tag
SANS

Phishing and Scamming: it’s a Taxing Occupation

SANS posted a story at the Internet Storm Center a couple of days ago that they were seeing fake email from the IRS. (Even I don't have time to read everything on the Internet relating to current information security issues.) The emails described try to kid the victim that they've under-reported or failed to report

Ten Ways to Dodge Cyber-Bullets (Part 2)

[Part 2 of an occasional series, updating a blog series I ran in early 2009 to reflect changes in the threat landscape. This series will also be available shortly as a white paper.] Catch the Patch Batch Keep applications and operating system components up-to-date with automated updates and patches, and by regularly reviewing the vendors’ product

Risk Report – Should Try Harder

SC Magazine has reminded me today of a new report on the top current security risks, jointly published by SANS, TippingPoint, who provided the attack data, and Qualys, who provided vulnerability data. With impressive modesty and finely-tuned understatement, Alan Paller of SANS describes it as the "best risk report ever". Well, with added analysis and educational

Turkish Delight

So, back in harness. I’ve been away for a couple of weeks: not on holiday as such, though I did take some days out, but concentrating on writing: it didn’t hurt that I didn’t have a full-strength internet connection to distract me, though. Before I left, I was interviewed by a Turkish security site. It

Ditch Adobe?

Stephen Northcutt, with the SANS Technology Institute, suggested the following in the SANS NewsBites Vol. 11 Num. 61: [Editor’s Note (Northcutt): I think organizations should avoid Adobe if possible.  Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit

Waledac: after the fireworks

I’d like to thank the City of San Diego for welcoming me with a firework display last night. It was just what I needed after 22 hours in planes and airports. :-) Maybe just a little quieter next time? (London did much the same thing to me with its Millennium celebration.) It did look pretty

There’s a Trojan in my Fuse Box

Well, hopefully my power sockets are not leaking computer viruses and keyloggers, but who knows? Quite a few news outlets have picked up on a story in the Wall Street Journal claiming that spies from China and Russia have "penetrated the U.S. electrical grid". Scary… A little too scary and not enough detail to convince some

PSST! It’s PFTS!

PSST! Anyone remember the Telephone party game, also known by various politically incorrect names like Chinese Whispers and Russian Scandal? A series of reports like this and this illustrate a textbook example of how rumour and misunderstanding (some of it probably wilful) can transform a story into something very different to its original form. According

MD5/SSL: is the sky falling?

Lots of fuss about the paper presented at the Chaos Communication Congress in Berlin yesterday by Alexander Sotirov et al. The paper describes a proof-of-concept attack using a weakness in the MD5 cryptographic hash function to create a rogue Cerification Authority certificate using a hash collision (essentially, two messages with the same MD5 hash value).

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

3 articles related to:
Hot Topic
01 Apr 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.