The insecurity paradox
2011-08-29
The formula here attempts to explain a paradox in security analysis:
If it is true that security is only as strong as its weakest link, why are not those who use insecur...
mer >>
mer >>
Proaktiv IT-sikkerhet
Sikkerhetssenter
Les de siste sikkerhetsoppdateringer fra våre eksperter
Sikkerhetstemaer
Nyeste artikler - Security terms
An approach to an organization's risk factors (part 3)
In this third and final part of our article series about risk factors, we will examine Human attack factors and Physical factors.
An approach to an organization's risk factors (part 2)
The previous article discussed different procedures and systems that could be invoked in order to mitigate risk. In subsequent parts we will examine areas at risk, starting with Electronic factors.
An approach to an organization's risk factors (part 1)
The aim of this type of initial risk analysis is to identify potentially vulnerable points that may be exploited if they are not sufficiently secured.
Denial of Service attacks against secure web sites
The special feature that THC-SSL-DOS offers, is that a DoS attack against a secure web server can be performed from one computer or just a few computers.
Secure tokens turn insecure
Even organizations, which presumably are more security conscious than most, have vulnerabilities that may be exploited by an attacker who has sufficient resources and determination at her disposal.
No access to your data unless...
Blocked access to important information - particularly if adequate backup routines are not in place - may be disastrous for the person who becomes the victim of ransomware.
Spam botnet Rustock beheaded
Bots and botnets comprise one of the biggest threats to the Internet and its users. However, recent news report of a success story: beheading the spam botnet Rustock.
Shamelessly exploiting disasters
In previous security articles, we discussed the fact that cybercriminals use big events to spread malware. Not surprisingly - nevertheless disgusting - the recent events in Japan have inspired shameless exploitations by cybercriminals.
Malicous cold calls with high success probability
According to a posting 15 November on the blog belonging to the UK based organization Get Safe Online, one in four UK web users have been targeted by so-called cold calls.
Ways to use botnets
This article will not go in depth with regard to how the different botnets function technically. We shall rather examine some of the ways botnets may be used, study one successful method used for fighting this threat, and finally discuss the idea of botnets used for benign purposes.
A cunning new phishing technique - Tabnabbing
Over the years new ingenious words for security issues have come up. We have seen the neologisms pharming, vishing, clickjacking and slurping, just to mention some. This week a new one was born - tabnabbing. Which turns out to be more scary than most.
Effective social engineering scares
Malicious programs do increasingly rely on social engineering techniques to be able to propagate and successfully execute. Gone are the days when a tempting file name in an email sufficed. In this security article we shall examine variants of one of the more successful social engineering schemes.
Malicious identity production
Identity theft is a term, which has become familiar during the latest years. More exotic - until recently - has been identity production with malicious intent. A new version of Koobface does exactly that - automatically.
You're bad. No, I'm not!
The vendors of security software have the following simple task: Detect and remove as much malicious software as possible without erroneously defining benign software as malware. Unfortunately, this is not as simple as it seems.
A security issue? Oops - not!
Security organizations are in constant battle with malware authors, trying to protect end users from being infected by "bad stuff". As we shall see in this week's security article, some undesirable side effects unfortunately occur from time to time.
DOS events
The title of this week's security information does not refer to the celebration of an anniversary for the legacy PC operating system DOS. It is another of those neologisms that pop up continuously.
Slurping – et sikkerhetsproblem som ofte blir oversett
Slurping er ikke bare en metode for å slukke tørsten. Det er også brukt som en betegnelse for en type sikkerhetsproblemer, som ofte blir oversett.
Ondsinnet programvare, 25 år! Gratulerer?
Sammenlignet med det relativt uskyldige plottet vi så i de tidlige årene, utviklet ondsinnet programvare seg til en aktivitet for datanerder, som skapte store problemer for personer og organisasjoner, og videre til en industri dominert av kriminelle.
SPIM – a new threat to the Internet community?
Several users of the instant message service MSN messenger have recently been attacked by so-called ”SPIM” This has led some to believe that they have been attacked by an MSN-worm or a virus, which mission is to damage their computer.
Smishing – nok en oppfinnsom vri på phiskebegrepet
De fleste som jobber med sikkerhet, og mest sannsynlig større deler av allmennheten, har hørt om begrepet phisking (phishing) og betydningen av det. Du finner ...
Spydphiske (Spear phishing) - målrettet angrep mot en organisasjon
De vanlige phiskeangrepene er rettet mot tilfeldige individer, mens de spesialiserte spydphiskeangrepene sikter på en bestemt organisasjon.
Pump and Dump Spam
Don’t you hate spam...? Spammers get smarter every time and try new ways to get your attention and to avoid spam filters.
”VISHING” – ny teknologi gir nytt liv til gammel kriminalitet
“Vishing" er en kombinasjon av de to begrepene "Voice over IP" and "Phishing", og er akkurat det: Utnyttelse av den økende bruken av IP-telefon for å lure noen til å avsløre personlig informasjon, med den hensikt å begå svindel.
Bildespam – en eksploderende trussel
Spamproblemet vokser rakere enn noensinne og spammerne blir stadig mer sofistikerte. Antallet spam-mail har økt med mer enn 40 % siden april og den aller siste formen for spam er såkalt bildespam ("image spam").
Se opp for ransomware (krav om løsepenger) !
Hackere som krypterer filene dine og krever penger for å dekryptere dem igjen er et økende problem innen IT-kriminalitet.
Zombier og målrettede angrep – en overkommelig utfordring?
En av de mest aktuelle og raskest voksende trusler mot IT-sikkerhet i dag er fremveksten av zombiemaskiner og såkalte robotnettverk (bottnettverk). Ikke bare spres nettverkene raskt, de er også i stand til å gjøre stor skade som lett kan føre til høye kostnader.
To report or not to report when being a victim of a Denial of Service Attack
Security Information Week 19, 2006
Hva er egentlig phisking (phishing)?
De fleste sikkerhetsorganisasjoner regner phisking som en av de aller største truslene mot IT-sikkerheten i 2006. Gartnergruppen har regnet ut at de direkte kostnadene ved phiskingangrep på amerikanske banker og kredittkortselskaper var på hele 1,2 milliarder dollar i 2003.
Look out for Greyware!
During the last few months the number of so called Greyware has increased massively. Greyware reefers to antispyware utilitites that force themselves into the users' machines by scaring the users and by auto-installing programs.
Keyloggers – an invisible danger
The threath of keyloggers is a rapidly growing danger in the world of IT security.
"You ain't seen nothing yet" - or - The Warhol worm and worse
It is hardly controversial to claim that the end of February and beginning of March 2004 was the worst period ever regarding the sheer number of new mailicious programs threatening the Internet community. New variants of Bagle, MyDoom and Netsky were spread daily - sometimes even more than once per day.
A new e-mail hoax
Security Information Week 39, 1999 Recently a new e-mail hoax has been spreading quite aggressively. Subject of the e-mail is !!!WARNING -- DESPITE-virus!!! -FMBW. The body of the ...
Norman's acquittal in Norway's Supreme Court
In April 1999 Norman was acquitted in the Supreme Court of Norway. This ruling has been noticed and commented upon by news agencies and magazines all over the world.
How to prevent crackers to break into your system
Security Information Week 6, 1999All the time reports are published about famous and not-so-famous organizations which have had their networks and computers compromized by crackers. ...
What a hacker may know about your systems
Security Information Week 10, 1999A person who is interested in breaking in to an organization's computers wants to know as much about these computers as ...
The so-called HTML viruses
Security Information Week 1, 1999 The computer magazines as well as other papers have recently published articles about a "new" kind of viruses - the so-called ...
Nyeste blogg-innlegg [EN]
The 10 most insecure passcodes
2011-06-16
Earlier this week I read an extremely interesting and impressing blog item by Daniel Amitay: Most Common iPhone Passcodes.
Amitay has analyzed more than 200 000 passcodes used in an app with a similar...
mer >>
mer >>
Purchasing and downloading outdated software
2011-05-23
Last week in the "JoshMeister On Security" blog, the topic was about Apple's Mac App Store, and the fact that software available from this store may not be the latest version.
The blog's aut...
mer >>
mer >>