Cybercrime | WeLiveSecurity

Cybercrime

Genial Geneva and a note for Francophones

Bonjour mes amis! Well, I am in Switzerland, and very close to the French border, for the Virus Bulletin conference – perhaps the most eagerly anticipated event in the anti-malware researcher’s calendar. How sad is that? I also thought you might like to further extend your French skills on an article here, about a presentation

M(b)ac(k) to the future

Mac security firm Intego blogged about Apple’s decision to include an antimalware component in Mac OS X 10.6 "Snow Leopard" and we agree that it is a good step, security-wise, to provide some basic protection against malware.  Apple has long mocked Microsoft, up to and including this 2006 advertisement which implied there were no viruses

Data Breaches – It’s All Greek to Me

The results (released yesterday) from a study conducted by the Ponemon Institute yielded some interesting data points. The most visible of these was the finding that 85% of U.S. organizations experienced data breaches of varying magnitudes. This study, entitled “U.S. Enterprise Encryption Trends”, has completed its fourth annual publication.  The data was directly obtained from

T‑Mobile Data Breach – Or Not…

Just last Saturday, June 6th; there was a new posting on the Full Disclosure mailing list from a source that calls themselves pwnmobile (at least that’s part of their email address). In the post, pwnmobile claims they have harvested information from T-Mobile USA’s servers. The data they claim to have acquired is: various databases confidential

Securing the Perimeter

I recently had the fantastic opportunity to participate on a panel discussion concerning cyber security. The event was hosted by the Bellevue Chamber of Commerce and coordinated by the US Chamber of Commerce and the Department of Homeland Security. Last year the Bush administration launched the Comprehensive National Cyber security Initiative or CNCI. Although focused

Is All Lost?

Today is inauguration day in the USA. As I traveled to many countries late last year I was amazed at how joyous people of many cultures were that Obama is to be President of the USA. Working in the security field, we see a lot of disappointment. Sometimes it seems that there is no hope

Magic Lantern Show in the UK?

Nigel Morris, of the UK’s “Independent” newspaper reported recently on new powers given to police in the UK and proposals to extend similar powers across the European Union. Understandably, civil rights groups like Liberty have apparently expressed the belief that such expansion of “police hacking operations” should be regulated by Act of Parliament and that there

10 Ways to Protect Yourself: Part 6

Don’t disclose sensitive information on public websites like FaceBook or LinkedIn. Even information that in itself is innocuous can be combined with other harmless information and used in social engineering attacks. Rather than expand on that point, for now, I’m going to point to another “10 ways to protect yourself” resource: the more good advice

10 Ways to Protect Yourself: Part 5

Don’t trust unsolicited files or embedded links, even from friends. It’s easy to spoof email addresses, for instance, so that email appears to come from someone other than the real sender (who/which may in any case be a spam tool rather than a human being). Basic SMTP (Simple Mail Transfer Protocol) doesn’t validate the sender’s

Castlecops: more comments

Further to my post of 25th December about the withdrawal of the CastleCops services, there’s a blog at Darkreading that includes more information, including some quotes from Paul Laudanski, who was, with his wife Robin, the driving force behind the organization: also quotes from our own Randy Abrams, David Ulevitch of PhishTank, and Garth Bruen

MD5/SSL: is the sky falling?

Lots of fuss  was made about the paper presented at the Chaos Communication Congress in Berlin yesterday by Alexander Sotirov et al. The paper describes a proof-of-concept attack using a weakness in the MD5 cryptographic hash function to create a rogue Cerification Authority certificate using a hash collision (essentially, two messages with the same MD5

Ten Ways to Protect Yourself: Part 2

Here’s the second instalment of the “ten ways to dodge cyberbullets” that I promised you. Keep applications and operating system components up-to-date with automated updates and patches, and by regularly reviewing the vendors’ product update sections on their web sites. This point is particularly  relevant right now, given the escalating volumes of Conficker that we’re