Sweet Password Security Strategy: Honeywords

/0 Comments/in , /by

A posting from Information Week in there security section: Businesses should seed their password databases with fake passwords and then monitor all login attempts for use of those credentials to detect if hackers have stolen stored user information.

That’s the thinking behind the “honeywords” concept first proposed this month in “Honeywords: Making Password-Cracking Detectable,” a paper written by Ari Juels, chief scientist at security firm RSA, and MIT professor Ronald L. Rivest, who co-invented the RSA algorithm (he’s the “R”).

The term “honeywords” is a play on “honeypot,” which in the information security realm refers to creating fake servers and then learning how attackers attempt to exploit them — in effect, using them to help detect more widespread intrusions inside a network.

To read more click here: 

Malicious link on Facebook distributing Fake Adobe Flash Player add-on; Hackers Hijacking your Online Accounts

/0 Comments/in /by
 An interesting Facebook article by HackersNewsBullentin.com:
A Malicious Link is nearby you on Facebook which claims to give you the info that who viewed your profile but on the name of that gives you the fake and Malware filled browser add-on of Adobe Flash Player.
 
Beware of such links or apps claiming these types of fake stuffs, we will tell you how that link looks like and how it can affect your confidential data.

This Malicious link found by Praveen Kashyap (News Editor at Hackers news Bulletin), when he was on Facebook and checking posts by people and friends, he  saw a link which claiming that who viewed your profile and more than 91,543,000 used this including his friends but no one of his friends used that app, he confirmed from them.

You can read the rest here on their site.

IBM takes a big new step in cryptography: practical homomorphic encryption

/0 Comments/in /by

A posting from Naked Security  about IBM takes a big new step in cryptography: practical homomorphic encryption:

IBM just released an open source software package called HELib. The HE stands for homomorphic encryption. Although it doesn’t sound terribly sexy or impressive, HELib is actually an interesting and important milestone in cryptography.

HE is also a surprisingly relevant topic right now, with our ever-increasing attraction to cloud computing. Bear with me, and I’ll try to explain. Imagine that I am your cloud provider, and I keep databases online for you. Imagine also that I am a security-conscious vendor, so I keep all your data encrypted, both when I serve it up to you, and when I save it to disk.

That’s about as good as it gets these days from a cloud security perspective.

 

To read more click here: 

 

US nabs suspected programmer of bank Trojan that drained millions of dollars

/0 Comments/in /by

A posting from NBC News in there Technology section:  ATLANTA (AP) – An Algerian man accused of helping to develop and market a computer program that drained millions of dollars from bank accounts around the world pleaded not guilty Friday to nearly two dozen charges.

A 23-count indictment charges Hamza Bendelladj, 24, with wire fraud, bank fraud, computer fraud and conspiracy. U.S. Attorney Sally Yates said the man was extradited to Atlanta from Thailand on Thursday and was arraigned in federal court Friday afternoon. A second person is also charged in the indictment but has not been identified. Investigators could not disclose whether the person was in the U.S. or abroad. Officials also could not disclose what information led them to Bendelladj. Bendelladj, whose nickname is “Bx1,” is accused of developing and marketing SpyEye, a banking Trojan. However, federal authorities have not said exactly how Bendelladj helped develop the software. Court records don’t indicate whether he had a lawyer.

 

To read more click here: 

Got Malware? Three Signs Revealed In DNS Traffic

/0 Comments/in /by

A posting from Dark Reading about Malware and three Signs Revealed In DNS Traffic:  Companies focus much of their energy on hardening computer systems against threats and stopping attempts to breach their systems’ security, and rightfully so. However, companies should always assume that the attackers have already successfully compromised systems and look for the telltale signs of such a breach.

Because malware is increasingly using a variety of domain techniques to foil takedown efforts and make their command-and-control servers harder to locate, DNS traffic becomes a good indicator of compromise, say security experts. Monitoring the network for strange DNS behavior can help pinpoint infections, says Patrick Foxhoven, chief technology officer of emerging technologies for cloud security firm Zscaler.

To read more click here: 

Websites Harbor Fewer Flaws, But Most Have At Least One Serious Vulnerability

/0 Comments/in /by

A posting from Dark Reading: Websites now contain fewer numbers of serious security vulnerabilities, but the majority of websites still have at least one serious flaw that can lead to a major compromise.

Some 86 percent of websites have at least one serious bug that could be used in an attack, while the total number of serious bugs per website dropped from 79 in 2011 to 56 in 2012, according to new data released today by WhiteHat Security on the state of website security.

WhiteHat’s report, based on data from tens of thousands of websites from some 650 of its customer organizations, also correlated software development life cycle data from 76 customers surveyed by the vendor.

All in all, the report demonstrates how cleaning up websites — the top attack vector these days — doesn’t happen overnight.

To read more  click here: