Scary Disguises Hide Malware Too

goblinIt’s Halloween tomorrow, the traditional time when we dress up in scary or not-so scary costumes to disguise our identity and trick our friends and family.  It’s good to remember that malware often uses disguises to trick us into committing an action that releases the attack.  What follows are my scary Halloween stories.

  • Social Engineering – In this exploit the attacker may present themselves in person, over the phone, or by email, ...
Continue Reading →
0

FBI Warns About IOT Vulnerabilities

IOTOne of the major trends in technology is the proliferation of smart devices, also known as the Internet of Things (IOT).   The FBI recently released a public service announcement titled “Internet of Things Poses Opportunites For Cyber Crime.”  More and more devices are are coming with software, processors and network capability, and connecting to our home and business ...

Continue Reading →
0

Security Improved in IOS 9

applelogoApple introduced IOS 9 recently and it is full of security improvements that matter.  You should upgrade if you haven’t already.  They include:

  • Passcodes increased from 4 digit to 6 digit PINs, which is 10,000 time stronger.
  • Two-factor authentication (2FA) for supported devices. Not all are, which is too bad.
  • Changes to the Apple Store to key annoying app vendors from bombarding you with crossgrade ads on products ...
Continue Reading →
0

Jeb Bush Defends NSA

jeb-bush-550Back on Sept 18 we criticized presidential candidate Jeb Bush, FBI Director James Comey, and other politicians for complaining that encryption was making it too hard to fight the “evil doers” and suggesting that some sort of “master key” or “backdoor” was needed by law enforcement and intelligence services to do their jobs.  We of course disagreed.

Around the same time that ...

Continue Reading →
0

Privacy – Big IT vs. US Government

scalesHere are a couple of recent stories where a large information technology companies refused to turn over information to the government.

The first involves Apple, which was given a wiretap order to turn over certain communications between two alleged drug dealers on the iMessage platform.  Apple wasn’t so much refusing to comply as pointing out that this messaging service is encrypted end to end, ...

Continue Reading →
0

AppGuard – Computer Security That Works

AppGuardI am often asked by frustrated clients “Why doesn’t traditional anti-virus and Internet security software products work?”  The unfortunate answer I have to give them is “It’s your fault.”  The more diplomatic answer I really use is that the security software cannot prevent something that is explicitly allowed by the computer user.  And the computer user is easily tricked into opening a file ...

Continue Reading →
0

Presidential Candidates Against Encryption

encryptionBack in August, presidential candidate Jeb Bush came out against encryption.  Makes it too hard for law enforcement to figure out what the “evildoers” are up to, he says.  I agree that encryption makes it impossible to figure out what the Wall Street executives who are funding every presidential campaign, by the way, are inventing now to ruin the American economy again and take a third trip into looting the 401K and IRA ...

Continue Reading →
0

FBI Warns About $1.2 Billion Fraudulent Invoice Scam

email1-500Since 2013, cyber-criminal gangs working from the Middle East, Africa, and eastern Europe have scammed businesses out of $1.2 billion dollars worldwide, with over 700 US businesses reporting $747 million in losses to this exploit.  In 2015 alone there has been a 270% increase in losses to this scam.  On August 28th, the FBI warned business owners and manager to be on guard ...

Continue Reading →
0

Why Defense Doesn’t Work

Now that football season has started, there will be a lot of discussion about why great defenses don’t win football games.  Defense is not enough in the realm of cybersecurity, either.  I recently attended a webinar put on by The Open Web Application Security Project (OWASP) featuring Mike Benkovich (@mbenko) that discussed this concept as it applied to the DevSecOps (or SecDevOps) or the secure development of web applications.  It is not enough to write code that works, it also ...

Continue Reading →
0
Page 47 of 52 «...2030404546474849...»