Prompted by a piece on Charles Arthur’s Overspill blog I took at look at LeakedSource which has a database of leaked usernames and passwords.
There are two main ways for passwords to leak. One is that a web site had its user database hacked and stolen. The other is that malware on a user’s machine
…continue reading Passwords: time is being called
The rapid spread of CryptoLocker, an example of a malware category known as ransomware, is upping the stakes in the cyber security wars. I think it is a game changer.
Ransomware is malware that steals your data by encrypting it, and then demands a ransom to decrypt it. The latest breed of ransomware uses strong
…continue reading Ransomware like CryptoLocker is a game changer in the malware wars – and not in a good way
Adobe has reported a major security breach. According to the FAQ:
Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration
…continue reading Adobe’s security calamity: 2.9 million customer account details accessed
I’m just back from AVG’s press event in New York, where new CEO Gary Kovacs (ex Mozilla) presented the latest product suite from the company.
Security is a huge topic but I confess to being something of a sceptic when it comes to PC security products. Problems include performance impact, unnecessary tinkering with the
…continue reading Does anti-virus work? Does Android need it? Reflections on AVG’s security suite
If you could describe the perfect document security system, it might go something like this. “I’d like to share this document with X, Y, and Z, but I’d like control over whether they can modify it, I’d like to forbid them to share it with anyone else, and I’d like to be able to destroy
…continue reading Hands on with Microsoft’s Azure Cloud Rights Management: not ready yet
Canonical has announced a comprehensive security breach of its forums.
Unfortunately the attackers have gotten every user’s local username, password, and email address from the Ubuntu Forums database. The passwords are not stored in plain text, they are stored as salted hashes. However, if you were using the same password as your Ubuntu Forums one
…continue reading Ubuntu forum hack sets same-password users at risk
The New York Times has described in detail how it was hacked by a group looking for data on Chinese dissidents and Tibetan activists. The attack was investigated by security company Mandiant.
Note the following:
Over the course of three months, attackers installed 45 pieces of custom malware. The Times — which uses antivirus products
…continue reading Another reason to use tablets: desktop anti-virus does not work
Someone trying out Windows 8 release preview brought her machine to me to look at. She was having trouble with an email attachment. The email was in fact carrying a virus, one that purported to be from booking.com though it had nothing to do with that company. The supposed booking is in an attached zip
…continue reading Windows 8 defeats booking.com virus
Remember the Concept virus? Someone wondered if you could make a self-replicating virus with a Microsoft Word macro. It worked; and the proof of concept soon became a real virus causing the usual mayhem and spoiling our clever VBA templates.
Microsoft locked down Office macros fairly effectively; but the idea lived on and has re-emerged
…continue reading Macro virus reborn: ACAD/Medre.A steals drawings using AutoCAD AutoLISP
I have been trying out Microsoft’s ForeFront Unified Access Gateway (UAG) recently, partly because it is the only supported way to publish a SharePoint site for Windows Phone. This was my first go with the product, though I am already familiar with the Threat Management Gateway (TMG) and its predecessor Internet Security and Acceleration Server
…continue reading The confusing state of Microsoft’s TMG and UAG firewall and proxy software