Research

Expert content, for researchers by researchers

Research

Modern viral propagation: Facebook, shocking videos, browser plugins

Fraudsters continue to innovate their scam propagation methods. Again using Facebook and a pretense of a shocking video, they also utilize browser plugins to execute malicious scripts. We also see how the malware scene is intertwined, when the user is directed to a dubious Potentially Unwanted Application. Facebook auto-like scams have been commonplace on the

SKYPE: (S)ecurely (K)eep (Y)our (P)ersonal (E)‑communications

SKYPE: Securely Keep Your Personal E-communications From time to time people get new computer equipment and need to (re-)install all their favorite programs. Often a painful and time-consuming job, but afterwards it should ease the way of working with the new equipment. Even security gurus have to undergo this procedure at regular intervals. In November

Information Security Disconnect: RSA, USB, AV, and reality

The world's largest information security event, the annual RSA Conference, is over for another year. Most of the more than 18,000 people who attended the 2012 gathering are probably back home now, getting ready to go into the office. What will be top of mind for them, apart from "How did I manage to survive

Find the bad guy in a deluge of big data – RSA day three

So someone is attacking you, maybe with a flood of traffic as a noisy backdrop to distract you while the bad guy slips in undetected. So how do you stop the hacker amidst the noise, fast enough to act to stop the attack? That was the subject of many vendors and conversations at RSA –

SMB cyber security: we feel your pain – RSA day two

Day two of the show, and we ask vendors and participants what the pain points are for Small and Medium Businesses (SMB), especially in the category from 25 to 250 member organizations, even narrowing that to 100 employees or less. It seems this sector is largely missed by the large vendors on the show floor

Rogue mobile devices in your enterprise? RSA day one

While our recent post on BYOD focuses on the prevalence and/or risk of inadequately trained staff potentially creating problems for the core IT infrastructure using their own personal devices for work, it seems others here at RSA are concerned with preventing the exact same thing, but from a different angle. I attended one “lighting round”

Windows Phone 8: Security Heaven or Hell?

Introduction Mobile World Congress 2012 is almost upon us, and one of the most hotly-anticipated topics is the next generation of Microsoft’s smartphone operating system Windows Phone 8, which has been kept under wraps far more tightly than its PC counterpart, Windows 8. While Microsoft was an early adopter in the creation of smartphones with

Password management for non‑obvious accounts

A continuation on: Time to check your DNS settings? After 7 March 2012, lots of people potentially can be hit as their systems are infected by a DNS Changer. Several government-CERTs have already warned their users. Rather than using the ISP’s DNS Servers, the malware has changed the settings to use DNS Servers controlled by

Pinterest.com security – step by step how‑to

I recently signed up for Pinterest.com, a hip, trendy pin board style website that allows beefed up sharing of your interests with friends via a large visual bulletin board style forum where fans of a particular subject can post what they find compelling, and want to share. Then other friends can weigh in on the

Iranian TOR arms race a shadow of things to come?

Recently, the anonymizing network system TOR (The Onion Router) found its traffic was ratcheted to a standstill in Iran, prompting a comparison by one of the TOR project developers to an emerging “arms race”. Users of the service, hoping to evade state censorship/snooping, encrypt the traffic that then gets routed anonymously around the globe. But