Security

Articles, advice and resources.

The Security Implications of Fake Twitter Followers

Twitter Logo
A recent New York Times story about the fake Twitter follower community got me thinking. The newspaper claims that this is a $1 million industry, with followers being purchased in bulk for about a penny a head. Why does Twitter tolerate this? Certainly, the company could easily fix this problem with some clever software engineering. Instead, they’re turning a blind eye. But on further reflection, it’s not something that’s easy to fix. I have a Twitter account that I set… continue…

What Are Your 5 Biggest Online Privacy Worries?

Vault Thumbnail
Let’s talk about this. An article posted on ITWorld earlier this month got me thinking about how small businesses have to deal with online privacy issues. According to ITWorld, their top five concerns include: The proliferation of cookies. Theft of cloud-based data through weak password controls. Being betrayed by the stored location data on cell phones and other mobile devices. Photo tags on social networks. Federal and police agencies scanning online services. Notice: None of these items include the words… continue…

Is Bitcoin the New Napster of Digital Money?

Bitcoin Logo
This isn’t a rhetorical question. Last month, the total value of all Bitcoins passed $1 billion. That isn’t a typo. Bitcoin has been trading up compared to traditional currencies, north of $100 lately, and poised to go higher. That’s 10 times what it was trading just a few months ago. If you’re looking for a good overview of Bitcoin, try this piece in GigaOm by David Mayer. He covers the underlying peer-to-peer technology, and why it isn’t all that important… continue…

A Brute Force Defense Against Injection Attacks

Injection
Injection attacks are a common security problem for Web developers. The interpreted nature of most development languages makes them especially vulnerable to these attacks. This article explains what an injection attack is and provides some simple steps that you can take to defend your site against them. What is an Injection Attack? An injection attack takes place when a malevolent programmer puts code in the query string or other parts of the HTTP request. The interpreter executes the malicious code,… continue…

Online Dating Costs You More Privacy Than You Think

Robot Lover Thumbnail
Here’s a heads up to the millions of people looking for love on line: Your security and privacy are probably at risk. Many of the most popular dating sites are playing fast and loose with your romantic avatars. Some of them are susceptible to hackers and, to paraphrase a Microsoft cybersecurity expert, anything that you post on line is pretty much permanent after 20 minutes, whether you’ve deleted the file or not. Still feeling brave? A few more facts, then.… continue…

5 Interview Questions for Firewall Engineers

Firewall graphic thumbnail
Your ability to secure data using the right mix of hardware and software is critical to a company’s operations, and even its bottom line. Among the most important things recruiters and hiring managers look for during an interview seems basic: technical competence. At the same time, they want to see that you can fit into the corporate culture. That’s the kind of thing many tech people struggle to demonstrate. This means you can expect your interview to cover areas that… continue…

Elderwood’s Watering Hole Attacks are ‘Astonishing’

Zebras Drinking
The extent to which a group of hackers dubbed “the Elderwood Project” has left digital traces is astonishing, according to Symantec researchers. In a blog post, they’ve documented efforts by the group, named for a source code variable they use to quickly deploy zero-day exploits through spear phishing e-mails and, increasingly, through Web injections in watering-hole attacks. What is this exploit? Think about a thirsty zebra on the Serengeti. Predators wait at the oasis, knowing that eventually the zebras will show… continue…

The 2012 Breakdown of Data Breaches. Ho ho ho

Cartoon Thief
Security breaches are expected nowadays. Their occurrence can seem routine to those of us who don’t spend our professional lives preoccupied with finding new ways to stop them. If you want to get a sense of how the numbers break down, here’s an infographic that sums it all up nicely, with a holiday theme to lighten it up. Infographic: Mobistealth

Is Anti-Virus Passe?

security thumbnail
When security firm Imperva checked more than 80 unreported viruses against several anti-virus solutions, it found that none of the tested programs were able to detect previously unreported viruses and that 75 percent of solutions took a month or more to update their signatures. That isn’t good news, and while Imperva obviously has some self-interest here, their November Hacker Intelligence report, Assessing the Effectiveness of Anti-Virus Solutions, is worthy of a closer read nonetheless. What it means is that we have to depend on a… continue…

Did Fried Brain Cells Bag John McAfee?

Fried Eggs Thumbnail
How is it possible that John McAfee–John McAfee, the pioneer in protection against hacking, for goodness sake–was tracked down in Guatemala by a hack so simple it doesn’t really deserve to be called a hack? First, Vice magazine posted a picture of McAfee snapped by an iPhone-bearing staffer who was visiting the fugitive. Then, the enterprising Twitter user Simple Nomad downloaded the photo and extracted the metadata from special headers, EXIF tags, embedded in most digital images. Based on longitude… continue…