What trumps privacy?

Good article from Jay Cline about the 6 spheres of privacy and why the US will never look at privacy in the same way that the rest of the world does. Src: What trumps privacy? (ComputerWorld)

Privacy is good - Privacy by visibility is NOT good

As this FailBlog post illustrates, security and privacy often fail because they are "patched-on" instead of "baked-in."

Marriott Fail « FAIL Blog: Pictures and Videos of Owned, Pwnd and Fail Moments

Wise words from the US Army Ranger Handbook

"Two of the gravest general dangers to survival are the desire for comfort and a. passive outlook." -- U.S. Army Ranger Handbook

When Keyboards Talk, Who Listens?

We already knew that computers and electronic devices generate behaviors that could be picked up at a distance; this is the stuff of spy novels and movies. The TEMPEST program, rumored to have started as far back as the early to mid 1960s (src: http://cryptome.org/tempest-time.htm), provided specific guidance on shielding electronic devices to prevent eavesdropping.

Now two researchers in Switzerland have actually gotten it to work in a way that can be easily demonstrated: what you type on a WIRED keyboard can be picked up and decoded from the same room and from an adjacent room. Watch the videos to get the full effect - http://lasecwww.epfl.ch/keyboard/ - Be scared, be very scared.

Microsoft Releases Critical Patch Out of Cycle

This brings back memories of the early days of the 21st century when worms roamed across Microsoft Windows machines (and other operating systems as well). Mitigation: Patch, patch, patch (or make sure your firewall is up and you are not using file sharing).

Events of this magnitude must be brought to the attention of software developers to ensure that security is integrated in the software lifecycle.

Microsoft bulletin: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
More info at: http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx

QOTD - Microsoft on time to infection

The mean time to infection is less than five minutes. -- Richie Lai, Microsoft’s Internet Safety Enforcement Team
Src: NYTimes

The end of Antivirus Programs?

Secunia's experiment pitted 12 Antivirus programs against a host of exploits... the result: the best AV only detected 20% of malware (out of 300); the next best only detected 2.33%.

Users and businesses need to take the threat seriously and realise that firewalls and traditional security software, such as that included in Internet Security Suites, isn't sufficient to protect PCs and corporate networks. (Src: Secunia Blog Entry)

Src: Test Shows Shortcomings of Antivirus Programs - Host security News Analysis - Dark Reading

Direct link to Secunia Report

Social Engineering gets really creative

For some time, security professionals have been warning that the weak area in information security now resides with people, not technology. What we didn't know is how much information is available about ourselves or our loves ones out there for anyone to use. It seems that social engineers in Asia have found a new way to make money: fake kidnappings.
loose wire blog: Social Engineering, Part XIV

Sophos Security Threat 2008 Mid-Year Report

Highlights for the first six months of 2008 (Src: Sophos Security Threat 2008 Mid-Year Report):
  • Over 11 million different malware threats are known to exist
  • SQL injection attacks on web sites are the biggest threat today
  • Every 5 seconds a new web page is discovered to be infected
  • 97% of all email is spam
  • Blogger is the top host for malware - strange given the limited features of this Google-owned site.