(1 votes, average: 10 out of 10)
Loading ...In the enterprise, a zero-day can happen any day
Mari-Len covered a report yesterday that showed zero-day attacks are the No. 1 security concern among IT professionals. I wondered afterwards if that was based on what these people had actually experienced in their organizations — my guess is that zero-day attacks aren’t quite that widespread yet — or if it was more of fear based on the potential of what could happen.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(1 votes, average: 8 out of 10) Loading ...Don’t tell RIM the 8820 is an at-risk device
Last week we published a story on ITWorldCanada.com about RIM’s latest dual-mode device and as usual, RIM was pretty silent about it, other than issuing a press release on the subject. All that changed, however, once our reporter talked to industry analysts who raised some concerns about the security of the 8820.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(3 votes, average: 7.33 out of 10) Loading ...The landmine of P2P file-sharing
By Joaquim P. Menezes -
Until recently, major music and recording industry labels have been among the most vocal – and vociferous – critics of file-sharing over peer-to-peer (P2P) networks.
Their revenues – they say – have been irreparably hurt by the millions of music and video files shared on a daily basis over P2P networks, such as Limewire.
Now, the controversy over P2P sharing has grown graver and deeper. Issues being raised about the practice go far beyond its impact on the music industry’s revenues.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(1 votes, average: 8 out of 10) Loading ...It takes courage to admit your product is insecure
Kudos to Mozzila’s chief security officer, Window Snyder (yes, that’s his real name), who wrote on this blog recently that Firefox was at least partly to blame for a vulnerability that affected Microsoft’s Internet Explorer as well. I had lambasted both firms recently for turning a serious security issue into a spat among rivals, but this marks a turning point.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(No Ratings Yet) Loading ...The pen is not mightier than the encryption software
Everyone in the security sector seems to be worried about endpoint security, including Symantec. I was at one of their events a few months ago where an executive held up a pen drive and warned about the amount of data that could get left behind. This tutorial offers some practical advice on how to use a tool called TrueCrypt to lock down such devices before they fall into the wrong hands. Pretty useful.
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(2 votes, average: 4 out of 10) Loading ...Hacked: One iPhone
Well, that didn’t take long. While the rest of us were enjoying the warmer weather on Sunday, a group of researchers in the U.S. were busy trying to prove for once and for all that the iPhone is not a very safe device. Their next step: extortion.
According to the story published on IDG today, the flaw that allows hackers to steal any data from the device or even to turn it into a remote surveillance tool. Apple has not only been notified of the problem. The researchers have given the company less than two weeks to fix the bug before it is presented at the Black Hat conference on Aug. 2. Read the rest of this entry »
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(1 votes, average: 10 out of 10) Loading ...Wireless LAN security vs. convenience - walking the tightrope
By Joaquim P. Menezes -
“Security vs. ease of use” – is a conundrum a lot of network managers face when it comes to wireless LANs.
In some companies, IT managers have refused to deploy wireless LANs because of the risks they pose.
Others have allowed their (legitimate) concerns for security to obscure other equally important requirements.
There are many deployments today that exemplify the notion of: “more security, less usability.”
One commentator, for instance, has vividly described his frustrating experience at an event where wireless LAN access was provided - but with complete disregard for user convenience.
And yet, as wireless LANs become ubiquitous – partly due the proliferation of wireless “hotspots” – the very real “security” risks inherent in this technology cannot be overstated.
For one, users cannot determine whether they’re connecting to legitimate or “rogue” access points. Read the rest of this entry »
Add to: del.icio.us | Digg IT | Furl | Google | magnolia | StumbleIT | Wink | Yahoo! Technorati
(1 votes, average: 1 out of 10) Loading ...White hats are more expensive than black hats
My wife is taking a course this summer, but for me this is not a season to be studying. Even if I were so inclined, I don’t think I’d be too quick to sign up for an IT security course that teaches you the basics of ethical hacking.
Proving that you can now get a Master’s degree in nearly everything, an industry group called the EC-Council has launched a Master’s in Security Science, a proram which includes so-called “ethical hacking.” This is not far removed from courses launched a few years ago at the University of Calgary in how to write malware.
As useful as this kind of education could be, it’s kind of ironic that most kids teach themselves how to write computer virus or DNS attack while grown-ups with industry experience shell out for tuition fees on how to reverse-engineer their efforts. Maybe once these kids grow up they’ll be able to neatly make the transition from hacker to university professor. At which point the lunatics will truly be running the asylum.
