Research FaceBook App Recruits for Botnet
I’ve blogged in the past about botnets, and it should be pretty clear that they can be powerful entities for good or evil. With human nature being what it is, they’re mostly used for evil. As a botnet...
View ArticleThe New Computer Hacking Game
Perhaps I’m just getting to be an old timer. When I started managing computer systems for the telephone company in the late 1980s, the game was to break into systems primarily to learn something....
View ArticleUpdate: First Arrests in Heartland Case
It seems that if you steal enough credit cards, then you might actually get arrested. Last week I posted about the Heartland Payment Systems case, and today, Computerworld is reporting that the first...
View ArticleHow to spot an ATM skimming device
For those who aren’t aware, there are folks out there who are stealing your ATM information not by breaking into the transaction processing company, but by stealing it from you at the ATM. This process...
View ArticleFading Personal Data
Have you ever looked at your address book and seen an entry for someone you haven’t talked to in years? I usually think to myself “I wonder if that phone number is still good.” Sometimes I even wonder...
View ArticleSteganography in the wild
This is cool, in a “people spying on my country” kind of way: Gizmodo reports that the recent break-up of a supposed Russian deep cover spy ring included the FBI discovering their use of Steganography....
View ArticleOn-processor Random Number Source Could Aid Security
Wow, it’s months I spend not saying anything about computer security, and then there are two in a row. Technology Review reports today that engineers at Intel have come up with a way to put a true...
View ArticleThe Folly of Password Standards
I was out on a web site today, it doesn’t really matter which one, and was forced to create a profile for the (mis)use of the site’s owner. I found their password standards to be, well “stringent”...
View ArticleCommand and Control by Blog
Here’s a new method of command and control for malware: Researchers from Trend Micro have spotted a piece of malicious software for Android that receives instructions from an encrypted blog In the...
View ArticleAnother round of ATM hacking
It’s been a while since I’ve blogged on a security topic, but this one caught my eye today: researchers in Germany have revealed an intriguing new ATM exploit. In the past I’ve written about skimmers,...
View ArticleReview: SANS DEV-541: Secure Coding in Java/JEE: Developing Defensible...
Recently decided to take a secure Java coding course from SANS, partially because it’s good to brush up on the latest attacks, countermeasures and practices, but to be honest, mostly to log some CPEs...
View ArticleCCTV cameras used in massive botnet
I haven’t blogged on security topics in a while, and this one ran across my news feed. Researchers investigating a Distributed Denial of Service (DDoS) attack on a website have uncovered a 25,000-bot...
View ArticleProject Sauron: A Long-lived, Stealthy and Likely State-sponsored Malware
BBC News is reporting on researchers’ announcement of the discovery of a very sophisticated piece of malware, called Project Sauron. Of particular note is how long the malware has remained undetected...
View ArticleA Possible Solution to the Issue of Test Data
Larger enterprises usually have several environments. There’s obviously the production environment, and usually a testing and QA environment. Many will also have a stress testing/staging environment,...
View ArticleMy Latest Article on Agile and Security
I’m happy to announce that my latest article, “Why Johnny Can’t Write Secure Code” has been published in the September/October issue of InfoSec Professional Magazine, a publication of (ISC)2, the...
View Article
