In a recent survey of people in America who use their smartphone for work, less than a third said they employ the password protection on their smartphones. Although everyone will agree that not protecting your smartphone isn’t smart, it is all about memorizing. Everyone that has an Android-based device knows they do not have to
SKYPE: Securely Keep Your Personal E-communications From time to time people get new computer equipment and need to (re-)install all their favorite programs. Often a painful and time-consuming job, but afterwards it should ease the way of working with the new equipment. Even security gurus have to undergo this procedure at regular intervals. In November
Computer security is not created, nor is it improved, by calling people stupid. That's the conclusion I have arrived at after more than two decades in computer security and auditing. To put it another way, we should stop dropping the "S" bomb, especially when it comes to people who don't know any better. Consider the
Security can't be purely the responsibility of the government, the police, the security industry, the ISPs, the public sector, private industry, or any permutation thereof.
Do you know what your children are doing online, and do they know the risks out there?
Exactly how people will abuse digital technology for their own ends is difficult to predict, but organizations must plan ahead to protect data and systems. That's why we have been posting our "best guess" cybersecurity predictions on the Threat Blog this month. Today we present 9 of the most important predictions in the form of
So who's to blame? First and foremost, the victimizers. Well, persistent victims, yes. And anyone in the security industry who pushes the TOAST principle, the idea that all you have to do is buy Brand X and you never have to take responsibility for your own security. Though, of course, "who's to blame?" is the wrong question: what matters is "how do we fix it?"
Too bad it doesn’t exist. I mean really exist. Here is how an anti-phishing day that is designed to be a highly effective educational deterrent to phishing would work. Google, Facebook, Hotmail, Yahoo, Twitter, Myspace, Banks, Online Gaming sites, such as World of WarCraft, and others would all send phishing emails to their users. Yes,
In the absence of any detailed information from the IMF itself, it's not surprising that most of the surmise around the attack is based on internal IMF memos quoted by Bloomberg, and much of it is rather tenuous.
My colleagues in Hungary have released some slightly alarming statistics about malware awareness in their part of the world. Research carried out on their behalf by NRC suggests that a significant proportion of Hungarian Internet users don't even know what AV software is installed on their computer (or, presumably, if anything is installed.) http://www.eset.hu/hirek/holgyek-tessek-vedekezni?back=%2Fhirek Out
...So here are what we consider to be the 10 commandments of corporate security...
Update: It seems like the initial article is inaccurate and that Paul Rellis never made any such comments about a 14 year old breaking into the X-Box live servers and have not offered to mentor him http://kotaku.com/5805742/microsoft-is-helping-an-xbox-live-hacker-develop-his-talent TekGoblin reports (http://www.tekgoblin.com/2011/05/27/14-year-old-call-of-duty-hacker-hired-by-microsoft/) that a teenager who broke into the Call of Duty Modern Warfare 2 gameservers last
Greetings Dear Reader, We have published guidance material previously on passwords and passphrases, some are blogs and some are lengthier depending on your liking (link & link). Even still it is always good practice to reinforce sensible password techniques. For this blog, I plan on sharing an analogous self-ritual, and one that relies on a
On Thursday I will be participating in a cloud computing security discussion. The virtual event is free and you can register for it at http://techweb.com/iwkcloud. The entire agenda for the event can be found at https://www.techwebonlineevents.com/ars/eventregistration.do?mode=eventreg&F=1002827&K=MAA9&tab=agenda. Do note that the times listed are EST. I will be participating between 2:45 and 3:30 PM EST. Even
This short video blog explains a bit about typo squatting. For our readers who are not native English speakers, typo means typographical error, or in plain English, it means you typed the wrong letters in. Some websites buy domains with similar names so that you will still get where you want to go if you
It is generally well-understood that antimalware programs—the software which detects computer viruses, worms, trojan horses and other threats to your system—work by scanning files using signatures they already have. A signature could be as simple as a string[i] (like using the "find" command in your word processor to locate a particular piece of text) or as
Here in the Cyber Threat Analysis Center we’re starting to add video blogs. If the threat information I share doesn’t scare you, maybe my picture will :) This short video blog is about drive-by downloads. This is aimed at helping people who are not technical to understand the nature of the threat. Drive-by downloads are
In response to my recent cookie theft blog a reader asked the following questions: What is VPN, what is SSL and what is the significance of https? What precautions can we take if we need to do Internet banking from a public computer, Internet café for example? VPN, SSL and https are all about encryption.
It was a tough choice to choose a title for this post. I also considered “It ain’t necessarily so” for a title. This blog is aimed at our less technical users, but perhaps more technical users will find it useful as a teaching aid as well. Today I am going to teach you how to
In the security industry, we're sometimes over-ready to be over-prescriptive, seeing security and privacy concerns as paramount where others see them as a distraction. And we've become used to the mindset that computer users will always prefer convenience to security.
