Tech evangelism and Miso soup like no other
Posts tagged security
Is Your Twitter Account Hacked?
Feb 22nd
Over the last 24-48 hours we are [again] seeing a DM phishing attack blowing through Twitter accounts. Are you spamming your Twitter followers with Direct Messages (DM) that contain links leading to phishing websites? Have you received a Twitter DM to a Twitter login page that isn’t the actual Twitter login page?
How would you know?
One quick way is to filter tweets on yourself by using the @’youaccountname’ link to the right on Twitter’s home page. Do you see tweets from you, but in fact not from you? If you answered yes, your Twitter account may likely be compromised.
The “I Don’t Want To Be A Dick” Syndrome of Information Assurance Management
Sep 12th
Information Assurance remains a growing field of expertise, maturing on an almost daily basis. The industry has exploded over the last 10 years even though the concepts of IA has been around since as early as the 1960’s. Although the industry and its practitioners continue to evolve, those in upper-management have a difficult time fully grasping the core principles. As in many areas of management these days, there are far too many gun-shy managers who are more concerned with appearances and perception than properly mitigating risk to the networks they are charged with protecting.
Being Safe On Social Networks
Jul 21st
Being safe and smart when using the Internet is an issue that has been around since the rise of chatrooms and the exploitation of naive individuals by social predators. In other words, forever. The emphasis on being safe and not giving away details has always been young children or teenagers, since they’ve always been regarded as more trusting and the natural prey of social predators. It was assumed, of course, that adults would be more practical and less naive. As usual, we took for granted the processing power of the human brain.
While social networks like Facebook can give you access to invitations to parties and special online contests, it also opens you up to other things, such as:
Security Clearance
Jul 19th
Security clearances are not your sugar-coated M&Ms handed out on Halloween night to neighborhood kids tricking and treating. The United States government takes painstaking steps to determine a person’s [or an agency's] eligibility to access sensitive information and in turn issues a certificate of qualification.
But what have clearances come to stand for? Are they just a showpiece for employment eligibility or power play? Or worse yet, have clearances become an excuse to act inappropriately.
Navy Federal Credit Union Web Site Operating with Security Issue
Jul 18th
Online banking users are hopefully aware of the need to login to their banks web-based system using secure means, such as via a web site protected using SSL encryption. Every legitimate bank offers such protection, normally disallowing customers the ability to login via unsecure means. But not every bank appears to be conscious of the myriad of potential security risks associated with their site. Navy Federal Credit Union is plagued by a huge security vulnerability on their web site and is possibly the easiest bank on which to perform a phishing expedition.
Updated – August 12, 2009: Added correspondence from the RSA Anti Fraud Command Centre and SliceHost Support regarding a take-down notice and trademark infringement claim. This little article has apparently generated some interest and visibility by an NFCU “security” contractor.
Updated – August 15, 2009: The saga appears to have come to an end as the RSA AFCC responds to SliceHost after TechMiso stipulates the content was not infringing. The attack dogs are ostensibly caged for now.
Stop Password Masking – Is Usability More Crucial Than Security?
Jul 6th
Jakob Nielsen, a widely known expert in the field of web usability, recently stirred up a shit storm of controversy after proclaiming that it is time to stop masking passwords because usability suffers. He claims hinges on the lack of true feedback when typing passwords. Making matters worse, world-renowned security expert Bruce Schneier agreed with Nielsen, hopping on the same idiotic train Nielsen is driving. Is password masking really such an important issue in need of immediate resolution?
$1 Blank CD Could Lead To 10-year Prison Term
Jun 26th
Like the woman found guilty of illegally downloading music from the internet and fined a monster $1.9 million USD, a man in Japan may face stiff penalties for downloading, stealing and monetizing 50,000 customer accounts from his employer, Mitsubishi UFJ.
News agencies in Japan are reporting that a former acting manager at Mitsubishi UFJ Securities has admitted to data theft and illegal computer access during his tenure in the systems department.
HOWTO Install Squid Web Proxy Server with Active Directory Authentication
May 14th
Web Proxy servers are an essential aspect of a solid network perimeter defense strategy. Exposing the fragile desktop client to the internet at-large by allowing direct connections to the internet is dangerous and may lead to compromise. This can be exasberated if the overall network security strategy is not sufficient. Web Proxy servers can help alleviate a number of security concerns while offering a central facility for logging and content verification. In an enterprise environment, Web Proxy servers are used to enforce acceptable use and security policies. Learn how to configure Squid to enable Active Directory authentication for an enterprise web proxy solution.
HOWTO Configure Apache for SSL with DoD CAC Authentication on Ubuntu 9.04
May 4th
Administering Linux servers is an art form not mastered by many because it is mostly command-line driven. Windows on the other hand, while a highly complex beast, has taught most administrators that configuring can be accomplished through a simple point-and-click interface.
One of the more difficult Linux tasks is properly configuring an Apache web server – the sheer power Apache can wield is evident in the exponential number of configuration options available. Setting up Apache on Linux for SSL-based DoD Common Access Card (CAC) authentication is pure freaking magic. Learn how to configure an Ubuntu Linux 9.04 (Jaunty Jackalope) server to perform this much-needed functionality!
Is Anti-Virus Software Required On Mac OS X?
Apr 1st
The hoopla surrounding the Conficker worm has taken the computer security world by storm. Headlines predict doom and gloom on April 1 because researchers believe attackers will activate the worm, gaining control of millions of zombie personal computers running the Microsoft Windows operating system. Conficker is a moot point with both a patched Windows and anti-virus software. What about those who have opted for Apple computers running the OS X operating system? Everyone knows anti-virus software is obligatory on Windows but is it even worth the hassle on OS X?
Recent Comments