Banking trojan steals money while you watch
10/22/2009
Scary new trojan that hijacks a victim's browser session, steals the money while the victim is doing online banking, and then covers its tracks by modifying information displayed to the victim, all in real time according to Ben-Itzhak, chief technology officer at Finjan. Full article from CNET News.
Control systems trojan
07/30/2009
Stripping for CAPTCHA
07/28/2009
Fascinating article demonstrating to me the power of social engineering with human based botnets. CAPTCHA is a method used to help make sure that a human enters a code on a web based form to prevent automated attacks, overloads, etc. In this case, a striptease enticement is used to "reward" humans for breaking CAPTCHA codes:
http://www.foxnews.com/story/0,2933,307396,00.html?sPage=fnc/scitech/cybersecurity
http://www.foxnews.com/story/0,2933,307396,00.html?sPage=fnc/scitech/cybersecurity
Plastic sleeves and identity theft
07/14/2009
For those that may not be aware, newer US Passports contain RFID chips. This is also true for EDL (Enhanced Driver's LIcenses). Of course this is somehow for our benefit, though I've never understood the logic of this. It seems to be an ideal way to find where there is a density of US citizens. Certainly there have also been cases of using RFID scanning to detect high value electronics in transport trucks.
This article talks about using special sleeves to protect our security, you have to ponder the decision to embed these chips in the first place. Reminds me of the old days with wireless and the thought of security that was supposed to be provided due to short distances, but that was before wardriving and stronger antennas proved the fallacy of that.
I'm sure we'll be told next that these represent no risk to us for identity theft and yet these two items are used to prove our identity and have clearly been demonstrated to be readable.
Also reminds of blue snarfing for bluetooth phones and such and how everyone thought we were safe there too.
Great article:
http://www.foxnews.com/story/0,2933,531787,00.html?sPage=fnc/scitech/cybersecurity
This article talks about using special sleeves to protect our security, you have to ponder the decision to embed these chips in the first place. Reminds me of the old days with wireless and the thought of security that was supposed to be provided due to short distances, but that was before wardriving and stronger antennas proved the fallacy of that.
I'm sure we'll be told next that these represent no risk to us for identity theft and yet these two items are used to prove our identity and have clearly been demonstrated to be readable.
Also reminds of blue snarfing for bluetooth phones and such and how everyone thought we were safe there too.
Great article:
http://www.foxnews.com/story/0,2933,531787,00.html?sPage=fnc/scitech/cybersecurity
Social Pranking
07/14/2009
Those that know me are aware of my fascination with social engineering as it relates to security, while this isn't directly about that, it does has implications. Imagine this kind of approach used at secure facilities or control systems:
http://www.foxnews.com/story/0,2933,532241,00.html
http://www.foxnews.com/story/0,2933,532241,00.html
Is Twitter making us stupider?
04/30/2009
Not about security, but certainly an interesting read about twitter and social impacts:
http://www.informationweek.com/blog/main/archives/2009/04/podcast_is_twit.html;jsessionid=YN0W4DVEY5VNIQSNDLOSKH0CJUNN2JVN
http://www.informationweek.com/blog/main/archives/2009/04/podcast_is_twit.html;jsessionid=YN0W4DVEY5VNIQSNDLOSKH0CJUNN2JVN
US cyber-secrity "embarrassing"
04/30/2009
Good article talking about the weaknesses of US cyber-security.
http://news.bbc.co.uk/2/hi/technology/8023793.stm
http://news.bbc.co.uk/2/hi/technology/8023793.stm
Swine Flu Commercials
04/25/2009
Supposedly YouTube commercials for the Swine Flu outbreak in 1976, worth watching just from a social perspective.
http://www.youtube.com/watch?v=i3YCTnbRgm8
http://www.youtube.com/watch?v=i3YCTnbRgm8
Twitter just by thinking
04/23/2009
Well, not a security concern, but fascinating. Twittering done just by thinking about it. Reminds me about cartoons and "Did I say that out load?" balloons.
http://www.cnn.com/2009/HEALTH/04/22/twitter.locked.in/index.html
http://www.cnn.com/2009/HEALTH/04/22/twitter.locked.in/index.html
Internet off switch
04/04/2009
Don't get me started about the risks of the government having the power of having an Internet off switch. Assuming it would only be used for security and not for political reasons, why would we give power to an entity that continues to demonstrate over and over again the ability to use current controls and technologies properly to secure their own networks?
http://www.networkworld.com/news/2009/040209-obama-cybersecurity-bill.html?netht=ts_040209&nladname=040209dailynewspmal
http://www.networkworld.com/news/2009/040209-obama-cybersecurity-bill.html?netht=ts_040209&nladname=040209dailynewspmal
P2P Leak Exposes Sensity Data on Marine One
03/02/2009
Blueprints of President's helicopter exposed via open P2P connection in Iran. Just another reminder that your data is only as secure as the weakest leak in your extended partner networks and their security systems.
See article here: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=215600314
See article here: http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=215600314
Congressman in Iraq twitters secret location
02/12/2009
Great example about folks not understanding the need for secrets, understanding the risks and dangers of using twitter, especially those involved in sensitive or secure jobs.
http://www.wired.com/dangerroom/2009/02/iraq-twitter-la/
http://www.wired.com/dangerroom/2009/02/iraq-twitter-la/
Location awareness Lifestyle
01/20/2009
Excellent article about the dangers of location aware lifestyles and how it can affect us socially and our security. I remember being a kid and my parents making sure that newspaper service was stopped, now people upload geo aware pictures into sites like Flickr without understand the risks. Highly recommended article:
http://www.wired.com/gadgets/wireless/magazine/17-02/lp_guineapig
http://www.wired.com/gadgets/wireless/magazine/17-02/lp_guineapig
RFID credit cards
01/05/2009
Good very old article talking about RFID credit cards, risks and skimming.
http://www.popularmechanics.com/how_to_central/technology/4206464.html
Keep in mind newer cards have different security measures.
http://www.popularmechanics.com/how_to_central/technology/4206464.html
Keep in mind newer cards have different security measures.
Password for chocolate
01/03/2009
Older article from April 2004, but a great example of how easy it is to bribe someone for information and how they just don't see password security as a concern. In this case, the price for a password is a chocolate bar in over 70% of the cases:
http://news.bbc.co.uk/2/hi/technology/3639679.stm
http://news.bbc.co.uk/2/hi/technology/3639679.stm