Cybersecurity
Nigerian Hackers Sell Man's House
News of a scam in Australia hit the Web on Wednesday, and I have to say it's a doozy. A man allegedly had his home sold by Nigerian-based scammers, and he had no idea what was going on.
Cybersecurity
Don't Tweet Your Password. Duh.
Twitter users report seeing tweets claiming if a user types his or her password into the live feed, twitter will automatically obfuscate it. These posters claim to have entered in their passwords to demonstrate, and allegedly all asterisks appeared when the tweet went live. If you've seen this tweet please ignore it, it's not true. The tweet is just a ploy/gimmick/joke to get people to post their passwords. Here's <a href="http://bash.org/?244321">an example</a> of this kind of nonsense.
Cybersecurity
Malware Toolkit
Antivirus is no guarantee of a clean, well functioning computer. There are times IT professionals need to manually clean their machines. As such, a topic of conversation for a computer advisory board I read regularly has been on toolkits for infected workstations. The toolkit addresses removing malware from these infected workstations. One member suggested the below steps, those of which seemed like a reasonable approach:
Cybersecurity
Beware the Fake Interview
As Internet attacks become more sophisticated, beware the fake interview. At the <a href="http://www.defcon.org/">DEF CON</a> conference in August, organizers held a social engineering contest revealing just how creative hackers have become. One of the tricks used was to call up an employee of a rival company and claim you have a better a job for them. A mock interview would then be set up where the intruder would have questions with the sole intent of extracting information about their employer.
Cybersecurity
Tell Me About Your Security Career
I found this little gem of an <a href="http://www.washingtonpost.com/wp-dyn/content/article/2010/08/30/AR2010083001935.html">article</a> today, which reminded me of the importance of finding and training cybersecurity professionals. It's no secret there aren't enough well qualified professionals (or cyber warriors) to keep up. But it might be a secret that the ones with the training don't always have a career path to follow.
Cybersecurity
Mobile Device Poll's Chilling Results
A <a href="http://isc.sans.edu/">poll</a> measuring user fears of cyber threats to mobile devices is the latest reminder that smart phones can be quite insecure. The poll is titled "What is your biggest fear with mobile devices in your enterprise," and 311 people participated on SANS Institute's Internet Storm Center website. Respondents said monitoring for information leaks was among the biggest fear at 46.3 percent. Untrusted applications came in at 15.1 percent, malware attacks at 14.8 percent, securing the applications at 7.1 percent, and wireless access at 7.1 percent.
Cybersecurity
Dangers of Unused E-mail Accounts
Spammers continue to step up their games, targeting your abandoned e-mail accounts. We've all been known to carry multiple e-mail accounts, some of which we don't use, or only use for specific purposes. Spammers attempt to break into these unused or little used accounts via spear phishing or brute force attacks to obtain a user's password. Once they get into the account they begin sending spam out to the user's contacts. They do so at a very slow pace, as to not be detected.
Cybersecurity
Managers: Walk the Security Talk
What kind of manager are you? Two kinds of manager seem to exist today: those with a technical background, and those without. But more often than not, managers don't have the technical background that they need to be successful.
Cybersecurity
Military Expedites Cyber Hires
There's a big <a href="http://www.af.mil/news/story.asp?id=123213689">need</a> in the Air Force for cybersecurity professionals. So much in fact, the U.S. military branch has been authorized to use a faster hiring process to help fill more than 680 positions.
Cybersecurity
Attack of the Facebook Quizzes
Social engineering attacks are becoming increasingly prevalent, and I've profiled a few in this <a href="http://cybersecurityreport.nextgov.com/2010/08/social_media_guidelines.php?oref=latest_posts">blog</a>. But I recently read an intriguing <a href="http://www.sans.org/reading_room/whitepapers/privacy/disney-princess-you_33328">white paper/research report</a> on some of the dangers of Facebook and other social media websites. The real risk is divulging too much information about ourselves via online quizzes and user profiles. This particular white paper is titled "Which Disney Princess are YOU?" The author writes:
Cybersecurity
Sounds from Cyber Camp
The US Cyber Challenge summer camps have concluded, and by all accounts they were an overwhelming success. Three states -- Delaware, California, and New York -- hosted camps this year. I found a fun story on NPR and I wanted to make sure people had a chance to hear it.
Cybersecurity
Social Media Guidelines
Does your <a href="http://searchunifiedcommunications.techtarget.com/news/article/0,289142,sid186_gci1378868_1,00.html">company</a> have a social media governance policy? It ought to. These days the Internet is a public arena with a microscope over top. The rules are also different, <a href="http://www.carrollcountytimes.com/news/opinion/editorials/article_cbf4912e-a931-11df-b4ec-001cc4c002e0.html">and evolving</a>. Things you might be able to get away with saying to someone or a group, face-to-face, might not come across properly online.
Cybersecurity
Get a Pay Raise
If you haven't yet completed the 2010 <a href="http://www.surveymethods.com/EndUser.aspx?CDE9859FCC869F96CD">Salary Survey</a>, this weekend may be your last opportunity. Some very interesting data is already emerging, and it may be helpful to many of you when it comes to negotiating salaries and bonuses.
Cybersecurity
SSH Brute Force Spotted
New reports are filtering in to SANS' Internet Storm Center about a new SSH brute force script, possibly named "dd_ssh."
Cybersecurity
Kill the Catch Phrase
Deloitte pushed out a press release Tuesday on recently being named the "best iconic and overall structure" winner for the 2010 National Cybersecurity Awareness Challenge. But is it newsworthy?
Cybersecurity
Infosec Lawyers at a Premium
For many unwelcome reasons, information technology security professionals need lawyers, but it's not always easy to find one that understands the nature of intricate infosec topics. In fact, many security practitioners report that the vast majority of lawyers they encounter are intimidated by computers. The question arises: Is there a kind of lawyer or law firm that focuses solely on infosec topics?
Cybersecurity
Security Professional? Get Paid
The computer security profession is relatively new, and with many nuances, skills, and certifications out there, it's not always easy to find good comparisons for what a particular set of skills is worth. That is, if you are a security professional with certain skills and certifications, it's not likely you have many people with whom you can compare your salary. So, you just might be getting under paid. Think of trying to buy a house in a neighborhood with no comparable properties. Do you think you would get the best price? Probably not.
Cybersecurity
Malware Campaign Morphs
Last month, a major malware campaign attempting to trick users into opening malicious PDF files was <a href="http://www.computerworld.com/s/article/9176088/Major_malware_campaign_abuses_unfixed_PDF_flaw?taxonomyId=208">reported</a>. The attack worked by sending a malicious e-mail masquerading as mail from company system administrators and contained the subject message heading "setting for your mailbox are changed." The malware exploited an unpatched design flaw in the PDF format.
Cybersecurity
Be a Good Security Analyst
How deep is your <a href="http://www.it.ufl.edu/policies/security/uf-it-sec-incident-response.html">incident and response tracking</a>? There are a number of ways to track and log incidents. I recommend keeping copies of any relevant logs in an incident entry notebook. Every virus detection goes into this incident database, including malware incident details and usually the website access logs within the context of the antivirus incident.
Cybersecurity
Federal IT and Labor Cuts
Nextgov's Emily Long published a <a href="http://www.nextgov.com/nextgov/ng_20100706_9903.php?oref=rss">complete look</a> of the federal government's transition to continuous monitoring today. I'm pointing to the story not because it was done by the news organization I blog for, but because it's the best recap I've seen.
Almost There!
Help us tailor content specifically for you: