Email Address:
Phishers are re-working old attacks and coming up with some variations on past attacks as they continue to try to scam social networking site users. This isn't new, but as Symantec points out, the attacks are on the rise.
Consolidating account information in a single service is appealing - log into one place and get a snap shot of your financial state. Sounds good in theory, but the practice went wrong for Rudder, a free personal financial service.
Denial of service attacks that flood a site with requests can be blunted by blocking users sending large number of requests. More advanced techniques send a small number of resource intensive requests. Researchers at IBM and Georgia Institute of Technology have created a way to deal with these attacks, too.
Continue reading New Technique for Denying Denial of Service Attacks...
An interesting quote in a USA Today story on security company acquisitions speaks to the increasing level of concern about current levels of information security.
Continue reading Business Needs to Get Out Ahead of Security Regulation...
Symantec has been following the trends in Facebook phishing and the current wave of attacks looks similar to previous ones. Of course no one goes to this much trouble to vandalize Facebook pages, there is money to be made (stolen) at the end of the game.
BusinessWeek asks what's Holding back Google Apps?. The answer is the same thing that always kills deals to move corporate data to the cloud: control.
Continue reading Key to Online Apps Success: Control, Control, Control...
The New York Times has a cybersecurity-with-a-human-interest-angle story well worth reading. It covers some of the work of Rafal Rohozinski, a social scientist turned cyber-investigator.
Continue reading Open Source Intelligence and Cyberspying...
Adobe has released patches for Adobe Reader on multiple platforms to correct vulnerability that could allow attackers to take control of a machine.
Continue reading Critical Patch Available for Adobe Reader, Multiple Platforms...
Microsoft has released a patch for a zero-day PowerPoint vulnerability that has been exploited in the wild. A Windows version of the patch is available, the Mac version should be out soon.
Continue reading Critical Patch Available for Microsoft PowerPoint...
EU Commissioners are proposing stronger consumer protections for software security and efficacy. Software industry advocates want no part of this. The EU was ahead of the US on privacy protections which are common place today so it is worth watching how this story unfolds.
Continue reading EU Proposing Software Liability Protections; Malpractice May Be Better Model...
A collaboration of researchers in US, UK and Austrailia trying to raise awareness risks of improperly disposing personal data found their poster child for the year: a computer with details on a US anti-missile defense system.
Continue reading US Missle Defense Details Found on Computer Purchased from eBay...
Web sites built using content management systems may be vulnerable to SQL injection attacks, the trick is to find them.
Continue reading SQL Injection Attacks in Content Management Systems...
The Wall Street Journal is reporting air traffic control networks have been attacked on multiple occasions in the past several years. The FAA doesn't agree with all the findings of the Transportation Department's inspector general who issued the report but the undisputed facts are troubling enough.
Researchers from the Security Group at the UC Santa Barbara Computer Science department hijacked the Torpig botnet for 10 days. In that time the found what you'd expect (some users are very lax with security) and some things not so expected (how difficult it is to notify victims).
Continue reading Researchers Hijack Botnet Gain Insight to Bots and Their Victims...
I've come to expect more from Supreme Court justices than I found in some recent comments by Justice Scalia regarding online privacy.
Continue reading Supreme Court Justice: Publishing Cybersnooping Results is Free Speech...
The last couple of days have not been good ones for Facebook users getting phishing lures with messages like "check this out" linking to fake login pages. The attacks continued yesterday.
One of the major reasons advanced for upgrading from Windows XP to Vista is that the newer operating system is more secure. XP users running the OS on netbooks, older hardware, or just unwilling to put up with Vista's quirks are not completely out of luck.
Last week's release of Firefox 3.0.9 was quickly followed up by release of version 3.0.10 with fixes for a security flaw and a stability issue.
Continue reading Latest Firefox Release Fixes Security Vulnerability, Stability Issue...
The risk from a vulnerability in Adobe Reader and Acrobat can be mitigated according to Adobe by disabling Javascript until a patch is available. Here is how:
Continue reading Disable Javascript in Adobe Reader to Avoid Vulnerability...
Remember's Sun's tag line "the network is the computer" (that was before they put the dot in the Internet and were consumed by Oracle's merger-mania machine). IBM seems to be taking a similar approach by making "social networking is the development process" with the announcement of the My developerWorks social networking service.
Continue reading Social Networking for Developers Still Coming Up Short...
Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine