Spyware: The New Annoying Threat
/
0 Comments
So what is this spyware? Spyware is software that collects personal information from your computer without your knowledge of the occurring event. Information gathered from spyware ranges from the collection of all web-browsing activities to collecting sensitive information like usernames, passwords, address and even your social security number. Spyware has the ability, when installed, to modify system settings, which perform undesirable tasks on your computer system. Furthermore, spyware has been known to redirect user’s web browsers, cause computers to dial services for which they are billed and install DLLs and other executables files to send your personal data to another computer. This is done by using the computer's memory resources and also by utilizing bandwidth, as it sends information back to the spyware's home server via the user's Internet connection. Because the spyware program is using memory and system resources, the applications running in the background can lead to system crashes or general system instability.
Automated Log Management and Analysis using Splunk for Computer Incident Investigations
Splunk - I define “Log Analysis” as a process of collecting system logs (syslog) and event data from computer systems, network devices and applications to look for anomalous events that are malicious or are in violation of organizational policies.
Personal Security on Social Networking Sites
Visits to social networking sites account for more than 10% of the total time people spend on the Internet, according Nielsen Online. A social network site focuses on building online communities of people who share common interests and activities, such as Linkedin.com and Facebook.com. Facebook is now the most visited social networking site on the Internet, with nearly 1.2 billion visits in January 2009 alone, while Twitter and Linkedin are steadily gaining ground.
Microsoft’s Next Move for Windows – Samara Lynn
Microsoft has bounced back into good grace from Windows Vista with its latest release of its operating system, Windows 7. Many Windows-based users have adopted Windows 7, either upgrading from Windows XP or scraping Vista. In an interesting article titled, “Will Windows 8 Be A Business-Only OS?” from PC Mag, Samara Lynn discussing Microsoft’s potential next move.
Internal IT Security Threat
Security Administrators should apply the “Defense in Depth” security model when it comes to protecting the network. This mean network firewalls, IDS, HIDS, host-based firewalls, patch management, security policies and vulnerability scanning.
Adobe Systems Patches 17 Critical Security Holes
On June 29, Adobe Systems plugged 17 critical security holes affecting Adobe Reader and Acrobat including a patch for a zero-day vulnerability that impacted many of their other products, on multiple operating systems such as Windows, Mac and Linux. The new versions of Acrobat and Reader are 8.2.3 and 9.3.3, but Adobe strongly recommends using the version 9.x products.
Russian Spies used Steganography
The FBI arrested 11 suspected Russian spies for passing U.S. information to Russian spy agents using wireless networking and steganography.
Steganography is the process of writing hidden messages in such a way that no one, apart from the sender and intended recipient, knows of the existence of the message, a form of security through obscurity. The message can be hidden in pictures, text and many different forms.
Smart Phone Security
A few years ago, there was not a lot of standardization across wireless devices. Differing operating systems, differing implementations of mobile Java, and even varying configurations among devices with the same operating system made it hard to write malicious code that ran on a wide array of devices, Girard said.
Ethical Vulnerability Disclosure
The debate on whether vulnerabilities should be disclosed to force a vendor to fix the problem in a reasonable period or kept covert until a fix has been implemented has been a big discussion in the Information Security field. Black Hats, White Hats and even Grey Hats have their opinions.
Taxonomy of Computer Security
Computer security is frequently associated with three core areas, which can be conveniently summarized by the acronym “CIA” standing for Confidentiality — Ensuring that information is not accessed by unauthorized persons; Integrity — Ensuring that information is not altered by unauthorized persons in a way that is not detectable by authorized users; Authentication — Ensuring that users are the persons they claim to be.
