Articles about Security

Bad passwords are worse than you think

I spend a lot of time defending educational as opposed to purely technical solutions to security. Not that I don’t believe in the usefulness of technical solutions. However, there are many people in the security business who believe that education is a waste of time because it isn’t 100-percent effective. Unfortunately, you can make the very same argument against any technological solution. Randy Abrams and I discussed that conflict of ideas at some length in a paper for AVAR: see People Patching: Is User Education Of Any Use At All? And Robert Slade made some excellent points more recently in post Security unawareness.

Static passwords are a pretty good example of a technology that’s proved to be less than 100-percent effective time and time again, yet is considered effective enough to remain the authentication mainstay of many a web service. Well, I could argue that it’s not so much about effectiveness, as a trade-off between effectiveness in terms of privacy, and the cost of implementing better authentication mechanisms. But that’s a discussion for another time.

Continue reading

Spend your vacation with one of these 18 software downloads

The release of Windows 8 draws ever closer and this means that there is a slew of apps being updated to add support it. Paragon Image Backup for Windows 8 is one such program, giving you the chance to backup and restore your data free of charge. Fans of system tweaking and optimization should take a look at Auslogics Disk Defrag 3.5.0.0 and Auslogics BoostSpeed 5.4.0.0, which can be used to ensure the best possible performance from your hard drive as well as giving you a raft of tools to help boost the speed of Windows.

Whether you’re upgrading to Windows 8 or not, you should keep an eye on your internet connection to check how it is being used by different programs, or malware, and this is something that Net Guard 2.0.7.0 enables you to do. This week also saw the release of Windows Essentials 2012, the latest collection of free tool from Microsoft including Live Messenger, Movie Maker, SkyDrive and more.

Continue reading

Blizzard hacked for real this time -- change your passwords NOW!

In May we read that game maker Blizzard, developer of a series of popular games including World of Warcraft, Diablo III and Starcraft, was hacked, but that turned out to just be individual compromised accounts from some of its users. Now we read, from Blizzard itself rather than a third party, that they have been hacked and information compromised on their networks. So how are they doing with the breach?

"This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard", the company says. So did they respond well? It seems they got the jump on things and responded quickly, a smart move: "We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened."

Continue reading

Add Ring3 API Hook Scanner to your security toolkit

Detecting rootkits and similar stealthy malware is always a challenge, so it can be a good idea to equip your PC with third-party tools which may be able to help.

And the latest candidate is the rather geekily-named Ring3 API Hook Scanner, a new NoVirusThanks release that will scan your system for some user mode hook types (inline, IAT, EAT) and report on anything it finds.

Continue reading

The problem with cloud security is...

Sharing details of the hack that “wiped his life” has earned Mat Honan a place in the annals of information system security; the specific interdependence of flawed authentication systems that cost him so dearly -- encompassing Apple, iCloud, Amazon.com, Gmail and more -- would probably still exist if Honan had not gone public. Wired has the full story for those who have not been watching it unfold on Twitter.

As news spread last weekend about how much of Honan’s data the hackers had wiped out -- by social engineering Apple Support into wiping his iPhone, iPad and MacBook -- the company quickly moved to suspend over-the-phone resetting of Apple ID passwords. Amazon also reacted and, according to a follow-up report in Wired: “handed down to its customer service department a policy change that no longer allows people to call in and change account settings, such as credit cards or email addresses associated with its user accounts”.

Continue reading

Microsoft and NYPD make new Precrime tool, hopes you won't get a red ball

New York City Mayor Michael Bloomberg and NYPD Police Commissioner Raymond Kelly unvield a new partnership with the Microsoft Corporation. Working together, New York Police Department and Microsoft developed a crime prevention and counterterrorism information analysis platform they call Domain Awareness System. When fully deployed, the new system will provide NYPD investigators and analysts a comprehensive view of potential threats and criminal activity. DAS will help aggregate and analyze public safety data in real time.

DAS takes tips, emergency response calls, and other live incident and safety reports and automatically ties them to richer amounts of information. A network of smart CCTV cameras, license plate readers, speed cameras, and pre-existing cross-agency database information is filtered to relate to those incidents and tips that match. Law enforcement can then develop live real-time incident reports that can be transmitted to police in the field.

Continue reading

State-sponsored 'Gauss' cyber-weapon targeted Lebanon, says Kaspersky

Security company Kaspersky Lab on Thursday announced it had discovered a malware called Gauss which ran from September 2011 to July 2012, and was similar in design to the notorious Flame worm. The company believes Gauss to have been another state-sponsored cyberweapon.

Kaspersky said Gauss was discovered because of the increased efforts to identify and halt international cyber-weapons in the wake of Flame, Stuxnet, Duqu, and other military-grade security threats.

Continue reading

Heat up August with one of these software bargains

The Downloadcrew Software Store is a great place if you’re looking for a software bargain, but with so much to choose from, it can be difficult to know just where to begin. Security and tweaking is a very good place to begin, and you can save 77 percent off the MSRP when you buy AVG Premium Security Complete Bundle for just $29.95. This exclusive deal gives you everything you need to keep yourself safe online and include four great AVG products.

Everyone wants to get the best possible performance from their computer and this is something that AVG PC Tuneup 2012 [1-PC, 1-Year] could help with. For just $8.95 -- saving your 78 percent off the MSRP -- you cn tweak and optimize your system in next to no time, and there’s an even better deal availbale if you want to take care of multiple computers. AVG PC Tuneup 2012 [3-PC, 1-Year] gives you the same great tuneup options, but it can be installed on up to three computers. This could be yours for just $10.95, saving you 78 percent. AVG Internet Security 2012 Plus Bundle is another great selection of four AVG products that could be your for just $29,95 -- saving you a massive 80 percen off the usual MSRP of $149.

Continue reading

Net Guard keeps an eye on your Internet connection

Whether you’re worried about security, hoping to optimize download speeds, or just trying to save money, keeping an eye on how your Internet connection is being used can be very helpful. Windows doesn’t provide many tools to help in this area, unfortunately, but there are plenty of third-party alternatives available -- and Net Guard is a great example.

The program opens with a tiny toolbar that just displays the upload and download speeds for any currently open connections. And so you’ll have an immediate indicator that lets you know that a process has gone online.

Continue reading

Steve Wozniak is right -- users are going to eventually be burned if they rely solely on cloud backup

Apple co-founder Steve Wozniak this week warned of the perils of depending too much on cloud storage and the general press reacted like this was: A) news, and; B) evidence of some inherent failure in cloud architecture. In fact it is not news (Woz never claimed it was) and mainly represents something we used to call “common sense”.

However secure you think your cloud storage is, why solely rely on it when keeping an extra backup can cost from very little to nothing at all?

Continue reading

Microsoft Attack Surface Analyzer 1.0 sniffs out security weakness

Edge security

After more than 18 months in beta, Microsoft released version 1.0 of its free Attack Surface Analyzer, a tool which aims to highlight security weaknesses that have been introduced by the installation of any given application on a Windows 7 PC.

And as with the previous builds, the program is very easy to use. You run a baseline scan to capture your setup now, install an application, run another scan, and the Analyzer tells what’s changed: new processes, services, loaded modules, network connections and a whole lot more.

Continue reading

Corporate America is ripe for phishing

Phishing password

A new survey released Tuesday by the Chantilly, Virginia-based security and anti-spam company PhishMe has a lot to say about filtering phishing attack emails in the corporate environment. PhishMe conducted a survey at this year's Black Hat hacker conference in Las Vegas, July 24th to the 26th. PhishMe surved 250 security professionals, of whom more than two thirds (69 percent), have said they encounter phishing messages that get past anti-spam filters at least a few times a week. Nearly a quarter of those surveyed say they see multiple phishing emails daily in their corporate network users' mailboxes.

"Phishing" is the name given to a form of an email attack that uses social engineering tactics to lull the recipient into a false sense of security in order for them to click links within the email. The email can have links that look like they go to real sites, but are in fact redirecting Unicode Urls that don't show up properly in most email clients still. The point of these emails is to gather user information though man-in-the-middle style attacks, or to get the user to malicious websites that can execute malicious code, installing viruses or rootkits on a system. A more targeted form of this type of attack is called "Spear Phishing", an email attack in which the phishing emails are targeted to a specific person or group of people, usually people within an organization that shares a common set of information.

Continue reading

Scattered clouds: Why I don’t trust other people with my data

It’s the Next Big Thing. Any vaguely IT-related person just has to say something like “computing is moving to the cloud” and everyone nods their heads wisely. And so it is with Office 2013. I’ve been using the Public preview of Office since it appeared two weeks ago, and I have to say I like it; and I also like the much more straightforward integration with Skydrive and Sharepoint. But there’s still no way I’m going to change my default habit of local saving and working to using the Cloud as my primary storage. And here’s why.

There are several aspects to this, and the first two are most revealing of the way in which people sitting in Redmond, Wash., Cupertino, Calif., or most other major corporations live in a different world from the rest of the population of this little blue planet of ours.

Continue reading

Have you looked at your .htacess file recently? Your Apache server may not be secure

If your organization’s website runs on Apache, and many do, you might wonder if the webserver’s .htaccess controls are securely configured. If you believe the demo we saw on July 27 at Black Hat by Matias Katz and Maximiliano Soler, the answer is a resounding ‘NO!’ What Katz and Soler describe in their session is not some rare “corner case” hack that could only possibly occur in a lab with billions of automated attempts, this is easily testable in the real world, and the tools to exploit it are freely available.

It turns out that Apache, the most commonly-used web server in the world, has an arrangement where it hands off PHP-based requests within .htaccess to PHP itself, which has worked fine on millions and millions of websites for years. But with .htaccess, you can specify what requests get sent to PHP to try to interpret. The usual methods are GET and POST, but if you feed the .htaccess process some non-standard input, PHP automatically (unless otherwise instructed) treats it as a GET request, and allows the utility to start saving the PHP files on a webserver to your local filesystem.

Continue reading

Cool the summer heat with one of these 24 software downloads

It’s the end of another month and the end of another busy week of software releases. If you’ve been too caught up with other things to keep an eye on the titles that have been hitting the download servers over the past seven days, this roundup will bring you up to speed.

Tomahawk 0.5.5 is a social media player that enables you to play your local music collection as well as tracks from the web, and also enables you to browse through the collections of your friends. If you’re keen to share your musical taste with your friends, look no further than ON AIR 4.0.0.834, which will automatically update your Skype status with the track you are currently listening to.

Continue reading

© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.