In this third and final part of our article series about risk factors, we will examine Human attack factors and Physical factors.
The previous article discussed different procedures and systems that could be invoked in order to mitigate risk. In subsequent parts we will examine areas at risk, starting with Electronic factors.
The aim of this type of initial risk analysis is to identify potentially vulnerable points that may be exploited if they are not sufficiently secured.
The special feature that THC-SSL-DOS offers, is that a DoS attack against a secure web server can be performed from one computer or just a few computers.
Even organizations, which presumably are more security conscious than most, have vulnerabilities that may be exploited by an attacker who has sufficient resources and determination at her disposal.
Blocked access to important information - particularly if adequate backup routines are not in place - may be disastrous for the person who becomes the victim of ransomware.
Bots and botnets comprise one of the biggest threats to the Internet and its users. However, recent news report of a success story: beheading the spam botnet Rustock.
In previous security articles, we discussed the fact that cybercriminals use big events to spread malware. Not surprisingly - nevertheless disgusting - the recent events in Japan have inspired shameless exploitations by cybercriminals.
According to a posting 15 November on the blog belonging to the UK based organization Get Safe Online, one in four UK web users have been targeted by so-called cold calls.
This article will not go in depth with regard to how the different botnets function technically. We shall rather examine some of the ways botnets may be used, study one successful method used for fighting this threat, and finally discuss the idea of botnets used for benign purposes.
Over the years new ingenious words for security issues have come up. We have seen the neologisms pharming, vishing, clickjacking and slurping, just to mention some. This week a new one was born - tabnabbing. Which turns out to be more scary than most.
Malicious programs do increasingly rely on social engineering techniques to be able to propagate and successfully execute. Gone are the days when a tempting file name in an email sufficed. In this security article we shall examine variants of one of the more successful social engineering schemes.
Identity theft is a term, which has become familiar during the latest years. More exotic - until recently - has been identity production with malicious intent. A new version of Koobface does exactly that - automatically.
The vendors of security software have the following simple task: Detect and remove as much malicious software as possible without erroneously defining benign software as malware. Unfortunately, this is not as simple as it seems.
Security organizations are in constant battle with malware authors, trying to protect end users from being infected by "bad stuff". As we shall see in this week's security article, some undesirable side effects unfortunately occur from time to time.
The title of this week's security information does not refer to the celebration of an anniversary for the legacy PC operating system DOS. It is another of those neologisms that pop up continuously.
Slurping is not only a method for quenching your thrist. It is also used as a term for a particular kind of security issue, that is often overlooked.
Compared to the relatively innocent scheme of malware in the early age, it has changed into an activity for "geeks" that caused major problems for individuals and organizations, and further into an industry dominated by criminals.
Several users of the instant message service MSN messenger have recently been attacked by so-called ”SPIM” This has led some to believe that they have been attacked by an MSN-worm or a virus, which mission is to damage their computer.
Most of those working with security, and probably greater parts of the general public are aware of the term phishing at what it means. You ...
The usual phishing attempts are targeting random individuals, while the specialized spear phishing attacks are aimed against a particular organization.
Don’t you hate spam...? Spammers get smarter every time and try new ways to get your attention and to avoid spam filters.
"Vishing" is combined of the two terms "Voice over IP" and "Phishing", and is exactly that: Using the increasing use of Voice over IP to trick someone revealing personal information, with the intent to commit fraud.
The spam problem is growing faster than ever and the spammers are getting increasingly sophisticated. The number of spam has grown with more than 40 % since April and the latest form of spam is so-called image spam.
Hackers that encrypt your files and demand money in order decrypt them are an increasing threat in the world of IT criminality.
One of the most prevalent and fastest increasing threats against IT security is the rise of zombie computers and botnets. Not only do they spread extremely fast, they are also able to do immense damage that can easily lead to large costs.
Security Information Week 19, 2006
Most security organizations hold phishing to be one of the most prevalent threats against computer security during 2006. The Gartner Group estimates that the direct phishing-related loss to US banks and credit card issuers in 2003 was $ 1.2 billion.
During the last few months the number of so called Greyware has increased massively. Greyware reefers to antispyware utilitites that force themselves into the users' machines by scaring the users and by auto-installing programs.
The threath of keyloggers is a rapidly growing danger in the world of IT security.
It is hardly controversial to claim that the end of February and beginning of March 2004 was the worst period ever regarding the sheer number of new mailicious programs threatening the Internet community. New variants of Bagle, MyDoom and Netsky were spread daily - sometimes even more than once per day.
Security Information Week 39, 1999 Recently a new e-mail hoax has been spreading quite aggressively. Subject of the e-mail is !!!WARNING -- DESPITE-virus!!! -FMBW. The body of the ...
In April 1999 Norman was acquitted in the Supreme Court of Norway. This ruling has been noticed and commented upon by news agencies and magazines all over the world.
Security Information Week 6, 1999All the time reports are published about famous and not-so-famous organizations which have had their networks and computers compromized by crackers. ...
Security Information Week 10, 1999A person who is interested in breaking in to an organization's computers wants to know as much about these computers as ...
Security Information Week 1, 1999 The computer magazines as well as other papers have recently published articles about a "new" kind of viruses - the so-called ...
