Powered By InformationWeek Business Technology Network
 

Independence Day Fireworks Video Carries Malware Payload


Posted by Graham Cluley @ 02:41 AM ET | Jul 4, 2009

Hackers are taking advantage of American Independence Day celebrations, by spamming out what pretends to be a link to a Fourth of July fireworks show, but is really an attempt to infect computers.

Continue reading "Independence Day Fireworks Video Carries Malware Payload..."

Comment on this blog entry
Topics:   SophosLabs Insights



The Only Two Reliable Cloud Security Controls


Posted by Rich Mogull @ 05:00 PM ET | Jul 2, 2009

It seems that we in the information technology profession are just as fickle as the fashionistas strutting around Milan or New York. While we aren't quite as locked to a seasonal schedule, we do have a tendency to fawn over the latest technology advances as if they were changing colors or hem lengths. Some are new, some are old, some are incredibly useful, and others are completely frivolous, but we can't deny their ability to enter and steer our collective consciousness -- at least until the next spring. Take cloud computing.

Continue reading "The Only Two Reliable Cloud Security Controls..."

Comment on this blog entry
Topics:   Hacked Off



Security Design Goes With Secure Coding


Posted by Gadi Evron @ 04:20 PM ET | Jul 1, 2009

When professionals without security awareness plan a project, security is often left out. The result costs money in the long run. What can we do to make it better?

Continue reading "Security Design Goes With Secure Coding..."

Comment on this blog entry
Topics:   Hacked Off



It's Time To Take Bot Infections Seriously


Posted by John Sawyer @ 03:26 PM ET | Jul 1, 2009

The soapbox is a place I hate to be, but sometimes a topic just rubs me raw enough that I climb up to try and get my point across. The topic of bots, botnets, and their impact on corporate data is one of those issues.

Continue reading "It's Time To Take Bot Infections Seriously..."

Comments(1)
Topics:   Evil Bytes



'Net Parrot Effect


Posted by David Maynor @ 06:22 PM ET | Jun 30, 2009

Iran. You remember the place? Before several celebrities died in the past week, Iran's election aftermath gripped national attention. The more I found out about the election situation, the demonstrations, and the crackdown, the more I felt as if I were reading a political thriller. That's when the ugly side of our hyper-connected society reared its ugly head.

Continue reading "'Net Parrot Effect..."

Comment on this blog entry
Topics:   Hacked Off



Don't Let Legacy Media Foil Your Forensic Investigation


Posted by John Sawyer @ 04:07 PM ET | Jun 29, 2009

When performing incident response and forensics on a compromised system, the focus of analysis is on the most immediately available and relevant sources of evidence. Volatile data collected from a running system, the hard drive, network flow data, and logs collected on a central server all serve as useful sources for determining the particulars of the incidents. But what about incidents that go back further, requiring you to dig into backup tapes -- and potentially very old ones?

Continue reading "Don't Let Legacy Media Foil Your Forensic Investigation..."

Comment on this blog entry
Topics:   Evil Bytes



Spammers Scramble To Exploit Michael Jackson's Death


Posted by Graham Cluley @ 10:29 AM ET | Jun 26, 2009

It took a mere eight hours for cybercriminals to take advantage of the death of pop superstar Michael Jackson.

Continue reading "Spammers Scramble To Exploit Michael Jackson's Death..."

Comment on this blog entry
Topics:   SophosLabs Insights



EU Group: Social Networks, Thirty-Party App Developers Subject To EU Privacy Laws


Posted by Sara Peters @ 01:57 PM ET | Jun 25, 2009

I just took a close look at the Article 29 Data Protection Working Party's opinion report on online social networking. While some of its recommendations are what you'd expect, others came as a surprise.

Continue reading "EU Group: Social Networks, Thirty-Party App Developers Subject To EU Privacy Laws..."

Comments(1)
Topics:   CS Island



The Iranian 'Proxy War'


Posted by Gadi Evron @ 12:27 PM ET | Jun 25, 2009

Iranians are using proxies worldwide to circumvent government censorship.

Continue reading "The Iranian 'Proxy War'..."

Comment on this blog entry
Topics:   Hacked Off



Could The Cloud Lead To An Even Bigger 9/11?


Posted by Rob Enderle @ 07:59 AM ET | Jun 25, 2009

Late last week I attended an event sponsored by IBM/Lotus and Technology Review. A very credible "End of the U.S." doomsday scenario tied to the public cloud was outlined that I believe warrants further thought.

Continue reading "Could The Cloud Lead To An Even Bigger 9/11? ..."

Comment on this blog entry
Topics:   Hacked Off



Forewarned Is Forearmed, Right?


Posted by Lorna Garey @ 05:33 PM ET | Jun 23, 2009

Next-gen Web apps and virtualization are two topics much on the collective mind of CIOs and line-of-business leaders. Of course, they're seeing dollar signs from slick eye-candy RIAs and cramming 20 VMs on each physical server. Security? Meh.

Continue reading "Forewarned Is Forearmed, Right?..."

Comment on this blog entry
Topics:   Hacked Off



Private Facebook Info Exposed By Simple Hack


Posted by Graham Cluley @ 04:50 AM ET | Jun 23, 2009

Facebook's security has been called into question after the creators of a new blog discovered a hack that can expose private profile information of any user.

Continue reading "Private Facebook Info Exposed By Simple Hack..."

Comments(1)
Topics:   SophosLabs Insights



Maltego: Going On The Offensive *And* Defensive To Defend Against Social Networks


Posted by John Sawyer @ 04:37 PM ET | Jun 22, 2009

You know the military's ol' mantra about "loose lips sink ships"? Well, it's being redefined by sites like Twitter, Flickr, and Facebook, according to a great article from Federal Computer Week that discusses the threats social networks pose to operational security.

Continue reading "Maltego: Going On The Offensive *And* Defensive To Defend Against Social Networks..."

Comment on this blog entry
Topics:   Evil Bytes : Insider Threat Tech Center



Facebook Scam: I'm Stranded In London. Send Money!


Posted by Gadi Evron @ 07:30 PM ET | Jun 21, 2009

Facebook users are facing a new threat, 419 scams in chat form, masquerading as friends.

Continue reading "Facebook Scam: I'm Stranded In London. Send Money!..."

Comments(1)
Topics:   Hacked Off



Data Leakage Through Nontraditional Networks


Posted by John Sawyer @ 02:40 PM ET | Jun 19, 2009

Securing our company's data is our job. We build up layers of defense to protect it when it is housed within our corporate network and corporate computer systems. Firewalls, VPNs, encryption, and data leakage prevention all help in some way to protect the data that we don't want anyone else to have. Sometimes, however, we are stuck in the situation where we don't control the network or systems that portions of our data ends up on.

Continue reading "Data Leakage Through Nontraditional Networks..."

Comment on this blog entry
Topics:   Evil Bytes : Insider Threat Tech Center



Government Takes Action On Internet Badness


Posted by Gadi Evron @ 03:40 PM ET | Jun 17, 2009

Sources of online criminal activity, such as Atrivo/Intercage and McColo, are no longer around. While I am not quite willing to share the full story behind these takedowns just yet, I can say that community action was the key.

Continue reading "Government Takes Action On Internet Badness ..."

Comment on this blog entry
Topics:   Hacked Off



Developers Often Left Out Of Security Training


Posted by John Sawyer @ 03:10 PM ET | Jun 17, 2009

A good friend was telling me recently about a risk assessment he was involved with in which his organization found some vulnerabilities in the Web application. When they asked the developer about them, the response was, "What is cross site scripting?" Wow -- how is it that in this day and age that someone, who probably considers themselves to be a competent Web developer, doesn't know XSS? Ask them about SQL injection, and the response would probably be the same.

Continue reading "Developers Often Left Out Of Security Training ..."

Comment on this blog entry
Topics:   Evil Bytes



Dark Reading Launches Database Security Tech Center


Posted by Tim Wilson @ 09:23 AM ET | Jun 16, 2009

Today Dark Reading launches a new feature: the Database Security Tech Center, a subsite of Dark Reading devoted to bringing you news, product information, opinion, and analysis specifically focused on the topic of database security.

Continue reading "Dark Reading Launches Database Security Tech Center..."

Comment on this blog entry
Topics:   Dark Dominion : Database Security Tech Center



Incorporating The 'CIA' Triad In Software Purchases


Posted by John Sawyer @ 03:14 PM ET | Jun 15, 2009

When talking to sysadmins and developers about security of the new software they're looking to deploy, I often end up in a discussion in which at least one or two of the CIA (confidentiality, integrity, and availability) triad is left out.

Continue reading "Incorporating The 'CIA' Triad In Software Purchases..."

Comment on this blog entry
Topics:   Evil Bytes



Major Malicious Ecard Campaign Strikes Inboxes


Posted by Graham Cluley @ 10:53 AM ET | Jun 12, 2009

Hackers have spammed out a widespread attack to unsuspecting computer users, disguised as an electronic greeting card.

Continue reading "Major Malicious Ecard Campaign Strikes Inboxes..."

Comment on this blog entry
Topics:   SophosLabs Insights



Cost Analysis Of Multifactor Authentication


Posted by John Sawyer @ 02:55 PM ET | Jun 10, 2009

A recent article on integrating the YubiKey, a USB token that can provide one-time passwords (OTP), and WordPress reminded me of how few people I know actually use multi-factor authentication to secure their resources. Instead, they rely on the passwords for users to authenticate to Websites and VPNs with nothing in between them and an attacker who might steal that password. The insecurity of passwords is a topic that's been beaten to death time and time again. So why is it that we haven't moved on?

Continue reading "Cost Analysis Of Multifactor Authentication..."

Comment on this blog entry
Topics:   Evil Bytes



Microbloggers: Beware Of Dangerous Twitter-Growth Websites


Posted by Graham Cluley @ 08:55 AM ET | Jun 9, 2009

Fueled by hype generated by celebrity devotees like Oprah, Ashton Kutcher, and Stephen Fry, it seems like everyone is jumping on board the Twitter train.

Continue reading "Microbloggers: Beware Of Dangerous Twitter-Growth Websites..."

Comment on this blog entry
Topics:   SophosLabs Insights



Hacking Challenge Shows XSS Still King


Posted by John Sawyer @ 02:12 PM ET | Jun 8, 2009

Last week, another company got egg on its face by running a "we're-so-secure-you-can't-hack-our-stuff contest." When are companies going to learn claims like that always backfire?

Continue reading "Hacking Challenge Shows XSS Still King..."

Comments(2)
Topics:   Evil Bytes : Security Services Tech Center



Trust And Web Ad Services


Posted by Gadi Evron @ 04:34 PM ET | Jun 5, 2009

Well-respected, highly secure Websites commonly infect the people who surf them. So if they are so secure, then why does this keep happening?

Continue reading "Trust And Web Ad Services..."

Comment on this blog entry
Topics:   Hacked Off



Suspected Child Porn Hub Taken Offline


Posted by Graham Cluley @ 07:58 PM ET | Jun 4, 2009

Internet service provider Pricewert -- which trades under names such as 3FN and APS Telecom -- has been shut down and disconnected from cyberspace following allegations it was knowingly involved in major spam attacks, phishing campaigns, malware distribution, and child abuse.

Continue reading "Suspected Child Porn Hub Taken Offline..."

Comment on this blog entry
Topics:   SophosLabs Insights




Go on to the weblog archives...