Good article from Jay Cline about the 6 spheres of privacy and why the US will never look at privacy in the same way that the rest of the world does. Src: What trumps privacy? (ComputerWorld)
Privacy is good - Privacy by visibility is NOT good
As this FailBlog post illustrates, security and privacy often fail because they are "patched-on" instead of "baked-in."
Marriott Fail « FAIL Blog: Pictures and Videos of Owned, Pwnd and Fail Moments
Marriott Fail « FAIL Blog: Pictures and Videos of Owned, Pwnd and Fail Moments

Wise words from the US Army Ranger Handbook
"Two of the gravest general dangers to survival are the desire for comfort and a. passive outlook." -- U.S. Army Ranger Handbook
When Keyboards Talk, Who Listens?
We already knew that computers and electronic devices generate behaviors that could be picked up at a distance; this is the stuff of spy novels and movies. The TEMPEST program, rumored to have started as far back as the early to mid 1960s (src: http://cryptome.org/tempest-time.htm), provided specific guidance on shielding electronic devices to prevent eavesdropping.
Now two researchers in Switzerland have actually gotten it to work in a way that can be easily demonstrated: what you type on a WIRED keyboard can be picked up and decoded from the same room and from an adjacent room. Watch the videos to get the full effect - http://lasecwww.epfl.ch/keyboard/ - Be scared, be very scared.
Now two researchers in Switzerland have actually gotten it to work in a way that can be easily demonstrated: what you type on a WIRED keyboard can be picked up and decoded from the same room and from an adjacent room. Watch the videos to get the full effect - http://lasecwww.epfl.ch/keyboard/ - Be scared, be very scared.
Microsoft Releases Critical Patch Out of Cycle
This brings back memories of the early days of the 21st century when worms roamed across Microsoft Windows machines (and other operating systems as well). Mitigation: Patch, patch, patch (or make sure your firewall is up and you are not using file sharing).
Events of this magnitude must be brought to the attention of software developers to ensure that security is integrated in the software lifecycle.
Microsoft bulletin: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
More info at: http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
Events of this magnitude must be brought to the attention of software developers to ensure that security is integrated in the software lifecycle.
Microsoft bulletin: http://www.microsoft.com/technet/security/Bulletin/MS08-067.mspx
More info at: http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
QOTD - Microsoft on time to infection
The mean time to infection is less than five minutes. -- Richie Lai, Microsoft’s Internet Safety Enforcement Team
Src: NYTimes
The end of Antivirus Programs?
Secunia's experiment pitted 12 Antivirus programs against a host of exploits... the result: the best AV only detected 20% of malware (out of 300); the next best only detected 2.33%.
Users and businesses need to take the threat seriously and realise that firewalls and traditional security software, such as that included in Internet Security Suites, isn't sufficient to protect PCs and corporate networks. (Src: Secunia Blog Entry)
Src: Test Shows Shortcomings of Antivirus Programs - Host security News Analysis - Dark Reading
Direct link to Secunia ReportSocial Engineering gets really creative
For some time, security professionals have been warning that the weak area in information security now resides with people, not technology. What we didn't know is how much information is available about ourselves or our loves ones out there for anyone to use. It seems that social engineers in Asia have found a new way to make money: fake kidnappings.
loose wire blog: Social Engineering, Part XIV
loose wire blog: Social Engineering, Part XIV
Sophos Security Threat 2008 Mid-Year Report
Highlights for the first six months of 2008 (Src: Sophos Security Threat 2008 Mid-Year Report):
- Over 11 million different malware threats are known to exist
- SQL injection attacks on web sites are the biggest threat today
- Every 5 seconds a new web page is discovered to be infected
- 97% of all email is spam
- Blogger is the top host for malware - strange given the limited features of this Google-owned site.
Subscribe to:
Posts (Atom)