The insecurity paradox
2011-08-29
The formula here attempts to explain a paradox in security analysis:
If it is true that security is only as strong as its weakest link, why are not those who use insecur...
más >>
más >>
Seguridad proactiva para IT
- SandBox Information Center
- Malware Analysis Search
- Artículos sobre seguridad
- Blog de seguridad [EN]
- Nivel de amenaza [EN]
- Amenazas de virus actuales
- Tipos de malware [EN]
- Descripciones de virus[EN]
- Estadísticas de correo electrónico [EN]
- Libros, documentación técnica general, etc.
- Nuestra tecnología
Centro de seguridad
Lea las últimas novedades sobre seguridad de nuestros expertos
Temas de seguridad
Exploit analysis (7)
Debate sobre el malware (133)
Tecnologías móviles y wireless (30)
Problemas de confidencialidad (51)
Proyectos de protección (59)
Términos de seguridad (38)
Ingeniería social (65)
Asesoramiento de software (207)
Spam (11)
Mecanismos de propagación (109)
Tendencias y previsiones (151)
Ultimos artículos - Problemas de confidencialidad
An approach to an organization's risk factors (part 3)
In this third and final part of our article series about risk factors, we will examine Human attack factors and Physical factors.
An approach to an organization's risk factors (part 2)
The previous article discussed different procedures and systems that could be invoked in order to mitigate risk. In subsequent parts we will examine areas at risk, starting with Electronic factors.
An approach to an organization's risk factors (part 1)
The aim of this type of initial risk analysis is to identify potentially vulnerable points that may be exploited if they are not sufficiently secured.
May we use your social network account, please
You should exercise extreme caution if you are allowing access to your social network account from any application.
Secure browsing turns insecure (again)
It seems obvious that the current certificate security model needs to be replaced by something that is less vulnerable for attacks from dedicated persons, organizations or governments.
Default privacy - what is the problem?
A default restrictive approach to public sharing of personal information will result in less information shared.
Sony PlayStation Network severely compromised (UPDATED 2011-05-03)
This intrusion in PlayStation Network ranks among the biggest cyber security incidents of all time.
No access to your data unless...
Blocked access to important information - particularly if adequate backup routines are not in place - may be disastrous for the person who becomes the victim of ransomware.
Collective defense against Internet threats
The RSA Conferences are among the most important annual security conferences. This year's US conference was held in San Francisco 14 - 18 February.
Digital Dumpster Diving
Dumpster diving is known as examining trash to find interesting items that have been discarded. This security article's title refers to examining digital trash, which for certain purposes may turn out to be useful.
Malware targeting the finance sector's customers
In our security article last week, we discussed cybercriminals who targeted financial institutions in an indirect way. However, the major bulk of malware aimed at the finance sector puts the finance sector's customers at peril. One obvious reason is that the average end user's system presumably is less secure than the systems used by the financial sector.
Personalized web advertisements - good or bad?
Advertisements (ads) on the web have become part of a multi-billion industry. These days it is almost impossible to read news on the web without being overwhelmed by a plethora of ads for everything from cars to diapers. However, it is presumably not optimal to display the car ads to children. Nor are most teenagers particularly interested in diapers.
Malicous cold calls with high success probability
According to a posting 15 November on the blog belonging to the UK based organization Get Safe Online, one in four UK web users have been targeted by so-called cold calls.
Communication consolidation or security nightmare
In recent months there have been lots of rumors about the upcoming email system closely integrated with Facebook. More detaileds about this have recently been disclosed by Facebook, and we will examine some aspects of the new offerings.
Privacy and security in Social networks - part III
This is the third article in a series about privacy and security in social networks.
Privacy and security in Social networks - part II
This is the second article in a series about privacy and security in social networks.
Privacy and security in Social networks - part I
This is the first article in a series, which will focus on security and privacy issues involved in participating in social networks.
Firesheep - an eye-opener or a tool for criminals
A little more than one week ago a new extension to the Firefox web browser was published. And it got attention for sure!
Hey, your computer is infected!
In a press release 25 October the Dutch High Tech Crime Team (THTC) of the National Crime Squad announced a successful takedown of a major botnet. 143 malicious computer servers were taken down from the internet resulting from collaboration with a Dutch hosting provider, the Dutch Forensic Institute (NFI), the internet security company Fox IT and GOVCERT.NL and the Dutch computer emergency response team.
Your computer has been quarantined and cannot access the Internet
A message similar to the one in this article's title may seem like a nightmare for most of us, as we have become increasingly dependent - some even addicted - to using resources available on the Internet for necessary as well as trivial tasks.
Mandatory electronic identification card with RFID chip
Introduction Last week it was announced that the Dutch company NXP was selected to produce the new identification (ID) card for Germany. Starting from the beginning of ...
Tackling the Problem of Cyber Crime
A few days ago the Australian House of Representatives' Standing Committee on Communications published its report on cyber crime and security. This document has the ambitious title "Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime", and is an impressive, almost 300 pages reading with statistics, examples, and of course suggestions on how to solve the cyber crime problem.
Those Lazy Hazy Crazy Days of Summer
Indeed, summer is associated with long, lazy, relaxing days in the sun. Nothing to worry about in the world. Unfortunately everyone does not take their vacation at the same time as you. Cyber crime does not stop during summer - in fact cyber criminals have their heyday during this season.
A cunning new phishing technique - Tabnabbing
Over the years new ingenious words for security issues have come up. We have seen the neologisms pharming, vishing, clickjacking and slurping, just to mention some. This week a new one was born - tabnabbing. Which turns out to be more scary than most.
Data harvesting by mistake
Using wireless networks for accessing the Internet has become increasingly popular. These days you can access the Internet from virtually anywhere by connecting to a wireless network.
Ventajas y desventajas de usar Facebook como dispositivo para comunicaciones y trabajo
Últimamente han surgido algunas noticias interesantes sobre Facebook y sus usuarios en Internet. Las utilizaremos como base para un debate general sobre Facebook y algunos de los problemas relacionados con el uso y la dependencia de esta red social.
Effective social engineering scares
Malicious programs do increasingly rely on social engineering techniques to be able to propagate and successfully execute. Gone are the days when a tempting file name in an email sufficed. In this security article we shall examine variants of one of the more successful social engineering schemes.
Social networks - a criminal's best friend or her enemy?
Introduction Various aspects, which have to do with social networks like Facebook, Twitter, LinkedIn and MySpace, have been discussed in different security articles this year. This time we ...
Numerosas cuentas de correo electrónico gratuito comprometidas
A principios de este mes, varias decenas de miles de contraseñas de entrada a cuentas gratuitas de correo electrónico de Microsoft (Hotmail), Google (GMail) y Yahoo se vieron comprometidas.
Conversaciones telefónicas en peligro
Las escuchas telefónicas se suelen asociar a iniciativas de las agencias de seguridad nacional, organizaciones policiales con grandes recursos o detectives privados poco fiables. El caso podría ser distinto si las personas sometidas a vigilancia usan un sistema concreto para hacer llamadas telefónicas.
Su PC como servidor de Internet con solo unos clics
El software para configurar cualquier ordenador como recurso de Internet ha estado disponible para cualquiera durante mucho tiempo. No obstante, el umbral para hacerlo ha sido tan alto que no todo el mundo creía que se pudiera hacer sin conocimientos especiales. Esta situación puede cambiar ahora.
HELLO! My house is ready for burglars
"My house is ready for burglars", is not what you would typically shout in public or write as an advertisement in the local newspaper. Nevertheless this is exactly what lots and lots of computer users do on a regular basis, without reflecting upon what they really do.
GhostNet: una auténtica red de espionaje
Esta semana, la atención de los medios estuvo dirigida a un informe publicado el 29 de marzo en el Information Warfare Monitor (Canadá) titulado Tracking GhostNet: Investigating a Cyber Espionage Network (Seguimiento de GhostNet: Investigación de una red de ciberespionaje).
Pros y contras de utilizar "la nube" como colaboradora
"La nube" es una de las nuevas palabras mágicas empleadas para describir una nueva y práctica tecnología. En síntesis, la idea es utilizar para la informática los recursos situados fuera de las instalaciones de la organización (o de la persona). Normalmente, dichos recursos se encuentran en Internet y se accede a ellos a través de este canal.
Juegos en Internet - Nuevas oportunidades para los visionarios (sospechosos)
El uso del dinero que maneja en los juegos en línea ha sido tradicionalmente solo la cuota de entrada para comprar el propio juego (si no es gratuito). No obstante, en este artículo les demostraremos que esto ya no es así.
¡El gran hermano te ENCUENTRA!
El artículo de Norman "El gran hermano te ESCUCHA" " publicado el año pasado terminaba con la frase: Por ahora, la tecnología VoIP ofrece seguridad, pero... hay que tener cuidado porque nunca se sabe quién puede estar escuchando.
Ventajas de informar sobre los ataques de denegación de servicio
Información de seguridad, semana 19, 2006
Nuevos objetivos de los phishers
Los phishers o ladrones de identificadores solían atacar importantes instituciones financieras pero últimamente parece que los grupos en los que se fijan han cambiado. Actualmente los phishers están atacando todo tipo de organizaciones, incluso instituciones sanitarias. La guerra entre phishers y grupos anti-phishing es cada vez más dura. Y la posible víctima es usted.
Corporate and private worries by using the Internet
There are several securities issues involved in using the Internet for conducting corporate business, as well as issues involved in protecting individuals for misuse of their personal information. This article will discuss some of those
Big Brother is HEARING you
The internet connections are becoming faster and faster. As a result of that, more and more bandwidth is not used all the time. This bandwidth can then be used for different applications, e.g. Internet Telephony, or better: Voice over IP (VoIP). So should we all switch to VoIP and leave the old fashioned telephone companies?
Another back door in Microsoft's operating systems?
Security Information Week 35, 1999In week 35 a report of a new backdoor in Microsoft's operating systems Windows 95, 98, NT and the beta version ...
Back Orifice 2000 - the new Windows backdoor program released 10 July
Security Information Week 28, 1999 The underground organization Cult of the Dead Cow has released a new version of its Windows backdoor program. Back Orifice 2000 ...
Windows backdoor programs
Security Information Week 11, 1999During the last half year one has seen an explosion in so-called Windows backdoor programs. These are programs which utilize the ...
Norman's acquittal in Norway's Supreme Court
In April 1999 Norman was acquitted in the Supreme Court of Norway. This ruling has been noticed and commented upon by news agencies and magazines all over the world.
The major security risk: Users
Security Information Week 9, 1999The IT department in an organization often uses vast resources to be updated on security risks associated with hardware and software ...
Using encryption as a tool to secure information
Security Information Week 22, 1999 The need to secure information is for many organizations and persons extremely important. This includes of course business secrets, which could ...
Security implications from the use of Internet Explorer version 5.0
Security Information Week 16, 1999Not unexpectedly, soon after Internet Explorer (IE) version 5.0 was released, security holes in this browser were discovered. Microsoft has already ...
What a hacker may know about your systems
Security Information Week 10, 1999A person who is interested in breaking in to an organization's computers wants to know as much about these computers as ...
Privacy after 11 September 2001?
Has a person's ability to protect his private life from intrusion of any kind been diminished during the years that has passed since 11 September 2001?
Ultimas entradas del blog [EN]
The 10 most insecure passcodes
2011-06-16
Earlier this week I read an extremely interesting and impressing blog item by Daniel Amitay: Most Common iPhone Passcodes.
Amitay has analyzed more than 200 000 passcodes used in an app with a similar...
más >>
más >>
Purchasing and downloading outdated software
2011-05-23
Last week in the "JoshMeister On Security" blog, the topic was about Apple's Mac App Store, and the fact that software available from this store may not be the latest version.
The blog's aut...
más >>
más >>