Downloaders note—ISP Copyright Alert System rollout begins
2012.10.19.13:55
Internet service providers are now rolling out a system to warn or punish users who download and share copyrighted content. AT&T, Cablevision, Comcast, Time Warner Cable, and Verizon are all participating, and will roll out their responses over the next two months. The so-called Copyright Alert System varies by ISP, but calls for gradually more severe responses to each infringement, starting with emailed warnings and escalating to throttled data speeds or temporary suspension of service.
Protecting PCs from the next zero-day threat
2012.09.26.22:33
For every zero-day vulnerability we patch, there’s another waiting in the wings — and yet another, no doubt.
Why Do Not Track is worse than a miserable failure
2012.09.21.12:35
As a consumer, you’d think that the meaning of “Do Not Track” is pretty clear. But the big data-collecting companies that are behind this standard seem intent on making sure it does nothing at all.
When it comes to cybersecurity law, where do we draw the line on information sharing?
2012.09.18.10:16
Information sharing in law enforcement and national security is essential, but in a democracy, so is privacy. The challenge is how we balance those two factors.
Rethinking the process of hard-drive sanitizing
2012.09.12.22:33
Standard drive- and file-wiping tools are no longer adequate for completely removing data — especially when used with the newest hard drives.
Thwarting cyberspace invaders
2012.09.12.12:15
Florida Tech University illustrates the need for trained IT and security professionals to combat the rise of cybercrime.
FBI launches $1B ID search program
2012.09.10.11:03
A next-generation identification program is moving toward biometrics, and stepping away from traditional fingerprint searches.
Apple: We didn’t pass iPhone, iPad device IDs to FBI
2012.09.05.17:26
Both the FBI and now Apple have come forward to state that they had no involvement the ongoing ‘UDID-gate,’ which led to more than 1 million iOS device codes leaking to the Web.
Vendor’s biometric software compromises “entire security model of Windows accounts”
2012.09.05.16:56
Flaw in fingerprint reader software called “nothing but a big, glowing security hole.” Vulnerability exposes all files, documents on PC.
BitTorrent spies can jump on P2P pirates in just three hours
2012.09.05.12:12
Sharers of copyrighted content could be found by monitoring programs within three hours of circulating popular pirated movies and music, researchers have found, and methods to avoid the monitors may be ineffective.
FBI hack yielded 12 million iPhone and iPad IDs, Anonymous claims
2012.09.04.08:31
Hackers associated with Anonymous have published a million unique device identifiers from Apple devices, claiming they were taken from an FBI computer. The alleged hack was intended to publicise the existence of some kind of secret FBI tracking project.
Cybercriminals impersonate popular security vendors, serve malware
2012.08.29.16:12
Security researchers from Websense have intercepted a currently circulating spam campaign, impersonating popular antivirus vendors in an attempt to trick end and corporate users into downloading and executing the malicious attachment.
How Cybercriminals and Hacktivists Use DDoS Tools to Attack
2012.08.29.14:45
Network professionals know that distributed denial-of-service attacks are an ever-growing danger.
60-minute Security Makeover: Prevent Your Own ‘Epic Hack’
2012.08.23.05:20
Here are some ways to beef up security on your digital life — before someone hacks into your digital life.
Poor Passwords Cracked in Seconds
2012.08.22.11:43
Yesterday a hacker going by the moniker r00tbeer gained access to servers owned by Dutch technology star Philips and dumped a collection of databases to a public site. The leaked data included a smallish database of unencrypted passwords (for shame!), a stolen list of 200,000 email addresses, and a database containing 400 hashed passwords.
Australian Cybercrime Bill passes Senate, set to become law
2012.08.22.05:35
The Cybercrime Legislation Amendment Bill 2011 has passed through the Australian Senate, allowing Australia to accede to the Council of Europe Convention on Cybercrime.
Want Security and Privacy? Turn Off Your Mobile Devices’ GPS
2012.08.21.15:20
Security experts are making the strong argument to turn off mobile devices’ GPS functions unless really needed.
Adjust your privacy settings after Facebook’s dreaded timeline change
2012.08.21.09:38
If Facebook has dragged you kicking and screaming into the timeline feature, be aware that your old privacy settings won’t carry over.
Technology’s Dark Side: Devious Devices Designed to Harm You
2012.08.20.19:52
From ATM skimmers that steal your money to hackable insulin pumps, technology does have a dark side. And the various forms of sneaky tech can have frightening consequences.
Password Resets on Email Key to Online Compromise
2012.08.20.18:00
Taking over someone’s digital identity is not that difficult if you have access to that person’s email account. A researcher conducted a “small experiment” to illustrate just how easy it is to seize control.
A Sinister New Breed of Malware is Growing
2012.08.17.12:48
New threats like Shamoon, Flame, and Stuxnet represent a concerning evolution for malware attacks.
Shamoon malware infects computers, steals data, then wipes them
2012.08.17.12:09
Security companies have detected a piece of malware that steals files from infected machines, then renders the computers useless by overwriting their master boot record.
$50 Hacking Device Opens Millions of Hotel Room Locks
2012.07.24.13:44
If you’re staying at hotel, it might be a good idea to check the manufacturer of your door lock. A black hat hacker has unveiled a method that allows a fairly simple hardware gadget to unlock door locks manufactured by Onity.
Ten Ways To Avoid Being Hacked at Black Hat
2012.07.23.12:00
This is where you’ll find the world’s best researchers demonstrating their latest hacks of gadgets, software, people… Naturally, as attendees, we don’t want to become proofs-of-concepts ourselves.
Power Pwn: This DARPA-funded power strip will hack your network
2012.07.22.20:03
The Power Pwn may look like a power strip, but it’s actually a DARPA-funded hacking tool for launching remotely-activated Wi-Fi, Bluetooth, and Ethernet attacks. If you see one around the office, make sure to ask if it’s supposed to be there.
Researcher Releases Smart Meter Hacking Tool
2012.07.22.06:18
Security consulting firm SecureState today released a new open source hacking tool that it claims will let security researchers and penetration testers verify the security of electric utility smart meters being installed in millions of homes around the country.
Unbreakable crypto: Store a 30-character password in your brain’s subconscious memory
2012.07.19.10:17
A cross-disciplinary team of US neuroscientists and cryptographers have developed a password/passkey system that removes the weakest link in any security system: the human user. It’s ingenious: The system still requires that you enter a password, but at no point do you actually remember the password, meaning it can’t be written down and it can’t be obtained via coercion or torture.
Texas College Students Hijack Drone Aircraft
2012.07.02.02:47
Evidently, all it takes is about $1K worth of computing equipment and some technical know-how to hijack a military drone. The Department of Homeland security asked a group of Texas students to take a run at controlling the drone and they were able to spoof the drone’s GPS signal pretty easily. Interesting, but it really begs the question: isn’t this something the Air Force should have tested before we started flying them over foreign countries? Because, you know, Iran has college students with computers, too.
New Key Technology Simplifies Data Encryption in the Cloud
2012.03.10.07:35
Data at rest has long been protected by technology called public key infrastructure (PKI), in which data is encrypted when it’s created by a public key and only decrypted, in theory, by an authorized person holding the private key. But extending this type of data protection to the cloud can be complicated.
Senators introduce new cybersecurity act
2012.02.15.05:01
The Cybersecurity Act of 2012 calls for the Department of Homeland Security (DHS) to assess risks and vulnerabilities of computer systems running at critical infrastructure sites such as power companies and electricity and water utilities and to work with the operators to develop security standards that they would be required to meet.
Ask wouroud.com order cialis online the doctor if the dosage can be altered to lower value or even you ask for any alternative way of treatment. We have an obligation to our veterans, to our deceased veterans, to order viagra professional their families, and to all Americans. According to research, the buy 10mg levitra men who are at high risk of developing erection problem. What do you have t lose? It took Pfizer’s cheap viagra in uk seven years to reach Indian shores.
Global Knowledge 10 Current Security Threats for Individuals (PDF)
2011.10.10.14:39
We now live in a world where new threats are poised to cause us harm in ways most of us never dreamed possible. The convenience and benefits of Internet access, always-on connectivity, and mobile devices have made us vulnerable to these attacks. It is time for us to adopt a new set of street smarts – technology skepticism. Blindly trusting electronic resources, connectivity, or services is placing us, our identities, our finances, and our privacy at risk. Pay attention and take precautions. An ounce of prevention is absolutely better than a pound of cure.
Lightweight Portable Security (LPS)
2011.09.26.1007
Lightweight Portable Security (LPS) is the first official U.S. Linux distribution.
Six Ways to Find Your Stolen Laptop
2011.07.06.08:23
I was on vacation recently and because I can’t stand to be away from the luxurious Ziff Davis Content Management System for more than 24 hours, I brought my laptop. About 30 minutes after checking into my hotel, I realized I had left my laptop on the back of the taxi. Not a taxi, but a town car. Driven not by a mere man, but a hero who returned my laptop within the hour. I got very, very lucky, but it is better to be prepared. Check out these six ways to find a lost laptop. They cost about as much as I tipped the driver and don’t rely on the kindness of strangers.
Sony Pictures Falls Victim to Major Data Breach
2011.06.02.17:02
LulzSec, a hacking group that recently made news for hacking into PBS, claimed today that it has broken into several Sony Pictures websites and accessed unencrypted personal information on over 1 million people.
Using Prey, you’ll have the upper hand over thieves
2011.06.08.14:59
A laptop is a lot of things—it’s a mobile entertainment center, a portal to the web, and a way to get work done away from home. More than anything, though, it’s a freakin’-expensive piece of hardware that you absolutely do not want to lose.
Five Security Apps That Can Help Recover a Stolen Laptop
2011.06.03.10:13
Carry your laptop everywhere you go, and at some point, you are going to lose it. Maybe you leave it in a cab, maybe someone will swipe it from you in a cafe, but it happens. Luckily, now there are a bunch of software apps that can help you get your laptop back. We run down five of them here. PCMag will be doing full reviews soon.
Photos From Bay Area Man’s Stolen Laptop Lead To Arrest
2011.06.02.07:49
In this image provided by Joshua Kaufman, a man later identified as Muthanna Aldebashi is seen via a webcam on a laptop owned by Kaufman. Kaufman, of Oakland, said he retrieved the laptop Wednesday, June 1, 2011, a day after police arrested the 27-year-old man in the photographs. (AP/Joshua Kaufman)
Keep your data safe while on the road
2011.04.20.22:53
Sure, you’ve put in all the right data-security tools at your office, but how about when you or your employees are outside the firewall?
U.S. Gov’t to Thank for Phone-Wiping Panic Button
2011.03.31.01:05
Red Alert! Cops coming and you’re concerned about deleting what’s on your cell phone in case it’s confiscated? Thanks to the U.S. Government, there will be an app for that – the panic button app will be able to wipe phones.
Erase Yourself From the Web
2011.03.31.01:05
Drunken party pictures from college haunting you? Fed up with Facebook? Victim of Internet overwhelm? Here’s how to protect yourself by wiping your data off the Web.
Gawker
2010.12.22.22:49
Last week, somebody broke into Gawker.com and stole 1.3 million account names, e-mail addresses, and passwords — and then posted all the booty on the Internet. Your online security might not be at the top of your mind this time of year, but most likely you’re doing more Internet shopping. In light of the Gawker break-in, take a few minutes to assess your passwords.
Hacker Hits Kaspersky Website
2010.10.19.14:00
Scammers who try to trick victims into downloading fake antivirus software can strike almost anywhere. On Sunday they hit the website of Kaspersky Lab, a well-known antivirus vendor.
Gain Administrator Access Without a Password
2010.10.11.07:36
Alexleonardme acquired a used PC but doesn’t have an administrator password. He asked the Windows forum for help.
What Your Digital Photos Reveal About You
2010.09.12.18:15
The geotagging data contained in many mobile phone images lets strangers know exactly where you are.
Gang Uses Facebook to Rob Houses
2010.09.10.1633
Even with new privacy controls, many users are still vulnerable to snoopers; here’s how to check whether you’re sharing too much.
New analysis of stolen data brings surprises
2010.08.18.22:51
Every year, the highly respected Verizon Business RISK data crime–investigation team publishes an analysis of major online data thefts it’s been asked to study.
Security Secrets the Bad Guys Don’t Want You to Know
2010.07.22.03:15
Rogue scripts, fake antivirus programs, and infected PDFs: Defend yourself against the Web’s most insidious threats.
NSA’s Perfect Citizen Program: What You Need to Know
2010.07.09.15:01
The Wall Street Journal released a spook from under the sheet <http://www.theregister.co.uk/2010/07/08/perfect_citizen/> this week when it revealed that the super-secret U.S. National Security Agency (NSA) was going to spend $100 million on program called “Perfect Citizen <http://www.pcworld.com/businesscenter/article/200768/nsa_perfect_citizen_program_is_only_one_piece_of_cyber_security_puzzle.html?tk=hp_blg>” to monitor and protect key elements of the nation’s infrastructure. Here are some things you should know about the program.
What is Perfect Citizen?
According to the Wall Street Journal, Perfect Citizen will create a system to monitor vital agencies and private utilities against cyberthreats. According to the NSA <http://www.technewsworld.com/story/NSA-Perfect-Citizen-Is-All-About-RD-Not-Eavesdropping-70384.html?wlc=1278705226>, the program is purely a vulnerability assessment and capabilities development contract, a research and engineering effort.
Don’t Let Your PC Join the Zombie Hordes
2010.05.31.07:23
You may not be aware of this, but aside from Cinco de Mayo, Mother’s Day, and Memorial Day, there is another important event in the month of May–Zombie Awareness Month. While the month is intended to honor the sort of Zombieland, Night of the Living Dead, or Michael Jackson’s Thriller type zombies, it also seems like an appropriate time to address PC zombies and how to ensure that the computers on your network don’t become compromised and join the zombie hordes.
What You Don’t Know about Your Online Reputation Can Hurt You
2010.05.28.21:16
Social networking, and the broader concept of online privacy, have been under some rather intense scrutiny over the past couple of weeks. The issues at Google–voracious indexer of all things Internet, and Facebook–the largest social network and number one most visited site (according to Google) have made many users more acutely aware of what information is available about them on the Internet. However, your online reputation is being used in ways you may not be aware of, and could cost you.
Brightmail Tries to ID Spam Sources
Cara Garretson, Network World, 2004.02.16.01:00
New service tracks down IP addresses that send mostly junk mail.
With the deluge of unwanted e-mails that flow into corporations showing no signs of easing, antispam software maker Brightmail is offering a new service designed to identify IP addresses that send mostly junk mail.
Called the Brightmail Reputation Service, this new feature monitors hundreds of thousands of e-mail sources to determine how much mail sent from these addresses is legitimate and how much is spam, says Ken Schneider, chief technology officer of Brightmail. The company gathers information from user reports and from its Probe Network–a collection of decoy e-mail in-boxes designed to catch spam–to determine whether a given IP address sends valid or junk messages. There are about 300 million end users of Brightmail’s software, the company says.
“Enterprises hate seeing the same IP addresses banging them all day long. . . . Now they can terminate the conversation a lot earlier,” Schneider says.
Change of Preferences
The service creates a profile of each e-mail source from which administrators can decide whether to block mail from these sources or allow it into the company. Brightmail also will make available a “safe list” of e-mail addresses that have never sent spam to users of the Reputation Service free of charge, Schneider says.
“If an [IP address] produces 99 to 100 percent spam day after day . . . our enterprise product uses that as strong evidence” for blocking that address, Schneider says. “On the opposite end, we also track IP addresses that produce nothing but legitimate mail for the last six months. Users might want to route those [messages] around the filters and not pay the processing hit.”
With its new service, Brightmail is attempting to strike a balance between blocking IP addresses that send spam and ensuring that legitimate mail gets through to its destination. To avoid “over-blocking,” the Reputation Service continuously monitors e-mail sources and will update the profile of a given IP address if its status appears to change, the company says. For example, if an address considered to be a spam source doesn’t send unwanted messages for a given time period, Brightmail will update that source’s profile, Schneider says. The service will update the status of IP addresses on an hourly basis.
Not Enough
Brightmail says that one form of spam fighting–such as its Reputation Service–isn’t enough; companies trying to bring the amount of spam in their in-boxes down to a miniscule level must use many filters.
The company’s spam-filtering effectiveness recently won an “excellent” rating from The Yankee Group in its December report on anti-spam vendors. But the research company gave Brightmail’s enterprise software a “fair” for flexibility and labeled its e-mail server security features as “limited.”
Brightmail’s enterprise software, which began as a product for ISPs, competes with packages from companies such as Cloudmark, MailFrontier, and Proofpoint, and with services from FrontBridge Technologies and Postini.
The Brightmail Reputation Service, slated for release at the end of the month, is free to Brightmail Enterprise customers.
Customers can download the set of rules associated with the service.
In a separate announcement, Brightmail announced it has struck a deal with Voltage Security to provide its antispam software with Voltage’s SecureMail software. Brightmail’s software is available now with Voltage’s e-mail software.