Which Is Better – SMS or App-based TFA?

google-authenticatorI am a firm believer in, and user of two-factor authentication (TFA or 2FA).  Heck, if there was three-factor authentication I would probably sign up.  The two most popular authenticator apps are Authy and Google Authenticator.  I primarily use Google Authenticator wherever I can.  I use SMS when Authenticator isn’t an option, or won’t work.  I had trouble, for instance, getting Facebook to work and ...

Continue Reading →
0

Prepare and Prevent Ransomware Attacks

cryptolockerThis week we will be focusing on preventing, detecting, and recovering from the many variants of the crypto-ransomware exploit.  Ransomware attacks, such as CryptoLocker, CyrptoWall, Locky, Chimera, Zepto, and the like, have become one of the best money-making exploits for cyber-criminals, with new variants appearing on the scene every month.  These attacks usually start with a phishing email and a ZIP file attachment or a malicious link, so email vigilance can help. ...

Continue Reading →
0

HTTPoxy Poses New Threats For Web Site Owners

A recent article in Naked Security caught my eye the other day about a new web site vulnerability called HTTPoxy.  This stands for HTTP requests and poisoned proxy settings.  Most web site use a technology called Common Gateway Interface (CGI) to run applications such as site search, collect information submitted on web forms, display comments, run a forum, or to display database queries such as pricing in a usable form on a web page.

HTTPoxy Continue Reading →

0

Cybersecurity – Where Are We?

cybersecurity_436x270Sometimes in the maelstrom of cybersecurity battles, it is helpful to step back and see where we came from, where we are, and where we are going.  This year, in addition to studying for and passing the CISSP exam, I have been to a bunch of security conferences.  I’ve been to MISC.conf, Secure360, B-Sides, and the Tech Security Conference.  Here are some highlights and insights ...

Continue Reading →
0

Personal Privacy Through Email Encryption

encrypted-emailOne of the easiest ways for an intruder to learn about you is through a compromised email account.  And since most email is transmitted in the clear or in plain text, it is a simple thing for a bad actor to read intercepted email traffic.  Encrypting your email makes it harder for criminals, competitors, law enforcement, and government spy agencies to read your email messages.

You can set up secure email yourself using ...

Continue Reading →
0

The Growing Threat of Ransomware

The cyber-criminal underground has found a real moneymaker in the various forms of encryption based ransomware schemes.  These exploits turn all your readable work product, your documents, pictures, music and video files, into a collection of encrypted gibberish, and then kindly offers to sell you the decryption key.  I recently saw an infographic from Symantec on the Bromium blog that illustrated the problem perfectly.

ransomeware-infographic

What ...

Continue Reading →
0

WhatsApp? What Else?

encryptionHappy Friday the 13th.  In honor of all the governmental and law enforcement agencies that want to deny the privacy and security of encrypted communications to the general public, today we will be looking at encrypted messaging apps for your smart phone.

When the bad guys can break into your digital assets and steal your information with impunity, encryption is a necessity.  Encryption is the lock on your data. I am a proponent ...

Continue Reading →
0

Inside the Perimeter

razor-wireAh, the good old days, when perimeter defenses and endpoint security software was all you needed to keep your network secure.  Was it ever really that simple? Probably not, but many business owners and IT professionals are still hoping that keeping the firewall and antivirus updated is enough.

Over 90% of exploits start as an email in somebody’s inbox.  According to NSS Labs, 97% of all breaches are enabled by ...

Continue Reading →
0

Millions of Insecure Devices Share The Same Keys

keySo how would it be if you found out that the key to your house also worked at your neighbor’s house.  What if it turned out the builder in your subdivision used the exact same lock on every house they built, and your key could get you into every house in your neighborhood?

This is essentially the situation that security researchers at SEC Consult discovered with a host of Internet connected ...

Continue Reading →
0

Crypto-Ransomware Round-Up

cryptolockerSome of the nastiest exploits going around are the many variants of the CryptoLocker and CryptoWall malware that encrypt all your personal files and hold them for ransom.  Payment in bitcoin is required, in amounts starting at $200 and ranging upward to the $17,000 (400 BTC) that Hollywood Presbyterian Hospital just paid to unlock their files.  Or even more.  The amount will be whatever the attackers think they can extract from the victim.

  • The latest ...
Continue Reading →
0
Page 3 of 4 1234