This is another small step toward fighting spam; especially for users that take advantage of web mail services. Go to the link above and create an image of your email and use this in your signature instead of text. Also, if your provider is not available, click on this link and select the colors that best match your web site. Enjoy! Continue reading Fight Spam With This Email Signature Image Generator
Be careful when using Picasa and other Google applications with default nickname and web address settings, since the number that Google assigns to your ID in those cases is easily decipherable. The number is just a replacement for your ID and is consistent, not random. This is not a new issue, and rather old, but I still see a lot of Picasa links that have those numbers in them. Without changing the defaults, an attacker can replace the URL in a page with javascript:alert(_user.name) to obtain the relevant ID. Read more in this Lifehacker article. Continue reading GMail/Picasa Identity Leakage
Too bad I wasn’t there right at the close of the presentation yesterday, but these days I can afford not to ride a plane 13 hours to Washington D.C. At work we performed some in-house reviews of iphone security about two years ago, accepting some risks over functionality. However, three different channels of information through personal contacts, web browsing, and work relationships have raised a flag about this research being performed on iphone security. The findings revealed in the papers dispute two tenets of iphone security that have been repeated throughout the past couple years: 1) sandboxing applications so that … Continue reading iPhone Security Becomes Topic At BlackHat
This Japanese news article reports the first “internet cafe” arrest in Japan since the anti-piracy download law went into effect on Jan. 1, 2010. However, I am fairly certain that this is the first such arrest altogether – somebody please comment if I am wrong. Toward the end of last year and the first days of the new year, many blogs and statistic sites were reporting on the number of shares on peer-to-peer software available on the internet. Remarkably, most of the numbers did not change a bit. I find this unusual since Japanese go to great lengths to stay … Continue reading Anti-Piracy – First Internet Cafe Arrest In Japan
Yes, I know… ‘Another Network World article’, you say. Yes, because lately they have been hitting trends fairly accurately…. read on!This article outlines a Sophos survey of businesses that ranks Facebook as the biggest threat simply (at 60% surveyed) because it has become the biggest social network, followed by MySpace (t 18%, then Twitter at17%. Well, I tend to agree with that reasoning, but think the threat is somewhat limited on a couple of levels. In more secure environments in the financial industry, we have seen much broader implementation of Websense that keeps employees out of such sites through filtering … Continue reading Facebook As Biggest Security Threat
Well, from looking at the news and some of the evaluation discussions coming through here in Japan, it appears that at least Japan and the US will be implementing body scanners for boarding processing in the next year. Bruce Schneier touches on this subject a couple times throughout his blog, but in Japan’s case, I have some very reliable insight to some of the considerations by local officials. Of course, Japanese throw the latest, greatest technical solution at something as a CYA move all the time. Nobody wants to be responsible for a bad decision, so little thought goes into … Continue reading Suck Your Guts In – Full Body Scanner Coming To An Airport Near You!
I was in the office yesterday and in passing conversation Google’s recent actions became the subject of conversation. “Dumb move”, came from across the table, which made me think a bit. Since I had heard the news last week, I was thinking nothing but smart move, so this came as a surprise and caused me to think about it for a while, hence, this blog posting.DUMBThe first dumb point that comes from this is that Google just shot themselves in the foot in the largest internet population in the world. The recent news profiles China as the largest internet ‘market’, … Continue reading Smart Google? Dumb Google?
Now people with alternative intentions in mind can get a promotion beyond administrator and become…. won’t say it to stay on good terms with …. This ZDNet Japanese article was released late last night, so don’t know if the English press caught on yet or not – here is the synopsis. In a nutshell, if you create a directory in Windows XP, Vista, and Win7 and name it “GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}” without the quotes, then open that folder, all of the control panel, system admin tools, and everything you need to take control of a locked down system becomes available. We’ve tried … Continue reading God Mode – The Only Way To Admin Windows
It’s no secret that I have been focusing on wireless security issues over the past two years, and I have been very vocal about how ‘wireless’ is not limited to wireless LAN. We are approaching a turning point where securing organizations will require even more emphasis on ID management and access control to establish accountability for effective monitoring, thereby establishing metrics based upon and sound measurement processes. Overall, the future challenge for governance will move from writing policy and pushing paper to sound statistical analysis (see more at securitymetrics.org), intricate log analysis, and stronger technical skills among security professionals. Introduction … Continue reading Ubiquitous Security – 2010 Brings Focus To Mobile Issues
Japan IT press is reporting that digital photo frames shipped for Christmas are infected this year too. Does this ring a bell? Dejavu? Well, because it happened last year too; as chronicled at SANS, here, and here. Now, if you click on any one of the three previous links, please pay attention to the date – exactly one year ago. Not many security news items break in Japanese before the English publications, but here is the report paraphrased.The original report comes from the SANS Internet Storm Center that states digital photo frames made by Smartparts introduces various questionable malware files … Continue reading Again? Digital Photo Frames Infected For 2009 Christmas… Too!
Blog 