Tag Archives: technology

Software Critical Patches September 2013

If you are not the programing language interpreter or software inventor, then, you never know the flaws in the software; you are part of anarchy in the computer age. “The Internet is the first thing that humanity has built that humanity doesn’t understand, the largest experiment in anarchy that we have ever had.” Eric Schmidt, Chairman Google.

Being part of the anarchy, IT should develop strategies for patch management.  “Patch and vulnerability management is a security practice designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization. The expected result is to reduce the time and money spent dealing with vulnerabilities and exploitation of those vulnerabilities. Proactively managing vulnerabilities of systems will reduce or eliminate the potential for exploitation and involve considerably less time and effort than responding after exploitation has occurred. Patches are additional pieces of code developed to address problems (commonly called “bugs”) in software. Patches enable additional functionality or address security flaws within a program. Vulnerabilities are flaws that can be exploited by a malicious entity to gain greater access or privileges than it is authorized to have on a computer system. Not all vulnerabilities have related patches; thus, system administrators must not only be aware of applicable vulnerabilities and available patches, but also other methods of remediation (e.g., device or network configuration changes, employee training) that limit the exposure of systems to vulnerabilities.” (NIST Special Publication 800-40 Version 2.0, 2005, p. ES-1) Continue reading Software Critical Patches September 2013

Securing virtual servers

Every organization is going for virtualization. The main reason being cost cutting and to ensure maximum utilization of hardware resources. Virtualization has revolutionized the data centre and is one of the key foundational technologies underlying cloud computing. This has made Several companies rushing frantically into deploying virtualization solutions both in their private and public clouds, without taking into account the risks involved.  But when organizations are going virtualization, the technology has got its own inherent vulnerabilities.

Continue reading Securing virtual servers

The Internet Security threat report 2013

The Internet Security threat report 2013 by semantic group has been released. Symantec “maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 51,644 recorded vulnerabilities (spanning more than two decades) from over 16,687 vendors representing over 43,391 products.” (Internet Security threat report 2013). “Symantec has established some of the most comprehensive sources of Internet threat data in the world through the Symantec Global Intelligence Network, which is made up of approximately 69 million attack sensors and records thousands of events per second. This network monitors threat activity in over 157 countries and territories through a combination of Symantec products and services such as Symantec DeepSight™ Threat Management System, Symantec™ Managed Security Services and Norton™ consumer products, and other third-party data sources” (Internet Security threat report 2013). The report has got in-depth details about the growth of cyber attacks in the year 2012. The biggest area being the mobile malware , this will shock many because the main drive of this is too steal information and track movements.Whats the other new part, Zero-day vulnerabilities continue to trend upward; 14 were reported in 2012.Wait a munute! and you say that you are secure?

Get yourself a copy here. Continue reading The Internet Security threat report 2013

The Microsoft Security Intelligence Report (SIR)

I have skimmed through the report and i cant wait to digest it further. It has critical intelligence details about the security architecture aof Microsoft OS, I truly recommend this for ICT security experts.

The report discusses the vulnerabilities discovered in windows in area of adobe applications, java applications, Document parser exploits,HTML and JavaScript exploits in detailed graphs and statistics. The report also touches on malware, Email threats.

For intelligence diggers, the most interesting bit is how the report comprehensively maps about the most affected area, this will help the security admins to determine the level of security required to secure the systems.

Get a copy here! Ket me know your opinion…

About this report
The Microsoft Security Intelligence Report (SIR) focuses on software vulnerabilities, software vulnerability exploits, and malicious and potentially unwanted software. Past reports and related resources are available for download at http://www.microsoft.com/sir. We hope that readers find the data, insights, and guidance provided in this report useful in helping them protect their organizations, software, and users.

Continue reading The Microsoft Security Intelligence Report (SIR)

iPhone Security Unbreakable? Security Gurus Disagree

Is iOS security unbreakable, thanks to Apple’s mix of strong encryption for all data stored on such devices, combined with hardware-controlled PIN entry requirements that make brute-force attacks difficult?

“I can tell you from the Department of Justice perspective, if that drive is encrypted, you’re done,” said Ovie Carroll, director of the cyber-crime lab at the Computer Crime and Intellectual Property section in the Department of Justice, during a recent keynote address at a computer forensics conference in Washington, D.C. “When conducting criminal investigations, if you pull the power on a drive that is whole-disk encrypted, you have lost any chance of recovering that data.” Continue reading iPhone Security Unbreakable? Security Gurus Disagree

How To Protect Your Commercial Web Server

chart: Vulnerabilities Of Typical E-Commerce SitesIn February, a hacker placed a malicious program on shoe and clothing retailer Opening Ceremony’s website. For more than a month, the malware collected the names, addresses, and credit card information of customers who purchased items from the site.

“We discovered the malware on March 21, 2012, immediately removed it, and implemented increased security controls to prevent this from happening in the future,” Carol Lim, CEO and co-founder, wrote in a letter to customers in May. Continue reading How To Protect Your Commercial Web Server

iPhone SMS spoofing tool released

A French hacker has released a tool capable of sending SMS messages with spoofed sender details on the iPhone 4.  The “sendrawpdu” command-line interface tool allows users to customize the reply number on text messages and could be ideal for phishing attacks.

The hacker, known as pod2g, released the free tool after detailing a flaw in the way the iPhone handled SMS messages, which made it possible to spoof sender details. Continue reading iPhone SMS spoofing tool released