Personal Security on Social Networking Sites
/
0 Comments
Visits to social networking sites account for more than 10% of the total time people spend on the Internet, according Nielsen Online. A social network site focuses on building online communities of people who share common interests and activities, such as Linkedin.com and Facebook.com. Facebook is now the most visited social networking site on the Internet, with nearly 1.2 billion visits in January 2009 alone, while Twitter and Linkedin are steadily gaining ground.
Microsoft Security Bulletin Summary for July 2010
This security update resolves a publicly disclosed vulnerability in the Windows Help and Support Center feature that is delivered with supported editions of Windows XP and Windows Server 2003. This vulnerability could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message. The vulnerability cannot be exploited automatically through e-mail. For an attack to be successful, a user must click a link listed within an e-mail message.
Microsoft’s Next Move for Windows – Samara Lynn
Microsoft has bounced back into good grace from Windows Vista with its latest release of its operating system, Windows 7. Many Windows-based users have adopted Windows 7, either upgrading from Windows XP or scraping Vista. In an interesting article titled, “Will Windows 8 Be A Business-Only OS?” from PC Mag, Samara Lynn discussing Microsoft’s potential next move.
Internal IT Security Threat
Security Administrators should apply the “Defense in Depth” security model when it comes to protecting the network. This mean network firewalls, IDS, HIDS, host-based firewalls, patch management, security policies and vulnerability scanning.
Black Hat USA 2010
Black Hat USA 2010 is the technical security event for members of the security industry to gather and learn about the cutting-edge research - that address challenges to today’s senior-level IT professional. This year’s event will be hosted at Caesars Palace in Las Vegas, Nevada July 24-29th offering: over 70 multi-day training sessions, 32 live tool demonstrations in the new Black Hat Arsenal, and 100+ sessions of presentations from security industry elite. To learn more and register for the event visit: www.blackhat.com.
Adobe Systems Patches 17 Critical Security Holes
On June 29, Adobe Systems plugged 17 critical security holes affecting Adobe Reader and Acrobat including a patch for a zero-day vulnerability that impacted many of their other products, on multiple operating systems such as Windows, Mac and Linux. The new versions of Acrobat and Reader are 8.2.3 and 9.3.3, but Adobe strongly recommends using the version 9.x products.
Russian Spies used Steganography
The FBI arrested 11 suspected Russian spies for passing U.S. information to Russian spy agents using wireless networking and steganography.
Steganography is the process of writing hidden messages in such a way that no one, apart from the sender and intended recipient, knows of the existence of the message, a form of security through obscurity. The message can be hidden in pictures, text and many different forms.
Smart Phone Security
A few years ago, there was not a lot of standardization across wireless devices. Differing operating systems, differing implementations of mobile Java, and even varying configurations among devices with the same operating system made it hard to write malicious code that ran on a wide array of devices, Girard said.
Ethical Vulnerability Disclosure
The debate on whether vulnerabilities should be disclosed to force a vendor to fix the problem in a reasonable period or kept covert until a fix has been implemented has been a big discussion in the Information Security field. Black Hats, White Hats and even Grey Hats have their opinions.
Taxonomy of Computer Security
Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym “CIA” standing for Confidentiality — Ensuring that information is not accessed by unauthorized persons; Integrity — Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users; Authentication — Ensuring that users are the persons they claim to be.
