It’s Not OK to Click “OK”

If you are a user of Microsoft’s Windows operating system, you no doubt are very familiar with the popup dialogue boxes that are so frequently displayed on your screen.  These popup windows were designed to inform you when an event occurs that requires your attention or input. ...

A Lesson From the Sarah Palin Email Hack

Much has been written recently about the Sarah Palin email hack.  This hack was not the result of some exotic new virus or an uber-hacker with a secret toolkit for compromising webmail accounts.  No, this was nothing more than a curious youngster doing some basic Internet searches and...

A Business Guide to North Carolina’s Identity Theft Protection Act

Like many other states, North Carolina has enacted a data breach notification law in an effort to help protect its citizens from identity theft due to the disclosure of personally identifiable by private enterprises.  Passed in 2005, the Identity Theft Protection Act (ITPA) sets out...

V is for Vishing

First, a little background on the term vishing.  Vishing is a type of attack that combines voice (i.e. phone services) with traditional phishing techniques.  If you are unfamiliar with phishing attacks, please see my earlier article on this topic for a refresher.  Vishing has become...

Internet Explorer 8 Security Features Lacking

I became excited when I read the press release for Microsoft’s Internet Explorer 8 Beta 2 browser software.  IE has traditionally lagged behind Firefox when it comes to security so I thought I would investigate.  According to Microsoft, IE8 incorporates many new and in some cases...

A New Kind of Honey Stick

When I visit the local farmers market with my family, my children are always excited to buy a couple of honey sticks from the local bee keepers.  These are essentially plastic tubes about the size of a straw filled with honey.  Unlike these delicious treats, there is another...

The (In)security of Social Networking Sites

With the advent of Web 2.0, social networking sites with all their wonderful interactive capabilities have become extremely popular.  MySpace, Facebook, LinkedIn and others have enjoyed great popularity as they offer unique opportunities for collaboration and information sharing. ...

Red Hat Servers Hacked

On Friday, August 22, Red Hat announced on its web site that one or more of the servers used as part of the Fedora project had been compromised by hackers.  Even more troubling is the fact that the compromised servers included one that was used to signed Fedora packages.  Company...

The Dangers of Peer 2 Peer Software

It seems people still don’t get it.  Those nifty little peer 2 peer (P2P) applications that allow you to download free music also allow others to download music or any other type of file from your machine.  This includes files containing sensitive information such as SSNs, bank...

Phishing Scammers Targeting Delivery Service Companies

Lately, a large number of malicious spam emails have been sent to mailboxes pretending to be from Federal Express and other parcel delivery companies. The email attempts to get the user to open an attached ZIP file which contains a Trojan that infects the end user’s computer. In a...

The Evolution of Malware and the Underground Economy

When I first started working in the information technology profession back in the early 1990’s, there was not really a defined field specifically for security professionals.  Network and system security was handled by the system and network administrators responsible for the...

Traveling in the Digital Age

While I watch the Olympic games safely in my home, the United States government has issued a strong warning to travelers visiting foreign countries.  Even though the document does not mention China specifically, it does coincide with the games and is clearly intended to make travelers...

The IDS Versus IPS Debate

Recently I have been involved in a debate with colleagues regarding the management of IPS (intrusion prevention system) devices versus IDS (intrusion detection system) devices. This debate centers around the level of analysis required when the device alerts on or blocks network traffic....

Healthcare Providers Need Security Checkup

It seems like a week doesn’t go by that I don’t read about sensitive patient information being stolen, leaked or otherwise disclosed by a healthcare provider.  A recent event occurred in Fort Bend County, Texas where staff employed at various healthcare facilities used...

Evilgrade Attacks Automatic Updates

Last week I wrote about the DNS cache poisoning vulnerability that affects nearly all vendors’ DNS implementations.  If you haven’t patched your servers yet, now would be a good time to do so.  On Monday a security research group in Argentina called Infobyte released a...

The Dark Side of Web Surfing

Not long ago, if you kept your web surfing to “reputable” sites (i.e. non-pornographic and gambling), you could be fairly certain that your machine would not be the victim of an attack from the site you visited.  But times have changed.  Just prior to the 2007 Super Bowl,...

The DNS Mess

This week the details of a major vulnerability in the software that runs the Domain Name System (DNS) were released to the public.  This occurred only a couple of weeks after software vendors released patches to fix the vulnerability.  This bug affects virtually every vendors’...

Losing the Patching Game

In my last article I wrote about the need to keep systems up-to-date with the latest security patches from software vendors. This includes not only operating system patches, but patches for third party applications as well.  I have only three computers at my home and at times I find it...

The Patching Game

A new study released last week by the SANS Institute’s Internet Storm Center that found that an unpatched computer running Windows XP will be compromised in under 5 minutes if directly connected to the Internet. German PhD candidate and co-founder of the German Honeynet Project,...

Phishing for Fun and Profit

In my last article I discussed the malicious nature of spam email and how it is frequently used to install malware on unsuspecting email users. Today I will discuss a specific type of email threat that is related to spam, but more insidious. Phishing is a technique used by spammers...