RSS Alerts

Tag Cloud

hacking Policies Malware Processes Compromised Sites Business Value Web Security security

Bloggers

Blog

Follow and talk to Infosecurity's bloggers.

Follow Infosecurity's bloggers as they share their thoughts on the industry, technology, and much more. Our bloggers have been selected for their industry expertise. They welcome interaction, so we encourage you to add your opinions to theirs.

2
comments
Use Music to Fight Cybercrime: ‘Maga No Need Pay’
When I travel through Africa, the high piracy rate is often something we address. Not necessarily from a commercial perspective but much more from a security angle. We know that pirated software is often infected with malware and therefore used for criminal activities. However, the discussion is a d ...
Posted 09 February 2010 by Roger Halbheer
tags: Cybercrime , Piracy
1
comment
Targeted Attacks – the “Real” Problem
When I talk to customers, the different attacks are often something we discuss (obviously). I often mention that Virus and Worm attacks on a broad scale (like Conficker, etc.) are a serious problem, but at least they are ones we see, understand, and can fight (because we see and understand it). How ...
Posted 05 February 2010 by Roger Halbheer
tags: Incidents , Cybercrime
0
comments
Fake Firefox Update Pages Push Adware
Since its’ release on January 21st, the newest version of the Firefox web browser has received a great deal of attention. In just a short time it has achieved over 30 million downloads. Adware pushers are capitalizing on the success of Firefox, packing ad serving software in with the prog ...
Posted 03 February 2010 by Patrick Walsh
tags: firefox , adware , web security
0
comments
SPAM! Well, it's finally caught up with me - as confirmed by the research
I have lots of email addresses, but there's one that I use as the main catch all one, it’s the one I usually give to most people, and it's the one account I like to clean and clear out regularly. Because it is the most publicised one of all my many accounts, it's the only one that I receive SP ...
Posted 02 February 2010 by Sarb Sembhi
tags: not tagged.
0
comments
I've been hacked - Give me back my money
I recently read a story where a business bank customer had $800K stolen from her business account, and although the bank has been able to recover $600K, there is still the outstanding $200K. The customer is claiming that the bank lacked good security, and the bank is claiming that it had good securi ...
Posted 02 February 2010 by Sarb Sembhi
tags: not tagged.
0
comments
Cloud Security Paper: Looking for Feedback
As most of you well know, I was looking for information and opinions on Cloud Security over the last year. I found a lot of papers, but when I talk to our customers I realize that they think about the Cloud but Cloud Security is mainly something for the specialists – which it is not for me. Th ...
Posted 30 January 2010 by Roger Halbheer
tags: Cloud
0
comments
Data Protection Day: An Interesting Study
As you might know, it was time for the Data Protection Day in Europe again. Unfortunately I did not find the videos from this year’s competition, yet but I guess we will find them later on the page and on YouTube. However, we released a study on Privacy that is pretty interesting. Find t ...
Posted 29 January 2010 by Roger Halbheer
tags: Privacy
0
comments
Super Bowl associations: football, nachos, big screens and … malware?
The Super Bowl is the one of the biggest and most watched television events of the year in the United States. People everywhere scour the internet looking for predictions, gambling spreads and news before the event and scores, stories and clips after the event. In anticipation of the increased ...
Posted 19 January 2010 by Patrick Walsh
tags: Blackhat SEO , PageRank Bomb , Web Security , Rogue AV , Google Search
0
comments
Lack of Egress Filtering Spurs Success of Injected IFrame Attack
The security community at large and the eSoft Threat Prevention Team have recently noticed an uptick in sites compromised by a new injection attack that results in an injected iframe. This attack can be recognised by its attempts to masquerade the malicious script as GNU, GPL or LGPL.  GPL and ...
Posted 18 January 2010 by Patrick Walsh
tags: Web Security , Injection Attack
0
comments
MTaS: Malware Testing as a Service
Well, in my last post I wrote about the prices for malware. Today I read the next evolution of this: The possibility of having malware tested against anti-malware tools – not to make sure malware is really recognised, no, the other way round: To make sure it is not recognised. I read this art ...
Posted 05 January 2010 by Roger Halbheer
tags: not tagged.
0
comments
The Cybercriminal’s Wish List
I know that Christmas is over and I know how my kids actually compile a Wish List: They take most of the ads (which are targeted to them) and glue them onto a piece of paper for mum and dad to make sure that everything can be found under the Christmas tree… I guess you know the drill. If you ...
Posted 01 January 2010 by Roger Halbheer
tags: not tagged.
0
comments
Live.com Exploited as Pharma-Fraud Cover
The FDA crackdown on online pharmacy sites has driven a lot of attention to illegal and fraudulent online pharmacies and in particular to their methods for tricking people to visit their sites. These practices include prolific spam and search engine poisoning. eSoft’s Threat Prevention Team h ...
Posted 23 December 2009 by Patrick Walsh
tags: Spam , Fraud , Pharma-Fraud
0
comments
Algeria: Conference on Certification (eID)
When I tweeted last week that I am on my way to Algeria, I got quite some reactions and questions that I should report how it was. So, let me try to briefly summarise my impressions. I was invited to speak at a conference on certification in Algiers. Well, initially I pushed back as I did not under ...
Posted 17 December 2009 by Roger Halbheer
tags: certification , certificates , eid
0
comments
Boeing 787 searches hijacked by rogue anti-virus
Today, the Boeing 787 Dreamliner jet completed its much awaited first flight. As users searched to find videos and news articles related to the story, blackhats quickly moved in for yet another attack against Google search results. The most popular search for several hours today was “787 fi ...
Posted 16 December 2009 by Patrick Walsh
tags: Web Security , Rogue AV , Google Search , Blackhat SEO
0
comments
Beware of MySpace JPG File Downloader - GTALK Messenger Infection
The malware infection attack surface is increasing day by day. Recently, some of the infected machines with different malware classes such as file downloader are using GTALK for downloading JPG based files from the internet. Actually this file is not a JPG file but a zipped file that contains an ex ...
Posted 15 December 2009 by Aditya K Sood
tags: Malware , Messenger
0
comments
CIO required - security background essential
Normal 0 false false false EN-GB X-NONE X-NONE ...
Posted 11 December 2009 by Sarb Sembhi
tags: programming background , security professionals , security background , CIO
0
comments
Dedicated Spamming - NING House of Hackers Network
The internet world has become a playground for spammers. Every day there is a new attack pattern. You will find one or another social networking website facing this problem. The reason for this trend is the centralised working of these websites. The interconnection among identities have helped the s ...
Posted 11 December 2009 by Aditya K Sood
tags: WEB , Spamming , Ning , hackers , spam
0
comments
Get Safe Online: Don’t be a Money Mule
You know, there are people who blog late, there are people who blog very late and then there is me… I actually missed that one even though I was triggered: Mid November there was the Get Safe Online Week 2009 in the UK. Usually they do really good stuff and this is the reason I usually blog ...
Posted 04 December 2009 by Roger Halbheer
tags: Consumer
0
comments
Practical working Security Policies
Effective working policies are a very difficult thing to achieve, whether they are security policies, or any other policies. We've all seen them in our own organisations, employment policies contradict security policies, or ethical policies contradict investment policies, etc. etc. The school our c ...
Posted 03 December 2009 by Sarb Sembhi
tags: security , policy
0
comments
“Black Screen of Death” Reports
Oh, wow – sometimes the power of social media, the blogs and the internet can backfire. I guess in the meantime you have seen the claims by Prevx that approx. 80 million of PCs are affected by the Black Screen of Death problems supposedly caused by our November Security Updates. This caused (a ...
Posted 01 December 2009 by Roger Halbheer
tags: microsoft , malware , black screen
0
comments
Questions to Ask your (Security) Vendor
You know that I am a big fan of Security Development Lifecycles as we run it internally to build code which is more resilient against attacks. And I recently blogged on Security - A Feature Discussion? Some Thoughts on Google's Chrome OS as I am convinced that it is much more important to look into ...
Posted 01 December 2009 by Roger Halbheer
tags: Process
0
comments
Security and Usability
It is not a new concept: The secure way is only secure if it is the easiest way. I have seen a lot of solutions which are extremely secure – in the eyes of the security people. However, the users find a lot of ways to circumvent the security measures because they are too complex to fulfill th ...
Posted 26 November 2009 by Roger Halbheer
tags: Usability , security
0
comments
Reverse Honey Traps - Beating Online Anti-virus Engine in its Own Game
The web is ever changing arena. Online anti-virus engines provide a diversified functioning of analysing a malware executable thereby providing efficient analysis. This is an online democracy of anti-virus engines. But every positive entity can be transformed into a playground and players can be be ...
Posted 25 November 2009 by Aditya K Sood
tags: Antivirus , Honeytraps , Web
0
comments
Board Level Security Metrics
Last week I attended the Infosecurity Council and had the previlege of spending some time with many security leaders, and I always find these meeting very interesting, as Iwill always learn something that I didn't know before. This meeting was no exception, before the meeting started, I was cha ...
Posted 23 November 2009 by Sarb Sembhi
tags: infosecurity , security
0
comments
Security – A feature discussion? Some thoughts on Google’s Chrome OS
To be clear upfront: This is not a 'Microsoft versus Google' post. I cannot even judge how far Google pushed security with the Chrome OS. But the following article raised quite some questions how we look at security: Inside the Google Chrome OS security model. This article, like so many when securi ...
Posted 19 November 2009 by Roger Halbheer
tags: Security Processes , google , chrome
0
comments
Blackhats Unleash Fake Blog Campaign Spreading Rogue AV
In September, eSoft reported as many as 720,000 compromised sites hosting fake blog pages and being used to distribute rogue anti-virus programmes. Many of these sites are still active and continue to plague searches with malicious results. Earlier today, Cyveillance issued this report of a nearl ...
Posted 18 November 2009 by Patrick Walsh
tags: web security , compromised sites , rogue AV , malware
0
comments
CoolerEmail Hit by Phishing Scam
CoolerEmail is notifying customers of a new phishing scam used to steal login credentials. The web based email marketing programme carries an impressive client list including Walmart, Toyota, Pepsi and dozens of other big name brands. Any phished credentials can be used to impersonate these companie ...
Posted 13 November 2009 by Patrick Walsh
tags: Phishing , Web Security
0
comments
Why it pays to be secure – Chapter 4 – I want to learn!
Use these Learning Paths to find a range of Microsoft training references and resources on information security threats and appropriate countermeasures. Learning resources are organised by level (from basic to expert) and provide information on the planning, prevention, detection, and response phase ...
Posted 13 November 2009 by Roger Halbheer
tags: information security , microsoft
0
comments
Embedded open type fonts - The risk lurking up
The web is getting a playground for different type of attacks. There is lot of talks going around about Microsoft EOT fonts realm which are being used for launching different type of attacks. Recently I gave a talk at the Excalibur Conference, China in which I talked about launching a CSRF attack i ...
Posted 13 November 2009 by Aditya K Sood
tags: Web , Malware , CSRF , microsoft
0
comments
How does Google use your information?
Following growing concerns on how the web giants Google are using it’s users information, they have launched Google Dashboard; a service which allows users with a Google account to view the information that Google has stored on them, It also allows users to delete any information that they wou ...
Posted 06 November 2009 by Slack Alice
tags: not tagged.
0
comments
International Collaboration on Policies for Cybersecurity and Data Protection
For a few years we have been working with the Council of Europe in a partnership to help to drive a Cybersecurity treaty. We realise that a problem a lot of law enforcement agencies have is inconsistent legislation, which makes it unbelievably hard to catch cybercriminals. The Co ...
Posted 05 November 2009 by Roger Halbheer
tags: Cybercrime , Policies , cybersecurity
0
comments
Power of Knowledge: Security Intelligence Report v7
It has been a good tradition for quite a while that we make the intelligence we (Microsoft) have available accessible to the broad public. This will help our customers to protect themselves much better. The Security Intelligence Report (SIR) is built on a unparalleled set of sensors out there on the ...
Posted 02 November 2009 by Roger Halbheer
tags: Security Intelligence , Trends
0
comments
When is a firewall not enough?
When your employees have laptops, when large quantities of data can be moved around on tiny USB devices, never even touching the network, when malicious outsiders can compromise your servers through the front door, when malware has been specifically designed to be delivered via the web and to avoid ...
Posted 30 October 2009 by Rik Ferguson
tags: security , firewall , virtualisation , patching
1
comment
Ten Computer Hacks In The Movies
Some of the most successful blockbuster films released in the last two decades have been themed on the potential destruction that computer hackers can cause. Here are some of Hollywoods top hacking themed movies. Swordfish A secretive renegade counter-terrorist co-opts the world's greatest hac ...
Posted 29 October 2009 by Slack Alice
tags: movie computer hackers , hacks in the movies , hacking in films
0
comments
Could Microsoft solve the scareware problem?
This morning I read the following article: Microsoft can help kill fake antivirus threat. And interesting approach. The proposal is that we could white-list all the legitimate security software within the OS in order to make it harder to trick the user. Well, would this work? I am not so sure: ...
Posted 22 October 2009 by Roger Halbheer
tags: scareware , consumer
0
comments
Compromised Web Servers Host Koobface Malware Cocktail
The Koobface gang has struck again using compromised web servers to deliver a potent mix of malware. eSoft threat researchers have found hundreds of newly exploited sites hosting malware which includes downloaders, keyloggers and multiple variants of the Koobface worm. Attackers using compromised ...
Posted 21 October 2009 by Patrick Walsh
tags: Web Security , Koobface , Social Networking , Social Engineering , Compromised Sites
0
comments
Why it pays to be secure – Chapter 3 – But how do I?
Security — you hear about it every day. Being responsible for information security can be a daunting task, so where do you begin? From the design of acceptable use policies to preventing insiders from stealing data, the job can be a challenging one. Join Senior Security Strategist with the Mi ...
Posted 18 October 2009 by Roger Halbheer
tags: Business Value
0
comments
Unresolved Compromised Fox Sports Host Heading Into Third Week
eSoft first detected a compromise on the Fox Sports website two weeks ago and as of today, at least one Fox Sports host continues to contain automatic links to a multitude of dangerous exploits.  Even with media coverage and direct emails, this compromised host has not be taken offline or clean ...
Posted 17 October 2009 by Patrick Walsh
tags: Compromised Sites
0
comments
How the US military has weaponised hacking
“Our technological advantage is a key to America's military dominance.  But our defence and military networks are under constant attack.  Al Qaeda and other terrorist groups have spoken of their desire to unleash a cyber attack on our country -- attacks that are harder to detect and ...
Posted 16 October 2009 by Slack Alice
tags: US military hacking , weaponised hacking
0
comments
How common is the hacking of secure wifi?
Normal.dotm 0 0 1 279 1595 SEOptimise 13 3 1958 12.0 0 false 18 pt 18 pt 0 0 false false false /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle ...
Posted 16 October 2009 by Slack Alice
tags: Wifi Hacking , Secure wifi , Secure wireless internet
0
comments
Software Piracy – A Threat to Security!
Beginning of this year, I tried to understand, whether we can show a collaboration between Piracy (stolen software) and Malware Infections. I played a little bit with the data I had available and came to the conclusion, that there most probably is: Is there a Correlation between Stolen Software (Pir ...
Posted 14 October 2009 by Roger Halbheer
tags: Compliance , Piracy
0
comments
AJAX-JSON - Inside Crux
The development is occurring at a rapid pace. The innovation is going on. The web is transitioning from the web 1.0 to web 2.0. The implementation structures of various technologies have changed. The Web 2.0 has revolutionized the web in a stringent manner from all the perspectives. The Asynchronous ...
Posted 13 October 2009 by Aditya K Sood
tags: AJAX , JSON , Web 2.0
0
comments
Recapping the Fox Sports Website Compromise
On October 2nd eSoft published a blog warning visitors of the Fox Sports website about compromised pages with the potential to serve malicious software. To date, the threat remains on their website despite direct warnings to Fox Sports webmasters and domain contacts of the infection. This website ...
Posted 09 October 2009 by Patrick Walsh
tags: Compromised Sites , Web Security
3
comments
Web 2.0 – Truth and Lies in AJAX World
Web 2.0 has metamorphosed the complete scenario of internet. In the AJAX world, most of the working functionality is derived by efficient technology methods and ingrained software dependency. In order to scratch deep down the bottom the differential aspect of this technology must be understood. The ...
Posted 08 October 2009 by Aditya K Sood
tags: AJAX , JSON , WEB 2.0
0
comments
The Africa Cable – A Chance for Africa! – A Threat for the Internet?
The development in Africa especially with the new broadband services to me is a huge chance for the whole continent. I just found a map (Image 1) on the next two years. Even though I have not been in Africa over the last few months, I heard that in different cities fiber is brought directly to the ...
Posted 07 October 2009 by Roger Halbheer
tags: Trends , Broadband
1
comment
Why Linux servers are more secure than Windows
The Linux/Windows debate is an oldie but a goodie, and there have been many long threads on most computer related forums discussing their relative merits. Linux is free, open-source and community based. Windows is expensive, professionally developed and has effectively held a monopoly over the sof ...
Posted 06 October 2009 by Slack Alice
tags: linux , it security , microsoft windows , servers
0
comments
Your password isn't safe - take this simple test to find out how many minutes it would take to crack
There's a well-known saying in information security that the weakest part of any computer system is the person using it. One area where this becomes abundantly clear is in the use of passwords. Allowing users to choose their own passwords can be fatal, with most people not having the first clue abou ...
Posted 06 October 2009 by Slack Alice
tags: online security , passwords , hacking
0
comments
When hacking is legal
The Merriam-Webster dictionary gives two different definitions of “hacker” related to computer security. A hacker is either “an expert at programming and solving problems with a computer” or “a person who illegally gains access to and sometimes tampers with information ...
Posted 06 October 2009 by Slack Alice
tags: hacking
0
comments
Why retina scanning works better for James Bond than it ever would for us
Since the late 80s retinal scanning has been featured in a whole bevy of sci-fi and action films. It's been the security system of choice for some of the silver screen's top spies: James Bond used it in GoldenEye and Ethan Hunt in the Mission Impossible movies. As a result, whilst retinal scanning m ...
Posted 06 October 2009 by Slack Alice
tags: retina scanning , james bond
0
comments
Which famous Twitter accounts have been hacked?
Early in 2009, Twitter suffered two major security lapses. Once when a wave of highly successful phishing campaigns were successful in obtaining a lot of Twitter passwords, and then again when an 18 year old hacker and student of computer games development brute-force'd an administrator account. In ...
Posted 05 October 2009 by Slack Alice
tags: twitter , hacking , barack obama
0
comments
Thoughts on the registered traveler programmes at airports
When I entered the US this time, I got a brochure on how I could avoid the line at immigration and just get a fast track by registering with the Global Entry Program, a programme, which would pre-screen me and then I just have to register with a machine by entering the US. As I understand, this is a ...
Posted 30 September 2009 by Roger Halbheer
tags: Privacy , Processes
0
comments
Hey, You, Get Off of My Cloud
I recently had different discussions with different customers and we were looking into the key questions to ask, when you plan to move to the cloud (yes, I am working on a corresponding blog post). I was then asked whether we have an answer to these questions – well no. For sure not for a ...
Posted 27 September 2009 by Roger Halbheer
tags: Cloud Computing
0
comments
Why it pays to be secure - Chapter 2 - Vulnerabilities
The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. http://www.microsoft.com/security/portal/sir.aspx Updatin ...
Posted 23 September 2009 by Roger Halbheer
tags: Business Value
0
comments
Moving to the Cloud: Where it worked and where I was challenged
I am running a whole environment at home to experience our technology. However, up to now it was all “on premise”, no Cloud integration. This has to change. Therefore I was more than happy to join our internal  Hosted Exchange 14 beta program. We are offering the hosted Exchange pro ...
Posted 21 September 2009 by Roger Halbheer
tags: Cloud Computing
0
comments
Microsoft SDL Team Releases New Security Testing Tools
I often mention that we try to give you all the tools we have as long as it makes sense form a risk perspective. The risk perspective is a simple one: If we give it to you as our customer, we give it as well to the criminals. There are two new tools which just made the bar and which are now release ...
Posted 16 September 2009 by Roger Halbheer
tags: Development
3
comments
H1N1 (Swine) Flu Preparedness - Guide for Critical Infrastructure and Key Resources
This morning I stumbled across a guide by the US Health & Human Services with regards to H1N1. Even though it did not catch much news lately I am not sure whether it is really over. Staying prepared it definitely not a bad thing. Even though it is US-centric, you should probably look into it: ht ...
Posted 16 September 2009 by Roger Halbheer
tags: Incident Response
0
comments
French mobile data, VPNs and email
Just got back from a 10-day holiday in Paris, which was great, apart from the fact that, as many IT professionals will understand, you still need to stay on top of your email. I could have taken my trusty Blackberry, but since my journalist's job involves a lot of web surfing, I really needed a not ...
Posted 14 September 2009 by Steve Gold
tags: BUSINESS VALUE , AUTHENTICATION , VPN
0
comments
Why it pays to be secure - Chapter 1 - Data Breaches
In my first post here, I opened the field for a series on “Why it pays to be secure”. As I told you there, Henk van Roest, our Security Support Program Manager in EMEA kicked this off for internal training. Let’s return to the theme of deploying security updates once more, we need ...
Posted 14 September 2009 by Roger Halbheer
tags: Compliance , Policies , Business Value , Processes
0
comments
Why it pays to be secure
You might all know that feeling: You need money to finance security activities and you are asked why this money shall be invested. And then we start to argue that if we do not do it – bad things happen. These are questions that myself and our support get often. That was the reason why we start ...
Posted 11 September 2009 by Roger Halbheer
tags: Processes , Policies , Business Value , Compliance
View the RSS feed for this blog »
Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water