Archive for January, 2007
2007.01.12 Daily Security Reading
by Rodney Campbell on Jan.12, 2007, under Security
Today’s spies exist in an age of constant information exchange, in which everyday citizens swap news, dial up satellite pictures of their houses and collaborate on distant Web sites with strangers. If the spies do not join the rest of the world, they risk growing to resemble the rigid, unchanging bureaucracy that they once confronted during the cold war.
High-Tech Handsets are Hacker Bait
Cyber crooks view new, smarter mobile devices as conduits to corporate networks.
The Ultimate Guide to Eliminating Spam Email
This in-depth guide to reducing the amount of spam you receive covers tools for both the novice and the power user: reputation filters, context analysis, DomainKeys, augmented addresses, and other tips and tricks to keep spam from ever reaching you.
2007.01.11 Daily Security Reading
by Rodney Campbell on Jan.11, 2007, under Security
According to GFI, a leading provider of network security, content security and messaging software, every IT manager should make it part of their New Year’s Resolution to protect their networks from the following threats in 2007.
The 60 Minute NSA Network Security Guide (pdf)
This Security Guide addresses security a bit differently. Instead of focusing on a single product or component it covers a wide range of network elements with the notion of providing a terse presentation of those most critical steps that should be taken to secure a network.
Make your own man-in-the-middle attack’ website found
So-called universal phishing kits allow users to configure their attacks to take advantage of any target website.
Scary Blogspam Automation Tools
Authors of this software package claim their product can evade a variety of technologies designed to defeat blogspam.
2007.01.10 Daily Security Reading
by Rodney Campbell on Jan.10, 2007, under Security
PHP apps – Security’s Low-Hanging Fruit
Common security mistakes by developers are giving PHP a bad name… PHP coding errors have become the new low-hanging fruit for attackers.
Daily Dave: Today’s patches – Microsoft January Bulletin
Wireless Forensics – Tapping the Air – Part Two
Technical challenges for wireless traffic analysis.
2007.01.09 Daily Security Reading
by Rodney Campbell on Jan.09, 2007, under Security
10 things you should know about privacy protection and IT
These days, IT bears a tremendous responsibility for safeguarding corporate data and protecting personal privacy information. This overview shows just how entrenched privacy concerns have become in the regular operations of the IT organization.
Hacking 2.0: Today’s Hackers Target Web, For Money
Web Security firm Finjan has just released their Q4 2006 report on web threats, which includes describing two cases of web 2.0 hacker attacks, on Wikipedia and MySpace. What’s more, the report says that hacking the Web is very much a commercial activity nowadays.
2007.01.08 Daily Security Reading
by Rodney Campbell on Jan.08, 2007, under Security
There has recently been considerable alarm about the possibility of a malicious code spreading via Skype. Skype is a system that allows voice communication over established Internet connections, in an environment very similar to that of telephone calls. It even allows calls to be made to telephones from a computer, with lower tariffs than that of a normal call.
HD-DVD anti-copy encryption cracked
A programmer going on by the name muslix64 has posted a Java-based application that will free the encrypted video from its protection.
IE users at risk for 284 days in 2006
Exploits and unpatched critical vulnerabilities put the users of Internet Explorer at risk 77 percent of the time last year, according to the latest number crunching by Brian Krebs of the Washington Post’s Security Fix blog.
The Month of Apple Bugs, Apple responds by assigning an engineer to fix the problems.
Are you confused by NAC? If so, you’re not alone. Even NAC (Network Access Control) vendors can’t agree on what exactly the concept means.
Subverting Ajax (pdf)
The ability of modern browsers to use asynchronous requests introduces a new type of attack vectors. In particular, an attacker can inject client side code to totally subvert the communication flow between client and server. In fact, advanced features of Ajax framework build up a new transparent layer not controlled by the user.
A general overview of email spoofing and the problems that can result from it.
Changing Your MAC Address In Window XP/Vista, Linux And Mac OS X
We’ve now seen several phishing web sites that are using flash-based content instead of normal HTML. Probably the main to reason to do this is to try to avoid phishing toolbars that analyze page content.
Five Hackers Who Left a Mark on 2006
In the security year that was 2006, zero-day attacks and exploits dominated the headlines.