Latest Posts | Page 153


I don't know if you encounter the same problem as I, but I keep on receiving spam from people I however do like (friends, family, etc). You know, the kind of awfully nice people that nonetheless strangely feels compelled to forward their own rubbish: hoaxes, chain letters, petitions, jokes and, of course, a full load of lengthy attachments. This is a real nuisance, yet I cannot report them to online spam fighting websites, nor simply black list them: from time to time, among other mails, they do send interesting stuff (personal news, cool invitations),... [Read More]
by RSS Axelle Apvrille  |  Jun 25, 2009  |  Filed in: Security Research
While the next generation of tech has arguably arrived, it is simply a fact now that social networking sites and the blogosphere have become an integrated part of many peoples lives - some may even call them home (at least to their browsers). In 2008, we predicted the wave of spam that would hit these "Web 2.0" platforms as it was a natural target for spam to migrate to after years of living inside of mass mailers. Indeed, throughout the year of 2008 we witnessed a barrage of attacks on these sites: malicious social applications, "Spam 2.0", worms... [Read More]
by RSS Derek Manky  |  Jun 18, 2009  |  Filed in: Security Research
Last week, I had hardly reached my desk when a colleague rushed by my side and told me, all excited, Apple had announced the release of a new iPhone 3GS. They also unveiled interesting new functionality in MobileMe, which started out a long chat in our lab. To summarize our discussion, tomorrow, MobileMe is releasing three novelties: locating your iPhone, for example, when it is lost displaying a message or a sound onto your iPhone remotely wiping your iPhone so a thief won't find read any sensitive data All of these are quite appealling at... [Read More]
by RSS Axelle Apvrille  |  Jun 16, 2009  |  Filed in: Security Research
Read this article if you use CRC32, or if you know it is unsecure but think it is good enough in your case. CRC32 - Cyclic Redundancy Check with 32 bits of output - is a widely used checksum algorithm. It is designed to detect accidental alteration of data during transmission or storage. It is not meant to be used in security-related situations. Now, my crypto-friends are probably already bored and will tell me it has been known for ages. Sure, but if it is that obvious, why do people keep on using CRC32 in wrong situations ? Have a look at the... [Read More]
by RSS Axelle Apvrille  |  Jun 09, 2009  |  Filed in: Security Research
On May 29th, 2009, U.S. President Barack Obama held a conference at which he discussed a cyber security plan following an earlier 60 day review released in April. While there has been much debate and discussion on this initiative which is yet to take development with the announcement of a cyber "czar", I think one the more important aspects to recognize is that this is a step forward. Is it a step forward because this is the one answer, the silver bullet launched from the U.S. to stop cyber terrorism and information warfare in its tracks? Certainly... [Read More]
by RSS Derek Manky  |  Jun 04, 2009  |  Filed in: Security Research
I decided it was high time I changed my car, well it was either that or wash it. So not being a car-o-phile I didn't have a specific model in mind so decided to head to that area of down where all the showrooms are located. I gave the GM dealer a miss, their financial position seems way too exciting for me to come involved in just at the moment, I wish them luck. I pick a showroom based largely on reputation and anecdotes and set about selecting a model that I thought would suit, a wheel on each corner, the right number of seats. Much discussion... [Read More]
by RSS Darren Turnbull  |  Jun 03, 2009  |  Filed in: Security Research
Tags: security utm
There was much activity to recap on our May 2009 Threat Landscape report, now available through Fortinet's FortiGuard Center. During this month-long period from late April to May, there were many items to highlight: Threats were on the increase in all areas, with a flurry of activity coming from malware. Last report we discussed the consistent activity from Virut and online gaming trojans, as well as the real money trading business in which cybercriminals flock: gold farming, account harvesting, etc. There were three gaming trojan variants present... [Read More]
by RSS Derek Manky  |  May 28, 2009  |  Filed in: Security Research
Tags:
This is the topic of an Interop panel featuring Anthony James, Fortinet vice president of products, and folks from Juniper Networks, Palo Alto Networks and Ashton, Metzler & Associates. The panel will be at 11:30 a.m. tomorrow at Mandalay Bay, Breakers E room. Here's the overview: _The traditional wide-area network (WAN) firewall makes two flawed assumptions. One assumption is that the information contained in the first packet in a connection is sufficient to identify the application. The second assumption is that the transmission control... [Read More]
by RSS Rick Popko  |  May 19, 2009  |  Filed in: Security Research
Fortinet delivers a new generation of high-performance security with FortiOS 4.0, extending the scope of consolidated security and networking capabilities within FortiGate® multi-threat network security platforms. In this video Jason Wright of Fortinet’s product group provides a quick introduction to it's top new features, including: WAN Optimization Application Control SSL Inspection Data Leakage Prevention (DLP) [display_podcast] For more information, please visit http://www.fortinet.com/products/fortios/ [Read More]
by RSS Rick Popko  |  May 19, 2009  |  Filed in: Security Research
Tags: video
Our sensors (i.e. our digital media person, a rabid fan of Facebook) caught today some interesting Facebook private messages. One of such, sent by a "Friend" to about 100 contacts of hers, merely consisted in a domain name, as can be seen below: Fortunately for Daniel, he did not know what to do with it (or he knew, but did not want to); yet other recipients may have recognized a domain name, and entered it in their browser's address bar, out of curiosity. After all, that's from Martha, and she usually sends rather funny links. Of course, the... [Read More]
by RSS Guillaume Lovet  |  May 04, 2009  |  Filed in: Security Research