This is a great article about Saltzer & Schroeder, two 1970′s computer security researchers that published this paper. The principles in this paper are the most cited in computer security and many apply to secure coding. While many have heard of Saltzer and Schroeder or their basic computer security principles, few actually take the time to read their work. Enjoy! Continue reading Saltzer and Schroeder
The Twitter buzz (<- that’s funny) this morning were a bunch of postings about a phishing direct mail that would include a link which included a link to bzpharma.net (don’t click here if my blog software automatically links!!). When the end-user goes to the site, malicious software is executed that retrieves the user’s Twitter password, then spam direct messages all of their followers. Nasty and too bad. I have grown to like Twitter and other similar services as yet another networking medium. After seeing several hundred tweets (I’m up to 700-plus followers on @sysrisk), lo and behold, I received one … Continue reading Twitter Phishing Rampant – Today’s Flavor
This article by Engadget highlights a stealthy use of technology, but the school district, school, or principal – whoever made the original decision to do this – clearly violated personal privacy. This article is a good read, and will follow closely to see the outcome. Continue reading Principal Remote Monitoring Students At Home
This is big news on a cyberattack…. 75,000 Systems Breached! This Washington Post article just released details one of the biggest cyber attacks in history that has been recently revealed. The attack started in late 2008, but was just discovered last month. Again, highlighting the sophistication of hacker groups, demonstrating that they are gaining power equivalent or greater than nation states ability to protect themselves from such attacks.Read more at the link above. Continue reading This is big news on a cyberattack…. 75,000 Systems Breached!
TechCrunch has an interesting article that claims Facebook drives 44% of social networking. This is very interesting to me in the sense that a lot has recently been chronicled about how hackers and spammers are targeting social networks more, for a couple of reasons – recent new computer users are introduced to social networks as a method of keeping interest in computing. Some even purchase computers just to social network and keep up with peer conversations. Those newer users are prime targets. Another reason is that all the user profiles are there for exploitation without a phisher, hacker, or spammer … Continue reading Facebook, Social Networking, and Spammers
This is another small step toward fighting spam; especially for users that take advantage of web mail services. Go to the link above and create an image of your email and use this in your signature instead of text. Also, if your provider is not available, click on this link and select the colors that best match your web site. Enjoy! Continue reading Fight Spam With This Email Signature Image Generator
Be careful when using Picasa and other Google applications with default nickname and web address settings, since the number that Google assigns to your ID in those cases is easily decipherable. The number is just a replacement for your ID and is consistent, not random. This is not a new issue, and rather old, but I still see a lot of Picasa links that have those numbers in them. Without changing the defaults, an attacker can replace the URL in a page with javascript:alert(_user.name) to obtain the relevant ID. Read more in this Lifehacker article. Continue reading GMail/Picasa Identity Leakage
Too bad I wasn’t there right at the close of the presentation yesterday, but these days I can afford not to ride a plane 13 hours to Washington D.C. At work we performed some in-house reviews of iphone security about two years ago, accepting some risks over functionality. However, three different channels of information through personal contacts, web browsing, and work relationships have raised a flag about this research being performed on iphone security. The findings revealed in the papers dispute two tenets of iphone security that have been repeated throughout the past couple years: 1) sandboxing applications so that … Continue reading iPhone Security Becomes Topic At BlackHat
This Japanese news article reports the first “internet cafe” arrest in Japan since the anti-piracy download law went into effect on Jan. 1, 2010. However, I am fairly certain that this is the first such arrest altogether – somebody please comment if I am wrong. Toward the end of last year and the first days of the new year, many blogs and statistic sites were reporting on the number of shares on peer-to-peer software available on the internet. Remarkably, most of the numbers did not change a bit. I find this unusual since Japanese go to great lengths to stay … Continue reading Anti-Piracy – First Internet Cafe Arrest In Japan
Yes, I know… ‘Another Network World article’, you say. Yes, because lately they have been hitting trends fairly accurately…. read on!This article outlines a Sophos survey of businesses that ranks Facebook as the biggest threat simply (at 60% surveyed) because it has become the biggest social network, followed by MySpace (t 18%, then Twitter at17%. Well, I tend to agree with that reasoning, but think the threat is somewhat limited on a couple of levels. In more secure environments in the financial industry, we have seen much broader implementation of Websense that keeps employees out of such sites through filtering … Continue reading Facebook As Biggest Security Threat
Blog 