Secure your digital self: auditing your cloud identity

We put more and more of ourselves in the cloud every day. E-mail, device settings, data synchronization between devices, and access to much of our digital selves is tied to a handful of cloud service accounts with Google, Apple, Microsoft, Dropbox, and others. As demonstrated dramatically over the last week, those accounts are easily put at risk if they’re too interconnected—especially since the weakest link in cloud security may be the employees of the providers themselves.
<Read More>

Dropbox confirms it got hacked, will offer two-factor authentication

Dropbox on Tuesday acknowledged that a recent spam attack was likely caused by a stolen password that allowed access to an employee project document..
<Read More>

Skype bug sends messages to to unintended recipients (Updated)

Careful what you say about the boss, your spouse, or anyone else who may be a Skype contact. A four-week-old bug in the popular Voice Over IP application is sending copies of some messages to unintended recipients, Microsoft officials have confirmed.
<Read More>

Microsoft Update and The Nightmare Scenario

About 900 million Windows computers get their updates from Microsoft Update. In addition to the DNS root servers, this update system has always been considered one of the weak points of the net. Antivirus people have nightmares about a variant of malware spoofing the update mechanism and replicating via it.
<Read More>

Open Source Security Mother Lode

Open source security is like a military general who shows his plans to both his allies and his enemies. On the one hand, his enemies can try to exploit the plan by targeting its weaknesses. But on the other hand, by exposing his tactics to those who want to help, the plan is ultimately much stronger as a result of their feedback and modifications.
<Read More>

Virtual Desktop

As government strives to grant employees access to internal information resources when and where it’s needed while simultaneously reducing costs, desktop virtualization offers help in meeting those goals, in addition to providing both greater control over PC resources and stronger IT security.
<Read More>

Investigating Cyber Crime/Hacking and Intrusions

Proficient hacker ( he doesn't have to be a computer genius, but merely follow a few simple instructions!) telnets from his current hacked account into another of his pirated accounts, then telnets from that location to yet another account that he has hacked, remotely logging on to it in preparation to run port scans looking for targetable systems. This process forces investigating law enforcement to obtain search warrants in a number of different jurisdictions, immensely complicating the investigation.
<Read More>

3 Simple Security Principles

I use three simple rules to evaluate security solutions. These are:

Analyzing a Hack from A to Z 

What we shall cover is the actual hack itself, from the reconnaissance stage, through to enumeration, network service exploitation, and ending with post-exploitation strategies. All of these steps will then be viewed at the packet level, and then explained. Being able to view, and understand an attack at the packet level is critically important for both system administrators (sys admin) and network security personnel. The output of firewalls, Intrusion Detection Systems (IDS) and other security devices will always in turn lead you to look at the actual network traffic. If you don’t understand what you are looking at, at the packet level, then all of the network security technology you have is utterly useless. This will then be followed by how to write a Snort signature based off of the attack traffic.Tools Used ?
<Read More>