Feeds:
Posts
Comments

Archive for the ‘Security’ Category

I reached another blogging milestone of sorts overnight. The Akismet plug-in has now blocked it’s first 1,000 spam comments. Thanks Akismet, and all the folks at WordPress for having the vision and good sense to include it in your offering. The accuracy is incredible and it has never failed me even as my traffic and spam have increased four fold over the past month.

Advertisements

Read Full Post »

I’ve decided to post this for 2 reasons:

  1. Despite all the scaremongering that the security and anti-virus companies in our industry engage in, I dont get all that much spam, especially phishing emails
  2. I hope this will help educate others to spot a fake and avoid the thievery of phishing artists

I received this email at the weekend. Thanks to Gmail, it went straight in my spam folder but I couldn’t resist a peak when I saw it titled Account Managment.

PayPal_PhishSpam

I’ve highlighted the giveaway signs that this is a fake :

  1. The originating address is a Yahoo.com account created under the name PayPal Security Center
  2. The URL that you’re asked to follow to “update your account information” does not mention PayPal nor any valid portion of an actual PayPal site URL, simplying referring to an IP address that could be Joe Bloggs in God knows where.

Following the URL brings you to a very convincing recreation of the PayPal homepage, but in my case Firefox immediately flagged it as a reported phishing page.

FakePayPalPage

If this helps just 1 person avoid a rip off it’s worth the time taken to post so please keep your browser and it’s plug-ins up to date to make sure you catch this sort of thing.noelia youtube harry potter ron paul iphone harry potter spoiler galilea montijo el jueves theresa duncan paris hilton twango google facebook music deathly hallows

Read Full Post »

I’ve just logged in to LinkedIn and was greeted by something out of the ordinary, LinkedIn thinks I’m Moe! Now who the hell Moe is (or his buddy Ken Halpin) I’ve no idea.

LinkedIn_ErrorMOE

The funny thing is though, if I click on the My Contacts or My Profile tabs it does show my own profile and correct contacts.

LinkedInCorrectJames

Looks like something screwy is going on with the login. I must add though that I’ve managed to reproduce this several times in the last half hour and it even happened after running CCleaner to banish cookies etc.

Has anyone else experienced this over the last few hours or days? I see no mention of planned maintenance etc that might cause this behaviour on the LinkedIn blog.

Maybe it’s time I thought about the change to Facebook, all the cool kids seem to be on there, and this would never happen right!

Read Full Post »

Now this is interesting reading, courtesy of Wired.It seems with a little know how the Nike+iPod training combo that folks raved about on it’s release could allow others invade your privacy, tracking every step you take. Could your habitual lunch time jog be plotted for the world to see?

Apparently the RFID signal output from the Nike shoe back to the widget in the Nano is too strong, recievable up to 60 feet away and is thereby interceptable to other receivers and hacked hardware.

Nike+iPod Nano

The fact that the trend looks set to continue with more of this type of device appearing all the time as folks continually research ubiquitous computing ( chips in clothing etc) is a tad worrying.

In their report, the researchers detail a scenario in which a stalkerwho wants to know when his ex-girlfriend is at home taps into her Nike+iPod system. He simply hides the gumstix device next to her door, andit registers her presence as she passes by in her Nike shoes. If headds a small “wifistix” antenna to the device, it can transmit thisinformation to any nearby Wi-Fi access point and alert him to herpresence via SMS or by plotting her location on Google Maps.

Nike+iPod=Surveillance – Wired (Check out the images, just like something from Bond!)

technorati tags:, , , , , , , , , , ,

Read Full Post »

This week Apple released an OS update containing no less than 22 fixes, 12 of which were security holes. Is this some kind of record I wonder ? The fixes address hacks like buffer overflows and remote code execution, attack methods that we’ve seen long since patched again and again for Windows. It’s no different nor greater really is it ?

MacDesktop

For more details on these vulnerabilities, check out the link below:

Apple patches 22 security holes in Mac OS X

technorati tags:, , , , , , , , ,

Read Full Post »

Well folks, after a long wait Internet Explorer 7 has arrived. The final release happened today and everyone has been blogging about it. The verdict is already mixed across the blogosphere and the news that the excellent Secunia have verifired a zero day vulnerability will not help persuade people to switch.

Secunia has verified an MHTML related vulnerability that, though low impact, is a disappointing start.

Description:
A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information.

The vulnerability is caused due to an error in the handling of redirections for URLs with the “mhtml:” URI handler. This can be exploited to access documents served from another web site.
Secunia has constructed a test, which is available at:
http://secunia.com/Internet_Explorer_Arbitrary_Content_Disclosure_Vulnerability_Test/

Some of the opinions I’ve read today express concern about switching back to IE from their beloved Firefox incarnation because it will not stand up to Firefox on funcionality (if you’ve got a plethora of FF plug-ins installed!). I’d encourage people to give it a go and find out as Microsoft seem to have got things properly covered for a change.
Any functionality they haven’t taken from Firefox and Opera (tabbed browsing, feed reader etc) in the new base product could already be done via an add-on, and you might just find it at the IE Add-Ons site!

From another angle, some including Tom Raftery have expressed concerns that moving to IE7 will be a support nightmare. I think Microsoft have done sufficient release prep work to minimise this, providing enough information to the average user for a change so they can plan their upgrade properly.

With post-upgrade IE7 checklists for various levels of user and thorough Release Notes to check for potential application compatability issues etc before you ever run that setup.exe, there should be reduced amounts of tears and hair puling 😉

technorati tags:, , , , , , ,

Read Full Post »

Of all the places to pick to open his mouth, Bob Gleichauf, CTO of Cisco’s Security Group has chosen a Gartner Security summit to say he is scared of the changes that Windows Vista will bring. What a bunch of scaremongering crap from someone who really should know better.

Vista will bring many innovations to the user desktop like TPM and Bitlocker, the combination of which has the entire security world cringing as it’s arrival in the hands of the everyday user draws near. Mr. Gleichauf has spoken about the level of complexity that new Vista security measures brings, argues that there are 2 sides to the technology and expects to see the mostly bad in problematic early Vista implementations.

“Parts of Vista scare me,” Gleichauf said at the Gartner Security Summit here on Monday. “Anything with that level of systems complexity will have new threats, as well as bringing new solutions.”
Gleichauf told CNET News.com’s sister site ZDNet UK that Cisco views the Microsoft operating system update, set for broad release in January, as a bearer of possible solutions to security problems, but also as a potential trigger of security issues.”Vista will solve a lot of problems. But for every action, there’s a reaction and unforeseen side-effects and mutations. Networks can become more brittle unintentionally,” Gleichauf said.

Wake up Bob !! There’s been a good and bad side to every technology breakthrough you or I could think of for the past 2 centuries, and advances like TPM and BitLocker will probably suffer the same fate sooner rather than later as they are hacked, cracked and generally abused. There’s always that one guy who puts the good tool to bad use. But, rest assured, the truely great will push ever onwards and continue to innovate. There lies the challenge for all in this industry…incubate, make it great, then innovate!

As a major MS partner, this commentary is disappointing coming from a senior Cisco exec who should be passionate about the advances Microsoft have brought to the operating system, and be talking up the possibilities, evangelising every solution that could sit around a more secure MS operating system on Cisco secured networks, the perfect software/hardware partnership.
So quit the scare tactics and attempts to sell more boxes Bob and let’s hear something valuable next time.

Cisco Exec – Windows Vista is Scary!

Microsoft should be very proud of what they’ve achieved in advancing the OS with Vista to date. If nothing else it’s shown real initiative and imagination and a hunger and determination to lead that has been missing for a while.

technorati tags:, , , , , , , , ,

Blogged with Flock

Read Full Post »