Wednesday, July 9th, 2008
US-CERT and other security experts have warned of a critical design problem affecting all DNS implementations. The Domain Name Service is responsible for converting readable names like www.heise-online.co.uk into the IP addresses that computers can handle, such as 193.99.144.85. DNS is thus the internet equivalent to a phonebook and without ...
Posted in Internet, Privacy, Security | No Comments
Tuesday, July 1st, 2008
Our research team has identified a web-based attack technique that exploits the growing number of applications that require a web server being run on a local machine. Cross-Environment Hopping (CEH) is a result of this trend combined with the current limitations in browsers’ same-origin policy access restrictions.
The CEH technique enables ...
Posted in Coding, Internet, Networking, Privacy, Security | No Comments
Monday, June 23rd, 2008
A new generation of malware alware that looks for passwords to online games has emerged – and its success rates are stunning. Last patch Tuesday, Microsoft added special detection functions for two contaminants called Taterf and Frethog to its Malicious Software Removal Tool (MSRT). The results sent back to Redmond ...
Posted in Internet, Privacy, Security | No Comments
Monday, April 21st, 2008
Almost everyone knows what CSRF or better unauthorized requests are. I never really embraced CSRF as the correct term for unauthorized request issues, because the term is outdated and inadequate to contemporary hacking. For me, an unauthorized request is the layer or automation of a hacking procedure without direct interference ...
Posted in Internet, Privacy, Security | No Comments
Monday, April 21st, 2008
In a security alert last week, Microsoft reported a vulnerability which allows local users and users signed on with access to an Internet Information Server (IIS) or MS SQL server to escalate their privileges. Server operators such as hosting providers who allow user code to be executed, for example on ...
Posted in Coding, Privacy, Security, Windows | No Comments
Wednesday, April 16th, 2008
With JJ blogging about 802.1x, I thought it would be timely to talk about why I think small and medium sized enterprises (SMEs) do not and probably never will deploy 802.1x for wired networks.
I make a point of meeting with customers whenever I can. Amongst the small and medium ...
Posted in Hardware, Internet, Networking, Privacy, Security | No Comments
Tuesday, April 15th, 2008
If you don't have security software, your PC is an Internet mugging waiting to happen. We show you the eleven best pieces of software for defending yourself against online thugs.
The PC security landscape is constantly changing. Well paid, malicious programmers keep cranking out new and different attacks, and the security ...
Posted in Internet, Networking, Privacy, Security, Software | No Comments
Saturday, April 12th, 2008
At first glance, the Windows Vista firewall is disappointing to say the least. On the surface, it looks like a Windows XP leftover. In fact, the firewall's user interface in Windows Vista is nearly identical to the interface found in Windows XP. There aren't even any new configuration options available.
The ...
Posted in Internet, Networking, Privacy, Security, Windows | No Comments
Friday, April 11th, 2008
Security issues are on the minds of all CIOs these days. Whether the CIO of a 1,300-student liberal-arts college or that of a 13,000-employee Fortune 100 company, never before has the issue of data security been more important. Besides a record-breaking year of data breaches, legislation such as Sarbanes-Oxley, Gramm-Leach-Bliley ...
Posted in Hardware, Privacy, Security | No Comments
Wednesday, April 9th, 2008
Online malware attacks are becoming more pervasive, targeted, and refined as the underground threat economy continues to evolve and take on the characteristics of an organized industry.
The latest iteration of Symantec's Internet Security Threat Report -- covering its research over the final six months of calendar 2007 and released on ...
Posted in Internet, Privacy, Security | No Comments
