The insecurity paradox
2011-08-29
The formula here attempts to explain a paradox in security analysis:
If it is true that security is only as strong as its weakest link, why are not those who use insecur...
más >>
más >>
Seguridad proactiva para IT
- SandBox Information Center
- Malware Analysis Search
- Artículos sobre seguridad
- Blog de seguridad [EN]
- Nivel de amenaza [EN]
- Amenazas de virus actuales
- Tipos de malware [EN]
- Descripciones de virus[EN]
- Estadísticas de correo electrónico [EN]
- Libros, documentación técnica general, etc.
- Nuestra tecnología
Centro de seguridad
Lea las últimas novedades sobre seguridad de nuestros expertos
Temas de seguridad
Exploit analysis (7)
Debate sobre el malware (133)
Tecnologías móviles y wireless (30)
Problemas de confidencialidad (51)
Proyectos de protección (59)
Términos de seguridad (38)
Ingeniería social (65)
Asesoramiento de software (207)
Spam (11)
Mecanismos de propagación (109)
Tendencias y previsiones (151)
Ultimos artículos - Tendencias y previsiones
An approach to an organization's risk factors (part 3)
In this third and final part of our article series about risk factors, we will examine Human attack factors and Physical factors.
An approach to an organization's risk factors (part 2)
The previous article discussed different procedures and systems that could be invoked in order to mitigate risk. In subsequent parts we will examine areas at risk, starting with Electronic factors.
An approach to an organization's risk factors (part 1)
The aim of this type of initial risk analysis is to identify potentially vulnerable points that may be exploited if they are not sufficiently secured.
Denial of Service attacks against secure web sites
The special feature that THC-SSL-DOS offers, is that a DoS attack against a secure web server can be performed from one computer or just a few computers.
Malicious images (codes)
The ease involved in creating QR codes that links to web pages implies that this will be a popular way to facilitate the propagation of malware for mobile devices.
BEAST (Browser Exploit Against SSL/TLS)
A successful attack is not particularly easy to carry out, as it depends on several prerequisites.
The importance of typing correctly
Computers do what they are told. This may result in consequences that are funny as well as dangerous.
May we use your social network account, please
You should exercise extreme caution if you are allowing access to your social network account from any application.
Secure browsing turns insecure (again)
It seems obvious that the current certificate security model needs to be replaced by something that is less vulnerable for attacks from dedicated persons, organizations or governments.
Circumventing malware detection
Malware authors continue to pursue delivery mechanisms that can confuse different malware detection systems.
Restricting access to net resources for "good reasons"
The target should be the illegal act itself, rather than the communication mediums that may be used in planning undesired activities.
Combating fake antimalware
Coordinated efforts between experts/authorities against cybercriminals seem like the most efficient method for combating cybercriminals. Different experts and authorities are then able to focus on the part of the criminal chain that corresponds to their ability and expertise.
Diversification of attack vectors
Computer systems are becoming increasingly sophisticated and complex with components that are individually computerized. This increases the attack surface for cybercriminals, and represents a challenge for users and the security industry.
Mobile (in)security
The steps that private users and organizations can take to protect themselves, are quite similar in character to protection of traditional computers.
Targeted attacks: More "Bang for the Buck"
Since the cybercriminals seem to shift from randomly directed mass attacks to more focused attacks, the total volume of spam will decrease.
Plug mouse into the computer - be compromised
It is almost impossible to protect completely against a targeted cyberattack against an organization.
The profitable Pay-per-Install ecosystem
We shall in this article focus on the PPI ecosystem and how this is used for malware distribution.
Secure tokens turn insecure
Even organizations, which presumably are more security conscious than most, have vulnerabilities that may be exploited by an attacker who has sufficient resources and determination at her disposal.
The old dogs are still in learning mode
The web site (usually an infected site) that displays the message checks the browser visiting the site, and displays a warning message similar to the browser's real warning.
Default privacy - what is the problem?
A default restrictive approach to public sharing of personal information will result in less information shared.
Dangerous images
Recent weeks have shown that images are used as a malware spreading technique; particularly images that appear after performing a Google image search.
Cybercriminals focus on new targets
Users of the operating system Mac OS X have so far been quite safe from malware infections compared to those who have chosen Windows as the operating system platform.
Microsoft's Coordinated Vulnerability Disclosure policy
As one of the largest companies in the software industry, Microsoft's policy will influence the way vulnerabilities are handled.
No access to your data unless...
Blocked access to important information - particularly if adequate backup routines are not in place - may be disastrous for the person who becomes the victim of ransomware.
The PlayStation 3 controversy - Anonymous enters the scene (UPDATED 2011-04-12)
Anonymous characterizes itself as a hive and a nest. One potential issue with such free structures is the potential for different actions that may conflict with each other.
Free music with an unwanted tune
Whenever malware authors find new vehicles to spread their malware, the probability for success increases immensely.
Spam botnet Rustock beheaded
Bots and botnets comprise one of the biggest threats to the Internet and its users. However, recent news report of a success story: beheading the spam botnet Rustock.
Shamelessly exploiting disasters
In previous security articles, we discussed the fact that cybercriminals use big events to spread malware. Not surprisingly - nevertheless disgusting - the recent events in Japan have inspired shameless exploitations by cybercriminals.
Collective defense against Internet threats
The RSA Conferences are among the most important annual security conferences. This year's US conference was held in San Francisco 14 - 18 February.
Digital Dumpster Diving
Dumpster diving is known as examining trash to find interesting items that have been discarded. This security article's title refers to examining digital trash, which for certain purposes may turn out to be useful.
Malware targeting the finance sector's customers
In our security article last week, we discussed cybercriminals who targeted financial institutions in an indirect way. However, the major bulk of malware aimed at the finance sector puts the finance sector's customers at peril. One obvious reason is that the average end user's system presumably is less secure than the systems used by the financial sector.
Indirect targeting of financial institutions
During the last weekend, The Wall Street Journal published information that intruders had penetrated computer systems controlled by the company that runs the U.S. Nasdaq Stock Market. Nasdaq handles around 19% if all stock trading in the U.S. The trading system itself should not have been compromised.
Personalized web advertisements - good or bad?
Advertisements (ads) on the web have become part of a multi-billion industry. These days it is almost impossible to read news on the web without being overwhelmed by a plethora of ads for everything from cars to diapers. However, it is presumably not optimal to display the car ads to children. Nor are most teenagers particularly interested in diapers.
The next war will NOT be a pure cyberwar
A new report, “Reducing Systemic Cybersecurity Risk”, has received quite a lot of attention. The report is part of the Organisation for Economic Co-operation and Development (OECD) Project on “Future Global Shocks”, and addresses the question: "How far could cyber-related hazards be as devastating as events like large-scale pandemics and the 2007-10 banking crisis?"
Email spam - an old-fashioned technique?
Several organizations, which monitor the email spam situation around the world, have reported that the amount of spam decined significantly during the end of 2010. This led to some speculation regarding whether email spam as a technique was being abandoned, and newer ways of tricking users were upcoming and preferred.
PlayStation 3 security fully compromised
Sony's PlayStation 3 (PS3) has been viewed as one of the most secure gaming devices. Applications and games from other sources than Sony could not be installed and run on PS3, and a firmware update early in 2010 disallowed using other operating systems than the one set up by Sony. All this is now changed.
The year 2010 in a data security retrospective
December is the month to look back on the year that is coming to an end. We will attempt to sum up the situation seen from a security company's point of view. The most significant data security incidents to mention from the year are the sophisticated malware Stuxnet and incidents in the wake of WikiLeaks publication of U.S. embassy cables late November.
Holiday - relax, have fun, meet family and friends... and be vigilant
Major events, happenings and in general all kind of things that create much notice, also leave in their wake a stream of malicious software.
The ultimate surfing challenge: Avoiding web sites with malicious content
Some years ago it was an established "fact" that a computer could not be infected by malicious software by visiting a web page. But technology evolves quickly and some facts may change when new technology emerges. These days web pages are perhaps the most used propagation vector for malware.
Malicous cold calls with high success probability
According to a posting 15 November on the blog belonging to the UK based organization Get Safe Online, one in four UK web users have been targeted by so-called cold calls.
Communication consolidation or security nightmare
In recent months there have been lots of rumors about the upcoming email system closely integrated with Facebook. More detaileds about this have recently been disclosed by Facebook, and we will examine some aspects of the new offerings.
Privacy and security in Social networks - part III
This is the third article in a series about privacy and security in social networks.
Privacy and security in Social networks - part II
This is the second article in a series about privacy and security in social networks.
Privacy and security in Social networks - part I
This is the first article in a series, which will focus on security and privacy issues involved in participating in social networks.
Safe crime
We have previously advocated the view that endpoint security is just one of several tools needed to accomplish secure environments. This article will examine one particular threat against the Internet community and discuss how it may be overcome.
Hey, your computer is infected!
In a press release 25 October the Dutch High Tech Crime Team (THTC) of the National Crime Squad announced a successful takedown of a major botnet. 143 malicious computer servers were taken down from the internet resulting from collaboration with a Dutch hosting provider, the Dutch Forensic Institute (NFI), the internet security company Fox IT and GOVCERT.NL and the Dutch computer emergency response team.
Are security products losing the battle?
The product testing organization NSS Labs has recently published its test report for the 3rd quarter 2010 - test results for 11 antimalware products for consumers. The most interesting finding from this report is that the security products' performance have deteriorated compared to last year. In this security article we shall examine the implications of this.
Your computer has been quarantined and cannot access the Internet
A message similar to the one in this article's title may seem like a nightmare for most of us, as we have become increasingly dependent - some even addicted - to using resources available on the Internet for necessary as well as trivial tasks.
A new generation of malware
Computer software evolves, and popular interpretation is to introduce new generations whenever fundamental changes arrive. If one looks at malware in the same manner, one may also classify different types into various generations.
DDoS war
Last week in our article "Ways to use botnets", we discussed among other issues, botnets for hire. One example we mentioned in our article was the company Aiplex Software, which was hired to try stop illegal distribution of copyrighted material.
Ways to use botnets
This article will not go in depth with regard to how the different botnets function technically. We shall rather examine some of the ways botnets may be used, study one successful method used for fighting this threat, and finally discuss the idea of botnets used for benign purposes.
Number of vulnerabilities on the rise
In August IBM Security X-Force published its Mid-Year Trend and Risk Report. The X-Force reports are always interesting reading, and this latest addition maintains the high standards. Lots of topics are discussed in the report. In our security article, we shall however focus on one particular finding.
Mandatory electronic identification card with RFID chip
Introduction Last week it was announced that the Dutch company NXP was selected to produce the new identification (ID) card for Germany. Starting from the beginning of ...
A plethora of malware for mobile phones to be expected soon (?)
In later years dangerous malicious software for mobile phones and other handheld devices has been predicted and expected by several analysts. Norman, however has traditionally been among those more reluctant in predicting that the explosion of if malicious software for mobile devices is imminent. In retrospective it seems safe to say that our view has proven correct (so far).
Malware infections by telephone
An interesting news item has appeared in several UK-based media lately. Several end users have received phone calls from someone who present themselves as security personnel. The caller informs that the computer is infected by malware and offers to help. Varying social engineering techniques are used to persuade the recipient to allow the use of remote access software in order to "fix the problem".
The first part of 2010 - overview of security issues
In this Norman report on security issues during the first half of 2010, we will go through some incidents and tendencies. We will focus on those that Norman perceives as most important in these past six months.
Tackling the Problem of Cyber Crime
A few days ago the Australian House of Representatives' Standing Committee on Communications published its report on cyber crime and security. This document has the ambitious title "Hackers, Fraudsters and Botnets: Tackling the Problem of Cyber Crime", and is an impressive, almost 300 pages reading with statistics, examples, and of course suggestions on how to solve the cyber crime problem.
Disclose information about vulnerabilities? Yes/No/When?
Last week a researcher from Google, Tavis Ormandy, posted information about and exploit code for a new vulnerability in Microsoft's help and Support center.
Upcoming? The age of the cyborgs
We should have been expecting it - some did. Late May this year a researcher in the U.K. claims to be the first person in the world infected by a computer virus.
A cunning new phishing technique - Tabnabbing
Over the years new ingenious words for security issues have come up. We have seen the neologisms pharming, vishing, clickjacking and slurping, just to mention some. This week a new one was born - tabnabbing. Which turns out to be more scary than most.
Ventajas y desventajas de usar Facebook como dispositivo para comunicaciones y trabajo
Últimamente han surgido algunas noticias interesantes sobre Facebook y sus usuarios en Internet. Las utilizaremos como base para un debate general sobre Facebook y algunos de los problemas relacionados con el uso y la dependencia de esta red social.
Reflections on the PDF vulnerability
Earlier this month we wrote about a vulnerability in the PDF specification that could be utilized to run malicious programs embedded in a PDF file. Proof-of-concept code was published, and it was expected that real-life malware that used this technique might appear soon.
Effective social engineering scares
Malicious programs do increasingly rely on social engineering techniques to be able to propagate and successfully execute. Gone are the days when a tempting file name in an email sufficed. In this security article we shall examine variants of one of the more successful social engineering schemes.
Subscription to malware testing
The title may imply that this article is about subscription services for email checking, like Norman Online Protection. Rather not! This time we shall examine yet another way that criminal activity imitates legitimate business.
Domain name registrants - who? where?
Domain names are a crucial part of the Internet's infrastructure. However, as we have shown in previous security articles, registration of special domain names may be used as an attack vector for spreading malware.
New devices vulnerable for Internet based attacks, OR: The future is here
In our regular security articles, we have several times pointed out that security vulnerabilities and exploits are not restricted to "traditional" computers. We have predicted that several of the devices that our daily lives are filled with, may be exploited in the (near) future.
Cyber crime imitates legitimate business
We have earlier discussed the fact that cyber criminals are getting increasingly sophisticated in their attempts to succeed in obtaining illegitimate gain. We will now look into an example of how illegitimate businesses imitate legitimate.
The Internet Crime Complaint Center's report for 2009
The Internet Crime Complaint Center's (IC3) report for 2009 has just been published, and is interesting reading. Not the least when comparing the actual submitted complaints to what is focused upon in the media.
Resumiendo 2009: predicciones para el año que se inicia
Diciembre es el mes en que habitualmente se echa un vistazo al año que acaba, y en este artículo intentaremos resumir la situación desde el punto de vista de una empresa de seguridad. La observación más significativa en materia de actividad de malware durante el año que pasó es que diferentes redes sociales se han convertido en un importante objetivo para los autores de programas maliciosos.
Vacaciones: la época preferida por los niños y ...los delincuentes
Los eventos y acontecimientos importantes, y en general todas las cosas que llaman mucho la atención, también dejan a su paso una estela de software malintencionado.
Social networks - a criminal's best friend or her enemy?
Introduction Various aspects, which have to do with social networks like Facebook, Twitter, LinkedIn and MySpace, have been discussed in different security articles this year. This time we ...
Complementos de aplicaciones: caldo de cultivo para el malware
En varios artículos sobre seguridad, se ha tratado el hecho de que los nuevos dispositivos multimedia y de comunicación son vehículos óptimos para la propagación de malware. En esta ocasión se examinará un tipo de aplicación que todavía no ha sido objeto de atención (supuestamente) por parte de los autores de malware ni por los críticos.
Producción de identidad maliciosa
El robo de identidad es un término que se ha convertido en algo familiar durante los últimos años. Hasta hace poco tiempo, lo más exótico ha sido la producción de identidad con fines maliciosos. Una nueva versión de Koobface hace eso exactamente de manera automática.
Internet infectada por la gripe A
El título de este artículo de seguridad posiblemente sea un tanto más "popular" que su contenido. Solamente "un tanto". Como podemos ver, las organizaciones serias consideran que la gripe A ha afectado gravemente a Internet.
Anuncios en Internet: una importante vía de propagación de malware
La publicidad en Internet es un mercado en expansión. Varios de los sitios web que visitamos diariamente como entretenimiento o dentro de nuestro trabajo, tienen publicidad como una parte importante de los ingresos de su titular. No hay más que mencionar los periódicos y revistas en línea, los motores de búsqueda, los recursos de información de otros tipos, etc. Lamentablemente la publicidad en sitios web también es una vía importante de propagación de software malicioso.
Desarrollo de malware con código fuente abierto
El desarrollo de código fuente abierto es un método de diseño, desarrollo y distribución de software que proporciona acceso práctico al código fuente del software. Se afirma que el uso del código fuente abierto tiene varias ventajas respecto a planteamientos más cerrados para el desarrollo del código fuente.
Servidores dedicados como parte de redes de robots (botnets)
En el artículo de seguridad de esta semana trataremos el empleo de un tipo específico de ordenadores, los servidores dedicados, como parte de una red de robots.
Software más susceptible a ataques exitosos
Esta semana se ha publicado un nuevo informe sobre riesgos para la seguridad. Esta publicación, "The Top Cyber Security Risks" (Los principales ciberriesgos para la seguridad), es una iniciativa conjunta de las organizaciones de seguridad TippingPoint, Qualys y SANS. En el artículo de seguridad de esta semana abordaremos un tema específico de dicho informe: la aplicación de parches de software.
El malware en aplicaciones: un problema especial
Snorre Fagerland, analista de virus senior de Norman, escribió recientemente acerca del malware W32/Induc.A en nuestro blog seguridad. Se trata de un virus que infecta al lenguaje de programación Delphi. Como consecuencia, las aplicaciones que se crean con un entorno de Delphi infectado están también infectadas. Las repercusiones son muy interesantes, como vamos a ver.
Ataque contra los sitios de las redes sociales más importantes para detener a UNA persona
La semana pasada apareció en los medios de comunicación gran cantidad de información sobre un ataque contra sitios de redes sociales como Twitter, LiveJournal y Facebook, al parecer con objeto de detener a un blogger de Georgia.
El primer semestre de 2009 visto tras la óptica de seguridad
Ha llegado el momento en que resulta útil echar un vistazo al primer semestre de este año e intentar resumir la situación desde el punto de vista de Norman en tanto que empresa de seguridad.
Direcciones URL abreviadas: ¿buen o mal sistema?
Obviamente, la funcionalidad de direcciones URL abreviadas tiene sus méritos. No obstante, existen deficiencias y problemas que hacen que el sistema resulte menos seguro de lo que sería deseable.
Su PC como servidor de Internet con solo unos clics
El software para configurar cualquier ordenador como recurso de Internet ha estado disponible para cualquiera durante mucho tiempo. No obstante, el umbral para hacerlo ha sido tan alto que no todo el mundo creía que se pudiera hacer sin conocimientos especiales. Esta situación puede cambiar ahora.
Una fuente inagotable de dinero...
El título de este artículo sobre seguridad puede parecer el principio de un cuento de hadas que le contara un delincuente a su hijo. No obstante, una variedad de software malicioso (malware) que ha aparecido este año parece haber convertido el cuento en realidad para algunos…
Reconocimiento de los retos de Internet al máximo nivel
Hace años que distintas organizaciones dedicadas a la seguridad han advertido sobre los peligros que conlleva el uso de Internet, que afecta a los usuarios, a las empresas y al sector público. Lamentablemente no siempre se ha prestado a estas advertencias la atención que merecen. El discurso del presidente Barak Obama es, por lo tanto, un oportuno reconocimiento al máximo nivel político.
¿La muerte de una aplicación asesina?
La primera aplicación asesina de Internet es, en opinión de muchos, el correo electrónico. Lamentablemente, el correo electrónico como método seguro y fiable de comunicación se ha visto últimamente amenazado por el propio correo electrónico.
Registro de nombres de dominio: un vector para la propagación de malware
Otros usos de los servidores web como propagadores del malware. El método aprovecha términos populares para inducir a los usuarios a visitar sitios web que son intencionadamente maliciosos.
Do birds speak the truth?
The social network Twitter has become extremely popular in quite a short time. This time we will discuss this technological phenomenon from a sociological perspective, and use the most talked-about incident these days as a kind of case study - the swine flu.
HELLO! My house is ready for burglars
"My house is ready for burglars", is not what you would typically shout in public or write as an advertisement in the local newspaper. Nevertheless this is exactly what lots and lots of computer users do on a regular basis, without reflecting upon what they really do.
GhostNet: una auténtica red de espionaje
Esta semana, la atención de los medios estuvo dirigida a un informe publicado el 29 de marzo en el Information Warfare Monitor (Canadá) titulado Tracking GhostNet: Investigating a Cyber Espionage Network (Seguimiento de GhostNet: Investigación de una red de ciberespionaje).
Hot stuff: Exploitable routers - a flash of the whole iceberg
A new type of malicious software has recently been getting some media attention. The most interesting part of this is the fact that the malware's targets are not traditional computers. Rather does this malware attack different types of devices, namely routers and modems.
Información sobre las amenazas "más habituales": ATLAS
ATLAS considera los ataques a los ordenadores desde una perspectiva global y ayuda a los usuarios a prever futuros ataques a la red. Para hacerlo, analiza datos recopilados por una serie de sensores.
Pros y contras de utilizar "la nube" como colaboradora
"La nube" es una de las nuevas palabras mágicas empleadas para describir una nueva y práctica tecnología. En síntesis, la idea es utilizar para la informática los recursos situados fuera de las instalaciones de la organización (o de la persona). Normalmente, dichos recursos se encuentran en Internet y se accede a ellos a través de este canal.
¿Un problema de seguridad? ¡Perdón, equivocado!
Las organizaciones de seguridad libran una continua batalla contra los autores de software malicioso, intentando impedir que los usuarios finales sean infectados por material dañino. Tal como hemos dicho muchas veces, la cantidad de software malicioso se incrementa de manera exponencial y las técnicas para contagiarlo evolucionan continuamente. Obviamente, esto hace que la tarea de las organizaciones de seguridad sea cada vez más difícil.
Eventos DOS
El título de la información sobre seguridad de esta semana no se refiere a la celebración de ningún aniversario del antiguo sistema operativo DOS. Es otro de esos neologismos que surgen continuamente. Hay que buscar mucho para encontrar un sector en el que se inventen más palabras nuevas que en el de la seguridad informática.
Mobile phone threats - hype or (finally) truth?
So far there has been no really dangerous malicious software targeting mobile phones. The New Year 2009 started with a new, interesting threat to mobile phones, which may change this picture.
Resumen de 2008 y previsiones para 2009
En esta Información de seguridad nos centraremos en las tendencias de seguridad que se han observado durante 2008 y además trataremos brevemente lo que se puede esperar en 2009.
Navidades: una época de diversión, pero también de precaución
Los eventos y acontecimientos importantes, y en general todas las cosas que llaman mucho la atención, también dejan a su paso una estela de software malicioso.
Juegos en Internet - Nuevas oportunidades para los visionarios (sospechosos)
El uso del dinero que maneja en los juegos en línea ha sido tradicionalmente solo la cuota de entrada para comprar el propio juego (si no es gratuito). No obstante, en este artículo les demostraremos que esto ya no es así.
Lucha contra el malware en dos frentes
Recientemente hemos visto que algunos de los principales responsables del “lado oscuro” de la red han sido eliminados de Internet. La actividad de los virus maliciosos se redujo de inmediato, y en una cantidad sorprendentemente significativa.
Security patches - an additional security issue
There are some issues with security patches that in fact may render certain users more vulnerable. This apparent contradiction will be examined in this article.
Informe del Internet Crime Complaint Center correspondiente a 2007
El informe del IC3 correspondiente a 2007 se acaba de publicar y revela datos interesantes.
El software malicioso, ¿el mejor sueño de un terrorista?
Los expertos - los autoproclamados y algunos otros - afirman a menudo que el software malicioso (malware) es la herramienta definitiva para los grupos terroristas.
Happy (?) anniversary, Malware!
Compared to the relatively innocent scheme of malware in the early age, it has changed into an activity for "geeks" that caused major problems for individuals and organizations, and further into an industry dominated by criminals.
Informe del Internet Crime Complaint Center correspondiente a 2006
El Internet Crime Complaint Center (IC3) en Estados Unidos colabora con el National White Collar Crime Center (NW3C) (organización que previene, investiga y persigue los delitos económicos y de alta tecnología) y el FBI y se centra en los delitos cometidos en Internet.
Visión general de los sucesos relacionados con la seguridad en 2006 (IV)
Información de seguridad, semana 2, 2007
El número cada vez mayor de fallos de seguridad supone un coste muy elevado para las corporaciones
El número de incidentes de seguridad aumenta rápidamente y en un estudio reciente se demuestra que prácticamente 9 de cada 10 organizaciones han sufrido incidentes de este tipo en 2005.
Perspectiva general de noticias relacionadas con la seguridad, 2006 (III)
Información de seguridad, semana 42, 2006
El cambio en el planteamiento de los creadores de programas malintencionados, “malware”, define nuevos retos para el software de protección
Durante los dos últimos años, los encargados de analizar las tendencias de la actividad malintencionada en Internet en general y del software maligno en particular han observado un cambio significativo.
¡El gran hermano te ENCUENTRA!
El artículo de Norman "El gran hermano te ESCUCHA" " publicado el año pasado terminaba con la frase: Por ahora, la tecnología VoIP ofrece seguridad, pero... hay que tener cuidado porque nunca se sabe quién puede estar escuchando.
Las instituciones financieras, más expuestas a ataques de piratas informáticos y a intentos de fraude
Las principales instituciones financieras cada vez están más expuestas a los ataques de piratas informáticos, a códigos malintencionados e intentos de fraude. Según un reciente estudio, el número de organizaciones que han sufrido ataques creció hasta llegar al 78% el pasado año.
"VISHING": la nueva tecnología reaviva las antiguas actividades delictivas
"Vishing" es el resultado de combinar los términos ingleses "voice over IP" (voz sobre IP) y "phishing" (derivado del inglés fishing, "pescar") y consiste exactamente en eso: el empleo del cada vez más extendido método de voz sobre IP con el objeto de engañar a alguien para que revele información personal con la intención de cometer fraude.
Visión general de los sucesos relacionados con la seguridad en 2006 (II)
Abril - Mayo - Junio de 2006
Look out for ransomware
Hackers that encrypt your files and demand money in order decrypt them are an increasing threat in the world of IT criminality.
Zombies and targeted attacks – a challenge to overcome?
One of the most prevalent and fastest increasing threats against IT security is the rise of zombie computers and botnets. Not only do they spread extremely fast, they are also able to do immense damage that can easily lead to large costs.
Your pet can be infected by a computer virus!
Researchers of the University of Amsterdam in The Netherlands have succeeded to successfully infect a RFID-chip (Radio Frequency Identification Device) with a computer virus.
Menor confianza y mayor riesgo: ¿peligra el futuro del comercio electrónico?
Ecommerce and online trading have been a part of modern people’s life for some years now. The amount of online transacations is increasing steadily. But so is the number of Internet fraud attempts and security threats. What implications will this have on the future of ecommerce?
Nuevos objetivos de los phishers
Los phishers o ladrones de identificadores solían atacar importantes instituciones financieras pero últimamente parece que los grupos en los que se fijan han cambiado. Actualmente los phishers están atacando todo tipo de organizaciones, incluso instituciones sanitarias. La guerra entre phishers y grupos anti-phishing es cada vez más dura. Y la posible víctima es usted.
The Internet in the future – increased distrust among users?
The Internet is no longer a limited source of information or communication. Without the Internet you will have severe problems conducting several every-day tasks in today’s western society.
Corporate and private worries by using the Internet
There are several securities issues involved in using the Internet for conducting corporate business, as well as issues involved in protecting individuals for misuse of their personal information. This article will discuss some of those
Spam – from innocent playing to organized crime
Threat is maybe not the first word that comes into your mind when talking about spam.
Proof of concept worm for handheld devices
The first worm that spreads through handheld devices, like mobile phones, is observed. This is a "proof of concept" program without malicious code.
"You ain't seen nothing yet" - or - The Warhol worm and worse
It is hardly controversial to claim that the end of February and beginning of March 2004 was the worst period ever regarding the sheer number of new mailicious programs threatening the Internet community. New variants of Bagle, MyDoom and Netsky were spread daily - sometimes even more than once per day.
An analysis of Sobig.F and its ability to harm Internet users around the world
In September 2003 Internet users and organizations experienced the most severe attack on the Internet infrastructure since the "Morris worm" in November 1988. The outbreak of W32/Sobig.F caused major problems because of the huge amount of emails flooding the infrastructure.
Macrovirus steals your private PGP key
Security Information Week 8, 1999Several viruses have recently been created which utilize Internet protocols and applications in their behaviour.One such familiy is the W97M/Caligula viruses ...
1 January 2000 - a special date for virus attacks?
Security Information Week 37, 1999 Introduction There has been some speculation in the media about lots of new viruses with payload 1 January 2000. Apparently this has ...
Several new virus techniques have surfaced in 1999
Security Information Week 49, 1999 As this year (and the millennium) approaches its end, time has come to look back on what we have experienced in ...
The major security risk: Users
Security Information Week 9, 1999The IT department in an organization often uses vast resources to be updated on security risks associated with hardware and software ...
Trends in the creation and propagation of malicious programs
Security Information Week 25, 1999 This year we have seen three instances of malicious programs which caused severe damage all over the world: ...
Exploiting security issues in known applications - a new trend in malicious programs?
Security Information Week 32, 2003
The dilemmas of publishing information about vulnerabilities in software
Security Information Week 40, 2002IntroductionOne of the ongoing discussions regarding security is about informing the public about new security risks. The two extremes are on ...
Privacy after 11 September 2001?
Has a person's ability to protect his private life from intrusion of any kind been diminished during the years that has passed since 11 September 2001?
2002 - a quiet year with respect to malicious programs, or not?
Security Information Week 34, 2002 In August this year some news items appeared, which claimed that the year so far had been a quiet one for ...
3rd Quarter 2001 - a (long) nightmare for the security community and Internet users
Security Information Week 41, 2001 Introduction If the computer security community looks back upon the third quarter this year, this is probably not with happiness and joy. ...
April this year - the month of severe incidents from malicious programs?
Security Information Week 14, 2001 Introduction It is often claimed that security companies, security consultants and the antivirus vendors, are too eager to warn about different kinds ...
Trends in malicious programs
Security Information Week 6, 2001 Since computer viruses appeared for the first time the middle of the 80s, there has been a rapid development of these ...
The so-called HTML viruses
Security Information Week 1, 1999 The computer magazines as well as other papers have recently published articles about a "new" kind of viruses - the so-called ...
The ten most critical Internet security threats
Security Information Week 26, 2000SANS Institute's web site is one of the most useful resources to visit/use for those interested in computer security issues.One of ...
Y2K - predictions and experiences
Security Information Week 1, 2000 It seems appropriate to use the Security Information for the first week in the new year to look back on what ...
What to learn from visits by Melissa and her siblings
In April 1999 a lot of people and organizations were paid a visit by the computer virus Melissa. This virus propagated so quickly and extensively that many compared it to the legendary "Morris worm."
Ultimas entradas del blog [EN]
The 10 most insecure passcodes
2011-06-16
Earlier this week I read an extremely interesting and impressing blog item by Daniel Amitay: Most Common iPhone Passcodes.
Amitay has analyzed more than 200 000 passcodes used in an app with a similar...
más >>
más >>
Purchasing and downloading outdated software
2011-05-23
Last week in the "JoshMeister On Security" blog, the topic was about Apple's Mac App Store, and the fact that software available from this store may not be the latest version.
The blog's aut...
más >>
más >>