -
Romney says Gingrich is ‘like Goldilocks’
27 Jan 2012 | 8:47 pmORLANDO – After getting the better of Newt Gingrich in Thursday night’s debate, Mitt Romney is trying to rub it in. The increasingly confident, and increasingly punchy, former Massachusetts governor took a fresh swipe at the former House speaker at a campaign rally here Friday night, likening him to the fairy tale character “Goldilocks.” Read full article >> -
Obama ally suggests administration is undermining Endangered Species Act
27 Jan 2012 | 7:52 pmThe Obama administration is setting too high a threshold for listing an imperiled plant or animal under the Endangered Species Act, according to Rep. Edward J. Markey (D-Mass). Markey, one of the White House’s closest congressional allies, late Thursday sent a letter to Dan Ashe, director of the U.S. Fish and Wildlife Service, questioning a draft policy the agency issued last month with the National Oceanic and Atmospheric Administration. Read full article >> -
Rick Perry’s back in Texas, and some wonder if he’s lost political power there
27 Jan 2012 | 7:44 pmYes, to the non-Texan eye, it looks like Republican Gov. Rick Perry has slunk home from his last rodeo, having humiliated himself and his home state with a presidential run that will go down in history as one big “Oops.” Read full article >> -
Obama, Biden rally Democrats at annual retreat
27 Jan 2012 | 7:23 pmCAMBRIDGE, Md. — President Obama and Vice President Biden on Friday worked to rally congressional Democrats preparing to do battle with Republicans leading into the 2012 election. In remarks at the annual House Democratic retreat near the shore of the Chesapeake Bay, Obama rallied the House Democrats with a campaign-style speech in which he defended Democrats’ legislative accomplishments over the past three years, acknowledged that lawmakers have had to make some “tough decisions” and reprised many of the arguments he made in Tuesday’s State of the Union address. Read full article…
-
Techworld.com security
-
Angry Facebook sues firm for alleged 'likejacking' scam
27 Jan 2012 | 1:39 pmFacebook’s zero tolerance policy against those it believes are abusing its network has seen it file a lawsuit against a company it accuses of using a ‘clickjacking’ scam to trick users into divulging personal information. -
O&O AutoBackup review
27 Jan 2012 | 10:11 amO&O AutoBackup (free in January 2012; $30 with a 30-day free trial starting in February 2012) is a generally easy-to-use backup program with one feature especially handy for frequent users of external drives. It will back up any data you choose, automatically, without user intervention, when you insert a removable drive you've defined as the repository for your backup. That's a neat trick, but the program is otherwise limited in ability, suffers a number of design oversights, and occasionally employs unexplained and possibly confusing language. -
Lawmakers seek answers from Google on new privacy measures
27 Jan 2012 | 8:00 amGoogle's decision this week to share user data across its online services has caught the attention of eight members of the US House of Representatives, with the lawmakers asking whether the changes will compromise privacy. -
European Parliament website taken offline in retaliation of ACTA
27 Jan 2012 | 5:01 amThe European Parliament's website fell under a distributed denial-of-service attack (DDOS) on Thursday in what the organisation classified as retaliation for the shutdown of the Megaupload file-sharing site and an anti-counterfeiting trade agreement. -
Zscaler launches free link malware scanner Zulu
27 Jan 2012 | 4:22 amCloud security vendor Zscaler has launched a new free-to-use online service called Zulu that can assess the security risk associated with URLs by analysing the content they point to, as well as the reputation of their corresponding domain names and IP addresses.
-
Hot Security News
-
Expert Web Security Protection For Joomla and Drupal Hosting Platform
3 Jan 2012 | 3:37 pmCNP Integrations brings on the New Year announcing an unmatched hosting platform. CNP Integrations has launched a new strategic hosting platform featuring; SecureLive Security Monitoring, RackSpace cloud hosting combined with the world class web application support services from the CNP Integrations team. -
Panda Security Launches Beta Version of Panda Cloud Office Protection 6.0
23 Dec 2011 | 6:01 pmPanda Security, The Cloud Security Company, today announced the beta release of Panda Cloud Office Protection (PCOP) 6.0, its cloud-based security service for PCs, servers and corporate laptops managed remotely through a web-based console. The beta software can be downloaded for free at http://www.pandasecurity.com/promotions/betatest/pcop -
Online Shopping Requires Increased Attention
23 Dec 2011 | 5:08 pmVASCO Data Security International, Inc., a leading software security company specializing in authentication products cautions both consumers and employers to be extra vigilant for cyber criminality in the build-up to the festive season. -
Panda Global Protection 2012 Wins -Best Security Software- Award from PC World LA
28 Nov 2011 | 3:29 pmPanda Security today announced that Panda Global Protection 2012 has won the 2011 Best Security Software Award given by the prestigious PC World Latin America magazine. The award was received by Eduardo DAntona, Panda Securitys General Manager for Latin America, in a gala held on November 3rd at the Conrad Hotel in Miami -
2012 Internet Security Predictions by Websense Security Labs
28 Nov 2011 | 3:17 pmWith all of the crazy 2011 security breaches, exploits and notorious hacks, what can we expect for 2012? We asked the top researchers of the Websense Security Labs to take a few minutes and provide their top predictions for the coming year. Last years Websense Security Labs predictions were very accurate, so these predictions should provide very useful guidance for security professionals.
-
Crave: gorgeous gadgets and other crushworthy stuff. - CNET
-
Adobe shows the raw, dark side of Photoshop CS6
28 Jan 2012 | 5:19 amPhotoshop CS6 will get a new dark look, but it's not required. This view also shows the visual and numeric information about brush settings. (Click to enlarge.) (Credit: screenshot by Stephen Shankland/CNET) Adobe Systems has published a glimpse of the forthcoming Photoshop CS6, an update that brings the dark workspace and raw-image editing tools from the new beta of its sister program, Lightroom 4. Bryan O'Neil Hughes, an Adobe senior product manager, showed off a bit of the new software in a YouTube video published yesterday. Photoshop CS6 is set to debut along with the sixth version of… -
Stickman games that shine on iOS
27 Jan 2012 | 7:25 pm(Credit: CNET) Sometimes the bare essentials are all it takes to make a great video game. In this collection, our hero is the stickman. Everyone knows that in today's hottest games (for any platform), high-quality graphics are at a premium. Whether it's a first-person shooter, an MMORPG, or even a console golf game, realism and fancy graphics seem to be key to getting people to buy the product. But if you've played games for a while, you know that graphics aren't everything. A whole slew of games in the iTunes App Store have enjoyed a ton of success by completely ignoring fancy graphics and… -
Take a tour of BMW's new Mog online music system
27 Jan 2012 | 6:59 pmBMW is the first automaker to integrate an online music selection service into a production car. (Credit: James Martin/CNET) My iPhone, with 8GB of memory, can hold about 1,700 tracks. A BMW's internal hard drive has room for almost 3,000 tracks. Now, BMW's new Mog integration puts 14 million tracks at a driver's fingertips. I sat in the driver's seat of a 2012 BMW 650i, with Robert Passaro, the head of BMW's App Center, in the passenger seat. But we weren't going anywhere. Our entire focus was on the stereo. Passaro slotted an iPhone 4S into the BMW's cradle, nestled in the console… -
What's a PS Vita game cost? Ask again tomorrow
27 Jan 2012 | 6:51 pmHanging out with Nathan Drake sure is expensive. (Credit: Sony Computer Entertainment) Several PlayStation Vita games are seeing preorder price cuts (and one disappointing price increase) before the launch of the next-generation handheld gaming device planned of February 22. Little Deviants, Wipeout 2048, Modnation Racers: Road Trip, Reality Fighters, and Hot Shots Golf: World Invitation, which cost $39.99 previously, are currently available for $29.99 (via Amazon, GameStop and others). Sadly, it seems that the highly anticipated Uncharted: Golden Abyss for Vita rose in price from $39.99 to… -
D-Link HD Media 2000 DIR-827 router review: So many firsts
27 Jan 2012 | 6:49 pmThe Amplifi HD Media Router 2000 DIR-827 from D-Link. (Credit: Dong Ngo/CNET) The $145 D-Link Amplifi HD Media Router 2000 DIR-827 is the third I've reviewed in D-Link's Amplifi family of wireless routers, but it comes with lot of firsts. This is the first true dual-band router from D-Link that I'm aware of that comes with internal antennas, making it much more compact than previous true dual-band routers, such as the DIR-855. It's the first on the market to come with a USB 3.0 port, instead of USB 2.0. And finally, it's the first I've seen to come with an SD card slot, in case you want to…
-
Security - RSS Feed
-
Google Privacy Policy Update Challenged by Lawmakers
28 Jan 2012 | 6:00 amGoogle is under fire in Congress for its new privacy policy changes to unify user information from 60 Web services under one single policy. - Several U.S. senators Jan. 26 fired off a bipartisan letter to Google CEO Larry Page, asking for more information about the search engine provider's revised privacy policy. Google Jan. 24 announced that it will aggregate 60 of its Web services under one single privacy policy. Under this new... -
Verdasys Offers Enterprise Data Leak Protection as Managed Service
26 Jan 2012 | 4:44 pmIt seems every IT function can now be offered on-demand. Verdasys is launching its enterprise data leak protection system, Digital Guardian, as a managed security service. - Verdasys is moving its data leak prevention portfolio to the cloud to help enterprises protect their data stored on its networks and still reduce costs. The company introduced two new offerings Verdasys Managed Service for Information Protection (MISP) and Verdasys Information Protection as a S... -
EU 24-Hour Data Breach Notification Rule 'Unworkable': ATandT Executive
26 Jan 2012 | 12:21 pmAT&T's chief privacy officer says the 24-hour deadline to notify customers of a data breach that is set by new European Union data privacy regulations is "absolutely unworkable" and would end up forcing companies to notify all possible customers about a breach rather than just those affected. - New data privacy regulations being implemented by the European Union will present serious complications for U.S. companies doing business in Europe, according to an IT security and data privacy executive who took part in a panel at the George Washington University School of Law in… -
Catbird Unveils vSecurity 5.0 for Virtualized and Cloud Computing
26 Jan 2012 | 7:50 amCatbird's vSecurity 5.0 is built on industry-standard, network-based security technologies for a set of services protecting virtual, cloud and physical networks. - Catbird, a specialist in security and compliance for virtual, cloud and physical networks, announced the next generation of its vSecurity platform, vSecurity 5.0, which integrates directly with the hypervisor to provide automated control, visibility and efficiency. Its vCompliance engine monitor... -
Symantec Warns pcAnywhere Users to Disable Tool Due to Source Code Theft
25 Jan 2012 | 9:06 pmSymantec has confirmed that pcAnywhere users are at "increased risk" because attackers have stolen source code to the remote control tool. - The saga over Symantec's stolen code took another twist as the company acknowledged that pcAnywhere customers are at risk for man-in-the-middle attacks and new exploits. The breach actually occurred on Symantec servers in 2006, and attackers stole source code to several Norton security product...
-
Techwatch: Tech News
-
Nintendo Wii U confirmed for Xmas 2012
27 Jan 2012 | 5:17 amSome more information has emerged about the Wii U console. And the biggest snippet is the fact that Nintendo’s sequel has been confirmed as launching before the end of 2012. The company has learned “bitter” lessons from the 3DS launch, which failed to make the Christmas launch window and slipped to March, with sales suffering as a result. Hopefully they’ll have learned pricing lessons as well, as the 3DS had too steep a price tag for many when it was first out. The Wii has always been a competitive piece of hardware, of course, but the Wii U boasts higher-end technology… -
Nokia loses €1bn in Q4 2011
27 Jan 2012 | 2:57 amNokia has suffered a large loss in its latest financial results, with the company’s operating profit dropping by €950 million in the fourth quarter of 2011. That’s a complete reversal of the situation in 2010, when the firm posted a profit of almost €900 million. Revenue dropped 21% year-on-year, from €12.6 billion to €10 billion. However, Nokia was keen to point to net cash and other liquid assets of €5.6 billion, and also a “solid” fourth quarter performance in mobile phones, driven by the launch of its new Windows Phone handsets led by the Lumia 800. The Finnish… -
Apple iPad now has 58% market share
27 Jan 2012 | 2:31 amThe latest figures for the tablet market have been published by Strategy Analytics. And the analyst firm has recorded more slippage in slate market share for Apple. The figures are for Q4 2011 market share, and show that the iPad has dropped to 58% from 68% in the final quarter of 2010. That’s a considerable chunk of the market to lose to Android, which now holds 39%, up 10% year-on-year. The 40% mark is a figure that, earlier last year, some analysts were predicting Android would only reach in 2014. Apparently the Kindle Fire and Nook budget Android slates represent some 40% of the… -
Alan Wake and I Am Alive coming to XBLA
26 Jan 2012 | 3:13 amMicrosoft has announced the exact dates on which its so-called ‘House Party’ games are coming to Xbox Live. The Xbox Live House Party 2012 is another collection of bundled games being released over February and March onto XBLA, and punters who buy all four titles will receive a bonus 800 MS Points (in other words, one of the cheaper games for free). The party kicks off with Warp, a puzzle based action-adventure, on February 15th priced at 800 MS Points. Next up is the one we’ve been waiting for, Alan Wake’s American Nightmare, a standalone adventure in the spooky… -
Anonymous launches attack against ‘Irish SOPA’
26 Jan 2012 | 2:46 amAnonymous, the collective of internet activists, has struck again with its latest cause – action against copyright legislation in Ireland. Currently, a statutory instrument – a change in law which doesn’t require approval from Parliament – is being pushed through swiftly over in Ireland. And that instrument aims to achieve SOPA-like goals of making it easier for copyright holders to block websites deemed to have violated their intellectual property. There’s currently concern over whether this, like SOPA, is a rather blunt instrument which is overreaching and could be abused…
-
SecurityNewsPortal.com latest breaking computer security, anti virus and hacking news
-
Adding Weapons to ATM Defenses Wall Street Journal
27 Jan 2012 | 8:16 pmAdding Weapons to ATM Defenses Wall Street Journal -
Facebook Scammers Redirect Victims Through Amazons Cloud PCWorld
27 Jan 2012 | 8:16 pmFacebook Scammers Redirect Victims Through Amazons Cloud PCWorld -
Commentary Trust takes time DefenseNews.com subscription
27 Jan 2012 | 8:16 pmCommentary Trust takes time DefenseNews.com subscription -
CloudPassage Launches New Security Product for Public Clouds PCWorld
27 Jan 2012 | 8:16 pmCloudPassage Launches New Security Product for Public Clouds PCWorld -
Ping Identity Kicks Off Free Cloud Identity Security Training Series TheStreet.com press release
27 Jan 2012 | 8:16 pmPing Identity Kicks Off Free Cloud Identity Security Training Series TheStreet.com press release
-
Network Security Podcast
-
Network Security Podcast, Episode 265
24 Jan 2012 | 8:03 pmUnless you were hiding under a rock the last few weeks you’ve probably heard about the Stop Online Piracy Act (SOPA), Protect IP Act (PIPA) and their even more evil brother Anti-counterfiting Trade Agreement (ACTA). Many sites went dark last week, including Securosis, in protest and SOPA/PIPA were at least stalemated for the moment, if not entirely defeated. And since it’s a big story, we decided to discuss it at great length, probably saying many things that have been said by much smarter people than us. At least we hope it’s the smart people we’re agreeing… -
Network Security Podcast, Episode 264
10 Jan 2012 | 6:10 pmAs Zach prepares for his jaunt down to Miami Beach, Rich waxes paranoid about his newfangled Microsoft-powered car — and the prospect of Martin remotely hacking throttling the engine. It’s hard to imagine a few of Rich’s ‘friends’ won’t try hard to get their hands on his new remote and the system port on his car. (Also, check out our nomination in the Social Security Bloggers Awards — and vote if you’re eligible to do so!) Network Security Podcast, Episode 264, January 10, 2012 Time: 37:31 Show Notes: Exploit Code Released for ASP.NET Flaw… -
Network Security Podcast, Episode 263
3 Jan 2012 | 9:01 pmIt’s our first show of the New Year… wherein Rich describes server upgrades good and bad, being a victim in a data breach, and we discuss the rest of the latest news. We have to say, it’s a weird start to the year. Network Security Podcast, Episode 263, January 3, 2012 Time: 36:45 Show Notes: Most websites vulnerable to single-source, low-bandwidth DoS attack. Stratfor breached over the holidays. Hackers in space? China all annoyed they have data breaches like the rest of the world. Tonight’s Music: Trouble in Mind by Cephas and Wiggins -
Southern Fried Network Security Podcast
20 Dec 2011 | 6:28 pmThis is Martin, and while I know we said we weren’t going to do another podcast this year, I got started talking to Martin Fisher over at the Southern Fried Podcast and we decided, “What the heck, let’s do one more this year and thank all our listeners for supporting us!” It was supposed to just be the two of us, but Rich happened to be available. It was also only supposed to be a few minutes, but when you get the three of us going, it obviously has the potential for going long. All three of us are very greatful to our audiences, and I think I can say the same on… -
Network Security Podcast, Episode 262
13 Dec 2011 | 6:13 pmA discombobulated Martin and a sleep-deprived Zach get together for the final episode of 2011 (and Rich isn’t around to join us — tsk tsk). This week’s stories seem to be more of the same — surveillance, leaks, and dumb legislation. Here’s to hoping for a brighter 2012. Network Security Podcast, Episode 262, December 13, 2011 Time: 30:00 Show Notes: DNS Hijacks Now Being Used to Serve Black Hole Exploit Kit Who Knows What Youhavedownloaded.com? Carrier IQ: Bug made some keypresses, message data accessible The Infosec Naughty List & The Twelve Charlatan’s of…
-
About.com Internet / Network Security
-
5 Must-have Security Apps for iPhone
21 Jan 2012 | 10:29 amHave you ever gone on vacation and forgot to arm your home security system? Have you ever wanted to check in on your pet while you were away from home? If you answered yes to either of these questions, you will definitely want to check out our featured article on 5 Must-have Security Apps for iPhone. We'll also take a look at apps that can encrypt phone calls from your iPhone and track your phone if it's lost or stolen....Read Full Post -
How to Scam-proof Your Brain
16 Jan 2012 | 9:36 amCan you spot a phishing scam e-mail from a mile away? Are you a human scam detector? The focus of this week's featured article is on How to Scam-proof Your Brain. ...Read Full Post -
Protect Your Smartphone From Malicious QR Codes
8 Jan 2012 | 11:13 amQuick Response or QR codes like the one in the picture above seem to be popping up everywhere these days. They are great for advertisers and marketers because they allow users to obtain product information and website addresses by scanning the multidimensional bar code with their smartphone's camera. Unfortunately hackers and criminals are also using QR codes to trick users into installing malware, or handing over personal information....Read Full Post -
How to Secure Your New Facebook Timeline
31 Dec 2011 | 10:23 amDid you enable the new Facebook Timeline feature yet? The new Timeline lets you, your friends and, depending on your privacy settings, complete strangers flip through your Facebook history like a digital scrapbook. It has a newspaper-like appearance and all is easily navigated. Simply click on the year you are interested in and it jumps to all your old posts for that time frame....Read Full Post -
Hack Your Holiday Party With Some Spicy Password Crackers
31 Dec 2011 | 4:55 amIf you're looking for a last minute dish to make for a New Years party, try making some Spicy Password Crackers. They are both delicious and addictive. I call them password crackers because someone would likely hand over their password just so they could have another one....Read Full Post
-
WindowSecurity.com
-
Authenex ASAS - Voted WindowSecurity.com Readers' Choice Award Winner - Authentication / Smart Cards
26 Jan 2012 | 1:00 amAuthenex ASAS was selected the winner in the Authentication / Smart Cards category of the WindowSecurity.com Readers' Choice Awards. Smart Enterprise Guardian and eToken were runner-up and second runner-up respectively. -
Enhancing Endpoint Security for Windows Desktops (Part 2)
25 Jan 2012 | 1:59 amIn this article the author will discuss how least privilege can help protect the computer from local user attacks, as well as how data leak protection can help protect the corporate assets from being sent inappropriately across the Internet. -
Identity (Management) Crisis (Part 1): The evolution of identity concepts
18 Jan 2012 | 3:00 amIn this article we'll take a look at how the concept of identity has evolved particularly in the legal and technological realms. -
Enhancing Endpoint Security for Windows Desktops (Part 1)
11 Jan 2012 | 4:00 amIn this article, the author will discuss some of the most important aspects of endpoint security, including endpoint firewalls, endpoint password policy, endpoint least privilege, and endpoint data leak protection. -
Security Considerations for Cloud Computing (Part 1) - Virtualization Platform
3 Jan 2012 | 11:59 pmThis article looks at some of the security issues related to virtualization in the cloud.
-
Tenable Network Security
-
#7 Nessus Versus Malware - Top Ten Things You Didn't Know About Nessus
27 Jan 2012 | 8:08 amNessus has several different plugins and techniques for helping you with the fight against malware. The video below is part 7 in our series of the top ten things you didn't know about Nessus and covers 3 different ways Nessus can be used to help detect malware: Below are a few more examples of how Nessus can detect malware: 1. Nessus Network Checks Nessus plugins in the "Backdoor" plugin family detect certain types of generic behavior on listening services that are indicative of malware. For example, plugin #35322 detects the presence of an HTTP backdoor. Nessus detects the web server… -
Tenable Network Security Podcast 110
24 Jan 2012 | 1:44 pmWelcome to the Tenable Network Security Podcast Episode 110 Hosts Paul Asadoorian, Product Evangelist Carlos Perez, Lead Vulnerability Researcher Ron Gula, CEO/CTO Jack Daniel, Product Manager Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We recently added a 38-minute tutorial of Nessus, covering most of the basic features. We're hiring! - Visit the Tenable website for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at… -
Tenable Network Security Episode 109
18 Jan 2012 | 10:47 amWelcome to the Tenable Network Security Podcast Episode 109 Hosts Paul Asadoorian, Product Evangelist Carlos Perez, Lead Vulnerability Researcher Ron Gula, CEO/CTO Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We recently added a 38-minute tutorial of Nessus, covering most of the basic features. We're hiring! - Visit the Tenable website for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at… -
Tenable Network Security Podcast Episode 108
12 Jan 2012 | 8:31 amWelcome to the Tenable Network Security Podcast Episode 108 Hosts Paul Asadoorian, Product Evangelist Jack Daniel, Product Manager Carlos Perez, Lead Vulnerability Researcher Ron Gula, CEO/CTO Announcements Check out our video channel on YouTube that contains the latest Nessus and SecurityCenter 4 tutorials. We recently added a 38-minute tutorial of Nessus, covering most of the basic features. We're hiring! - Visit the Tenable web site for more information about open positions. You can subscribe to the Tenable Network Security Podcast on iTunes! Tenable Tweets - You can find us on Twitter at… -
Microsoft Patch Tuesday - January 2012
11 Jan 2012 | 11:16 amThe first round of security bulletins from Microsoft this year raises some interesting questions about the vulnerabilities being patched. I found the following three advisories particularly interesting: From MS12-002: The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. MS12-002 is ranked by Microsoft as important. Sure, it does…
-
Team Cymru Internet Security News
-
FBI developing social networking spy app
28 Jan 2012 | 4:00 am"The Federal Bureau of Investigation (FBI) is planning to develop an application that can track the public's postings to Facebook, Twitter and other social networks, in order to aid how it predicts and reacts to criminal behaviour, including public disorder and terrorism. An FBI request for information document has been published, asking potential contractors to contact the bureau by February 10. The FBI wants respondents to the document to outline how they would build such a system and how much it would potentially cost...." -
Lawmakers seek answers from Google on new privacy measures
28 Jan 2012 | 3:58 am"Google's decision this week to share user data across its online services has caught the attention of eight members of the US House of Representatives, with the lawmakers asking whether the changes will compromise privacy. The eight lawmakers, three Republican and five Democrats, said the move raises questions about consumer privacy. The eight, including Republican Representatives Cliff Stearns of Florida and Joe Barton of Texas, and Democrats Edward Markey of Massachusetts and Henry Waxman of California, sent a letter raising their concerns to Google CEO Larry Page on… -
Password Sharing Among American Teenagers
28 Jan 2012 | 3:57 am""It's a sign of trust," Tiffany Carandang, a high school senior in San Francisco, said of the decision she and her boyfriend made several months ago to share passwords for e-mail and Facebook. "I have nothing to hide from him, and he has nothing to hide from me.""That is so cute," said Cherry Ng, 16, listening in to her friend's comments to a reporter outside school. "They really trust each other."We do, said Ms. Carandang, 17...." -
The LWOT: Guilty plea in Maryland terrorism case
28 Jan 2012 | 3:54 am"U.S. citizen and Muslim convert Antonio Martinez pleaded guilty on January 26 to one charge of attempting to use a weapon of mass destruction against a government installation for trying to detonate what he believed was a car bomb outside a military recruitment center on the outskirts of Baltimore, Maryland in December 2010, in retaliation for what he perceived as an American war against Islam (AP). An FBI informant began communicating with Martinez on Facebook after seeing posts "espousing his extremist views," and on Martinez's orders filmed a video statement of him pledging… -
US lawmakers question Google over privacy policy
28 Jan 2012 | 3:52 am"Google is insisting that its new privacy policy will still give its users control, after criticism in a letter from US members of Congress. The lawmakers wrote to Google to express concern that users wouldn't be able to opt-out of the new data sharing system when using Chocolate Factory products."We believe that consumers should have the ability to opt out of data collection when they are not comfortable with a company's terms of service and that the ability to exercise that choice should be simple and straightforward," the letter said. Google already said when introducing…
-
WindowSecurity.com blogs
-
Symantec source code exposed!
9 Jan 2012 | 4:01 amSymantec admits that parts of the source code of two of their older enterprise products have been obtained by third parties illegitimately! Although, the exposed source code may be old, this remains a case of IP theft and Symantec should not downplay the risks of this incident and should take serious action! According to Symantec, the exposed code was for Symantec Endpoint Protection (SEP) 11.0 - which is used to block outgoing data from being leaked. more... -
More malware using social networks to reach victims!
6 Jan 2012 | 4:21 amThe major social networking platform Facebook is infected once more after last November's outbreak! The Ramnit worm hijacked some 45,000 user accounts on Facebook which presumably can lead the attackers to more sensitive accounts of users that happen to use the same email address and password all over the web. more... -
Vulnerabilities in .NET Framework
3 Jan 2012 | 6:29 amA security issue affecting Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. more... -
HP releases firmware "mitigation" for LaserJet vulnerability
31 Dec 2011 | 5:26 amWe reported a while back that a security vulnerability had been discovered in some Hewlett-Packard LaserJet printers that could render them vulnerable to unauthorized access, although HP said there had been no real-world cases of such access occurring. The problem was that the software that enables updates over the Internet doesn’t verify the authenticity of those updates, so an attacker could apply a malicious update. more... -
WPS vulnerability puts wi-fi networks at risk
31 Dec 2011 | 4:47 amUS-CERT has released a report on a vulnerability in Wi-Fi Protected Setup (WPS), a feature that makes it easier to set up wireless networks and devices, but – it turns out – can also expose them to the risk of an attacker gaining full access to the network by using a brute force attack to discover the PIN. WPS is a feature on many of today’s wireless devices so researchers say millions of devices could be affected and it could take a long time to fix them all. more...
-
TaoSecurity
-
Best Book Bejtlich Read in 2011
9 Jan 2012 | 8:40 pmIt's time to name the winner of the Best Book Bejtlich Read award for 2011! I've been reading and reviewing digital security books seriously since 2000. This is the 6th time I've formally announced a winner; see my bestbook label for previous winners.Compared to 2010 (31 books), 2011 saw a decrease to 22 books. Remember all reading is neither equal nor fast. When I review a book, I am sure to read it and not just skim it. For 10 books last year, I chose not to read them but to instead post impressions. Posts called "impressions" provide my sense of the book but I do not publish them in my… -
Telling a Security Story with Charts
8 Jan 2012 | 4:10 pmThe image at left appeared in the 31 December 2011 edition of The Economist magazine in the article Economics focus -- How to get a date: The year when the Chinese economy will truly eclipse America’s is in sight. It depicts 15 measurements of the US and Chinese economies, with historical and projected data. There is a version available at this page with more statistics comparing the two nations. The Economist presents these charts for the following reason:In the spring of 2011 the Pew Global Attitudes Survey asked thousands of people worldwide which country they thought was the leading… -
Happy 9th Birthday TaoSecurity Blog
8 Jan 2012 | 3:07 pmToday, 8 January 2012, is the 9th birthday of TaoSecurity Blog. I wrote my first post on 8 January 2003 while working as an incident response consultant for Foundstone. 2843 posts later, I am still blogging. Looking at all 9 years of blogging, I averaged 315 per year, but in the age of Twitter (2009-2011) I averaged only 171 blog posts per year. I plan to continue blogging, but I expect around the same number as last year -- somewhere in the 60 to 100 post range. I spend a lot more time expressing my views to the press and market researchers and analysts, so I'm often less inclined to do more… -
Mandiant Webinar Wednesday; Help Us Break a Record!
6 Dec 2011 | 9:06 pmI'm back for the last Mandiant Webinar of the year, titled State of the Hack: It's The End of The Year As We Know It - 2011. And you know what? We feel fine! That's right, join Kris Harms and me Wednesday at 2 pm eastern as we discuss our reactions to noteworthy security stories from 2011. Register now and help Kris and me beat the attendee count from last month's record-setting Webinar. If you have questions about and during the Webinar, you can always send them via Twitter to @mandiant and use the hashtag m_soh.TweetCopyright 2003-2011 Richard Bejtlich and TaoSecurity… -
Tripwire Names Bejtlich #1 of "Top 25 Influencers in Security"
6 Dec 2011 | 8:52 pmI've been listed in other "top whatever" security lists a few times in my career, but appearing in Tripwire's Top 25 Influencers in Security You Should Be Following today is pretty cool! Tripwire is one of those technologies and companies that everyone should know. It's almost like the "Xerox" of security because so many people equate the idea of change monitoring with Tripwire. So, I was happy to see my twitter.com/taosecurity feed and the taosecurity.blogspot.com blog make their cut.David Spark asked for my "security tip for 2012," which I listed as:Improve your incident detection and…
-
Jon's Network
-
Finding pcAnywhere in your Organization
27 Jan 2012 | 8:36 amSymantec announced that hackers have had the source code for remote access software pcAnywhere since 2006. It can’t be trusted until they issue a patch. Some organizations may be anxious to see how many of their machines have pcAnywhere installed. If you have an application aware firewall like Palo Alto Networks, you can see if there is pcAnywhere traffic on the network easily. To find out where it’s installed but not in use, most are probably using software like Altiris, Tivoli, etc. One tool that can find pcAnywhere (or any software for that matter) is Tanium – and it can… -
Note on M86 Authentication
4 Nov 2011 | 7:00 pmM86 authenticator and web-based authentication should work fine side by side. If you are using web-based authentication ONLY for ipad/iOs devices, then use Tier2 instead of Tier3 as it does not include Java Applet. Instead they configure authentication session retention time in the filter i.e. keep profile active for 60 minutes once authenticated. In WFR 4.2, you will be allowed to select Tier 3 Web Based Authentication so PC/Macs running java can leverage the session based authentication, while iOS/Android devices will fall back to the Tier 2 setting. Here’s what you need to know about WF… -
TinEye
20 Oct 2011 | 10:38 pmTinEye TinEye is a reverse image search engine. You can submit an image to TinEye to find out where it came from, how it is being used, if modified versions of the image exist, or to find higher resolution versions. TinEye is the first image search engine on the web to use image identification technology rather than keywords, metadata or watermarks. It is free to use for non-commercial searching. -
USB to Serial Driver for Mac OS X Lion
18 Oct 2011 | 11:14 pmI use and highly recommend MacWise for connecting to network devices via a console on a Mac. The driver I had for the USB to Serial device I have stopped working after my recent upgrade to Lion. The following fix worked like a dream: OS X Lion PL2303 Driver -
Find Files with No User or Group
20 Aug 2011 | 6:21 pmThis command can yield some interesting information: find / -nouser -o -nogroup Learned about it while playing with NeXpose today.
-
Roger's Security Blog
-
10 Years of Trustworthy Computing at Microsoft
12 Jan 2012 | 1:48 pmBefore joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? Why? A security guy? Joining Microsoft? hmm… So, these reactions came from the time immediately before we launched Windows XP (you are not on XP today, are you? If you are, read this article). Microsoft… -
10 Reasons to migrate off Windows XP
22 Dec 2011 | 4:24 amI would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the speed of your Internet connection (I think for me it was ISDN-Dial-Up). This was the time Windows XP was designed. Windows XP was launched in 2001 and – judging by its success – it was a really great piece of… -
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
16 Dec 2011 | 7:11 amA long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major cloud productivity service that enables HIPAA compliance. The Office 365 Trust Center provides in-depth information about the privacy and security practices for Office 365 and was recently redesigned to be more accessible and easy to… -
Implementing the Top 4 Defense Strategies
13 Dec 2011 | 7:46 amThe Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting Looking at these 35 strategies, the DSD claims that While no single strategy can prevent this type of malicious activity, the effectiveness of implementing the top four strategies remains unchanged. Implemented as a package, these strategies would have prevented at least 70% of the intrusions that DSD analysed and… -
Council of Europe Octopus Conference- Some Thoughts
23 Nov 2011 | 5:23 aml am still sitting in the parliament room of the Council of Europe at the celebration event for the Budapest Convention. It was another very good event advancing the challenges fighting Cybercrime. Let me try to summarize a few thoughts: The Budapest Convention is probably the best convention out there allowing a wide adoption of a harmonized legislation to fight Cybercrime internationally. A lot of countries outside the Council adopted or are in the process adopting the convention It balances the fight against criminals with the protection of Privacy and Human Rights. The willingness and the…
-
Spyware news
-
Kelihos botnet operator was technical expert at Antivirus company
24 Jan 2012 | 8:33 amYesterday Microsoft reported about surprising findings in one of Russian antivirus firms – according to the announcement, one of its former technical experts, Andrey N. Sabelnikov, was found to be included in a coordination of the global spam machine called the Kelihos botnet. Thanks to Microsoft, this Botnet was taken down one year ago. According to Microsoft Blog, a 31-year-old man from St. Petersburg, Russia, was found to be responsible for the botnet’s operations and also worked at a company selling firewall, antivirus and security software. Though it is not specified where… -
Don’t fall for Metropolitan Police misleading alert
17 Jan 2012 | 6:24 amMetropolitan Police alert, also called the Ukash virus, is one of the latest scams that are used for trying to swindle the money from PC users. This scam, also distributed in Spanish, French, German, Portuguese and other languages, is even capable to lock the desktop on the compromised machine for making its victim believe that he has really made something illegal, like watching videos with adult content or banned scenes against other people. However, Metropolitan Police international affair should be ignored no matter how trustworthy it may look for you. Based on faked information, it also… -
SpyEye trojan is used to hide fraudulent money transfers
10 Jan 2012 | 9:05 amSome months ago we have warned you about the dangerous banking trojan called SpyEye. Additionally to its malicious features, such as HTML injection and others, it has been also found to have another feature helping for the scammers to hide the fraud and all the changes made on the compromised acount. This seems to be borrowed from Zeus trojan. As you have already heard, SpyEye is especially dangerous for its ability to inject new fields into a page and make it ask for specific information which wouldn’t be normally asked from the user. For example, because of this virus, baking page can… -
Clickjacking scams are still used on Facebook
4 Jan 2012 | 10:02 amNew Year has come and hackers have started spreading new scams on Facebook. This time it’s another clickjacking scam that has been noticed circulating on this social network. Using the curiosity of Facebook users, it tricks them into clicking on links pretending to be liked by their friends. However, those ‘amazing’ and ‘surprising’ videos titled “Air Race Plan Crashed in the crowd during a show!” or “A Really Giant Baby!” are used for only redirecting victims to the splash pages pretending to contain interesting videos but filled with web based advertisements… -
Be Sure to Avoid Au Pair/Nanny Scams
22 Dec 2011 | 7:36 amIf you are looking for a job, don’t fall into those emails that spread around offering unreal nanny/au pair job offers that can be turned down only by the crazy ones. Promising £2700 per month plus £700 per week for expenses and many other things for carting two kids to school, these letters are clearly used by scammers to swindle the money. Who knows how many letters have been spread? Such scam letters include such and similar good-looking points: Schedule Your job is not a hard one,I do not believe in supervising or monitoring people to do their job.I believe people should be giving a…
-
Uncommon Sense Security
-
Bumper Sticker “wisdom”
23 Jan 2012 | 10:11 amI saw a bumper sticker the other day that made me think about the trite things often said in InfoSec. The bumper sticker said (paraphrasing): “War never solved anything, except ending communism, fascism, nazism, and slavery” While somewhat nonsensical, I’m sure a lot of folks cheer the sentiment. I really wasn’t in the mood to interrupt my vacation to discuss the state of global communism, the fall (and pending rise) of Russia; China, its sphere of influence, and the economic power wielded there. Nor did I wish to engage on fascism’s passing due to natural causes… -
InfoSec career attitudes survey
7 Jan 2012 | 11:07 amI have a favor to ask- please consider taking a survey on attitudes about your career in Information Security. I’m helping a group of smart folks look into what makes InfoSec folks tick, and what makes us twitch.This survey is mostly focused on your current situation, and this specific survey was selected because it is a standard measurement recognized by folks who study such things; this means aggregated results can be used for comparison with other professions (where there is survey data available) and averages.The survey is copyrighted, and has some license restrictions imposed on… -
Compensating, or compounding?
26 Dec 2011 | 2:09 pmBack in the Dark Ages I managed parts departments for a few car dealerships. This was back in the land before time, when dinosaurs, Renaults, and even worse-Peugeots, roamed the US. (Not this long ago) One of the lessons I learned was about the curious views some people have about errors. My introduction to this was during a discussion of inventory results with another manager. Using made up numbers- let’s say we have $100,000 in inventory on the books, we count everything, make all the required adjustments, and end up with $99,000 in inventory. There’s a grand… -
The Pandering Pentagram of Prognostication
20 Dec 2011 | 6:03 pmThis seems to be the year for ridiculing predictions, but I’m not jumping on that bandwagon. I am here to help you get the most from the meaningless drivel you spew in the name of prediction (and more importantly, page views). I have invented a brilliant methodology for measuring (because it is all about the metrics, isn’t it?) your drivel, and the drivel of others, in this most festive time of the year. No, not the “Judeo-Christian-Pagan-Northern Hemisphere Damn it’s getting cold and dark Holiday season”, but the “I’m too sick of this crap to write anything… -
Are you positive?
21 Nov 2011 | 4:20 amIt will not die, and this won’t end it, but I have to try. “False positive” findings are hotly debated by some folks, but that debate often centers on erroneous definitions or assumptions. Regardless of the type of system we are discussing, IDS, Anti-Virus, vulnerability tool, whatever- there are some basic ideas involved. The Basics: There is a defined condition which either exists, or it doesn’t. The tool or utility detects it, or it doesn’t. This gives us a pretty simple set of situations, expressed in the table below: Detected Not Detected Condition:…
-
cissp CISSP training Certified Information Systems Security Professional
-
Modeling Security Pentests - New Issue of WebAppPentesting is Out!
25 Jan 2012 | 11:54 amInside Web App Pentesting: Open Source Web Application Security Testing Tools by Vinodh Velusamy Author shows the significance of Open Source Web Application Security Testing Tools. As he claims „When you choose and use good tools, you’ll know it. Amazingly, you’ll minimize your time and effort installing them, running your tests, reporting your results – everything from start to finish. Most importantly, with a good web vulnerability scanner you’ll be able to maximize the number of legitimate vulnerabilities discovered to help reduce the risks associated with… -
Sykipot variant hijacks DOD and Windows smart cards
23 Jan 2012 | 8:49 amJanuary 12th, 2012 | Posted by jaime.blasco Defenses of any sort, virtual or physical, are a means of forcing your attacker to attack you on your terms, not theirs. As we build more elaborate defenses within information security, we force our attacker’s hand. For instance, in many cases, implementing multi-factor authentication systems just forces the attacker to go after that system directly to achieve their goals. Take the breach at RSA, for example. It has been attributed to attackers who needed the SecurID information to go after their real targets in the defense industry. -
SOPA and PIPA -- What`s in it for you
19 Jan 2012 | 1:20 pmAs seen on one of my hosting company mailing list: Greetings Site5 Customers! The U.S. Congress is currently considering two bills -- one in the House of Representatives called SOPA (Stop Online Piracy Act) and another in the Senate called PIPA (Protect IP Act). These bills both attempt to use similar methods to further criminalize and police intellectual property infringement. Although protecting intellectual property is important, these bills would use heavy-handed tactics that would censor and splinter the Internet. SOPA and PIPA would grant the U.S. government the ability to block almost… -
DARPA set to develop super-secure "cognitive fingerprint"
18 Jan 2012 | 9:26 amBy Layer 8 Created Jan 17 2012 - 12:54pm Developers at the Defense Advanced Research Projects Agency want to build information technology security [1] that goes beyond simply recognizing complex passwords but rather gets in your head to confirm your identity before you get access or continue to have access to important information. Specifically, the agency's Active Authentication program looks to develop what DARPA calls "novel ways of validating the identity of the person at the console that focus on the unique aspects of the individual through the use of software-based biometrics."… -
New Issue of PenTest Extra Magazine is available
16 Jan 2012 | 10:34 amNew Issue of PenTest Extra Magazine is available! Download the Free Sample Issue to check the content and read Free article, just click here. Read free article "XSS & CSRF: Practical exploitation of post-authentication vulnerabilities in web applications" by Marsel Nizamutdinov The goal of this article is to demonstrate the real danger of post-authenticated vulnerabilities. The author will not explain the basics of web application attacks in this article, as that has already been done many times before by others. He will focus on a practical way to exploit post-authentication XSS's and…
-
Hackers For Charity
-
Handmade Ugandan iPhone cases!
24 Jan 2012 | 4:34 amOne more item for Shmoocon! Handmade iPhone cases! These cases fit iPhone 3, 4 and 4S. Each one is unique, hand stitched with Velcro fasteners and two loops on the back for attaching to belts or straps. Again, quantities will be limited. Come by the booth early! -
Shmoocon schwag
24 Jan 2012 | 3:17 amI’m bringing something new to Shmoocon this year and I think it’s something that will appeal to the grrlz even more than the guys. These are handmade iPad/iPad 2 cases and laptop cases. The cases are hand stitched and quilted and are lined with fabric to keep your electronics safe and sound. Each case is different and all are made from African fabrics. Some are made with a water resistant core that’s also pretty unique: A Jinja Pure Cane Sugar bag! The cases close with either a button and hoop or with Velcro strips. Quantities are rather limited so come by the booth early if… -
Shirt Leak #2
21 Jan 2012 | 1:33 amHere’s a preview of the new run of shirts, first available at Shmoocon. We’ll be selling a version of this through the year alongside our custom con shirts. Quantities will be limited. Don’t adjust your sets. They aren’t black! =O -
The Jan, 2012 “Beg List”
20 Jan 2012 | 2:38 pmAs I plan to hop the flight for Shmoocon, I’m starting to make a list of things we need in Uganda. Some inexpensive creature comforts I’ll be able to get from the CVS around the corner from the con. Other things are either too expensive or too hard to get a hold of. So, as always, we’re looking for some oddball donations. Every little bit helps, so if you have something on the list and you’re either coming to the con or know someone who is, would you consider donating it to us? Thanks in advance! Motorcycle gear: We’re traveling a lot more by motorcycle because… -
Shmoocon 2012
19 Jan 2012 | 12:54 amThanks to the generosity of SANS, who is again paying for my flight, I’ll be joining the HFC crew at Shmoocon 2012 in Washington DC. We’re less than a week away from the show, so I’ll be posting a few teasers and some updates that have been sitting in my drafts queue for WAY too long. For our first teaser, here’s a mockup of the new Shmoocon shirt. This shirt will only be available at the con (no online sales) so if you want one and can’t make the show, be sure to tap a friend to hook you up.
-
Schneier on Security
-
Password Sharing Among American Teenagers
27 Jan 2012 | 6:39 amInteresting article from the New York Times on password sharing as a show of affection. "It's a sign of trust," Tiffany Carandang, a high school senior in San Francisco, said of the decision she and her boyfriend made several months ago to share passwords for e-mail and Facebook. "I have nothing to hide from him, and he has nothing to hide from me." "That is so cute," said Cherry Ng, 16, listening in to her friend's comments to a reporter outside school. "They really trust each other." We do, said Ms. Carandang, 17. "I know he'd never do anything to hurt my reputation," she added. It doesn't… -
Evidence on the Effectiveness of Terrorism
26 Jan 2012 | 10:36 amReaders of this blog will know that I like the works of Max Abrams, and regularly blog them. He has a new paper (full paper behind paywall) in Defence and Peace Economics, 22:6 (2011), 583–94, "Does Terrorism Really Work? Evolution in the Conventional Wisdom since 9/11, Defence and Peace Economics": The basic narrative of bargaining theory predicts that, all else equal, anarchy favors concessions to challengers who demonstrate the will and ability to escalate against defenders. For this reason, post-9/11 political science research explained terrorism as rational strategic behavior for… -
Federal Judge Orders Defendant to Decrypt Laptop
25 Jan 2012 | 1:56 pmA U.S. federal judge has ordered a defendent to decrypt her laptop. -
Supreme Court Rules that GPS Tracking Requires a Warrant
25 Jan 2012 | 12:54 pmThe U.S Supreme Court has ruled that the police cannot attach a GPS tracking device to a car without a warrant. EDITED TO ADD (1/26): It seems I was wrong when I said that the ruling forces the police to get a warrant before placing a GPS tracking device on a car. The ruling is much more complicated and nuanced. -
Research into an Information Security Risk Rating
25 Jan 2012 | 6:44 amThe NSF is funding research on giving organizations information-security risk ratings, similar to credit ratings for individuals: Existing risk management techniques are based on annual audits and only provide a snapshot of a partner's security posture. However, new vulnerabilities are discovered everyday and the industry needs a solution that enables a business to continuously monitor changing risk posture of all its partners and proactively manage assumed risks. The Phase II research objective is to build a scalable fully-automated ratings system. The research will focus on identifying and…
-
Security Uncorked
-
Please excuse the mess…
26 Jan 2012 | 7:31 pmI’m in the process of updating Wordpress versions, so some plugins and pages may be broken for a short period of time. Thanks for puttin’ up with my mess! -jj -
Final days to vote- SBN Blog & Podcast Awards
24 Jan 2012 | 3:08 pmIt’s Tuesday, January 24th, which means there are just 4 days left to vote for your top blogs and podcasts finalists for the Security Bloggers Network Awards, to be presented at RSA Conference USA 2012. If you’re a member blogger of the SBN, then you’re eligible to vote. Finalists were selected from a panel of outstanding judges (kept secret until after the nominations and finalists were announced). 2012 SBN Awards Judges (they selected finalists) Kelly Jackson Higgins Bill Brenner Larry Walsh and guest judge: Wendy Nather SBN Bloggers and Podcasters can vote until 1/27 at… -
Why more APs aren’t always better
19 Jan 2012 | 6:00 amLately, I’ve been forced to dispel a volume of wireless myths, both in way of technology and vendors. I’m not sure if it’s a full moon, or some other astrological occurrence, but it’s gotten a little crazy recently. So, I thought I’d take a few blog posts to address some wireless myths, in brief, to keep in the back of your head as you explore wireless solutions and upgrades in your environment. Here’s a thought on why more APs aren’t always better. The other day someone said “that’s fine, if that happens, we can just add more APs,… -
SOPA Blackout - 10+ reps already withdraw support
18 Jan 2012 | 8:41 pmThere are enough people writing about SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act), and I don’t intend to add unnecessary commentary to the anti-SOPA movement. And yes, I am anti-SOPA. Instead, I encourage you to check out this post by EFF, see how you can contribute to the effort, if you are also against the SOPA act. https://www.eff.org/deeplinks/2012/01/thank-you-internet-and-fight-continues Thanks to all these efforts, the NY Times reports that at least 10 representatives have withdrawn their support, as of 9pm Eastern January 18th. Read the full article here:… -
Understanding collisions and duplex in wireless
18 Jan 2012 | 8:15 pmFor whatever reason, we all seem to live with the delusion that wireless networking works like a wired connection, but over the air. And, in that world, we also have leprechauns. The truth is the layer 1 (physical) properties of wireless and RF are completely different; polar opposites in some cases. And, in comparison to our long-loved wired technologies and standards, RF is inherently flawed in design, in many ways. I’ll address that another day. For now, let’s talk about the duplex properties of wireless. And by talk about them, I mean, discuss the lack of. Wireless is…
-
Infosec Events
-
Week 3 in Review – 2012
24 Jan 2012 | 10:50 amEvent Related Infiltrate Conference “Voight-Kampff’ing The BlackBerry PlayBook” at INFILTRATE 2012 – intrepidusgroup.com We gave a talk at Immunity’s awesome INFILTRATE conference in Miami Beach, FL. Our presentation, “Voight-Kampff’ing The BlackBerry Playbook”, discussed some of the blackbox style, independent research we performed on the BlackBerry PlayBook. Infiltrate Wrap Up – blog.opensecurityresearch.com Our industry is getting over saturated with conferences that are filled with stale and sometimes uninspiring content. If we cannot collectively raise the bar,… -
Information Security Events For January
16 Jan 2012 | 10:04 amHere are information security events in North America this month: DoD Cybercrime Conference 2012: January 20 to January 27 in Atlanta ShmooCon USA : January 27 to Januaryin Washington, DC And here are the information security events in the other parts of the world: BSides Vienna: January 21 in Vienna eCrime Germany: January 31 in Frankfurt -
Week 2 In Review
16 Jan 2012 | 9:15 amResources How Modern Cars Can Be Cracked – autosec.org SOURCE Barcelona Resources from September 2011 – sourceconference.com Links, articles, and media from the event. OSCP-My Review – proactivedefender.blogspot.com The OSCP certification is an offensive security course which teaches the attacking side of Information Security and is largely aimed at those wanting to become penetration testers. My personal motivation for taking the course and exam were to better understand the methodology, tools and techniques that attackers employ to breach networks and systems. Tools… -
Week 1 In Review
9 Jan 2012 | 12:00 pmEvents Related Highlights from the 28th Chaos Communications Congress – advocacy.globalvoicesonlne.org The Chaos Communications Congress is the annual meetup of Germany’s Chaos Computer Club, one of the oldest hacker collectives in the world. It takes place in Berlin every year at the height of the holiday season between Christmas and New Year’s Eve, a time when only the dedicated European computer obsessive would leave their family and friends to spend four days in a conference centre with like-minded hackers and geeks. 28th Chaos Communication Congress & Berlin Sides… -
Week 52 In Review
2 Jan 2012 | 2:23 pmEvents Related Chaos Communications Congress Debriefing(s) …dedicated to information about the conferences and events of the CCC. Being our most important event, the annual Chaos Communication Congress is usually the main focus. But we provide announcements and background information for other CCC events as well – be it regional or international. Crypto talk at 28C3: Implementation of MITM Attack onHDCP-secured Links, Day 3, 18:30, Saal 1 – events.ccc.de Crypto talk at 28C3: TRESOR: Festplatten sicher verschlüsseln, Day 3, 14:30, Saal 2 – events.ccc.de Crypto talk at…
-
Dr Anton Chuvakin Blog PERSONAL Blog
-
Links for 2012-01-25 [del.icio.us]
26 Jan 2012 | 2:00 amSomeone Finally Makes “Shit Silicon Valley Says” -
Links for 2012-01-12 [del.icio.us]
13 Jan 2012 | 2:00 amHunting trips: network traffic log analysis | Overhack First, and most importantly, always keep in mind that we’re only identifying anomalies, not automatically classifying “bad” traffic. -
Links for 2012-01-11 [del.icio.us]
12 Jan 2012 | 2:00 amBrowsing Security Predictions for 2012 « Il Blog di Paolo Passeri Rare Legal Fight Takes On Credit Card Company Security Standards and Fines -
Links for 2012-01-09 [del.icio.us]
10 Jan 2012 | 2:00 amPaybacks are hell: Parental spying prompts infiltration of German police system -
Annual Blog Round-Up – 2011
4 Jan 2012 | 1:11 pmHere is my annual "Security Warrior" blog round-up of top 10 popular posts/topics in 2011. This list covers the posts most popular in 2011, not necessarily only those written in 2011. Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here. “Simple Log Review Checklist Released!” was again the most popular this year. The checklist, a list of critical things to look for while reviewing system, network and security logs when responding to a security incident PCI DSS…
-
Latest articles from SC Magazine
-
FINRA advises brokers to bulk up security
27 Jan 2012 | 4:08 pmThe self-regulating authority of Wall Street is warning securities firms about a rise in customers' email accounts being hacked to deliver bogus funds transfer requests. -
Univ. of Hawaii settles with 98,000 over five breaches
27 Jan 2012 | 3:21 pmThe largest class-action settlement in Hawaii's history is related to data breaches at University of Hawaii campuses. -
Just-patched critical Microsoft bug under attack
26 Jan 2012 | 4:10 pmResearchers warned Thursday that a recently patched vulnerability in Windows Media is being used by remote attackers to launch malware. -
Podcast: Security awareness training and rewarding good behavior
26 Jan 2012 | 2:31 pmAwareness training is finally becoming more about security and less about compliance, as SANS instructor Lance Spitzner discusses in this SC Magazine Podcast episode. -
Study: BlackHole appears, Conficker remains
26 Jan 2012 | 1:22 pmEighty-five percent of all malware is web-based, and some 30,000 websites are newly infected with malicious code each day, according to Sophos' "Security Threat Report 2012."
-
Verizon Business Security Blog
-
Weekly Intelligence Summary: 2012-01-27
27 Jan 2012 | 3:50 pmIn terms of risk to Verizon Security customers, the most significant developments this week revolve around governance issues in Europe. Data protection, privacy and anti-piracy laws, regulations and agreements are in flux and regardless of the final outcomes, the changes themselves are costly. Predictably, Anonymous finds only fault with these developments, thus attacks and threats of attacks are among this week’s intel collections. The RISK Team had to dip into our reserves of skepticism in the face of reports of railway hacking in the the northwestern US. Early reports have… -
Considering Vulnerability Disclosure in the Realm of SCADA Systems
24 Jan 2012 | 3:19 pmEvery once in a while, a vulnerability disclosure incident occurs that significantly changes the game. Recently, Digital Bond released vulnerability information in conjunction with exploit code packaged in Metasploit for 6 different SCADA system devices. This time around, the stakes have been raised with much bigger consequences. ¬† With consequences this high, it is worth re-evaluating the impact of vulnerability disclosure on risk in the IT environment. ¬† First, a brief reminder about how risk works. Even though we can‚Äôt measure it with precision, we can do a fairly good job in… -
Weekly Intelligence Summary: 2012-01-20
20 Jan 2012 | 4:14 pmThe period of tedium in risk intelligence ended last week. An already busy week was capped when Digital Bond announced serious, but non-specific vulnerabilities in six control systems. This happened at their S4 conference under the auspices of creating a “Firesheep moment.” We could interpret that to mean some sort of wake up call to the industry, but happily (for them) it also self-serves to drive business for Digital Bond and attendance at future conferences. In conjunction with Rapid7, PLC exploit modules are being released increasing risk in the short-term for any… -
Weekly Intelligence Summary: 2012-01-13
13 Jan 2012 | 3:26 pmParaphrasing Lenin: the last couple weeks nothing has happened; in all likelihood, we’ll soon pay for them with a week when decades happen. The significant InfoSec risk data point this week was Microsoft Tuesday with seven bulletins and one Adobe bulletin. In the coming week, Oracle will release a CPU with 78 fixes for vulnerabilities in Oracle, PeopleSoft and Sun Solaris product lines. Wired declared Anonymous to be the net’s immune system. But an analyst is compelled to assess if Anonymous is becoming symptomatic of an autoimmune disease. This week, an entity self-identifying as… -
Weekly Intelligence Summary: 2012-01-06
6 Jan 2012 | 4:01 pm0.006 Percent. Technical media headlines exploded Thursday night after Seculert blogged that the Ramnit worm had compromised 45,000 Facebook users. But the headlines don’t read “Six one-thousandths of one percent of Facebook users infected!” One cannot make reasonable intelligence assessments while running around with one’s hair on fire upon seeing the number 45,000 in a headline. Sorry, Seculert, but our assessment is “noted.” The RISK Team regards it as a teaching opportunity. Analysts should avoid the seductive pull big numbers have. One must also assess context to…
-
symantec.com
-
MIDI exploit in the wild
27 Jan 2012 | 7:06 amSymantec Security Response is aware of in-the-wild malware exploiting the Microsoft Windows Media Player 'winmm.dll' MIDI File Parsing Remote Buffer Overflow Vulnerability (BID 51292). read more -
Android.Counterclank Found in Official Android Market
27 Jan 2012 | 6:49 amSymantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. read more -
Indian Movie "Bodyguard" Featured in Phishing
26 Jan 2012 | 6:13 pmCo-Author: Avdhoot Patil read more -
Insight into Sykipot Operations
26 Jan 2012 | 6:33 amThe Sykipot campaign has been persistent in the past few months targeting various industries, the majority of which belong to the defense industry. Each campaign is marked with a unique identifier comprised of a few letters followed by a date hard-coded within the Sykipot Trojan itself. read more -
Feb 14 Is Here Again!
25 Jan 2012 | 6:22 amSpam levels always rise when a holiday or special event approaches. Symantec researchers are observing a surge of spam as Valentine’s Day gets closer and closer. Unbelievable discounts on jewelry, dinners, and expensive gift articles are the key themes for the Valentine’s Day related spam. read more
-
Optimal Security
-
Exploring 2012 Data Privacy Threats: Part 2 of 3
27 Jan 2012 | 9:43 amThis is part two in a series of three on data privacy. Read Pat’s first interview here. Are we desensitized to hack attacks despite the headline-making stories featuring Anonymous last year? What can we expect in 2012 on the data privacy threat front? And where are the weakest links in the enterprise? Veteran technology journalist Jennifer LeClaire had questions, and Lumension CEO Pat Clawson offered some insightful answers in part two of this three-part series on data privacy. Looking back over the past year, what were the most significant changes in the data privacy landscape? Clawson… -
Your Data Privacy Day: 1 of 3
16 Jan 2012 | 4:41 pmHow Private Is Your Data, Really? How private is your data? If you are like most people—and even many corporations—you can’t offer a solid answer. Yet one person’s lack of knowledge about data privacy can send a ripple effect through the world as malicious hackers work to steal valuable information from individuals, companies and governments. Lumension is taking an active role in the January 28 Data Privacy Day, working to help raise awareness of the issue and how to combat it. Veteran technology journalist Jennifer LeClaire caught up with Lumension CEO Pat Clawson to discuss… -
Cyber Security and Hollywood: More In Common Than You May Think
12 Jan 2012 | 4:54 pmSeveral months ago, I discussed the decline of the U.S as an innovator as part of my Industry Evolution: Innovation vs. Spending series. While a tough pill to swallow, it was true then and it continues to be the case today – the U.S. is lagging in innovation and our title of world thought leader is being stripped away by other countries. I’m not the only one that’s caught onto this trend. Hollywood is in the midst of a vigorous battle against innovation thieves distributing their Intellectual Property (be it films, music, games or other forms of creative expression) via the web. -
January 2012 Patch Tuesday Security Briefing
10 Jan 2012 | 3:18 pmPaul Henry, Security and Forensics Analyst for Lumension, discusses the impact of the January 2012 Patch Tuesday releases. -
Microsoft Slays The Beast
10 Jan 2012 | 12:28 pmIn the first Patch Tuesday of 2012, Microsoft has addressed 1 critical issue and 6 important. It’s interesting to note that despite all of the media hype over “The Beast”, attacks have simply never materialized and the issue has retained its “Important” classification from Microsoft. Overall, we saw a reduction in the number of critical issues from Microsoft in 2011. To that end, we can anticipate Microsoft will bolster defense-in-depth efforts and will likely increase the numbers of important issues like privilege escalation. Looking at the details: MS12-004 Critical –…
-
Sourcefire, Inc. News Release
-
Sourcefire FireAMP Delivers Advanced Malware Protection with Unprecedented Visibility and Control
23 Jan 2012 | 8:01 amNew Solution Gives Large Enterprises the Power to Discover, Understand and Block Advanced Malware Utilizing Big Data Analytics COLUMBIA, Md.--(BUSINESS WIRE)--Jan. 23, 2012-- Sourcefire, Inc. (Nasdaq: FIRE), a leader in intelligent cybersecurity solutions, today introduced FireAMP™ advanced malware protection, a malware discovery and analysis solution that analyzes and blocks malware by utilizing big data analytics. Designed for large enterprises, FireAMP delivers unprecedented visibility and the control needed to block threats missed by other security layers. FireAMP is the latest… -
Sourcefire Schedules Fourth Quarter and Full Year 2011 Financial Results Conference Call
6 Jan 2012 | 7:30 amCOLUMBIA, Md.--(BUSINESS WIRE)--Jan. 6, 2012-- Sourcefire, Inc. (Nasdaq: FIRE), a leader in intelligent cybersecurity solutions, today announced that it will release its fourth quarter and full year 2011 financial results after the market closes on Tuesday, February 21, 2012. That evening at 5:00 p.m. Eastern Time, Sourcefire will host a conference call to review these results. A listen-only web cast of the session will be available at www.sourcefire.com/investors. Those wishing to participate in the live session should use the following dial-in numbers: Calling from the United States or… -
Sourcefire Introduces Industry’s First Next-Generation Firewall with Integrated Next-Generation IPS
5 Dec 2011 | 8:02 amNew Universal Platform Surpasses Existing Solutions with Increased Awareness, Automation and the Industry’s Best Threat Prevention COLUMBIA, Md.--(BUSINESS WIRE)--Dec. 5, 2011-- Sourcefire, Inc. (Nasdaq: FIRE), a leader in intelligent cybersecurity solutions, today announced its latest innovation, the Sourcefire Next-Generation Firewall (NGFW). Building on Sourcefire’s Next-Generation IPS (NGIPS) technology leadership and leveraging its high-performance FirePOWER™ platform, the Sourcefire Next-Generation Firewall combines the world’s most powerful IPS threat prevention, integrated… -
Sourcefire to Present at the Barclays Capital Global Technology Conference
30 Nov 2011 | 3:05 pmCOLUMBIA, Md., Nov 30, 2011 (BUSINESS WIRE) --Sourcefire, Inc. (Nasdaq: FIRE), a leader in intelligent cybersecurity solutions, today announced its participation at the Barclays Capital Global Technology Conference, being held at The Palace Hotel in San Francisco. Sourcefire's presentation is scheduled for Wednesday, December 7, 2011 at 3:30 p.m. Pacific Time. A live web cast will be available on the "Investors" page of the Company's website (www.sourcefire.com) and a replay will be archived on the website as well. About Sourcefire Sourcefire, Inc. (Nasdaq:FIRE), a world leader in intelligent… -
Sourcefire's Immunet Anti-Malware Solution Surpasses 2 Million Endpoints
28 Nov 2011 | 8:02 amBig Data Analysis Fuels Intelligent Protection from Advanced Threats COLUMBIA, Md., Nov 28, 2011 (BUSINESS WIRE) --Sourcefire, Inc. (Nasdaq: FIRE), a leader in intelligent cybersecurity solutions, today announced that Immunet(R), the company's advanced anti-malware solution, has surpassed 2 million installed endpoints. Immunet achieved this milestone due to its "big data" approach to endpoint security, which allows it to provide an additional layer of protection not afforded by traditional anti-malware technologies. "The rapid adoption witnessed with Immunet demonstrates that users are…
-
Naked Security - Sophos
-
What do I do if my Twitter account is hacked?
27 Jan 2012 | 8:50 pmMany Naked Security readers ask for assistance when their accounts are hacked, or when their friends, family and colleagues need assistance. This article explains the steps needed to safely reacquire control of your Twitter account. -
Facebook sues alleged clickjacking firm
27 Jan 2012 | 5:54 amFacebook has filed a law suit a firm who, they say, bombarded users with clickjacking scams that earned $1.2 million a month. -
Poll reveals widespread concern over Facebook Timeline
27 Jan 2012 | 4:13 amOver 50% of people polled said they are worried about the Facebook Timeline. But will it be the catalyst for people to leave the site? -
US Police use games consoles in crime investigations
26 Jan 2012 | 10:49 amPolice in the US use XBox 360 and PS3s as key parts of investigations. With police now cooperating more closely with companies like Microsoft, is it time to ask for greater transparency about their relationships? -
Opinion: Google's privacy change - evil or business as usual?
26 Jan 2012 | 8:49 amGoogle says it will start tracking us across all its services - Gmail, Search, YouTube, etc. - and that it will share data on our activity across all of them. Does it put into question Google's motto, "Don't be evil"
-
Naked Security - Sophos
-
What do I do if my Twitter account is hacked?
27 Jan 2012 | 8:50 pmMany Naked Security readers ask for assistance when their accounts are hacked, or when their friends, family and colleagues need assistance. This article explains the steps needed to safely reacquire control of your Twitter account. -
Facebook sues alleged clickjacking firm
27 Jan 2012 | 5:54 amFacebook has filed a law suit a firm who, they say, bombarded users with clickjacking scams that earned $1.2 million a month. -
Poll reveals widespread concern over Facebook Timeline
27 Jan 2012 | 4:13 amOver 50% of people polled said they are worried about the Facebook Timeline. But will it be the catalyst for people to leave the site? -
US Police use games consoles in crime investigations
26 Jan 2012 | 10:49 amPolice in the US use XBox 360 and PS3s as key parts of investigations. With police now cooperating more closely with companies like Microsoft, is it time to ask for greater transparency about their relationships? -
Opinion: Google's privacy change - evil or business as usual?
26 Jan 2012 | 8:49 amGoogle says it will start tracking us across all its services - Gmail, Search, YouTube, etc. - and that it will share data on our activity across all of them. Does it put into question Google's motto, "Don't be evil"
-
TRUSTe Blog
-
TRUSTe Starts 2012 With A Bang
26 Jan 2012 | 3:09 pmChris Babel CEO | TRUSTe Image Credit We started 2012 out with a bang, moving into new offices (stop by if you happen to be in the Moscone Center or Union Square area) and announcing our $15 million Series C funding led by Baseline Ventures and supported by existing investors Accel, DAG and Jafco. This investment … Continue reading » -
The Need For A Flexible Compliance Strategy in Europe
25 Jan 2012 | 12:00 pmChris Babel CEO | TRUSTe The new EU privacy directive (a.k.a. the “Cookie Directive”) has more than a few executives concerned over how to comply and protect their brand in Europe. While there has been a lot of industry debate over compliance technologies and mechanisms – as well as the requirements of the Directive itself, brands … Continue reading » -
Ads About Ads (and Privacy)
20 Jan 2012 | 3:58 pmMatthew Shevach Director, Product Marketing | TRUSTe @matthewshevach The Digital Advertising Alliance (DAA), a self-regulatory body of the online advertising industry, has launched a new ad campaign and consumer facing website. The new campaign, titled ‘Your AdChoices’, is a public education campaign that will run across media channels with creative produced pro bono by the Salt … Continue reading » -
What Companies Can Learn From FTC Privacy Cases in 2011
5 Dec 2011 | 11:08 amJohn Gamble Marketing Associate | TRUSTe @johnaddison Earlier this week the Federal Trade Commission (FTC) announced a settlement with Facebook over charges that the company deceived consumers by changing privacy settings without first giving prominent notice and obtaining their consent. With this settlement the Commission completes the trifecta of taking on three of the largest online … Continue reading » -
Best Practices for Using Cookies
2 Dec 2011 | 4:43 pmJoanne Furtsch, CIPP, CIPP/C Director of Product Policy @privacygeek Websites today are rarely a single-party affair. On any given website consumers typically interact with a number of third parties who collect data about them, whether they realize it or not. When third parties collect consumer data through technologies that are not readily apparent to consumers, … Continue reading »
-
Worst Tech!
-
Access Wikipedia During Its 24-Hours Blackout
18 Jan 2012 | 6:27 amIn protest to the anti-piracy US laws, a lot of popular websites including Wikipedia have planned to stop serving the site for 24 hours. Hoping that the normal users may get to know, and they fight for their right in providing information for free. Accessing Wikipedia from your machine will now be displaying a blackout [...] -
Siri spits out Obnoxious Sentences
12 Jan 2012 | 12:47 amAnother complain from the Apple’s Siri app. A 12-year-old Briton Charlie Le Quesne was with his mother at a Tesco store in the UK when he grabbed a 4S for a demo. He questioned ‘how many people there were in the world’, the response was “I’m not sure what you said there, Shut the F**k [...] -
Even Facebook Doesn’t Like IE7
31 Dec 2011 | 5:45 amAbout an year ago we came to know that YouTube, Facebook and other major websites stopped the support for IE6. Now because it was obsolete but due to the vulnerability of the browser from the Redmond giant. Now what? It has been reportedly said that Facebook will not support IE7 anymore, it has been decided [...] -
Jon Bon Jovi Died at 49 [Facebook Scam]
21 Dec 2011 | 11:11 amAfter showing the carelessness of the celebrities on television; hackers are now responsible for calling the celebrities dead! This is just another scam from the cyber crooks which says that great singer Jon Bon Jovi died at the age of 49. This Hoax is spreading like a fire on popular social networking websites like Facebook [...] -
Top Christmas Scams of 2011
17 Dec 2011 | 12:10 pmFor the next 250 words you would come to know about the top Christmas scams of 2011. Some of them are spreading via mobile OS, some through social networks and some of them via email messages. So below are the top 8 Christmas scams. 1. Mobile malware: First in the list is the mobile malware [...]
-
Networking
-
Education
21 Jan 2012 | 7:22 amHow value is our education system in modern days as compared to certification of today and its impact. -
Successful IT Service Assurance: Built on a Virtualization, Network and Application Foundation
29 Dec 2011 | 3:45 amThe services IT Admins provide rest on three pillars: infrastructure, network and the applications. -
Hurry and Catch-Up!
7 Nov 2011 | 9:50 amGiven this re-occurring theme of “introduce the technology first and pick up the pieces later”, our goal at Network Instruments is to seek additional insight into how these emerging technologies so often cause IT systems to stumble and those responsible to suffer. -
End to 2 weeks of NAS Hell
13 Sep 2011 | 7:59 amIt was a journey, it was bad, and still not great when it ended. -
The "Clouds" are moving in!
17 Aug 2011 | 4:27 amMultiprotocol Label Switching or more widely known as a “MPLS Cloud” are starting to become more and more of an option and preference for IT managers across the nation and world.
-
SecurityWeek RSS Feed
-
SEC Takes Action Against Hacker
27 Jan 2012 | 9:03 amThe U.S. Securities and Exchange Commission (SEC) has charged a trader and four firms for what it calls a “brazen and systematic scheme”, which involved more than $850,000 in ill-gotten funds, and more than $2 million in customer compensation. read more -
Investors Warned of Financially Motivated Email-based Attacks and Account Hijacking
27 Jan 2012 | 8:33 amThe Financial Industry Regulatory Authority (FINRA), the largest independent regulator for all securities firms doing business in the United States, has issued an investor alert and a regulatory notice about an increase in financially motivated attacks, targeting the email accounts used by investors to initiate transactions. Similar warnings were recently issued by the FBI and the Financial Services Information Sharing and Analysis Center (FS-ISAC). read more -
The Zappo's Breach - When Bad Things Happen to Good Companies
26 Jan 2012 | 8:55 pmWho doesn’t love Zappos? They are one of the friendliest Internet stores in the US. Zappos started in 1999 by Nick Swinmurn, a truly great guy, who grew the company to $1 billion in sales by 2008. It has been a few years, but I still remember those giant boxes of Zappos shoes my wife and daughter would order – lots of styles in several sizes each. The shoe ceremony would take an hour, with all but two, maybe three pair being returned with a pre-paid shipping voucher. We are a Zappos family. read more -
Symantec: pcAnywhere Users at Increased Risk
26 Jan 2012 | 5:33 pmSymantec has found itself in the unusual position of having to warn users about its own software. read more -
Corporate Video Conferencing Systems Fail Secure Implementation
26 Jan 2012 | 11:38 amState of the art teleconferencing equipment is a must for most organizations today but few have installed it correctly, according to researchers at Rapid 7. The security company reported on Monday that conference boardrooms around the world were vulnerable to hacking. H.D. Moore, Rapid 7′s chief security officer and creator of Metasploit, said he found 5,000 wide-open conference rooms just within a 2-hour scan of the Internet. read more
-
Free IT - Security Magazines and Downloads from alltop.tradepub.com
-
An Overview of Okta's Multifactor Authentication Capability
25 Jan 2012 | 2:00 amHistorically, organizations have used Multifactor Authentication (MFA) to secure their most sensitive data. However, as cloud applications (Salesforce.com, Google Apps, WebEx, etc.) are adopted, the sensitive data they contain no longer resides in IT-owned datacenter environments where IT can control and enforce security policies. As a result of being physically in different locations, cloud applications leverage different authentication protocols that have previously made MFA extremely cumbersome to deploy for one app, let alone the suites that many organizations leverage today. This white… -
Moving Your Business to the Cloud with NetSuite and Google Apps
24 Jan 2012 | 5:20 pmWhether through native security tools and group policies, Postini, or other third-party tools, Google Apps has a robust set of features that bring enterprise security to organizations of all sizes. But can these tools really stand up to enterprise demands?Request Free! -
Security White Paper: Google Apps Messaging and Collaboration Products
24 Jan 2012 | 5:20 pmThe security controls that isolate data during processing in the cloud were developed alongside the core technology from the beginning. Security is thus a key component of each of Google's cloud computing elements, such as compartmentalization, server assignment, data storage, and processing.Request Free! -
Joomla! 1.7: Access Control Lists in Depth
23 Jan 2012 | 2:00 amThe course also includes tips and tricks for styling the offline access page and working with the ACL Manager extension. Exercise files accompany the course.Topics include:Introduction to ACLDefining usersDefining access levels and their roleAssigning access levels to modulesTesting loginsAlong with the free video training tutorials you will also receive monthly offers, tips, and insider information you won't hear elsewhere--including special discounts extended to newsletter subscribers.After taking advantage of the free video training, you can access all of the video tutorials by becoming a… -
Why Business Managers Must Prioritize Remote Backup
16 Jan 2012 | 6:20 pmGiven that almost all crucial and sensitive data is being stored by management via internal hard drives, it quickly becomes apparent that sudden data loss can cripple a company's short-term progress and long-term success. This guide provides basic insights to the benefits of backing up your data and help you learn what you can do to protect you businesses information as well as several no-obligation price quotes from pre-screened and industry-certified Data Storage Remote Backup companies.Request Free!
-
IT-Security
-
HIPAA Security Reminder – Sanction Policy
27 Jan 2012 | 12:00 pmThis entry is part 11 of 19 in the series HIPAA Security Reminders Both the HIPAA Security Final Rule and the HIPAA Privacy Final Rule require Covered Associates and Business Associates to have and apply sanctions against members of the workforce who violate the respective regulations. OCR auditors look for these policies and procedures and will consitinue to do so as enforcement amps up. What’s required and where do you stand? Have you reminded your workforce of your policy and sanctions? Learn more… The Privacy Final Rule requirement: 45 CFR § 164.530 (e)(1) Standard:… -
Security Incident Management Meets Breach Notification
25 Jan 2012 | 12:00 pmAll healthcare Covered Entities and their Business Associates and subcontractors will experience “operational issues” that may or may not be “security incidents” that may or may not be “breaches”. The HIPAA Security Final Rule and HITECH Breach Notification Interim Final Rule meet and compliment each other to set your requirements. Learn more… Becuase of the certainty of security incidents affecting healthcare organizations and the stiff penalties and embarrassment associated with breaches, your organization needs to be equipped with a formal and… -
HIPAA Security Risk Analysis Tips – Recommended Documentation
23 Jan 2012 | 12:00 pmThis entry is part 14 of 17 in the series HIPAA Security Risk Analysis Tips Nine (9) essential elements of an acceptable Risk Analysis are cited in the final “Guidance on Risk Analysis Requirements under the HIPAA Security Rule”. The first one addresses the scope of the analysis; that is, what information assets should be included in the review. Then the question arises: how should I inventory and document these assets? Here’s today’s big tip – Take advantage of the time investment and document thoroughly. Learn the guidance; Here’s how… Excerpts from… -
Summary of Recent HIPAA Compliance Legal and Enforcement Actions
20 Jan 2012 | 12:00 pmIn a recent live web event, several attendees asked what HIPAA HITECH legal or regulatory enforcement actions have happened recently. We’ve created a list that is illustrative of both actions by the Office for Civil Rights, State AGs and attorneys filing class action suits. You’ll undoubtedly recognize some names. Last week, in an interview with Deputy Director Susan McAndrew, Esq., from the HHS Office for Civil Rights went on record in an interview with HealthCareInfoSecurity.com to comment on the upcoming agency audits. She said, “This is just another opportunity for… -
HIPAA Security Assessment Software Demonstration
18 Jan 2012 | 12:00 pmDo you know if you are in compliance with the HIPAA Security Final Rule? Are you at risk for data breaches and the associated cost and loss of reputation? Are there gaps in your organization’s compliance program? Do you have an action plan to address your organizations deficiencies? In this brand new webinar, you will learn about a powerful Software as a Service that will enable you to affordably and quickly determine how you stack up against the actual law and focus your improvement efforts. Webinar slide materials Upcoming HIPAA HITECH Blue Ribbon Live Web Events Upcoming Live…
-
Social Exploits
-
A Facial Expression for Anxiety?
17 Jan 2012 | 6:30 amMedicalXpress is reporting on a paper that suggests a facial expression for anxiety:Researchers from the Institute of Psychiatry (IoP) at King’s College London have, for the first time, identified the facial expression of anxiety. The facial expression for the emotion of anxiety comprises an environmental scanning look that appears to aid risk assessment.Per the abstract, researchers presented 8 volunteers with emotional scenarios and had them pose facial expressions. Photographs and videos of the posed expressions were shown to 40 participants. The participants were asked to match… -
Hotspot and Facial Expression Resources
16 Jan 2012 | 1:59 pmHere are a couple of resources to help with recognizing hotspots and facial expressions of emotion.Humintell has compiled a list of videos with examples of microexpressions, hotspots, gestures, and emotions.Here at Social Exploits we’ve been slowly building a library of “interesting faces”. The collection includes various facial expressions of emotion from a variety of cultures. 1If you have anything you’d like to see added to this list, let us know.Fingerprint: 8796436E15AD44EED45758CE7D8EAB22Notes:Many of the images also make good material for practicing FACS… -
What Are Facial Expressions?
3 Jan 2012 | 7:58 amFacial expressions are a vital part of communication. What’s funny is that most people talk about facial expressions, but they don’t really know what they are. This post examines what facial expressions are in the context of nonverbal communication.Facial MovementsBefore we can even get into what facial expressions are, we have to understand the idea of “facial movements”. A facial movement is the movement of one or more facial muscles. 1 For example the zygomatic major muscles contract to pull the lip corners up and back towards the ear when a person smiles. -
The Facial Action Coding System Explained
13 Dec 2011 | 4:12 pmThe Facial Action Coding System (FACS) is a scientific system designed to measure human facial movements. 1 FACS is an anatomically-based comprehensive system. This means FACS can be used to describe any possible set of facial movements. Originally developed by Dr. Paul Ekman, Dr. Wallace Friesen, and Dr. Joseph Hager, the latest version of the FACS manual can be purchased online at face and emotion.Facial Action Coding System FundamentalsThe basic unit of measurement in FACS is the action unit. (AU) An AU represents the muscular activities that produce momentary changes in facial… -
The Truth About Micro Expressions
7 Nov 2011 | 4:35 pmThere has been a lot of talk lately about the idea of micro expressions. TV shows like Lie to Me and Psych include elements based on the concept of micro expressions. The problem is that a lot of the material out there is wrong. I wrote this post to help explain what micro expressions really are, and to help separate some of the fact from fiction that is floating around the web.What are micro expressions?First of all let’s get a proper understanding of what constitutes a micro expression. A micro expression is a very brief (1/2 a second or less) facial expression of one of…
-
Infosec Communicator
-
2012 Speaking Schedule, January through June
11 Jan 2012 | 9:01 pmI’ll be speaking at the following events this winter and spring. Watch for my presentation materials on SlideShare. January 9: HEISC (Higher Education Information Security Council), Town Hall. Recording available. January 30: Bullet Proofing Your Career Online (with Hannah Morgan, @careersherpa), ABCPNG (Always Be Connecting Power Networking Group), First Unitarian Church, Rochester, New York Description: What are the 10 key steps to building and securing your online reputation? A security professional and a career sherpa provide their perspectives on how to create an online presence… -
Making Information Security Fun
27 Oct 2011 | 9:25 amI shared this presentation at the October program meeting of the Rochester Chapter of the Society for Technical Communication. The presentation demonstrates how the Information Security Office at the Rochester Institute of Technology used marketing techniques to reinforce key messages to raise awareness around information security concerns such as phishing. To see more about how we’re using blogging to raise awareness in a specific academic course, visit the RIT Cyber Self Defense blog. -
Announcing the RIT Cyber Self Defense Student Blog
4 Sep 2011 | 9:52 pmImage via Wikipedia I teach a section of Cyber Self Defense, a security awareness course at the Rochester Institute of Technology. We always have a number of interesting discussions about current infosec issues. I believe these discussions would be of interest to a wider audience, and especially to readers of the Infosec Communicator blog. This fall, we’ve created a blog for the students to share their thoughts on various information security topics. We’re requiring the students to blog weekly, so we’re hoping to generate a good amount of traffic to and discussion on the… -
Top Ten Tips for Safe(r) Social Networking
8 Jul 2011 | 4:11 pmDid you know you’re a target every time you go online? Did you know that cyber criminals are targeting social networking sites? Do you know how to recognize a phishing attempt? Following these tips will help make your use of social networking sites safer. (Unfortunately, there’s no way to guarantee that you can use them safely.) Tip #1: Use strong passwords/passphrases. It’s important to use strong passwords because automated “cracking” programs can break weak passwords in minutes. At a minimum, you should use 8 characters (preferably 15 or more), mixing upper and lower case letters… -
Updated: Choosing the Safest Browser, Part One
30 Jun 2011 | 2:35 pmThis post provides an update to last year’s Choosing the Safest Browser post. Let’s take a look at what’s changed since June 2010. Browsers Last year, we looked at the following browsers to discuss which would be the safest: Opera Firefox Safari Internet Explorer Google Chrome Number of Vulnerabilities How do you decide which browser is the safest? One way is to look at the vulnerabilities that were disclosed for each one. Attackers may exploit these vulnerabilities to place malicious code onto your computer. In Spring 2010, my Cyber Self Defense class ranked the browsers in…
-
Infosec Communicator
-
2012 Speaking Schedule, January through June
11 Jan 2012 | 9:01 pmI’ll be speaking at the following events this winter and spring. Watch for my presentation materials on SlideShare. January 9: HEISC (Higher Education Information Security Council), Town Hall. Recording available. January 30: Bullet Proofing Your Career Online (with Hannah Morgan, @careersherpa), ABCPNG (Always Be Connecting Power Networking Group), First Unitarian Church, Rochester, New York Description: What are the 10 key steps to building and securing your online reputation? A security professional and a career sherpa provide their perspectives on how to create an online presence… -
Making Information Security Fun
27 Oct 2011 | 9:25 amI shared this presentation at the October program meeting of the Rochester Chapter of the Society for Technical Communication. The presentation demonstrates how the Information Security Office at the Rochester Institute of Technology used marketing techniques to reinforce key messages to raise awareness around information security concerns such as phishing. To see more about how we’re using blogging to raise awareness in a specific academic course, visit the RIT Cyber Self Defense blog. -
Announcing the RIT Cyber Self Defense Student Blog
4 Sep 2011 | 9:52 pmImage via Wikipedia I teach a section of Cyber Self Defense, a security awareness course at the Rochester Institute of Technology. We always have a number of interesting discussions about current infosec issues. I believe these discussions would be of interest to a wider audience, and especially to readers of the Infosec Communicator blog. This fall, we’ve created a blog for the students to share their thoughts on various information security topics. We’re requiring the students to blog weekly, so we’re hoping to generate a good amount of traffic to and discussion on the… -
Top Ten Tips for Safe(r) Social Networking
8 Jul 2011 | 4:11 pmDid you know you’re a target every time you go online? Did you know that cyber criminals are targeting social networking sites? Do you know how to recognize a phishing attempt? Following these tips will help make your use of social networking sites safer. (Unfortunately, there’s no way to guarantee that you can use them safely.) Tip #1: Use strong passwords/passphrases. It’s important to use strong passwords because automated “cracking” programs can break weak passwords in minutes. At a minimum, you should use 8 characters (preferably 15 or more), mixing upper and lower case letters… -
Updated: Choosing the Safest Browser, Part One
30 Jun 2011 | 2:35 pmThis post provides an update to last year’s Choosing the Safest Browser post. Let’s take a look at what’s changed since June 2010. Browsers Last year, we looked at the following browsers to discuss which would be the safest: Opera Firefox Safari Internet Explorer Google Chrome Number of Vulnerabilities How do you decide which browser is the safest? One way is to look at the vulnerabilities that were disclosed for each one. Attackers may exploit these vulnerabilities to place malicious code onto your computer. In Spring 2010, my Cyber Self Defense class ranked the browsers in…
-
Kindsight Blog
-
Kindsight Launches Security Analytics to Help Service Providers
25 Jan 2012 | 8:27 amhide Today, we launched Kindsight Security Analytics, a new platform for service providers to analyze network traffic for malware and aggregate security statistics onto a single web-based dashboard. The new platform provides unparalleled insights into subscriber infections, enabling Internet service providers and mobile operators to reduce risk within the network and diminish the malicious consumption of network resources. read more -
The Anatomy of a Phishing Attack
19 Jan 2012 | 9:55 amShow in Security Labs As many of us do, before blindly purging Spam folders, you scan for senders that may have been dumped there inadvertently by the Spam filters. Other than a larger amount of emails that are unreadable for a number of reasons, you don’t notice anything unusual. But wait, what’s this email from the New York State Department of Transportation - “I am in arrears and that I should follow the embedded link to resolve issues.” Since you were in New York State just weeks before, you pause but click on the link in the email anyway. DO NOT FOLLOW THESE NEXT STEPS. -
Threats in the News for December
13 Jan 2012 | 9:33 amhide Mobile and identity theft attacks, sometimes combined, top the list of threats in the news for December. While Android malware continues to steal headlines, and not in a good way, we did see a Windows Phone vulnerability make the news last month. On the identity theft front, Zeus continues to be a major concern and the attacks are getting more sophisticated as it was combined with a DDoS attack to hide the fraudulent transfers. read more -
2012 Predictions for Mobile Malware and Botnets
6 Jan 2012 | 9:37 amShow in Security Labs Last year we looked into our crystal ball to make some predictions for 2011, including mobile devices and Macs becoming the target of malware and the expansion of banking trojans. All of these came true so we are going to put our perfect record on the line and make some new predictions for 2012. While mobile malware grew substantially in 2011, most of the attacks lacked sophistication and the ability to make money for the cybercriminals. We see these mobile attacks evolving considerably in 2012, especially for the Android platform. We also saw the takedown of… -
Was Mobile Malware a Problem in 2011?
21 Dec 2011 | 9:46 amShow in Security Labs Last year, we predicted that mobile malware, particularly on the Android platform, would be one of the major trends in 2011. As the year draws to a close, we wanted to check to see if our crystal ball was accurate in this prediction. In November, Juniper reported a 472% growth in Android samples since July 2011, a stat that speaks for itself. But, Chris DiBona from Google responded on his blog saying that “No major cell phone has a ‘virus’ problem in the traditional sense…” and that “virus companies are playing on your fears”. So…
-
Networking Exchange Blog » Topics » Security
-
The Value of an Enterprise Security Assessment
26 Jan 2012 | 4:30 amOver the past several years I’ve had the pleasure of meeting with many Enterprise Customers who have INFOSEC Responsibility, and representing almost any vertical market segment you could imagine. I’ve often found, however, a pattern where customers may not always initiate very fundamental aspects of information security, that when executed, would help lower their overall risk. This is the first of a series of articles where I’ll do my best to articulate these common areas of improvement based on my numerous discussions with security leaders. With security breaches now becoming a… -
6 Ways Social Media Impacts Security For Business
13 Jan 2012 | 4:43 amSocial media has definitely transcended the generation gap. My parents have taken to Facebook to keep in touch with extended family and to learn of updates of the second generation. The other day I was talking to a friend of mine, who said to me, that her brother was making plans to go to India on a month long trip and that instead of telling her about it personally, he figured she may have read in on a facebook page. It got me thinking harder on how we have come to accept this technology in our day to day lives. Truly, Social networking has transformed the way the connected masses… -
A Feast For the Mind: Enrich Yourself as a Security Professional
6 Jan 2012 | 9:30 amI was inspired to write this post after reading an article my husband, Bharath Ramamoorthy, an architect wrote to inspire his team to take up courses as part of continuing education. Humans, by nature, are curious. The inherent curiosity to know more about things around us is the primary driver for learning. To be curious is to be open to new ideas, new resources and new perspectives. To be curious, means not to be afraid to ask questions, to say, I don’t know and most importantly I would like to know! Being curious should almost be second nature to us, there are so many things around us… -
5 New Year’s Security Resolutions
5 Jan 2012 | 9:51 amThe New Year promises a fresh start and like most of you I am looking forward to all that goes with it, while at the same time frantically running around trying to accomplish many things at once. This not only includes various responsibilities, but also meeting friends and family, dinners, decorating, and shopping for gifts- in person and online. As the old saying goes, “haste makes waste”, so this is also a good time to take a minute and catch our breath, figuratively and literally! With all that is going on, here are some basic security awareness tips that can help safeguard you now,… -
Editorial Review of 2011 – Security
28 Dec 2011 | 4:34 amSecurity is one of those subjects we often don’t like to pay much attention to — until something goes wrong. When everything is fine, i.e. Security professionals are doing their job, we don’t notice it. This is the way it should be. However, if a security breach is discovered, we know the critical importance of having professionals standing by get the job done, patch up leeking holes and fix the problem. Many today are seeing security as more than just a “fix it” strategy. When a security plan is in place to provide better protection than an alternative, it becomes a…
-
Email management, storage and security for business email admins
-
5 Common Outlook Errors and How to Fix Them
27 Jan 2012 | 8:00 amEmail is one of the most important communications tools for businesses. When it stops working, people start to get nervous. While there are many things that a user can do to mess up their email, many of these problems can be resolved with a restart of the software or the computer. However when the old standby of restarting doesn’t work, it is time for the email administrator to start looking into the issue a bit more deeply. Here are some of the more common errors found in Outlook 2007 along with some of the ways you can make things right again: 1. Error message that reads: “Cannot open… -
Troubleshooting Exchange Networking: Firewalls (Part 3)
26 Jan 2012 | 9:19 amOften, Exchange administrators will receive escalated help desk tickets from users complaining that Exchange is “slow” and demanding resolution. These sorts of tickets (slow being at best a relative term and never specific enough about what precisely is considered to be slow) can be extremely challenging to work, since the subjective nature of slowness is often combined with an inability to replicate the problem, or the problem is intermittent. The Exchange admin can take a look at the server(s) for high CPU utilization, low memory conditions, disk and network queue lengths exceeding the… -
Google Deserts Exchange Users by Killing Message Continuity
24 Jan 2012 | 10:00 amGoogle recently hung a ‘going out of business’ sign on its Message Continuity service for users of Microsoft Exchange. Google will continue to provide the service to its users until their contracts run out, but after that, they’re on their own. Since the service was launched a little over a year ago, “hundreds” of businesses have subscribed to the offering, which uses Google’s cloud to provide email continuity when a Microsoft Exchange environment is interrupted for any reason. Hundreds of users, though, can’t compete with the “millions”… -
7 Reasons Public Folders Need to Go Away
23 Jan 2012 | 8:00 amIf you are still on an Exchange 2003 or 2007 platform and are starting to plan your upgrade to Exchange 2010 (or your to the cloud), you are probably looking at your public folders and thinking to yourself: “oh gods no please don’t make me go through them! I promise I will be good from now on and eat my vegetables and clean my room please oh please oh please don’t make me deal with the public folders and please don’t send me to the cornfield!”. Okay, you might not have quite that, emotional reaction, but if you aren’t dreading the task, you haven’t started to think about it yet. -
Microsoft’s Trustworthy Computing Program Turns 10
20 Jan 2012 | 8:00 amGates: Momentous security memo For computer security experts, January 15 marked the anniversary of a red letter day. It was the 10th anniversary of the day that Microsoft decided to get serious about security. On that day in 2002, a memo from Bill Gates to Microsoft employees declared the company would be entering a new era, an era of “Trustworthy Computing.” “In the past,” Gates wrote, “we’ve made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible. We’ve done a terrific…
-
Anti spam and general email security in a business environment
-
Phishing Scam Targets Victims Using Better Business Bureau
27 Jan 2012 | 11:00 amThis past holiday season showed that spending in brick and mortar stores was significantly off targeted projects. People just weren’t spending as much money in the malls and department stores. However every single study of consumer spending did show that companies with a strong online presence had a significant boost in sales this past year, including the holiday shopping season. In fact during December alone, non-store sales rose 10.6 percent from the same time one year ago. Even automobile sales online boasted a 9.5 percent increase. To make sure they can stay competitive in the online… -
Go Phish Yourself?
27 Jan 2012 | 9:00 amA new open source toolkit is designed to provide a way for companies to educate their employees on how to spot phishing scams, but it may give scammers a lot of help as well. The open source Simple Phishing Toolkit includes a scraper that will quickly clone any website and create a phishing lure. It also comes with tools that allow administrators to track how many employees click on the lure, what links they followed, when they did so, and even their IP addresses, browser info and operating systems. Naturally, such tools would be very useful for IT departments and system administrators to… -
Several New Phishing Campaigns Going Strong
26 Jan 2012 | 11:00 amSeveral new phishing campaigns have been spotted in the wild. The first one is a new incarnation of an old scam. Emails that look like they’ve come from your friends arrive with an urgent message about them being on a trip to a far flung place such as Madagascar, London, or Berlin and needing help. You see, they were mugged/assaulted and all of their money and documents were stolen, and they really need to go home but there’s the matter of their hotel bill. The messages generally ask for about $1600 to be sent via Western Union. Of course it’s just a variation of a 419 scam. If… -
Kelihos Actions Continue: New Defendant Named
26 Jan 2012 | 9:00 amLast September we reported on Microsoft’s actions in taking down the Kelihos Botnet, and the civil actions pending against alleged perpetrators including Czech citizen Dominique Alexander Piatti and the dotFREE Group SRO. We then followed up with a story on the settlement reached and the dismissal of charges againt Piatti. Today Microsoft announced new actions in the legal followup to the botnet takedown. The Microsoft Digital Crimes unit has continued its investigation into the perpetrators behind Kelihos, and today filed an amended complaint in the U.S. District Court for the Eastern… -
Week in Review: You Can’t Spell Twitter Without ‘Twit’
25 Jan 2012 | 9:00 amThe year’s off to a rousing start, with all sorts of interesting security news this week: Wikipedia led a temporarily successful foray against SOPA and PIPA by joining numerous websites that went dark for a day; the founder of Megaupload had his hands slapped when law enforcement officials told him resoundingly, “no, you can’t pirate copyrighted material” – insult was heaped upon injury when dozens of expensive cars were towed away to show him they were right; and Koobface – the Facebook botnet that has been harassing Zuckerberg for years – was taken down by its own creators…
-
Networking Exchange Blog » Topics » Security
-
The Value of an Enterprise Security Assessment
26 Jan 2012 | 4:30 amOver the past several years I’ve had the pleasure of meeting with many Enterprise Customers who have INFOSEC Responsibility, and representing almost any vertical market segment you could imagine. I’ve often found, however, a pattern where customers may not always initiate very fundamental aspects of information security, that when executed, would help lower their overall risk. This is the first of a series of articles where I’ll do my best to articulate these common areas of improvement based on my numerous discussions with security leaders. With security breaches now becoming a… -
6 Ways Social Media Impacts Security For Business
13 Jan 2012 | 4:43 amSocial media has definitely transcended the generation gap. My parents have taken to Facebook to keep in touch with extended family and to learn of updates of the second generation. The other day I was talking to a friend of mine, who said to me, that her brother was making plans to go to India on a month long trip and that instead of telling her about it personally, he figured she may have read in on a facebook page. It got me thinking harder on how we have come to accept this technology in our day to day lives. Truly, Social networking has transformed the way the connected masses… -
A Feast For the Mind: Enrich Yourself as a Security Professional
6 Jan 2012 | 9:30 amI was inspired to write this post after reading an article my husband, Bharath Ramamoorthy, an architect wrote to inspire his team to take up courses as part of continuing education. Humans, by nature, are curious. The inherent curiosity to know more about things around us is the primary driver for learning. To be curious is to be open to new ideas, new resources and new perspectives. To be curious, means not to be afraid to ask questions, to say, I don’t know and most importantly I would like to know! Being curious should almost be second nature to us, there are so many things around us… -
5 New Year’s Security Resolutions
5 Jan 2012 | 9:51 amThe New Year promises a fresh start and like most of you I am looking forward to all that goes with it, while at the same time frantically running around trying to accomplish many things at once. This not only includes various responsibilities, but also meeting friends and family, dinners, decorating, and shopping for gifts- in person and online. As the old saying goes, “haste makes waste”, so this is also a good time to take a minute and catch our breath, figuratively and literally! With all that is going on, here are some basic security awareness tips that can help safeguard you now,… -
Editorial Review of 2011 – Security
28 Dec 2011 | 4:34 amSecurity is one of those subjects we often don’t like to pay much attention to — until something goes wrong. When everything is fine, i.e. Security professionals are doing their job, we don’t notice it. This is the way it should be. However, if a security breach is discovered, we know the critical importance of having professionals standing by get the job done, patch up leeking holes and fix the problem. Many today are seeing security as more than just a “fix it” strategy. When a security plan is in place to provide better protection than an alternative, it becomes a…
-
Redspin Security Blog
-
HIPAA Security Risk Analysis. – Are You One Of The 3,300?
25 Jan 2012 | 1:06 pmGet ‘er Done! I’m referring of course to the HIPAA Security Risk Analysis requirement of the Stage 1 EHR Meaningful Use Incentive Plan. Between 85%-90% of the 5,000+ eligible hospitals say they plan to qualify for Stage 1, yet data from the Centers for Medicare &Medicaid Servicesshows less than 25% have attested and received payment as of November 30, 2011. So for the 3,300 or so other hospitals – this is no time to procrastinate. Time flies, whether you’re having fun or not. You’ll need to plan your 90-day qualification period and be ready to attest before the 2012… -
How An Internal Penetration Test Can Help Your Organization
22 Dec 2011 | 11:29 amEvery IT department faces the challenge of having to apply limited resources (headcount, technology, 3rd party assessments) against a plethora of potential security risks. Choosing wisely is often the difference between an effective security strategy and an ineffective one. With that in mind and a number of possible assessment approaches available, what benefits can be gained from an internal penetration test? First, since security terminology is often misunderstood, let’s first define internal penetration testing. An internal pen test is a very specific scope of work where a security… -
“Enforcement Promotes Compliance” – HIPAA Audits Just Around the Corner
22 Nov 2011 | 7:01 pmEarlier this month, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released further details on its plan to audit 150 covered entities under its pilot HIPAA audit program. Periodic audits of the HIPAA privacy, security and breach notification standards are required of the HHS Secretary under Section 13411 of the 2009 HITECH Act (2009). In June of 2011, OCR awarded a $9.2 million contract to the consulting firm KPMG to develop an audit methodology and pilot program, and to conduct the first 150 audits. (Ironically, KPMG was selected despite having been… -
Healthcare IT Security – Who is Responsible, Really?
15 Nov 2011 | 10:11 amIn any complex, cross-functional business challenge, responsibility and authority must be distributed intelligently while at the same time prove a process of internal dispute resolutions. An information security program is one such complex and multifarious business necessity. At its heart, information security is a method of managing risk to information and information systems, and reducing uncertainty relative to organizational objectives; it is a balance. But the success of an information security program depends upon the ability of an organization to establish a set of controls based on a… -
The “Yelp for Security Tools” – SecTools.Org 2011 Update
4 Nov 2011 | 8:21 pmGordon Lyon, better known by his online alias of Fyodor and as the creator of the very popular (and awesome) tool Nmap has released the results of the Nmap 2010 User Survey which he performs every couple of years. The survey is filled out by members of the Nmap-Hackers mailing list, one of several mailing lists that Fyodor maintains which is made up of many smart minds in the security world. The 2010 survey had more than 3000 participants throw their vote in for the most popular security tools in the industry, both commercial and opensource. The votes are then tabulated and revealed in a…
-
F-Secure Antivirus Research Weblog
-
Facebook Spammers Use Amazon's Cloud
26 Jan 2012 | 6:03 amFacebook is recently doing a decent job at keeping survey spam posts at bay (all things considered).So, what's an entrepreneurial Facebook spammer to do? Well, some have tweaked their master plan, and have expanded their use of "cloud" services.Using Amazon's S3 file hosting service solves quite a few problems for these perpetrators. Number 1, Amazon's S3 web service is pretty inexpensive to set up, therefore they can still earn from the surveys. Number 2, because Facebook has been pretty successful at blocking suspicious URLs linked to spam, hosting their scam's code in a safe and popular… -
440,783 "Silent SMS" Used to Track German Suspects in 2010
26 Jan 2012 | 6:03 amThe 28th Chaos Communication Congress (28C3) is currently underway in Berlin and on Tuesday, researcher Karsten Nohl gave a presentation called: Defending mobile phones. If you have an hour, it's worth watching.Initial press reports focused on Nohl's revelation that hackers can potentially sniff numerous phone IDs and network authentications from an advantageous point, and because network authentications aren't frequently refreshed (depending on the network operator), an attacker could make expensive premium rate calls and bill them to other persons. GSM network specifications allow for every… -
Cracking Polish Passwords
26 Jan 2012 | 6:03 amMany of the sites that we blogged about on Monday are still offline after being targeted by DDoS attacks. Hackers have promised to continue until the 26th.According to Polskie Radio: "Over a thousand people gathered in Warsaw, Tuesday evening, to oppose the anti-internet piracy ACTA agreement, which PM Tusk confirmed that Poland will sign on Thursday."The signing is scheduled to take place in Tokyo, Japan.#Insert joke here:How do you hack a Polish government official's laptop?…the username and password are written on the sticker. On 25/01/12 At 06:34 PM -
Cheap Professional DDoS Service
26 Jan 2012 | 6:03 amNow here's something that you don't see everyday, a YouTube video in which a young woman advertises DDoS services, with a smile."Hello, Hackers."The video links to a forum thread that lists the attacker's rates:Just $2 per hour…Also, easy payment options. On 05/01/12 At 06:26 PM -
Pole Position: Poland Attacked by Anti-ACTA Hackers
26 Jan 2012 | 6:03 amThere's breaking news coming out of Poland. Hackers, reportedly associated with Anonymous, have been attacking Polish government websites to protest this week's scheduled signing of the Anti-Counterfeiting Trade Agreement (ACTA).ACTA is an intellectual property treaty. Poland announced on January 19 that it would sign the treaty on January 26, 2012.A Twitter account called @AnonymousWiki called for action against the Polish government.All of this follows on the heels of SOPA protests and Anonymous attacks against US government websites due to the FBI's takedown of Megaupload.Websites targeted…
-
Pcthreat.com
-
Worm.Nenebra.A
27 Jan 2012 | 11:49 pmWorm.Nenebra.A is a computer worm that can eventually lead to an ultimate system crash, if you allow this malware to remain in your computer. This worm usually spreads via removable and fixed drives. If the... -
Security Sphere 2012
27 Jan 2012 | 11:49 pmIt can be easy to fall for the clever lies used by Security Sphere 2012 to rip you off. The truth is this rogue antispyware application derives from the same family of rogues as the hotly detested Personal... -
System Fix
27 Jan 2012 | 11:49 pmSystem Fix is a fake defragger that derives from the same harmful rogues as the FakeHDD family of rogues. It will proceed to mess with your computer and eventually will lead to your system’s downfall if you... -
Trojan.Nedsym
27 Jan 2012 | 11:49 pmThere are all types of annoying malware infections that can turn your daily life into hell. Trojan.Nedsym is one of them. This Trojan is responsible for an endless flood of spam email messages. Since a lot of... -
Privacy Protection
27 Jan 2012 | 11:49 pmWhen looking for a user friendly and reliable security tool to complement your PC’s security, then you will certainly want to steer well clear of Privacy Protection. This rogue antispyware application, which...
-
threatpost - The First Stop for Security News
-
FBI Looking for App to Monitor Twitter and Facebook For Threat Data
27 Jan 2012 | 10:05 amThe FBI is in the early stages of developing an application that would monitor sites such as Twitter and Facebook, as well as various news feeds, in order to find information on emerging threats and new events happening at the moment. The tool would give specialists the ability to pull the data into a dashboard that also would include classified information that's coming in at the same time.read more -
Attackers Targeting Windows Media Bug With Malware
27 Jan 2012 | 7:03 amSecurity researchers have seen attackers going after the newly patched CVE-2012-0003 vulnerability in the Windows Media Player. The flaw, which was patched earlier this month by Microsoft, is a critical one that can enable remote code execution, and it affects a wide range of Windows systems.read more -
Malware Poses as Phony Google+ Plug-In
26 Jan 2012 | 12:55 pmSpammers are cashing in on the (modest) popularity of Google+ by sending out fake emails inviting users to try out Google+ Hangouts by downloading a malicious file posing as a Google+ Hangout plug-in.read more -
Hawaii Bill Would Require Internet Data Retention For Two Years
26 Jan 2012 | 10:38 amA Hawaiian legislator has introduced a broadly worded data-retention bill that require ISPs and other service providers to retain their customers' Internet activity records for at least two years. The bill, introduced by state Rep. John Mizuno, does not have any provisions for exclusions or privacy considerations and would force the ISPs to hold the customer data, but it does not make any mention of how the data should be protected.read more -
Slideshow: Scenes from S4 2012
25 Jan 2012 | 1:30 pmVIEW SLIDESHOW Scenes from S4 2012S4 is a conference hosted by Digital Bond, a security consulting firm based in Sunrise, Florida. Now in its fifth year, the S4 draws some of the world's top experts in securing industrial control systems to sunny Miami Beach to discuss the state of the art. read more
-
CBR - Security News
-
Spamming touches a high during holidays or major events: Report
27 Jan 2012 | 7:01 amTo further lure recipients to open their messages, spammers are using additional social engineering techniques, says Symantec -
Verdasys introduces two new enterprise data loss prevention offerings
27 Jan 2012 | 5:56 amMinimises the cost of data security -
NZ court grants bail to Megaupload aides
27 Jan 2012 | 3:15 amTwo associates involved in the Megaupload trial have been granted bail by a New Zealand court. -
McAfee refutes Symantec claims that its clients switched over
27 Jan 2012 | 12:48 amMcAfee said it had registered more sales in this quarter than in any single period -
Mobile and social media to dominate cybercrime trends in 2012
26 Jan 2012 | 9:52 amThreats for 2012 include social media platforms, mobile payment technologies, and non Windows based platforms.
-
VRT
-
A New Hope
5 Jan 2012 | 9:00 amRep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD) know a secret: The Federal government is REALLY good at watching people, much better than, say, the private sector. So they asked themselves (at least they did in my mind), "Why not share some of that information in order to protect American businesses from the ubiquitous cyber-security threat?"Hey guys…that’s a damn good idea!Seriously, I thought it was a great idea. So it was with a good deal of enthusiasm that I printed out H.R. 3523, or to use its more sexy name, the “Cyber Intelligence Sharing and… -
Cross-Platform Single-Request Web Server DoS From CCC
28 Dec 2011 | 2:08 pmSecurity never sleeps, even if it is the week between Christmas and New Year's, and most of you are on vacation, enjoying time with your family, or just goofing off because the office is empty. Today's reminder of that reality comes from Alexander Klink and Julian Walde, who presented yesterday at the 28th Annual Chaos Communication Congress a method of consuming a web server's entire CPU with a simple, low-bandwidth POST request. In fact, according to the advisory they released after the talk, as little as 30k/sec could be necessary to occupy a single i7 core, depending on the target… -
Malware Mythbusting
18 Nov 2011 | 7:25 pmThe malware sandbox that I've previously discussed on this blog has made for a lot of useful Snort rules - but it's also helped get me some excellent speaking slots around the world this year. This time, I've just wrapped up a presentation titled "Malware Mythbusting" at Ruxcon, Australia's premier technical security conference.The premise of the talk was simple: there's a lot of hype surrounding malware, and if you're someone tasked with keeping a network secure, there's generally not a lot of good information about the nature of the threat. Can I cut off China and Russia and make all the… -
Microsoft Security Advisory 2639658
8 Nov 2011 | 1:51 pmMicrosoft recently added a new initiative to its Microsoft Active Protection Program (MAPP), called the Advisory Initiative program, which gives partners up to 96 hours to provide protection for discovered vulnerabilities. Microsoft piloted the program with an advisory release on the Win32K TrueType font parsing engine, related to the Duqu malware (CVE-2011-3402). Sourcefire released its protections for this threat within the first 48 hours, as noted on the MAPP site http://technet.microsoft.com/en-us/security/advisorymapp:SID: GID 3, SID… -
Android Malware Analysis: A How-To
3 Nov 2011 | 2:00 pmWhile mobile malware comprises only a tiny fraction of the overall landscape in terms of volume, it is fast becoming essential to address from an enterprise security standpoint. Unfortunately, very few people would even have a clue where to start if charged with analyzing a program on a smart phone. This disconnect provided the rationale for a presentation I recently gave at Hack in the Box Malaysia on how to go from "I've got an Android APK file, now what?" to full static and dynamic analysis.The slides, available here, contain links to a number of useful tools. The good news for longtime…
-
VRT
-
A New Hope
5 Jan 2012 | 9:00 amRep. Mike Rogers (R-MI) and Rep. Dutch Ruppersberger (D-MD) know a secret: The Federal government is REALLY good at watching people, much better than, say, the private sector. So they asked themselves (at least they did in my mind), "Why not share some of that information in order to protect American businesses from the ubiquitous cyber-security threat?"Hey guys…that’s a damn good idea!Seriously, I thought it was a great idea. So it was with a good deal of enthusiasm that I printed out H.R. 3523, or to use its more sexy name, the “Cyber Intelligence Sharing and… -
Cross-Platform Single-Request Web Server DoS From CCC
28 Dec 2011 | 2:08 pmSecurity never sleeps, even if it is the week between Christmas and New Year's, and most of you are on vacation, enjoying time with your family, or just goofing off because the office is empty. Today's reminder of that reality comes from Alexander Klink and Julian Walde, who presented yesterday at the 28th Annual Chaos Communication Congress a method of consuming a web server's entire CPU with a simple, low-bandwidth POST request. In fact, according to the advisory they released after the talk, as little as 30k/sec could be necessary to occupy a single i7 core, depending on the target… -
Malware Mythbusting
18 Nov 2011 | 7:25 pmThe malware sandbox that I've previously discussed on this blog has made for a lot of useful Snort rules - but it's also helped get me some excellent speaking slots around the world this year. This time, I've just wrapped up a presentation titled "Malware Mythbusting" at Ruxcon, Australia's premier technical security conference.The premise of the talk was simple: there's a lot of hype surrounding malware, and if you're someone tasked with keeping a network secure, there's generally not a lot of good information about the nature of the threat. Can I cut off China and Russia and make all the… -
Microsoft Security Advisory 2639658
8 Nov 2011 | 1:51 pmMicrosoft recently added a new initiative to its Microsoft Active Protection Program (MAPP), called the Advisory Initiative program, which gives partners up to 96 hours to provide protection for discovered vulnerabilities. Microsoft piloted the program with an advisory release on the Win32K TrueType font parsing engine, related to the Duqu malware (CVE-2011-3402). Sourcefire released its protections for this threat within the first 48 hours, as noted on the MAPP site http://technet.microsoft.com/en-us/security/advisorymapp:SID: GID 3, SID… -
Android Malware Analysis: A How-To
3 Nov 2011 | 2:00 pmWhile mobile malware comprises only a tiny fraction of the overall landscape in terms of volume, it is fast becoming essential to address from an enterprise security standpoint. Unfortunately, very few people would even have a clue where to start if charged with analyzing a program on a smart phone. This disconnect provided the rationale for a presentation I recently gave at Hack in the Box Malaysia on how to go from "I've got an Android APK file, now what?" to full static and dynamic analysis.The slides, available here, contain links to a number of useful tools. The good news for longtime…
-
Private WiFi
-
Google’s ‘Good to Know’ Campaign Touts Online Privacy
26 Jan 2012 | 12:09 amGoogle has launched its “Good to Know” advertising campaign to help educate consumers about how to protect themselves online. According to this eWeek article, “the multimillion-dollar Good to Know initiative includes privacy and security tips, such as how to use two-step verification, how to lock a computer when it’s in public but not in use, and how to make sure website connections are secure via HTTPS encryption.” The Good to Know campaign is aimed at the casual Internet user and defines cookies and IP addresses, and explains how Google and other service… -
No, You Didn’t Win the Lottery
25 Jan 2012 | 8:36 pmHave you ever received an email from the United Nations compensation Fund about a large sum of money that you are entitled to? The author may have had some incredible title with far too many words like, President Executive Director of International Compensation and Recovery, which makes the author sound mighty important. Maybe it is an urgent message from the Federal Bureau of Investigation, Internal Revenue Service or Secret Service stating that you are under investigation for money laundering, or even that there is a problem with your income tax returns? At one point or another, we have all… -
Facebook to Live Stream Official Data Privacy Day Event
25 Jan 2012 | 12:22 amOnline privacy and security have become a central part of our new digital reality, and the fifth-annual Data Protection Day this Saturday, January 28 is a great opportunity to foster a societal debate around data privacy issues. Last year we chatted with Leonardo Cervera, the man responsible for the first Data Privacy Day event in the United States. He spoke at length about data privacy and his overall background and interest in keeping people safer online, among other topics. Cervera noted that, “As a consumer, I am concerned that business considerations might prevail over my dignity… -
What It’s Really Like to Suffer Identity Theft
24 Jan 2012 | 12:30 amVictims of identity theft describe it almost universally as an incredibly traumatic experience. That’s the key takeaway from an interactive message board that invited a host of opinions and stories from people who have experienced such fraud. In the opinion of one professional adviser who posted in the forum, unlike victims of more traditional crimes, there’s no single group or agency that can address all identity-theft issues. Matt Davis, the security adviser with the Identity Theft Resource Center, noted the following: “Identity theft often spans multiple jurisdictions or… -
Celebrate Data Privacy Day with 50% off PRIVATE WiFi
23 Jan 2012 | 8:36 pmAs the international community celebrates Data Privacy Day on Saturday, January 28, 2012, PRIVATE WiFi, in hopes of raising awareness for privacy education, is offering a one-day coupon for 50% off of an annual subscription to its personal VPN software. Use the coupon code CPNPRIVACYDAY during the purchase process to receive a half-off discount. The annual subscription rate is normally $84.95, but with this special deal in celebration of Data Privacy Day, the full 12 months is only $42.50! If you want to try PRIVATE WiFi before your use the coupon code, visit our Try Page to download a free…

