Tag: security
-
New security issue: typo-squatting
Malware, phishing, pharming, typo-squatting, etc. There’s a long list of security issues we have to deal with every day. Keeping track of these and responding correctly in each case is a veritable minefield. That’s after our newly updated anti-virus app has completely missed the threat. Typo-squatting is the well-known practice of serving up scams or…
-
CA’s get hacked
Wow, it really has been a bad week for Certificate Authorities. First DigiNotar gets cracked by a seemingly insistent CA cracker called ComodoHacker; now GlobalSign has stopped processing certificate requests due to possible compromise by the same cracker. It all started in March this year with the Comodo CA breach. Next was StartCom the Israeli…
-
CA’s get hacked off
Earlier this year, one of the biggest names in network-based security, RSA, was hacked. What made the situation a lot worse, was RSA’s hesitance to be forthcoming on the matter. And that unwillingness to disclose seems to be the trend these days. Get hacked. Don’t tell your clients … This lack of openness is becoming…
-
The Cloud, Security and IT Skills
Seeing as everyone is writing about Cloud Computing lately, I thought I’d rehash some of my concerns about this ‘new’ technology. New in parenthesis because the idea is actually quite old, coming from the time-sharing Unix systems of the 60’s and 70’s. Cloud obviously takes this to a new level ( supposedly with non-stop availability…
-
Mobile Security in a nutshell
Mobile security has morphed in the last few years to become a major area of security concern. It’s no longer just laptops that provide on-the-go networked computing – smartphones, tablets, ultra-portables, e-readers and other networked devices now all vie for a space in your electronic arsenal, and they all come with their unique set of…
-
Symantec Endpoint Security issues
Regular readers of this blog will know that I’m not a fan of Anti-Virus companies, especially when they use FUD to sell their products. What’s even worse is when a security application, which is supposed to protect you from security issues, has security issues itself. Symantec’s workstation anti-virus application, SEP, is apparently riddled with them…
-
Apple’s security issues draw apologists
One of the reasons I was drawn to the Android stable as a mobile platform was it’s open nature. The fact that I can control the use of my own phone is important to me. Having someone else say what I can and can’t do with it, is not on. So it is that I’ve…
-
Aussie web host/registrar hacked
Security and data integrity/safety are 2 of my pet loves; and pet hates when people don’t take notice of them. Notwithstanding the fact that you host your precious data with someone who you think is responsible, you need to take responsibility yourself. If something happens to your data and you’re left out in the cold,…
-
Sony OE suffers another hack
Wow! It seems that Sony just can’t get a break. Sony Online Entertainment has announced that hackers may have obtained personal customer information from SOE systems which includes name, address (city, state, zip, country), email address, gender, birthdate, phone number, login name and hashed password. They also indicated that a number of credit cards from…
-
Sony’s PSN hacked
As you may have gauged from other posts, Sony has never endured themselves to me. Their recent activity in suing George Hotz for hacking the Playstation 3 ( after they removed the OtherOS function ) means I’m even less enamoured with them. But the final nail may have just been struck: the Playstation Network has…
-
Apple i* devices track your movements
It’s no secret I’ve never been a big Apple fan, although not for the reasons you may think. It’s not because of their draconian and closed environment. Neither is it because their products have little technical merit above other products yet seem to garner an almost fanatical following. Primarily it’s because of Apple’s poor security,…
-
RSA hacked
RSA has long been an industry stalwart when it comes to security tokens and 2-factor authentication ( SecurID ). One would normally trust them implicitly … but that trust is no longer a given since their lack of disclosure surrounding a recent attack on their systems and possible data theft. SecureID is one of the…
-
IE9 just released, still has old unpatched bug
The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. Even Google has released a statement regarding targeted attacks on IE users. Apparently this MHTML vulnerability has been around for 7 years.…
-
Win 7 SP1 out soon
Windows 7 Service Pack 1 should be available soon and won’t have much new functionality, but will have the usual hot fixes and patches. 3 items that will make an appearance are: Advanced Vector Extensions ( AVX ) which will be available in forthcoming processors RemoteFX – an extension to RDP Dynamic Memory – intelligent…
-
Security Policies in the organisation
Most organisations of a reasonable size, will today have at least some policies which integrate with HR to govern Internet and computer use within the company. However, the ability of these limited documents ( and sometimes procedures ) to protect the company is often minimal. With the extent to which malicious vectors are able to…