Latest Posts | Page 126


In light of new and sophisticated network security technology that stretches from Next Generation Firewalls to Unified Threat Management devices, the blogosphere has turned its attention to the importance and relevancy of an age old technology: the firewall. Opinions undoubtedly run the gamut, with not just a few concluding that firewalls in general are within throwing range of obsolescence. In actuality, nothing could be further from the truth. Firewalls, like anti-virus and spam filters, are esteemed as a cornerstone of any security arsenal -... [Read More]
by RSS Stefanie Hoffman  |  Oct 02, 2013  |  Filed in:
Mysterious, yet familiar Over the past couple of months, there has been a noticeable increase of heavily obfuscated JavaScript code that embeds malicious iframes. Most of those code were injected into JavaScript files included from compromised websites (instead of the home page), which is supposedly harder to spot by the website's admin. An example of such injected JavaScript code looks like this: Note that the comments around the obfuscated code (/d47c75/ and //d47c75/in this case) around the injected code serves as an injection marker for an... [Read More]
by RSS Patrick Yu  |  Oct 01, 2013  |  Filed in: Security Research
It is October, which means that it is also officially National Cyber Security Awareness Month. The National Cyber Security Alliance (NCSA) created this awareness program, now in its 10th year, as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online (#NCSAM). As the NCSA describes it, "Cybersecurity begins with a simple message everyone using the Internet can adopt: STOP. THINK. CONNECT." This message immediately reminds us what we tell our children to... [Read More]
by RSS Michael Perna  |  Oct 01, 2013  |  Filed in: Industry Trends
It is fair to say that most remote and traveling workers know that no public Wi-Fi hotspot is, or will ever be, deemed completely safe. But these days, that rings especially true for Windows Phone users when connecting to public wireless networks. Earlier this month, Microsoft issued an advisory warning users that a critical flaw in Windows Phone 7.8 and 8 could leave users susceptible to password theft when connecting to rogue Wi-Fi networks. Specifically, the flaw resides in a Wi-Fi authentication mechanism -- PEAP-MS-CHAPv2 - which enables... [Read More]
by RSS Stefanie Hoffman  |  Sep 26, 2013  |  Filed in: Business and Technology
A: The simplest answer is to make yourself a difficult target. Best case practices like patch management and using a basic firewall are easy ways to prevent basic snooping. Having the most up to date patches installed can, more often than not, resolve a majority of basic security vulnerabilities. Patch management is as fundamental to your security posture as changing the oil in your car. Being proactive about it is the veritable low hanging fruit when it comes to filling in security cracks. Adding a basic firewall on your network can make... [Read More]
by RSS Michael Perna  |  Sep 25, 2013  |  Filed in: Security Q & A
Gone are the days when Application Control was considered a luxury. Or even a kind of security value-add. In fact, it's safe to say, that for any business with an Internet connection the ability to secure and manage applications is not only a necessity but an inherent component of IT infrastructure. That said, Application Control has come a long ways since its inception. And it's had to. Its rapid evolution is driven, in part, by the fact that security solutions for other components in the network have already reached their stride. Many firewalls,... [Read More]
by RSS Stefanie Hoffman  |  Sep 25, 2013  |  Filed in:
The wizards at the Chaos Computer Club have publicly claimed to have defeated Apple's new TouchID sensor on the new iPhone 5s. Watch the short video they've posted online to start: So, how did they do it? They started with a fingerprint on glass, then using the superglue vapour method (which has been around a long time, and often used by law enforcement), were able to augment the print enough to allow it to be photographed at high resolution. After some image manipulation on the computer, the "cleaned up" print was then printed at a high... [Read More]
by RSS Richard Henderson  |  Sep 22, 2013  |  Filed in: Industry Trends
Today Apple formally launched the newest iteration of the iPhone family, the 5s and 5c. The 5s, as most people likely know by now, contains a new biometric fingerprint reader known as TouchID. TouchID's initial implementation allows iPhone users to simply touch their finger to the home button and the phone will unlock, negating the need for a user to input a passcode. Like many other in the security and hacking world, I've been anxiously awaiting today in order to see just how great TouchID is. In the first few hours of ownership, I can say it's... [Read More]
by RSS Richard Henderson  |  Sep 20, 2013  |  Filed in: Industry Trends
A SCADA environment (Supervisory Control and Data Acquisition) is unlike a conventional IT network in that it provides interconnectedness between industrial systems such as robots, valves, thermal or chemical sensors, command and control systems and HMI (Human Machine Interface) systems, rather than desktops. These environments monitor, manage and administer critical infrastructures in various fields such as transport, nuclear, electricity, gas, water, etc. Historically, these SCADA control systems have used a dedicated set of communication protocols... [Read More]
by RSS Michael Perna  |  Sep 18, 2013  |  Filed in:
Microsoft announced today that an attacker or attackers are exploiting a previously known exploit in virtually all versions of Internet Explorer. Microsoft has released an out of bound Fix-It patch for users to implement as soon as possible while they work on a permanent fix. The exploit is CVE-2013-3893 and allows an attacker to execute code remotely - this means that simply by visiting a hacked or malicious website, you will likely have malware installed on your system. To install the Fix-It patch, visit this page. Simply click on the "Enable... [Read More]
by RSS Richard Henderson  |  Sep 17, 2013  |  Filed in: Industry Trends