Currently browsing Posts Tagged “security”

Page 3 of 5

It’s Not the OS, It’s the User

Posted by Scott Jarkoff in Shorts

, , , ,

Zulfikar Ramzan, technical director of Symantec Security Response, believes enterprising criminals conducting “business” online are more likely to target stupid users than a technical flaw in any particular operating system:

This trend has been rising rapidly over the past two years. Currently, only about 3 percent of the malicious software that Symantec encounters exploits a technical vulnerability. The other 97 percent of malware is either “piggybacking on that 3 percent,” or more likely trying to trick a user through some type of “social engineering” scheme, according to Zulfikar.

It is quite obvious criminals would target user behavior rather than exploit an OS or application vulnerability. It is exponentially easier to trick users to do things you want them to do – humans are inherently trusting creatures, which may ultimately be to our detriment.

The amount of time and money required to successfully architect and deploy an attack exploiting a technical vulnerability in an operating system or application is too expensive. The return on investment would have to be exceedingly high to be considered victorious.

This is why it is imperative people pay attention to what they do online. Everyone must take the necessary precautions to safeguard their online activities. Failure to do so may result in a compromised workstation, or worse yet – a bank account siphoning cash to an online criminal enterprise.

New Mac Spyware out in the Wild

Posted by Scott Jarkoff in Shorts

, , , ,

According to the Mac Security Blog by Intego it appears there is new spyware out in the wild targeting the Mac OS X platform:

Intego has discovered a spyware application that is installed by a number of freely distributed Mac applications and screen savers found on a variety of websites. This spyware, OSX/OpinionSpy, performs a number of malicious actions, from scanning files to recording user activity, as well as sending information about this activity to remote servers and opening a backdoor on infected Macs.

OSX/OpinionSpy is installed by a number of applications and screen savers that are distributed on sites such as MacUpdate, VersionTracker and Softpedia. The spyware itself is not contained in these applications, but is downloaded during the installation process. This shows the need for an up-to-date anti-malware program with a real-time scanner that can detect this malware when it is downloaded by the original application’s installer.

Intego also offers a sparse update with additional information about the spyware.

This should not really come as a surprise. With all the attention Mac OS X is getting these days it was only a matter of time before spyware “vendors” started targeting Mac users. I still stand by my claim that running an anti-virus application on a Mac is unnecessary at this juncture even though that is unheard of on a Windows box.

Windows and Security: Setting the Record Straight

Posted by Rich Chuckrey in Shorts

, , , ,

Windows and Security: Setting the Record StraightI’m sure security isn’t the only reason behind Google’s shift away from Windows. But nonetheless, here’s Microsoft’s comeback on the Windows Blog:

There’s been some coverage overnight about the security of Windows and whether or not one particular company is reducing its use of Windows. We thought this was a good opportunity to set the record straight.

When it comes to security, even hackers admit we’re doing a better job making our products more secure than anyone else. And it’s not just the hackers; third party influentials and industry leaders like Cisco tell us regularly that our focus and investment continues to surpass others.

It’s not just security, Brandon LeBlanc.

Google Ditching Windows for Mac OS X and Linux

Posted by Scott Jarkoff in Shorts

, , , , , , ,

David Gelles and Richard Waters in the Financial Times on an article titled, “Google ditches Windows on security concerns” wrote the following:

The directive to move to other operating systems began in earnest in January, after Google’s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally.

“We’re not doing any more Windows. It is a security effort,” said one Google employee.

“Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,” said another.

New hires are now given the option of using Apple’s Mac computers or PCs running the Linux operating system. “Linux is open source and we feel good about it,” said one employee. “Microsoft we don’t feel so good about.”

Other than DoD and the financial industry, moves of this nature seem to be gaining momentum. Although Windows 7 is a far better product than Windows Vista, the newer operating system does not appear to offer any truly compelling reason to stick with the Windows platform.

That, in and of itself, is the biggest problem Microsoft faces today – increasingly shrinking relevance due to a terrible security track record and a lack of innovation. Can anyone say the same about Linux and Mac OS X?

ALERT: Facebook Adware Now Spreading: “Distracting Beach Babes”

Posted by Rich Chuckrey in Shorts

, , , , , , ,

Techmiso - ALERT: Facebook Adware Now Spreading: "Distracting Beach Babes"

Two weeks in a row we are seeing the spread of salacious malware on Facebook. Steer clear of Facebook’s “Distracting Beach Babes.”

Gramah Cluley makes a curious point on his award winning security blog regarding the timing of malware:

I’m beginning to wonder if the cybercriminals deliberately launch these campaigns on the weekends, imagining that anti-virus researchers and Facebook’s own security team might be snoozing.

Is Your Twitter Account Hacked?

Posted by Rich Chuckrey in Shorts

, , , , , , , ,

TechMiso - Is Your Twitter Account Hacked?Over the last 24-48 hours we are [again] seeing a DM phishing attack blowing through Twitter accounts. Are you spamming your Twitter followers with Direct Messages (DM) that contain links leading to phishing websites? Have you received a Twitter DM to a Twitter login page that isn’t the actual Twitter login page?

How would you know?

One quick way is to filter tweets on yourself by using the @’youaccountname’ link to the right on Twitter’s home page. Do you see tweets from you, but in fact not from you? If you answered yes, your Twitter account may likely be compromised.

Continue

The “I Don’t Want To Be A Dick” Syndrome of Information Assurance Management

Posted by Scott Jarkoff in Articles

, , ,

Locked and Lined Up....Information Assurance remains a growing field of expertise, maturing on an almost daily basis. The industry has exploded over the last 10 years even though the concepts of IA has been around since as early as the 1960’s. Although the industry and its practitioners continue to evolve, those in upper-management have a difficult time fully grasping the core principles. As in many areas of management these days, there are far too many gun-shy managers who are more concerned with appearances and perception than properly mitigating risk to the networks they are charged with protecting.

Continue

Being Safe On Social Networks

Posted by Haslina Ali in Articles

, , ,

Being safe and smart when using the Internet is an issue that has been around since the rise of chatrooms and the exploitation of naive individuals by social predators. In other words, forever. The emphasis on being safe and not giving away details has always been young children or teenagers, since they’ve always been regarded as more trusting and the natural prey of social predators. It was assumed, of course, that adults would be more practical and less naive. As usual, we took for granted the processing power of the human brain.

While social networks like Facebook can give you access to invitations to parties and special online contests, it also opens you up to other things, such as:

Continue

Security Clearance

Posted by Rich Chuckrey in Articles

, , , , ,

Security clearances are not your sugar-coated M&Ms handed out on Halloween night to neighborhood kids tricking and treating. The United States government takes painstaking steps to determine a person’s [or an agency's] eligibility to access sensitive information and in turn issues a certificate of qualification.

But what have clearances come to stand for? Are they just a showpiece for employment eligibility or power play? Or worse yet, have clearances become an excuse to act inappropriately.

Continue

Navy Federal Credit Union Web Site Operating with Security Issue

Posted by Scott Jarkoff in Articles, Features

, , , ,

Navy Federal Credit Union Login FormOnline banking users are hopefully aware of the need to login to their banks web-based system using secure means, such as via a web site protected using SSL encryption. Every legitimate bank offers such protection, normally disallowing customers the ability to login via unsecure means. But not every bank appears to be conscious of the myriad of potential security risks associated with their site. Navy Federal Credit Union is plagued by a huge security vulnerability on their web site and is possibly the easiest bank on which to perform a phishing expedition.

Updated – August 12, 2009: Added correspondence from the RSA Anti Fraud Command Centre and SliceHost Support regarding a take-down notice and trademark infringement claim. This little article has apparently generated some interest and visibility by an NFCU “security” contractor.

Updated – August 15, 2009: The saga appears to have come to an end as the RSA AFCC responds to SliceHost after TechMiso stipulates the content was not infringing. The attack dogs are ostensibly caged for now.

Continue

TechMiso © Copyright 2013. All Rights Reserved.

Designed & developed by We Are Pixel8.

Back to Top