China is once again suspected of going after "high value" gmail accounts.
From ComputerWorld:
http://www.computerworld.com/s/article/9219155/Suspected_Chinese_spear_phishing_attacks_continue_to_hit_Gmail_users?taxonomyId=17
Monday, August 15, 2011
Sunday, August 14, 2011
San Francisco BART
Today at noon there is a threat that the San Francisco BART (Bay Area Rapid Transit) site will experience at DDoS attack from the Anonymous hacker group. The attack is apparently in retaliation for BART turning off Cellular service to halt protests that were occurring in the area of one of its stations:
http://www.bart.gov/news/articles/2011/news20110812.aspx
http://www.bart.gov/news/articles/2011/news20110812.aspx
Saturday, August 13, 2011
Global Information Security Execs Urge - "Assume You Are Compromised"
RSA, The Security Division of EMCEMC +2.12% , released a new report that takes an in-depth look at the seismic shift in the cyber threat landscape, as enterprises are increasingly targeted for corporate espionage and sabotage. The report, the latest in a series from the Security for Business Innovation Council (SBIC), asserts that for most organizations, it's a matter of when, not if, they will be targeted by advanced threats. In an environment where the focus shifts from the impossible task of preventing intrusion to the crucial task of preventing damage, the report includes instructive guidance from 16 global security leaders for confronting this new class of threat.
Read more at:
http://www.marketwatch.com/story/global-information-security-execs-urge-assume-you-are-compromised-2011-08-02?reflink=MW_news_stmp
Read more at:
http://www.marketwatch.com/story/global-information-security-execs-urge-assume-you-are-compromised-2011-08-02?reflink=MW_news_stmp
Weekend Roundup
Here is a roundup of some of the security news from this week:
BES Vulnerability
Research in Motion (RIM) Warned of a high severity vulnerability on Blackberry Enterprise Servers (BES). The vulnerabilities could allow attackers to gain access to and execute code on a BES Server:
http://www.v3.co.uk/v3-uk/security-watchdog-blog/2101385/rim-warns-severity-blackberry-enterprise-server-vulnerabilities
Hong Kong Exchange DDoS
A DDoS (Distributed Denial of Service) attach forced the Hong Kong Exchange Offline
http://threatpost.com/en_us/blogs/ddos-attack-forces-hong-kong-exchange-site-offline-second-day-081111
Android Users At Risk
Android users may be at risk. A security vulnerability has been found in the Android operating system that may put users of the system at risk:
http://ozarksfirst.com/fulltext?nxd_id=504697
http://techcrunch.com/2011/08/12/mystery-android-vulnerability-not-detailed-by-prudent-hackers/
Anonymous Facebook threat or not?
It was reported earlier this week that the hacking group Anonymous was going to take down Facebook. However later it was reported that Senior members of the group had tightened the reigns and they were not planning on taking down Facebook after all.
http://www.forbes.com/sites/parmyolson/2011/08/11/why-the-anonymous-facebook-plot-was-a-dud/
http://www.telegraph.co.uk/technology/facebook/8696390/Anonymous-hackers-disown-Facebook-plot.html
http://hollysprings.patch.com/articles/facebook-fallout-a-hoax-or-is-your-privacy
osCommerce Websites used in Drive-By-Download Hacking
If you are using osCommerce, you may want to check your website. A group of hackers is leveraging vulnerabilities in sites using OsCommerce to infect them with Drive-by downloads:
http://www.usatoday.com/money/industries/technology/2011-08-11-mass-website-hacking_n.htm
BES Vulnerability
Research in Motion (RIM) Warned of a high severity vulnerability on Blackberry Enterprise Servers (BES). The vulnerabilities could allow attackers to gain access to and execute code on a BES Server:
http://www.v3.co.uk/v3-uk/security-watchdog-blog/2101385/rim-warns-severity-blackberry-enterprise-server-vulnerabilities
Hong Kong Exchange DDoS
A DDoS (Distributed Denial of Service) attach forced the Hong Kong Exchange Offline
http://threatpost.com/en_us/blogs/ddos-attack-forces-hong-kong-exchange-site-offline-second-day-081111
Android Users At Risk
Android users may be at risk. A security vulnerability has been found in the Android operating system that may put users of the system at risk:
http://ozarksfirst.com/fulltext?nxd_id=504697
http://techcrunch.com/2011/08/12/mystery-android-vulnerability-not-detailed-by-prudent-hackers/
Anonymous Facebook threat or not?
It was reported earlier this week that the hacking group Anonymous was going to take down Facebook. However later it was reported that Senior members of the group had tightened the reigns and they were not planning on taking down Facebook after all.
http://www.forbes.com/sites/parmyolson/2011/08/11/why-the-anonymous-facebook-plot-was-a-dud/
http://www.telegraph.co.uk/technology/facebook/8696390/Anonymous-hackers-disown-Facebook-plot.html
http://hollysprings.patch.com/articles/facebook-fallout-a-hoax-or-is-your-privacy
osCommerce Websites used in Drive-By-Download Hacking
If you are using osCommerce, you may want to check your website. A group of hackers is leveraging vulnerabilities in sites using OsCommerce to infect them with Drive-by downloads:
http://www.usatoday.com/money/industries/technology/2011-08-11-mass-website-hacking_n.htm
Wednesday, August 10, 2011
Hong Kong Exchanges Suspect Malicious Hacking Caused Website Problems
See more information on this at the Wall Street Journal site. The story is just breaking this evening:
http://online.wsj.com/article/BT-CO-20110810-709601.html
http://online.wsj.com/article/BT-CO-20110810-709601.html
FBI Child ID App
The FBI has introduced a Child ID application. The Child ID App provides a convenient place to electronically store photos and vital information about your children in the event they should go missing. Find more information about the Child ID App at the FBI Website:
http://www.fbi.gov/news/stories/2011/august/child_080511/child_080511
Sunday, July 31, 2011
My Password is More Than 11 Characters
Dear WalMart,
Today I tried to make a purchase on your website. As part of the purchasing process I set up an online account but got stuck when I had to enter my password and found out I can only use a password up to 11 characters. Why is this? Wouldn't it be better for the overall security of your site and your customers if customers used longer, more complicated passwords? Sure I can see having a minimum number of characters; I can even see having a maximum number of characters, but 11? Why not 50 or 100? How about encouraging people to use pass-phrases rather than passwords? Wouldn't this be even better? More Secure? Reduce your risk?
BTW, your not alone. I have been on several other eCommerce sites that have this 11 character maximum. I would like to suggest that all eCommerce sites that request a user registration end the limitations on lengths of passwords and find a better way of processing and storing them.
Today I tried to make a purchase on your website. As part of the purchasing process I set up an online account but got stuck when I had to enter my password and found out I can only use a password up to 11 characters. Why is this? Wouldn't it be better for the overall security of your site and your customers if customers used longer, more complicated passwords? Sure I can see having a minimum number of characters; I can even see having a maximum number of characters, but 11? Why not 50 or 100? How about encouraging people to use pass-phrases rather than passwords? Wouldn't this be even better? More Secure? Reduce your risk?
BTW, your not alone. I have been on several other eCommerce sites that have this 11 character maximum. I would like to suggest that all eCommerce sites that request a user registration end the limitations on lengths of passwords and find a better way of processing and storing them.
Subscribe to:
Posts (Atom)
