Next time you flip open your laptop as you wait for a flight or work at a coffee shop, beware, says the Federal Bureau of Investigation. The person next to you may be stealing your personal bank account information, address book and other files from your computer.
The agency warned earlier this week that the information on your computers may not be protected when using some of the 68,000 Wi-Fi hot spots, or local wireless Internet connections, around the country.
“Odds are there’s a hacker nearby, with his own laptop, attempting to ‘eavesdrop’ on your computer to obtain personal data that will provide access to your money or even to your company’s sensitive information,” the FBI said in a advisory on its Web site.
Read the rest of this entry »
Anyone who downloaded the Vietnamese language pack for Firefox 2 needs to run an anti-spyware and anti-virus scan, then disable the pack for now. Mozilla warned yesterday that all versions of that language pack downloaded from its servers since Feb. 18, 2008, were infected with pop-up ad serving software.
Window Snyder, Mozilla’s chief security officer, said the Vietnamese language pack was contaminated as the result of a virus infection. “This usually results in the user seeing unwanted ads, but may be used for more malicious actions.”
Read the rest of this entry »
According to a study just released by consulting firm Frost & Sullivan, you — that’s right: you — may be the most important factor in the security of your organization.
It’s not swanky software security suites, powerful ASIC security appliances, or even how qualified your IT security staff happens to be (though all of that helps) that is the most important factor to security. It’s not even choosing Apple’s Leopard OS X over the Windows Vista operating system.
Read the rest of this entry »
It doesn’t take a database expert to break into one
It takes the average attacker less than 10 seconds to hack in and out of a database — hardly enough time for the database administrator even notice the intruder. So it’s no surprise that many database attacks go unnoticed by organizations until long after the data has been compromised.
And surprisingly, according to many experts, the database — home of the enterprise’s crown jewels — is still not secured properly in many enterprises. Malicious hackers are using shockingly simple attack methods to break into databases, such as exploiting weak passwords and lax configuration, and capitalizing on known vulnerabilities that go unpatched.
And don’t even get us started on the epidemic of missing backup tapes: If the lost or stolen tapes are unencrypted, you’re toast if a bad guy gets hold of them. No hack required.
Read the rest of this entry »
The fake file claims to be an mp3 of Girls Aloud
|
Almost 500,000 people have been caught out by a booby-trapped media file, says security firm McAfee.
The fake file poses as a music track, short video or movie and has been widely seeded on file-sharing networks to snare victims.
McAfee said the fake media file outbreak was the largest it had seen for about three years.
Those running the fake file get bombarded with pop-up ads and risk compromising the safety of their PC.
The fake file or trojan has been widely distributed on the eDonkey and Limewire file-sharing networks.
Read the rest of this entry »
Security training organisation the Sans Institute claims centralised patch management can be used to counter the threat of automated, patch-based exploit generation.
The advice, published on Monday, follows the release of research from the University of California at Berkeley, University of Pittsburgh and Carnegie Mellon University that maintains that exploits for vulnerabilities in code can be reverse-engineered from patches and generated automatically.
Read the rest of this entry »
Instead of delivering tips for helping to improve security, let’s flip things on their head and look at some worst practices that trip up enterprise security personnel. By reviewing this list of things not to do, organisations can learn some important lessons from the failures of others. They suffered the pain, but we get the gain.
In this article, I’ve formulated several worst practices based on the common actions and beliefs of enterprise security personnel. I’ve seen the concept underlying each of these bad tips applied in real-world enterprises, causing a significant amount of grief. However, it’s important to note that there’s a grain of truth in each one of these issues. That’s what makes each one attract some adherents. To help make sense of it all, I will describe each worst practice, followed by the reality we face in securing our organisations.
Read the rest of this entry »
Facebook has millions of users throughout the world
|
Personal details of Facebook users could potentially be stolen, the BBC technology programme Click has found.
The popular social networking site allows users to add a variety of applications to their profile.
But a malicious program, masquerading as a harmless application, could potentially harvest personal data.
Facebook says users should exercise caution when adding applications. Any programs which violate their terms will be removed, the network said.
Stealing details
Read the rest of this entry »
