InfoSec Tools, Tips & Thoughts
  • SMB Cyber Security Alliance helps Small Businesses address Cyber Security Risks
    Across all industries, small businesses are increasingly facing new threats related to cyber security. Whereas some have taken minimum steps to address these threats but most have not. New security threats and incidents are reported every day in news reports and a many remain unreported. This underscores the need for cyber security education of small [...]

  • Symantec: To Ensure Resiliency Against Critical Infrastructure Cyberattacks
    Symantec recommends the following: Develop and enforce IT policies and automate compliance processes. By prioritizing risks and defining policies that span across all locations, organizations can enforce policies through built-in automation and workflow and not only identify threats but remediate incidents as they occur or anticipate them before they happen. Protect information proactively by taking [...]

  • Will your Cloud Provider be around in two years?
    I just read that my hosting company, GoDaddy, is on the auction block to be sold to the highest bidder. Naturally, I’m thinking of how this change of ownership could adversely affect the service of my web sites, blogs, and virtual servers.  One never really knows until the new owners take over. Maybe they clean [...]

  • IBM X-Force handicaps future trends in security
    Looking ahead, the X-Force Research and Development team has identified some key trends to watch for in the future, including: Cloud Computing — As an emerging technology, security concerns remain a hurdle for organizations looking to adopt cloud computing. As organizations transition to the cloud, IBM recommends that they start by examining the security requirements [...]

  • Sweet!! Yourr bootyy look awseome on thiss ivdeo!
    Gee Thanks! I’ve been working out! …..oh wait a minute! What video??? CLICK!!!! That was probably the script the culprit had in mind …and who knows how many times it played out. I received the following message in my email inbox earlier from a cousin on Facebook. It was so obviously malicious. Never mind the [...]

  • Government Involvement in Cyber war in the last year
    Related posts:Facebook poses biggest security threat to businesses Twitter makes security enhancements to help users Twitter users hit hard by "LOL" phishing attack

  • Security On A Shoestring SMB Budget
    The e-mail appeared to be an invitation from an old, junior high school friend. Yet when the hospital employee clicked on the link, it instead led her to a malicious site that installed a Trojan horse on her computer. In a little over a week, international cybercriminals used that beachhead to steal more than $600,000 [...]

  • Moving data storage to the cloud? What’s your business continuity plan?
    Many trumpet increased availability as a reason to move to the cloud but what happens when your cloud provider is no longer available? Some companies are faced with this very question this week as storage provider, EMC  announced its plan to shut down its Atmos Online cloud storage service immediately, according to a posting on [...]

  • What is the values proposition for allowing users access to social networks?
    What is the values proposition for allowing employees access to web 2.0 resources such as social networks? Every other day, we hear about the risks. Compromised Twitter accounts, phishing via LinkedIN,  malicious Facebook apps were only a sample of an every growing landscape. Most enterprises, appreciating the threats these pose to an environment, simply deny [...]

  • Pentagon and Congress wants control of your network during cyberattack
    There has been a lot of chatter in the news lately about the possibility of a “widespread coordinated” cyber attack against our critical infrastructure  and our ability to successfully defend against it.  Most of this infrastructure ( eg. utilities, finance, transportation, etc) is owned by private companies. Those currently responsible to protecting these networks will [...]

  • Many companies caught in the lurch as Microsoft ends support for Windows XP 2
    On July 13, Microsoft will officially retire Windows XP Service Pack 2 . Although it will continue to provide security updates for XP Service Pack 3, it will stop providing patches for the older SP2. Microsoft offers support for its products for five years and extended support for another five years. For XP SP2, that [...]

  • Pause your Google History
    Have you ever used your Google search history? If you are logged into any Google service, Google automatically keeps a history of your search queries ad web activities. According to Google, Web History allows the following: View and manage your web activity. You know that great web site you saw online and now can’t find? [...]

  • Google to Microsoft-” Don’t let the door hit ya,…!”
    Talk about throwing out the baby with the bath water. The Financial Times reported on Monday that Google has begun telling new employees that they are no longer able to request Windows PCs, giving them the choice of Mac or Linux systems. Google has long offered its employees their choice of work operating system but [...]

  • Raise your hand if you use the same password for more than one online account
    I completed an Internet Forensics training course this past week where the instructor made that statement. Of the twenty students in the class, only the instructor raised his hand. To which he declared ” Anyone who didn’t raise their hand is a liar!!” He was probably right. I often fault security professionals and educators who [...]

  • The real arguments for Cloud Computing
    As more vendors dive into the cloud computing market, every possible claim regarding the supposed benefits of moving to a cloud-based service is being made.  I ran across an article titled ” Why Cloud-based Monitoring is more reliable and secure than Nagios. ” The auth0r, who represented a cloud-based network monitoring company, contended that the [...]

  • Metasploit 3.4.0 Hacking Framework Released – Over 100 New Exploits Added
    Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. Update Summary Metasploit now has 551 exploit modules and 261 auxiliary modules (from 445 and 216 respectively in [...]

  • Exploring Cloud Computing Information Leakage
    If you are in cloud computing security (or part of an organization with infrastructure in a public cloud), this paper is a must read. As more organizations seek to realizes the benefits of the cloud, it’s important that we continue to investigate the risks as well. Granted this research only applies to virtual machines on [...]

  • 1000 hacked Facebook accounts for as low as 25 dollars
    Facebook claims to have identified the self-proclaimed Russian hacker calling himself  ” Kirlios” .  Newswire report over the weekend reported that Kirlios had succeed in hacking a large number of Facebook accounts.  On hacker forums, Kirlios has been offering up Facebook accounts for sale in batches of 1000 – up to 1.5 million in total. [...]

  • HIPAA Audits could start this year
    The new federal HIPAA privacy and security rule compliance audits of healthcare organizations and their business associates likely will start later this year once a report on a model for the program is completed, a key federal privacy official says. In the next few weeks, Booz Allen Hamilton will provide a status report on its [...]

  • Symantec warns that port 25 could be the problem. I disagree.
    I recently overheard a comment by a co-worker ( shoutout Ben A.) that we read and listen to news reports and assumed the report knows what they are  talking about until they turn to a topic we are familiar with in some depth and realize that report spouting off to potentially millions of people don’t [...]

  • McAfee to compensate businesses for buggy update
    McAfee will provide restitution to businesses hit by a faulty virus definition update that rendered computers unusable, the company has confirmed. “Enterprise customers will get compensation tailored to each individual customer and will receive a combination including products, services and support,” a McAfee spokesman told ZDNet UK on Tuesday. The concept of companies paying for damages [...]

  • Hackers crack Ubisoft always-online DRM controls
    Saw this coming a mile away. Why didn’t Ubisoft?.. I couldn’t wait to get my hands on Assassin’s Creed II. It’s nice to be able to unwind for an hour or so at night, running across rooftops in 15th Century Venice, leaping on an unsuspecting Templar and burying my dual hidden blades in his neck. [...]

  • Blippy to hire a CSO after exposing credit card data
    So…. I made this post about the Social Media fallacy that is Blippy. Well true to form, here we are less than two months later finding out… “Blippy, a social networking site that allows users to share their purchases and discuss shopping with others, will revamp its security plans and hire a Chief Security Officer [...]

  • If Microsoft can do it, why not McAfee?
    Yesterday, a faulty McAfee anti-virus update labeled a critical Microsoft system file as a “virus” causing hundreds of thousands of computers around the world with Windows XP Service Pack 3 running  to go into a continuous reboot cycle [duh!]. Today, however, Sophos is reporting hackers are compounding the problem by using blackhat SEO (search engine [...]

  • Top 10 Web Application Security Risks for 2010
    Yesterday, OWASP released its list of top ten web application security risks for this year. The list, which was first unveiled in November at the OWASP conference, is a departure from OWASP’s previous lists, which ranked the most commonly found weaknesses and vulnerabilities in Web applications. OWASP’s new list features the most exploitable and likely [...]

  • Changing Internet passwords a waste of time??
    From the following article: http://wcbstv.com/seenat11/internet.passwords.microsoft.2.1633927.html “The study concluded someone hacking into your computer and stealing your password is similar to a crook getting your house key. The crook will likely use it right away and not wait until after you’ve changed the locks. “As soon as they’ve got it, they’re using it and then they’re [...]

  • Nessus 4.2.2 now released
    Version version 4.2.2 released today brings the following fixes: Nessus-fetch: Proxy issues have been resolved. NASL: Fixed a memory leak in the NASL xmlparse() function. Networking: Fixed IPv6 routing when talking to a remote host (FreeBSD, Mac OS X). Packet forgery was not always working on ES5 64 bits. Packaging: Fixed the Debian /etc/rc init [...]

  • Staying safe on public Wi-Fi
    Picture this: You’re at a café with your laptop and latte in hand, getting ready to review new sales leads and the quarterly financial projections. First you hop on the free Wi-Fi that the shop’s management provides. Then you connect your laptop to a projector so that the entire café can take a look, and [...]

  • IKEA Facebook scam cons 40,000 users
    These types of attacks have become the norm on Facebook.  Last week, I posted on a similar scam involving Whole Foods Grocery. This particular  scam page had taken in more than 37,000 users by last Friday, offering them a $1,000 gift certificate in exchange for promoting Ikea to  friends. At that time, the page was [...]

  • Google rolls out privacy reset for Buzz
    Google will ask users of its social network Buzz to review their privacy settings starting April 5. This follows a series of privacy related concerns and updates following the initial launch of the service. I mentioned some of the concerns here in a post: Google Acknowledges Privacy Issues With Buzz amid FTC complaint The latest [...]