Realtime Community | Messaging and Web Security

Low-Tech Attacks on The Rise

Fri, 22 May 2009 12:19:55 -0500

Phishers are re-working old attacks and coming up with some variations on past attacks as they continue to try to scam social networking site users. This isn't new, but as Symantec points out, the attacks are on the rise.

Risks of Consolidation

Wed, 20 May 2009 07:38:34 -0500

Consolidating account information in a single service is appealing - log into one place and get a snap shot of your financial state. Sounds good in theory, but the practice went wrong for Rudder, a free personal financial service.

New Technique for Denying Denial of Service Attacks

Tue, 19 May 2009 07:19:41 -0500

Denial of service attacks that flood a site with requests can be blunted by blocking users sending large number of requests. More advanced techniques send a small number of resource intensive requests. Researchers at IBM and Georgia Institute of Technology have created a way to deal with these attacks, too.

Business Needs to Get Out Ahead of Security Regulation

Mon, 18 May 2009 09:39:05 -0500

An interesting quote in a USA Today story on security company acquisitions speaks to the increasing level of concern about current levels of information security.

More on Facebook Phishing

Fri, 15 May 2009 13:48:05 -0500

Symantec has been following the trends in Facebook phishing and the current wave of attacks looks similar to previous ones. Of course no one goes to this much trouble to vandalize Facebook pages, there is money to be made (stolen) at the end of the game.

Key to Online Apps Success: Control, Control, Control

Thu, 14 May 2009 12:22:54 -0500

BusinessWeek asks what's Holding back Google Apps?. The answer is the same thing that always kills deals to move corporate data to the cloud: control.

Open Source Intelligence and Cyberspying

Wed, 13 May 2009 18:23:45 -0500

The New York Times has a cybersecurity-with-a-human-interest-angle story well worth reading. It covers some of the work of Rafal Rohozinski, a social scientist turned cyber-investigator.

Critical Patch Available for Adobe Reader, Multiple Platforms

Wed, 13 May 2009 08:33:15 -0500

Adobe has released patches for Adobe Reader on multiple platforms to correct vulnerability that could allow attackers to take control of a machine.

Critical Patch Available for Microsoft PowerPoint

Wed, 13 May 2009 08:24:51 -0500

Microsoft has released a patch for a zero-day PowerPoint vulnerability that has been exploited in the wild. A Windows version of the patch is available, the Mac version should be out soon.

EU Proposing Software Liability Protections; Malpractice May Be Better Model

Tue, 12 May 2009 09:28:31 -0500

EU Commissioners are proposing stronger consumer protections for software security and efficacy. Software industry advocates want no part of this. The EU was ahead of the US on privacy protections which are common place today so it is worth watching how this story unfolds.

US Missle Defense Details Found on Computer Purchased from eBay

Thu, 07 May 2009 17:14:22 -0500

A collaboration of researchers in US, UK and Austrailia trying to raise awareness risks of improperly disposing personal data found their poster child for the year: a computer with details on a US anti-missile defense system.

SQL Injection Attacks in Content Management Systems

Thu, 07 May 2009 17:04:56 -0500

Web sites built using content management systems may be vulnerable to SQL injection attacks, the trick is to find them.

Hacking Air Traffic Control Systems

Thu, 07 May 2009 12:49:03 -0500

The Wall Street Journal is reporting air traffic control networks have been attacked on multiple occasions in the past several years. The FAA doesn't agree with all the findings of the Transportation Department's inspector general who issued the report but the undisputed facts are troubling enough.

Researchers Hijack Botnet Gain Insight to Bots and Their Victims

Tue, 05 May 2009 07:33:20 -0500

Researchers from the Security Group at the UC Santa Barbara Computer Science department hijacked the Torpig botnet for 10 days. In that time the found what you'd expect (some users are very lax with security) and some things not so expected (how difficult it is to notify victims).

Supreme Court Justice: Publishing Cybersnooping Results is Free Speech

Mon, 04 May 2009 09:02:07 -0500

I've come to expect more from Supreme Court justices than I found in some recent comments by Justice Scalia regarding online privacy.