Security

Identity Thieves Masquerade as Job Sites

Mon, 13 Jul 2009 17:50:13 +0100

The creation of job posting websites like monster.com, hotjobs.com, careerbuilder.com or even dice.com has really made the marketplace of employers finding employees and employees finding employers an automated, fast and high quality process. Of course, finding 300 resumes in a week is easy. Finding the 5 resumes of the people that you really intend to interview is another story. The visitor's familiarity with job sites and knowing that they can lead to interviews and hopefully a job or a better...

Identity Theft Getting Easier

Sat, 11 Jul 2009 15:04:45 +0100

Identity theft is a $50 billion problem, and the habits of citizens can sometimes make them targets for identity theft. A recent article highlighting that the very sensitive Social Security Number is crackable, that is predictable at an increasing rate made me reflect on my own habits and practices and put me in a sharing mood. The algorithm developed by computer scientists at Carnegie-Mellon University was able to correctly predict the SSN for Americans born after 1988 for 8.5% of targets in ...

NCP Introduces Server to USA

Tue, 30 Jun 2009 20:59:46 +0100

Some folks think that recessions are exactly the wrong time to introduce new products. Sadly, these industry laggards miss out on the great advantage that recessionary times bring to vendors. Fortunately, NCP and Brockmann & Company (and many others I'm sure) believe that recessionary times are EXACTLY the right time to introduce new products. That's because: Prices for marketing services such as advertising, PR agency fees, consulting and contracting are lower. These service providers' sales...

Lawful Intercept Focuses on Skype

Mon, 23 Feb 2009 14:26:26 +0100

In a nod towards lawful EU intercept of Skype calls, Skype earns endorsement from an Italian drug dealer. The Luxemburg division of eBay has until now refused to unlock the encryption of Skype calls, prompting a more concentrated effort by EU law enforcement and regulatory bodies. I tried to find out if Skype conforms to [[CALEA]] the US requirements for lawful intercept, but good ol' Google let me down....

NCP Does Windows 7 (beta)

Wed, 11 Feb 2009 12:17:24 +0100

7 beta promises to deliver substantial user experience improvements over the global whipping boy of OS releases: Vista. According to Microsoft, the key improvements in Windows 7 include an improved task bar (at the bottom of the screen), making it easier to use, adding a jump list of the most recently and most frequently used documents, features for window-manipulation to increase the scale of folder or application windows, IE 8, Windows Live Essentials which incorporates many Live services...

NCP Delivers Consistent Remote Access Client

Wed, 18 Jun 2008 08:00:00 +0100

When I think of German software companies, I think of SAP, but not many more. Well, last week, a second German software company gave me a solid reason to consider them in that same breath. It's not the size of the enterprise, but the dedication to excellence in one specialty domain that adds NCP to that short list of German software companies (that I know). Founded in 1986 and today employing 44 engineers and sales professionals, the company offers remote access clients in support o...

Interop: Norman Sandbox Stops Young Malware

Mon, 12 May 2008 07:00:00 +0100

For organizations that care to characterize and study the evolution of malware, Norman, the Norwegian anti-virus, anti-spyware and firewall company offers the Norman Sandbox a virtual environment that allows viruses and malware to reveal their actions without threat to live systems and data. Of course, the technology works for organizations that worry about catching viruses before they become widespread, when everybody has the cure figured out. That's the zero-hour requirement. The core...

Anatomy of a Mac Hack

Thu, 07 Feb 2008 07:00:00 +0100

2 weeks ago, my Mac OS X 10.4 server running this site was hacked.

How often do you forget your password?

Tue, 10 Jul 2007 08:00:00 +0100

How often do you forget your password? People are notorious creatures of habit, yet they frequently forget their passwords. This is the #1 reason for calls into IT help desks and are opportunities for attack. We need a better way to manage the myriad password requirements - six digits, changed monthly, numbers and letters, upper and lower cases, yuck! Here are the results of 40 visitors to Brockmann.com in June 2007. ...

Used Hotmail & Yahoo! Accounts

Fri, 06 Jul 2007 10:58:12 +0100

Spammers are very clever people. They particularly like to use the anti-spam vendors' tactics against them. Here is a report of a Trojan virus called Trojan.Spammer.HotLan.A that leverages the disposable email address feature of Yahoo! and Hotmail to send out thousands of spam from legitimate email accounts. Note that the classic techniques of bayesian poisoning (using literature to confuse the filters) and a random subject line affect the 'bulk-ness' algorithms by solutio...

SSH Shows The Need for Managing Scale in Security

Thu, 07 Jun 2007 08:00:00 +0100

Secure Shell (SSH) was first written in 1995 by Tatu Ylönen, a Finnish university researcher who developed the program after a hacker attempted to harvest passwords used in telnet and other login and remote administration protocols in use at that time. The company, SSH Communications Security was formed shortly after that. Earlier in May, I had coffee with George Adams, the CEO of SSH, Inc, which is a publicly traded company on the Helsinki Exchange, with offices just down the road fr...

Disaster Survival in a Carry-on Bag

Thu, 31 May 2007 12:29:19 +0100

What a great idea - everything you need to survive a power outage. Born from the recent flurry of hurricane activities, the experts behind the Life-SaferPak researched what people really need in the event of a sudden or with-warning disaster affecting electrical power. Included in the carryon cart is a stove, TV, fan, phone, water proof document envelope, cooler, duct tape, first aid kit, signal horn and many other necessities. Sure beats running to the Home Depot to see what everyone else i...

PhoneFactor Makes Security Tokens Obsolete

Thu, 31 May 2007 08:00:00 +0100

Touring the show floor at Interop Las Vegas gives one a chance to see some fun marketing ideas, cool new ideas, simple new ideas and meet interesting people with passion about their vision. Two such people I met at the show (there were dozens - more than at any other I've been to in the past six or seven years) were Dan Chmielewski (left) principal of Madison Alexander PR and Jason Sloderbeck, VP Service Delivery for Positive Networks (right). Jason and I connected pretty quickly - his e...

Patch Management is Easy Until You Have to Prove It

Wed, 23 May 2007 09:23:58 +0100

While at Interop, I met with Chris Schwartzbauer, VP Field Operations for Shavlik Technologies, the Roseville MN vulnerability remediation company. The company has over 10,000 customers, employs about 100 people and has extensive OEM relationships with major security and OS vendors. Chris and I spent about 30 minutes on the scope of the company and catching up on what's going on. Key products include: NetChk Compliance - policy management and IT audit readiness assurance. Net...

More Flaws in IOS

Tue, 31 Jan 2006 01:00:00 +0100

Vulnerabilities are exposed and discussed in this Network World Fusion article. Thanks Phil Hochmuth, for the info about three more flaws reported in Cisco IOS: BGP MPSL IPv6 In each case malformed packets may cause the router to reset, acting as a defacto denial of service attack. In the Border Gateway Protocol context however, the malformed packets can only be delivered by a trusted BGP router peer, so risks are lower. I applaud Cisco for being forthcoming with these fla...

First Annual Meeting of VoIPSA in Los Angeles

Thu, 27 Oct 2005 00:00:00 +0100

Wandering by a room at the West Wing of the LA Convention Center, I saw David Endler, chair of the VoIPSA board. "Come in," said David. It was a short, but professional meeting attended by a dozen or more consultants and technologists. In addition to over 100 member organizations and 3,500 names on the uselist, the alliance reported the completion of the first every VoIP Security Taxonomy, as the first project of the group. Significantly, this triggered discussion around t...

Cars, mobile phones next?

Sun, 07 Aug 2005 00:00:00 +0100

Interesting Cnet article on automotive systems security risks, comes down to several interesting facts... IDC claims mobile security software market will grow from $70 million in 2003 to $993 million in 2003, CAGR of 70%. Another fact: "users will not buy security anything until the threat has been validated", according to Yevgeni Kasperski, head of antivirus research at the Russian company, Kaspersky Lab. The threat is that mobile phones, using bluetooth, will pas...

Symbian gets a virus

Sun, 07 Aug 2005 00:00:00 +0100

Yes, it's true. The symbian OS has the dubious distinction of being the first smartphone OS attacked by a virus. Symantec published a survey in April, 2005 of 300 Americans with smart phones reporting that 73%, some 219 respondents knew about the Cabir virus and other attacks that target the device. As integrated devices emerge with lots of services - phones, email, instant messaging, browsing - the prospect of attack and malicious activities can only grow. Furthermore, the report in...

When all you have is a hammer...

Fri, 29 Jul 2005 00:00:00 +0100

... everything looks like a nail. At the Black Hat conference in Las Vegas this week the two major announcements were not particularly surprising. Researcher discovers flaws in Cisco IOS. No sh--. What's so significant about this discovery, is the behind-the-scenes conspiratorial machinations of Cisco, ISS (the fellow's employer) and the conference organizer. The researcher discovered that IOS can relinquish control of routers to an unintended administrator, and not just stop wo...

IP Telephony Security Presentation at VoiceCon

Sun, 20 Feb 2005 00:00:00 +0100

These powerpoints were the first step in developing my understanding of the VoIP security issues. Like most presenters, I struggled with how to approach the topic of the panel. Here, I systematically reviewed each of the Information Security threats brought to the IP Telephony environment and developed a set of best practices and best technologies to deal with them. In contrast, the other panel participants were much less systematic and quite fluffy. I hope that the Voicecon audience in atte...