Security

Articles, advice and resources.

A Brute Force Defense Against Injection Attacks

Injection
Injection attacks are a common security problem for Web developers. The interpreted nature of most development languages makes them especially vulnerable to these attacks. This article explains what an injection attack is and provides some simple steps that you can take to defend your site against them. What is an Injection Attack? An injection attack takes place when a malevolent programmer puts code in the query string or other parts of the HTTP request. The interpreter executes the malicious code,… continue…

Online Dating Costs You More Privacy Than You Think

Robot Lover Thumbnail
Here’s a heads up to the millions of people looking for love on line: Your security and privacy are probably at risk. Many of the most popular dating sites are playing fast and loose with your romantic avatars. Some of them are susceptible to hackers and, to paraphrase a Microsoft cybersecurity expert, anything that you post on line is pretty much permanent after 20 minutes, whether you’ve deleted the file or not. Still feeling brave? A few more facts, then.… continue…

5 Interview Questions for Firewall Engineers

Firewall graphic thumbnail
Your ability to secure data using the right mix of hardware and software is critical to a company’s operations, and even its bottom line. Among the most important things recruiters and hiring managers look for during an interview seems basic: technical competence. At the same time, they want to see that you can fit into the corporate culture. That’s the kind of thing many tech people struggle to demonstrate. This means you can expect your interview to cover areas that… continue…

Elderwood’s Watering Hole Attacks are ‘Astonishing’

Zebras Drinking
The extent to which a group of hackers dubbed “the Elderwood Project” has left digital traces is astonishing, according to Symantec researchers. In a blog post, they’ve documented efforts by the group, named for a source code variable they use to quickly deploy zero-day exploits through spear phishing e-mails and, increasingly, through Web injections in watering-hole attacks. What is this exploit? Think about a thirsty zebra on the Serengeti. Predators wait at the oasis, knowing that eventually the zebras will show… continue…

The 2012 Breakdown of Data Breaches. Ho ho ho

Cartoon Thief
Security breaches are expected nowadays. Their occurrence can seem routine to those of us who don’t spend our professional lives preoccupied with finding new ways to stop them. If you want to get a sense of how the numbers break down, here’s an infographic that sums it all up nicely, with a holiday theme to lighten it up. Infographic: Mobistealth

Is Anti-Virus Passe?

security thumbnail
When security firm Imperva checked more than 80 unreported viruses against several anti-virus solutions, it found that none of the tested programs were able to detect previously unreported viruses and that 75 percent of solutions took a month or more to update their signatures. That isn’t good news, and while Imperva obviously has some self-interest here, their November Hacker Intelligence report, Assessing the Effectiveness of Anti-Virus Solutions, is worthy of a closer read nonetheless. What it means is that we have to depend on a… continue…

Did Fried Brain Cells Bag John McAfee?

Fried Eggs Thumbnail
How is it possible that John McAfee–John McAfee, the pioneer in protection against hacking, for goodness sake–was tracked down in Guatemala by a hack so simple it doesn’t really deserve to be called a hack? First, Vice magazine posted a picture of McAfee snapped by an iPhone-bearing staffer who was visiting the fugitive. Then, the enterprising Twitter user Simple Nomad downloaded the photo and extracted the metadata from special headers, EXIF tags, embedded in most digital images. Based on longitude… continue…

Should Peer-to-Peer Movie Pirates Be Punished?

Walking the Plank from Wikipedia
With all the hoopla over Black Friday and Cyber Monday, there’s another event happening this week that isn’t getting much attention. It begins today, when AT&T, Time Warner and other broadband providers are going to start enforcing their “Six-Strikes” approach to stopping illegal copies of movies, TV shows and other content from being downloaded from peer networking sites. Haven’t heard about this yet? Read on. My friend and supplier The Movie Pirate is worried. “What can they do to me?”… continue…

The Plan to Stop the Jerks Who Stole Your Phone

Locked Phone
Attention, anyone who ever lost a cell phone and never got it back: All major U.S. carriers are joining forces to create a merged database of stolen mobile phones to block the devices from being used on other carriers. Even if the measure comes a little bit late in cell phone history, it’s great news for those who lose a phone from here on out. It appears that police chiefs from major cities and the U.S. Federal Communications Commission asked… continue…

For Hacker Intelligence, Visit Their Forums

Mind Power
The best way to protect your networks is to think like a hacker, and the best way to find out what hackers think is to spend some time on their public discussion boards. This is exactly what the analysts from Imperva, a security research firm, did and the results are intriguing. In last month’s Hacker Intelligence Report #13, they looked at one of the largest discussion forums (they don’t reveal which one, but it has a quarter of a million… continue…