In this third and final part of our article series about risk factors, we will examine Human attack factors and Physical factors.
The previous article discussed different procedures and systems that could be invoked in order to mitigate risk. In subsequent parts we will examine areas at risk, starting with Electronic factors.
The aim of this type of initial risk analysis is to identify potentially vulnerable points that may be exploited if they are not sufficiently secured.
The ease involved in creating QR codes that links to web pages implies that this will be a popular way to facilitate the propagation of malware for mobile devices.
Computers do what they are told. This may result in consequences that are funny as well as dangerous.
You should exercise extreme caution if you are allowing access to your social network account from any application.
Since the cybercriminals seem to shift from randomly directed mass attacks to more focused attacks, the total volume of spam will decrease.
It is almost impossible to protect completely against a targeted cyberattack against an organization.
Even organizations, which presumably are more security conscious than most, have vulnerabilities that may be exploited by an attacker who has sufficient resources and determination at her disposal.
The web site (usually an infected site) that displays the message checks the browser visiting the site, and displays a warning message similar to the browser's real warning.
Recent weeks have shown that images are used as a malware spreading technique; particularly images that appear after performing a Google image search.
Do not rely on any file attachment or file on any device to be safe based on its file name.
Users of the operating system Mac OS X have so far been quite safe from malware infections compared to those who have chosen Windows as the operating system platform.
Blocked access to important information - particularly if adequate backup routines are not in place - may be disastrous for the person who becomes the victim of ransomware.
In previous security articles, we discussed the fact that cybercriminals use big events to spread malware. Not surprisingly - nevertheless disgusting - the recent events in Japan have inspired shameless exploitations by cybercriminals.
In our security article last week, we discussed cybercriminals who targeted financial institutions in an indirect way. However, the major bulk of malware aimed at the finance sector puts the finance sector's customers at peril. One obvious reason is that the average end user's system presumably is less secure than the systems used by the financial sector.
During the last weekend, The Wall Street Journal published information that intruders had penetrated computer systems controlled by the company that runs the U.S. Nasdaq Stock Market. Nasdaq handles around 19% if all stock trading in the U.S. The trading system itself should not have been compromised.
Advertisements (ads) on the web have become part of a multi-billion industry. These days it is almost impossible to read news on the web without being overwhelmed by a plethora of ads for everything from cars to diapers. However, it is presumably not optimal to display the car ads to children. Nor are most teenagers particularly interested in diapers.
Sony's PlayStation 3 (PS3) has been viewed as one of the most secure gaming devices. Applications and games from other sources than Sony could not be installed and run on PS3, and a firmware update early in 2010 disallowed using other operating systems than the one set up by Sony. All this is now changed.
Major events, happenings and in general all kind of things that create much notice, also leave in their wake a stream of malicious software.
According to a posting 15 November on the blog belonging to the UK based organization Get Safe Online, one in four UK web users have been targeted by so-called cold calls.
In recent months there have been lots of rumors about the upcoming email system closely integrated with Facebook. More detaileds about this have recently been disclosed by Facebook, and we will examine some aspects of the new offerings.
This is the third article in a series about privacy and security in social networks.
This is the second article in a series about privacy and security in social networks.
This is the first article in a series, which will focus on security and privacy issues involved in participating in social networks.
The term Man-in-the-middle in a security context refers to an attack where someone/-thing is inserted between two endpoints and intercepts the communication between those. The intent is usually to obtain information and use this for illegitimate purposes. Recently the term Man-in-the-mobile, abbreviated as Mitmo, emerged.
This article will not go in depth with regard to how the different botnets function technically. We shall rather examine some of the ways botnets may be used, study one successful method used for fighting this threat, and finally discuss the idea of botnets used for benign purposes.
Fake antimalware software has become an increasing problem for end users and corporations. The creators of these rogue applications are able to earn easy money and are constantly searching for new ways to exploit their victims. A new technique has recently been seen. We shall look at this in more detail in this security article, and attempt to point to some general considerations regarding this type of software and malware in general.
In the previous article in this series about self-protection, we discussed examples of attempts to trick you to expose yourself for malicious software. Infected web sites are currently the most used technique for propagation of malware. By increasing your own awareness of the techniques the cyber criminals use, you can avoid this exposure.
There are several levels where you can set up protection mechanisms in order to minimize the risk of falling victim to malware. Different protection mechanisms are needed depending on which danger situation we are discussing.
An interesting news item has appeared in several UK-based media lately. Several end users have received phone calls from someone who present themselves as security personnel. The caller informs that the computer is infected by malware and offers to help. Varying social engineering techniques are used to persuade the recipient to allow the use of remote access software in order to "fix the problem".
In this Norman report on security issues during the first half of 2010, we will go through some incidents and tendencies. We will focus on those that Norman perceives as most important in these past six months.
Over the years new ingenious words for security issues have come up. We have seen the neologisms pharming, vishing, clickjacking and slurping, just to mention some. This week a new one was born - tabnabbing. Which turns out to be more scary than most.
Malicious programs do increasingly rely on social engineering techniques to be able to propagate and successfully execute. Gone are the days when a tempting file name in an email sufficed. In this security article we shall examine variants of one of the more successful social engineering schemes.
December is the month to look back on the year that is coming to an end, and we will attempt to sum up the situation seen from a security company's point of view. The most significant observation to make from this year's malware activity, is that different social networks became a major target for authors of malicious programs.
Große Ereignisse und Veranstaltungen und ganz allgemein alle Anlässe, die viel Aufmerksamkeit verursachen, ziehen oftmals eine wahre Flut von bösartiger Software nach sich.
Der Begriff „Identitätsdiebstahl“ ist seit ein paar Jahren in aller Munde. Weniger bekannt war bis vor Kurzem noch die Identitätsvortäuschung in böswilliger Absicht. Mit einer neuen Version von Koobface geschieht genau das – und zwar automatisch.
Anfang dieses Monats wurden mehrere zehntausend Passwörter kostenloser E-Mail-Konten von Microsoft (Hotmail), Google (GMail) und Yahoo kompromittiert.
Die erste Hälfte des Jahres 2009 liegt nun schon hinter uns – Zeit für einen Rückblick und eine Analyse der aktuellen Situation aus der Sicht von Norman als Datensicherheitsunternehmen.
Die Kurz-URL-Funktion hat ganz offensichtlich ihre Vorteile. Jedoch gibt es Schwächen und Sicherheitsprobleme, die das System an sich unsicherer machen als gewünscht.
The social network Twitter has become extremely popular in quite a short time. This time we will discuss this technological phenomenon from a sociological perspective, and use the most talked-about incident these days as a kind of case study - the swine flu.
Zu Beginn dieser Woche erregte ein Bericht des Information Warfare Monitor (Kanada) vom 29. März mit dem Titel Tracking GhostNet: Investigating a Cyber Espionage Network (GhostNet: Auf den Spuren eines Cyper-Spionagenetzes) großes Medieninteresse.
Social Engineering in seinen verschiedensten Ausprägungen wurde bereits in zahlreichen unserer Sicherheitsartikel thematisiert. Diesmal betrachten wir das Phänomen aus einem anderen Blickwinkel: Es geht um den uralten Trick, der mit einem intelligenten neuen Dreh versehen wurde.
Dass Sicherheitspatches für Betriebssysteme und Anwendungen nötig sind, haben wir in unseren Sicherheitsartikeln schon mehrfach diskutiert. Der letzte Artikel zu diesem Thema, Sicherheitspatches – ein weiteres Sicherheitsproblem, wurde erst Ende Oktober 2008 verfasst.
Das Internet bietet eine unglaubliche Fülle von Anwendungen, Filmen, Bildern und Texten - einfach alles, was man sich nur irgendwie in digitaler Form vorstellen kann. Das Zurechtfinden in dieser Unmenge von Möglichkeiten und Alternativen kann aber in vielerlei Hinsicht gefährlich sein. In diesem Artikel werden einige Stolperfallen bei der Informationssuche beschrieben.
Bisher wurde Geld bei Online-Games nur zur Zahlung der Zugriffsgebühr verwendet, um das Spiel an sich zu erwerben (sofern es nicht kostenlos verfügbar ist).
Seit ein paar Wochen kursiert in Veröffentlichungen zum Thema „IT-Sicherheit“ ein neuer Begriff: „Clickjacking“. Einige Unternehmen und Organisationen, die im Bereich Sicherheit tätig sind – z. B. US CERT und verschiedene Online-Nachrichtenagenturen, berichteten bereits über diese vermeintlich große und neue Gefahr.
Slurping (Schlürfen) ist nicht nur eine Methode, den Durst zu stillen. Es ist auch der Begriff für ein bestimmtes Sicherheitsproblem, das oft übersehen wird.
Ein neuer Verbreitungsvektor wird bei den Angreifern immer beliebter: Schädliche Websites
Mehrer Benutzer des Instant Messaging-Dienstes MSN Messenger berichteten kürzlich von SPIM-Angriffen. Dies führte bei einigen zur Vermutung, von einem MSN-Wurm oder einem Virus attackiert worden zu sein mit dem Ziel, auf dem Rechner Schaden anzurichten.
Diejenigen, die im Bereich Sicherheit arbeiten, und wahrscheinlich auch größere Teile der allgemeinen Bevölkerung werden den Begriff „Phishing“ schon einmal gehört haben und wissen, was ...
Seit kurzem taucht immer wieder eine spezielle Form des Phishing auf, die mit dem Begriff „Speer-Phishing“ bezeichnet wird.
Führende Finanzunternehmen sehen sich immer häufiger Hacker-Angriffen, Betrugsversuchen, Malicious Code-Attacken und Betrugsversuchen ausgesetzt. Laut einer kürzlich durchgeführten Studie nahm die Zahl der angegriffenen Unternehmen im letzten Jahr um 78 % zu.
Das Wort "Vishing" setzt sich aus den beiden Begriffen "Voice over IP" und "Phishing" zusammen und bezeichnet die Kombination aus neuer Technologie und bekannter betrügerischer Tätigkeit: Unter Ausnutzung der zunehmenden Verbreitung von Voice over IP wird versucht, Personen zur Preisgabe persönlicher Daten zu animieren, die dann für betrügerische Handlungen genutzt werden.
Where in the past malware file names would have ‘interesting’ names such as “Anna Kournikova" or “Britney Spears Naked", many things happened but seeing a picture of the two aforementioned idols was not one of them.
Für die meisten Sicherheitsorganisationen stellt Phishing 2006 eine der größten Bedrohungen der Computersicherheit dar. Die Gartner-Gruppe schätzt die direkt auf Phishing zurückzuführenden Verluste bei Banken und Kreditkartenunternehmen in den USA im Jahr 2003 auf 1,2 Milliarden US-Dollar.
Bisher zielten Phisher oder ID-Diebe mit ihren Angriffen traditionell auf Einrichtungen und Organisationen im Bereich Finanzwesen. Neuerdings scheinen sie sich jedoch auch andere Zielgruppen zu suchen. Inzwischen sind alle möglichen Organisationen zum Angriffsziel von Phishern geworden. Dabei bleibt selbst das Gesundheitswesen nicht verschont. Der Krieg zwischen Phishern und Anti-Phishing-Vereinigungen spitzt sich zu. Und Sie könnten dabei das potenzielle Opfer sein.
It is hardly controversial to claim that the end of February and beginning of March 2004 was the worst period ever regarding the sheer number of new mailicious programs threatening the Internet community. New variants of Bagle, MyDoom and Netsky were spread daily - sometimes even more than once per day.
In September 2003 Internet users and organizations experienced the most severe attack on the Internet infrastructure since the "Morris worm" in November 1988. The outbreak of W32/Sobig.F caused major problems because of the huge amount of emails flooding the infrastructure.
Security Information Week 39, 1999 Recently a new e-mail hoax has been spreading quite aggressively. Subject of the e-mail is !!!WARNING -- DESPITE-virus!!! -FMBW. The body of the ...
Security Information Week 9, 1999The IT department in an organization often uses vast resources to be updated on security risks associated with hardware and software ...
Security Information Week 7, 1999Since January this year several users have received an e-mail apparently from Microsoft. The mail informs the receipient that the attachment ...
Security Information Week 12, 1999 On the Internet there are several sites which offer very good security information. The different sites are of two kinds: Security sites ...
Security Information Week 3, 2000The Internet is a cornucopia of information of every kind. One may find web pages dedicated to any thinkable of unthinkable ...
