Cross-site scripting flaws are the most prevalent vulnerabilities found in Web applications, posing a risk to data and intellectual property, according to a study of thousands of applications by Veracode–a company that specializes in finding vulnerabilities in code. Veracode analyzed more than 9,900 applications that were submitted to its cloud-based scanning service over the last [...]
Entries Tagged as 'Security'
Cross-Site Scripting Flaws Plague Two-Thirds of Web Applications
December 12th, 2011 · No Comments · Security
Tags: data theft·flaws·Security
Cool Tool Friday: Password Corral
December 9th, 2011 · No Comments · Dallas Data Center, Security
Welcome to this week’s installment of Cool Tool Friday! Each Friday we will feature a tool – hardware or software – that we’re using and think you might enjoy. Whether it increases productivity, helps with organization, provides a quick work-around for difficult networking situations, or is simply interesting and fun, we’ll share it if we [...]
Tags: Cool Tool Friday·cool tools·Password Corral·Passwords·Security
New HTML 5 Presents Benefits, and Serious Challenges, for IT Security Pros
December 6th, 2011 · No Comments · Security
HTML 5 is being touted as an Adobe Flash replacement that displays audio, graphics and video more efficiently, but security experts studying the technology say it poses new challenges for enterprise security professionals.
James Lyne, senior technologist at UK security vendor Sophos, said potential HTML 5 security issues could result from the rapid adoption of the technology. If [...]
Cybercriminals Have Begun to Exploit Holiday Shopping Season
December 5th, 2011 · No Comments · Security
Security experts are warning of a rapidly mutating email spam campaign using bogus messages from United Parcel Service (UPS) claiming that a package could not be delivered. The spam run began earlier this month, and is just one way security researchers believe criminals will exploit the holiday season online buying spree.
According to Cloudmark engineering director [...]
Tags: cybercrime·data theft·Security
Cool Tool Friday: HijackThis
December 2nd, 2011 · No Comments · Dallas Data Center, Security
Welcome to this week’s installment of Cool Tool Friday! Each Friday we will feature a tool – hardware or software – that we’re using and think you might enjoy. Whether it increases productivity, helps with organization, provides a quick work-around for difficult networking situations, or is simply interesting and fun, we’ll share it if we [...]
Tags: Cool Tool Friday·cool tools·HijackThis·Security·Trend Micro
Researchers Discover Millions of Printers Vulnerable to Hacking
December 1st, 2011 · No Comments · Security
From SECNAP Alerts:
Could a hacker from half-way around the planet control your printer and give it instructions that could cause it to catch fire? Or use a hijacked printer to commit identity theft, or even take control of entire networks that would otherwise be secure?
It’s not only possible, but likely, say researchers at Columbia University, [...]
Large Domain Name Provider Breached, Customer Data Possibly Compromised
November 30th, 2011 · No Comments · Security
From SECNAP Alerts:
101Domain.com appeared to suffer a security breach that “may have resulted in unauthorized access to your personal information and possibly payment information.”
According to Webhosting.info, 101domain.com has about 10,000 domain names under management.
A message by 101Domain.com to its customers explains: “We need to make you aware of a security breach that may potentially have [...]
Tags: data breach·Hackers·Phishing·Security
The 25 Lamest Internet Passwords of 2011, and What to Do About Them
November 23rd, 2011 · No Comments · Security
From SECNAP Alerts:
Protecting your online identity can be as easy as A-B-C, as long as you don’t make “abc123″ or “password” your Internet password!
It seems like an issue of common sense, but even as we head into 2012 and people are becoming more and more tech savvy, a lot of web users are clueless about [...]
AT&T Discloses Attempted Hack of Customer Records
November 22nd, 2011 · No Comments · Security
AT&T Inc., the largest U.S. telephone company, has notified customers of an effort by hackers to collect online account information. “We recently detected an organized and systematic attempt to obtain information on a number of AT&T customer accounts, including yours,” AT&T said in an email to customers. “We do not believe that the perpetrators of [...]
Mass SQL Injection Attack Hits 1 Million Webpages, Was Preventable
October 24th, 2011 · No Comments · Security
From SECNAP Alerts:
A mass-injection attack similar to the highly publicized LizaMoon attacks this past spring has infected more than 1 million ASP.NET Web pages, researchers said today. According to database security experts, the SQL injection technique used in this attack depends on the same sloppy misconfiguration of website servers and back-end databases that led to [...]
Does your Company Have a Policy Covering Social Networking Sites at Work?
October 20th, 2011 · No Comments · Security
The use of social networking websites such as Facebook, Twitter and Linkedin is exploding, with some using them even while in the workplace. While these sites offer work-related benefits such as fostering better workplace communication and collaboration, they also expose the organization to risks as well. Some of the risks borne out of social networks [...]
Managing Your Online Passwords
October 12th, 2011 · No Comments · Security
Having difficulty keeping track of all your online passwords? Here are some tools that may help you manage and make sense of the different passwords you have for your favorite social networking sites, blogs, phones, photos, games, documents, news, bank account, expenses, stores, books, and dozens of other services where a secure password is critical.
A [...]
Cheap Firewalls: In the End, You Get What You Pay For
October 11th, 2011 · No Comments · Firewalls, Security
Part of establishing a proper security cordon around your business data is having the right hardware – like a router/firewall – to get the job done, and done well. Resorting to cheap and basic equipment might cut it for simple personal or home use, but it’s not ideal for business applications.
In business, protecting important information [...]
Air Traffic Controller Data Left on Switch Device Sold on eBay
October 10th, 2011 · No Comments · Security
This article illustrates why it is vitally important to wipe all devices before retiring or recycling and, if you use a third-party, how important it is to “trust, but verify” that they are actually doing what you are paying them to do.
A switch with networking configurations and passwords for the UK traffic control centre was [...]
VoIP May Become Newest Target in Massive DDoS Attacks
October 6th, 2011 · No Comments · Security
VoIP systems have substantially expanded the organizational footprint in cyberspace, and voice, video and data now traverse the same network infrastructure. This marriage has rendered networks even more vulnerable, if that’s possible. The following excerpts describe just one exploitation of this widening vulnerability. (Complete original article at link below.)
Massive DDoS Attacks a Growing Threat to [...]
Cool Tool Friday: Windows Security Essentials
September 30th, 2011 · No Comments · Dallas Data Center, Microsoft, Security
Welcome to this week’s installment of our new feature, Cool Tool Friday! Each Friday we will feature a tool – hardware or software – that we’re using and think you might enjoy. Whether it increases productivity, helps with organization, provides a quick work-around for difficult networking situations, or is simply interesting and fun, we’ll share [...]
Tags: Antivirus·Cool Tool Friday·cool tools·Microsoft·Security·Windows
New Malware Spreads as Browser Update, Seizes DNS and DHCP Servers
September 29th, 2011 · No Comments · Security
A worm has been discovered that, when unleashed, takes over DHCP and DNS servers and sends undesired requests to more malware-containing locations. Identified by the name of Worm(dot)Ropian.E, it immediately seizes the DNS and DHCP servers.
Because these are some of the most important services that control Internet connections, the malware can make sure users are [...]
USA Today Twitter Account Hacked by Script Kiddies
September 28th, 2011 · No Comments · Security
From SECNAP Alerts:
USA Today is the latest media organization to have its Twitter account fall prey to hackers known as the Script Kiddies. Unlike previous Script Kiddies hacks, however, the USA Today effort apparently did not include tweets with fake news stories. Instead, the group boasted about previous hacks and encouraged people to “like” them [...]
How an Unknown Hole in Firewall Let Bad Guys into a Company’s Network
September 26th, 2011 · No Comments · Security
From SECNAP Alerts:
(Excerpted from an IT Business.ca article posted at: http://www.itbusiness.ca/it/client/en/home/News.asp?id=64239)
… So, on this particular Friday afternoon, I was sorting through the alerts being generated by the new system when I ran across something odd: a large number of remote desktop connections from the Internet into some computers on our internal network. In his Aug. [...]