Hotmail Users Look for Answers in Dangerous Places

Wed, 17 Feb 2010 13:57:33 GMT

An outage of the Windows Live ID service affected a large number of MSN users today, including users of the popular Hotmail email service. Hotmail is one of the largest web-based email out ...

Children – A Threat For Corporate Security?

Wed, 10 Feb 2010 12:28:50 GMT

I read this article this morning: Safer Internet Day: How children can undermine corporate security and it actually remin ...

Use Music to Fight Cybercrime: ‘Maga No Need Pay’

Tue, 09 Feb 2010 12:34:59 GMT

When I travel through Africa, the high piracy rate is often something we address. Not necessarily from a commercial perspective but much more from a security angle. We know that pirated software is often infected with malware and therefore used for criminal activities. However, the discussion is ...

Targeted Attacks – the “Real” Problem

Fri, 05 Feb 2010 11:00:23 GMT

When I talk to customers, the different attacks are often something we discuss (obviously). I often mention that Virus and Worm attacks on a broad scale (like Conficker, etc.) are a serious problem, but at least they are ones we see, understand, and can fight (because we see and understand it).

Fake Firefox Update Pages Push Adware

Wed, 03 Feb 2010 17:52:13 GMT

Since its’ release on January 21st, the newest version of the Firefox web browser has received a great deal of attention. In just a short time it has achieved over 30 million downloads. Adware pushers are capitalizing on the success of Firefox, packing ad serving software in with the p ...

SPAM! Well, it's finally caught up with me - as confirmed by the research

Tue, 02 Feb 2010 16:15:01 GMT

I have lots of email addresses, but there's one that I use as the main catch all one, it’s the one I usually give to most people, and it's the one account I like to clean and clear out regularly. Because it is the most publicised one of all my many accounts, it's the only one that I receive ...

I've been hacked - Give me back my money

Tue, 02 Feb 2010 11:45:52 GMT

I recently read a story where a business bank customer had $800K stolen from her business account, and although the bank has been able to recover $600K, there is still the outstanding $200K. The customer is claiming that the bank lacked good security, and the bank is claiming that it had good sec ...

Cloud Security Paper: Looking for Feedback

Sat, 30 Jan 2010 11:58:17 GMT

As most of you well know, I was looking for information and opinions on Cloud Security over the last year. I found a lot of papers, but when I talk to our customers I realize that they think about the Cloud but Cloud Security is mainly something for the specialists – which it is not for me. ...

Data Protection Day: An Interesting Study

Fri, 29 Jan 2010 10:24:35 GMT

As you might know, it was time for the Data Protection Day in Europe again. Unfortunately I did not find the videos from this year’s competition, yet but I guess we will find them later on the page and o ...

Super Bowl associations: football, nachos, big screens and … malware?

Tue, 19 Jan 2010 19:29:56 GMT

The Super Bowl is the one of the biggest and most watched television events of the year in the United States. People everywhere scour the internet looking for predictions, gambling spreads and news before the event and scores, stories and clips after the event. In anticipation of the increas ...

Lack of Egress Filtering Spurs Success of Injected IFrame Attack

Mon, 18 Jan 2010 22:13:49 GMT

The security community at large and the eSoft Threat Prevention Team have recently noticed an uptick in sites compromised by a new injection attack that results in an injected iframe. This attack can be recognised by its attempts to masquerade the malicious script as GNU, GPL or LGPL. GPL a ...

MTaS: Malware Testing as a Service

Tue, 05 Jan 2010 21:10:36 GMT

Well, in my last post I wrote about the prices for malware. Today I read the next evolution of this: The possibility of having malware tested against anti-malware tools – not to make sure malware is really recognised, no, the other way round: To make sure it is not recognised.

I rea ...

The Cybercriminal’s Wish List

Fri, 01 Jan 2010 11:52:43 GMT

I know that Christmas is over and I know how my kids actually compile a Wish List: They take most of the ads (which are targeted to them) and glue them onto a piece of paper for mum and dad to make sure that everything can be found under the Christmas tree… I guess you know the drill.

...

Live.com Exploited as Pharma-Fraud Cover

Wed, 23 Dec 2009 17:59:27 GMT

The FDA crackdown on online pharmacy sites has driven a lot of attention to illegal and fraudulent online pharmacies and in particular to their methods for tricking people to visit their sites. These practices include prolific spam and search engine poisoning.

eSoft’s Threat Prevent ...

Algeria: Conference on Certification (eID)

Thu, 17 Dec 2009 15:05:10 GMT

When I tweeted last week that I am on my way to Algeria, I got quite some reactions and questions that I should report how it was. So, let me try to briefly ...

Boeing 787 searches hijacked by rogue anti-virus

Wed, 16 Dec 2009 17:52:07 GMT

Today, the Boeing 787 Dreamliner jet completed its much awaited first flight. As users searched to find videos and news articles related to the story, blackhats quickly moved in for yet another attack against Google search results.

Blackhats Unleash Fake Blog Campaign Spreading Rogue AV

Wed, 18 Nov 2009 16:17:10 GMT

In September, eSoft reported as many as 720,000 compromised sites hosting fake blog pages and being used to distribute rogue anti-virus programmes. Many of these sites are still active and continue to plagu ...

CoolerEmail Hit by Phishing Scam

Fri, 13 Nov 2009 15:36:52 GMT

CoolerEmail is notifying customers of a new phishing scam used to steal login credentials. The web based email marketing programme carries an impressive client list including Walmart, Toyota, Pepsi and dozens of other big name brands. Any phished credentials can be used to impersonate these compa ...

Why it pays to be secure – Chapter 4 – I want to learn!

Fri, 13 Nov 2009 14:18:34 GMT

Use these Learning Paths to find a range of Microsoft training references and resources on information security threats and appropriate countermeasures. Learning resources are organised by level (from basic to expert) and provide information on the planning, prevention, detection, and response ph ...

Embedded open type fonts - The risk lurking up

Fri, 13 Nov 2009 11:31:44 GMT

The web is getting a playground for different type of attacks. There is lot of talks going around about Microsoft EOT fonts realm which are being used for launching different type of attacks.

Recently I gave a talk at the Excalibur Conference, China in which I talked about launching a CSR ...

How does Google use your information?

Fri, 06 Nov 2009 12:40:20 GMT

Following growing concerns on how the web giants Google are using it’s users information, they have launched Google Dashboard; a service which allows users with a Google account to view the information that Google has stored on them, It also allows users to delete any information that they ...

International Collaboration on Policies for Cybersecurity and Data Protection

Thu, 05 Nov 2009 20:44:35 GMT

For a few years we have been working with the Council of Europe in a partnership to help to drive a Cybersecurity treaty. We realise that a problem a lot of law enforcement agencies have is inconsistent legislation, which makes it unbelievably hard to catch cybercriminals. The ...

Power of Knowledge: Security Intelligence Report v7

Mon, 02 Nov 2009 16:15:55 GMT

It has been a good tradition for quite a while that we make the intelligence we (Microsoft) have available accessible to the broad public. This will help our customers to protect themselves much better. The Security Intelligence Report (SIR) is built on a unparalleled set of sensors out there on ...

When is a firewall not enough?

Fri, 30 Oct 2009 11:29:27 GMT

When your employees have laptops, when large quantities of data can be moved around on tiny USB devices, never even touching the network, when malicious outsiders can compromise your servers through the front door, when malware has been specifically designed to be delivered via the web and to avo ...

Ten Computer Hacks In The Movies

Thu, 29 Oct 2009 12:20:56 GMT

Some of the most successful blockbuster films released in the last two decades have been themed on the potential destruction that computer hackers can cause. Her ...

Could Microsoft solve the scareware problem?

Thu, 22 Oct 2009 07:58:24 GMT

This morning I read the following article: Microsoft can help kill fake antivirus threat. And interesting approach. The proposal is that we could white-lis ...

Compromised Web Servers Host Koobface Malware Cocktail

Wed, 21 Oct 2009 22:59:35 GMT

The Koobface gang has struck again using compromised web servers to deliver a potent mix of malware. eSoft threat researchers have found hundreds of newly exploited sites hosting malware which includes downloaders, keyloggers and multiple variants of the Koobface worm.

Attackers u ...

Why it pays to be secure – Chapter 3 – But how do I?

Sun, 18 Oct 2009 19:32:16 GMT

Security — you hear about it every day. Being responsible for information security can be a daunting task, so where do you begin?

From the design of acceptable use policies to preventing insiders from stealing data, the job can be a challenging one. Join Senior Security Strategist w ...

Unresolved Compromised Fox Sports Host Heading Into Third Week

Sat, 17 Oct 2009 01:17:07 GMT

eSoft first detected a compromise on the Fox Sports website two weeks ago and as of today, at least one Fox Sports host continues to contain automatic links to a multitude of dangerous exploits. E ...

How the US military has weaponised hacking

Fri, 16 Oct 2009 09:33:41 GMT

“Our technological advantage is a key to America's military dominance. But our defence and military networks are under constant attack. Al Qaeda and other terrorist groups have spoken of their desire to unleash a cyber attack on our country -- attacks that are harder to dete ...

How common is the hacking of secure wifi?

Fri, 16 Oct 2009 09:15:56 GMT

AJAX-JSON - Inside Crux

Tue, 13 Oct 2009 08:34:07 GMT

The development is occurring at a rapid pace. The innovation is going on. The web is transitioning from the web 1.0 to web 2.0. The implementation structures of various technologies have changed. The Web 2.0 has revolutionized the web in a stringent manner from all the perspectives. The Asynchron ...

Recapping the Fox Sports Website Compromise

Fri, 09 Oct 2009 16:18:13 GMT

On October 2nd eSoft published a blog warning visitors of the Fox Sports website about compromised pages with the potential to serve malicious software. To date, the threat remains on their website ...

Web 2.0 – Truth and Lies in AJAX World

Thu, 08 Oct 2009 04:41:07 GMT

Web 2.0 has metamorphosed the complete scenario of internet.

In the AJAX world, most of the working functionality is derived by efficient technology methods and ingrained software dependency. In order to scratch deep down the bottom the differential aspect of this technology must ...

The Africa Cable – A Chance for Africa! – A Threat for the Internet?

Wed, 07 Oct 2009 15:15:25 GMT

The development in Africa especially with the new broadband services to me is a huge chance for the whole continent.

I just found a map (Image 1) on the next two years.

Even though I have not been in Africa over the last few months, I heard that in different cities fiber is brough ...

Why Linux servers are more secure than Windows

Tue, 06 Oct 2009 13:49:18 GMT

The Linux/Windows debate is an oldie but a goodie, and there have been many long threads on most computer related forums discussing their relative merits. Linux is free, open-source and community based. Windows is expensive, professionally developed and has ...

Your password isn't safe - take this simple test to find out how many minutes it would take to crack

Tue, 06 Oct 2009 13:42:14 GMT

There's a well-known saying in information security that the weakest part of any computer system is the person using it. One area where this becomes abundantly clear is in the use of passwords. Allowing users to choose their own passwords can be fatal, with most people not having the first clue a ...

When hacking is legal

Tue, 06 Oct 2009 13:37:20 GMT

The Merriam-Webster dictionary gives two different definitions of “hacker” related to computer security. A hacker is either “an expert at programming and solving problems with a computer” or “a person who illegally gains access to and sometimes tampers with informati ...

Why retina scanning works better for James Bond than it ever would for us

Tue, 06 Oct 2009 12:18:10 GMT

Since the late 80s retinal scanning has been featured in a whole bevy of sci-fi and action films. It's been the security system of choice for some of the silver screen's top spies: James Bond used it in GoldenEye and Ethan Hunt in the Mission Impossible movies. As a result, whilst retinal scannin ...

Which famous Twitter accounts have been hacked?

Mon, 05 Oct 2009 16:41:01 GMT

Early in 2009, Twitter suffered two major security lapses. Once when a wave of highly successful phishing campaigns were successful in obtaining a lot of Twitter passwords, and then again when an 18 year old hacker and student of computer games development brute-force'd an administrator account. ...

Thoughts on the registered traveler programmes at airports

Wed, 30 Sep 2009 17:07:11 GMT

When I entered the US this time, I got a brochure on how I could avoid the line at immigration and just get a fast track by registering with the Global Entry Program, a programme, which would pre-screen ...

Hey, You, Get Off of My Cloud

Sun, 27 Sep 2009 00:47:15 GMT

I recently had different discussions with different customers and we were looking into the key questions to ask, when you plan to move to the cloud (yes, I am working on a corresponding blog post). I was then asked whether we have an answer to these questions – well no. For sure not fo ...

Why it pays to be secure - Chapter 2 - Vulnerabilities

Wed, 23 Sep 2009 23:05:49 GMT

The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software.

In my first post here, I opened the field for a series on “Why it pays to be secure”. As I told you there, Henk van Roest, our Security Support Program Manage ...

Why it pays to be secure

Fri, 11 Sep 2009 10:59:07 GMT

You might all know that feeling: You need money to finance security activities and you are asked why this money shall be invested. And then we start to argue that if we do not do it – bad things happen. These are questions that myself and our support get often. That was the reason why we st ...

Infosecurity (UK) - Blog

Strong Authentication and Privacy – A Contradiction in Terms?

Insider Threat of Cloud Computing

Data Protection Heat Map

Why it pays to be secure – Chapter 5 – I need tools!

Virus Alert! Twitter, Google, Hallmark and Others Subject To Attack

Making the Management of Security Compliance Easier!

SANS Top 25 Most Dangerous Programming Errors – the same as very often…

Hotmail Users Look for Answers in Dangerous Places

Children – A Threat For Corporate Security?

Use Music to Fight Cybercrime: ‘Maga No Need Pay’

Targeted Attacks – the “Real” Problem

Fake Firefox Update Pages Push Adware

SPAM! Well, it's finally caught up with me - as confirmed by the research

I've been hacked - Give me back my money

Cloud Security Paper: Looking for Feedback

Data Protection Day: An Interesting Study

Super Bowl associations: football, nachos, big screens and … malware?

Lack of Egress Filtering Spurs Success of Injected IFrame Attack

MTaS: Malware Testing as a Service

The Cybercriminal’s Wish List

Live.com Exploited as Pharma-Fraud Cover

Algeria: Conference on Certification (eID)

Boeing 787 searches hijacked by rogue anti-virus

Blackhats Unleash Fake Blog Campaign Spreading Rogue AV

CoolerEmail Hit by Phishing Scam

Why it pays to be secure – Chapter 4 – I want to learn!

Embedded open type fonts - The risk lurking up

How does Google use your information?

International Collaboration on Policies for Cybersecurity and Data Protection

Power of Knowledge: Security Intelligence Report v7

When is a firewall not enough?

Ten Computer Hacks In The Movies

Could Microsoft solve the scareware problem?

Compromised Web Servers Host Koobface Malware Cocktail

Why it pays to be secure – Chapter 3 – But how do I?

Unresolved Compromised Fox Sports Host Heading Into Third Week

How the US military has weaponised hacking

How common is the hacking of secure wifi?

AJAX-JSON - Inside Crux

Recapping the Fox Sports Website Compromise

Web 2.0 – Truth and Lies in AJAX World

The Africa Cable – A Chance for Africa! – A Threat for the Internet?

Why Linux servers are more secure than Windows

Your password isn't safe - take this simple test to find out how many minutes it would take to crack

When hacking is legal

Why retina scanning works better for James Bond than it ever would for us

Which famous Twitter accounts have been hacked?

Thoughts on the registered traveler programmes at airports

Hey, You, Get Off of My Cloud

Why it pays to be secure - Chapter 2 - Vulnerabilities

Why it pays to be secure