No authentication? Like, none at all?
I’m a huge fan of Security Park. I don’t know if you subscribe to it or not, but it’s a security news outlet in the UK. I happen to like it because they cover both physical and information security and the physical side is something most of the other outlets don’t cover. Anyway, today I came across a post over there where they were covering some data that was just put...
Read MoreOh what a feeling to Pwn! (What’s next, auto malware?)
So, there’s been some interesting analysis done by folks over at University of Washington and University of California San Diego about security attacks against the firmware in modern automobiles. I came by it by way of HelpNet (so thanks to them), but I recommend that you go directly to the original paper to get the real meat on this thing. The deal is that they are able to attack (in many...
Read MoreSnoop on Malware. Wait… what?
So have you seen the new HackIsWack website that Symantec has put out there? I hadn’t seen this until the coverage started about how people were using the site’s security problems for rickrolling, and then more recently the fix to all that foolishness. Yes, yes… all that stuff was interesting. But I just can’t get past how incredibly bizarre the site is even without...
Read MoreIndia/Russia: Top virus producers? Or just most vulnerable?
So there’s an article out there on the wild wild world of web claiming that India and Russia are now the #1 and #2 producers of malware. The data is from Network Box, and the data (what data there is) is actually pretty interesting. I have the one nit that saying “virus producers” implies “virus authors”, but looking at the data I don’t think that’s...
Read MoreIntroducing the “Malware Conference for Global Evil (and Mass Effect 2)”
So I’ve been thinking more about Malcon (OH NOES you’re probably saying). Anyway, after I posted the thing the other day about Malcon, Kurt Wismer’s counter-argued on his blog that my logic was flawed. That could be. Out of respect for Kurt’s well-reasoned disagreement, I won’t try to do a TLDR synopsis here (go read it if you want the full background) other than...
Read MoreWhy SCADA Security Matters–And What You Should Know About It
My article this month for eSecurityPlanet addresses the oft overlooked and misunderstood issue of securing SCADA systems. Many thanks to Jonathan Pollet of Red Tiger Security for providing feedback and quotes for the article. SCADA (supervisory control and data acquisition) systems run critical infrastructure and manufacturing processes. SCADA is what the local power company uses to manage usage...
Read MoreBlast from the Past: Why Vendor Hype Benefits No One
The other day while starting work on a post about why hype is never a good marketing strategy when I remembered, “hey! I already wrote about this.” Since the information is still relevant today, we decided to make the piece available again. Many thanks to Carol Baroudi, Founder of Baroudi Group, Inc. for kind permission to reprint this document. Software and technology vendors,...
Read MoreYour email is safer than you think it is.
So we all know that statistics are malleable, right? Statistics are an interpretation of data, not data itself – they’re subjective. So when I came across this article this morning citing how “email is still the top source of data loss“, I was curious. It struck me as odd, because it doesn’t jive with what we’ve seen from other data outlets. ...
Read MorePC World, Malcon, and Our Industry’s Flawed Logic
Malcon: the malware authorship industry conference. You’ve heard about it here, you’ve heard about it on anti-virus rants, and now you’ve heard about it on PC World. As you might be able to tell from the title of their article (“Malware Convention — Not a Good Idea”), that PC World… well, they don’t think it’s a good idea. They quote...
Read MorePayPal: Spinning? Or is it really not their problem?
If you haven’t’ been paying attention, PayPal and iTunes (Apple) have been on the ropes over the past week or so because of thousands of dollars of alleged fraudulent charges resulting from an innocuous-seeming iPhone application. The TLDR version is that users are seeing wacky wild charges – into the thousands of dollars – leaving their accounts via PayPal and going to a...
Read MoreFriday September 10, 2010
Diana Kelley's profile