- Social Networking Security Implications of the "Web" Becoming the "Social Web"
The web is becoming the social web—instant communication, public archives, mobile access, weak relationships. Security implications: business interactions occur outside corporate networks, data leaks...
- Authentication The Use of Pastebin for Sharing Stolen Data
Attackers use Pastebin for sharing stolen data because it's easy, handles large text, doesn't require registration, and doesn't proactively moderate. Trending pastes often include compromised...
- Authentication We Still Suck at Protecting Logon Credentials
Recent breaches at Lockheed Martin, Mt. Gox, PBS, and Sony PlayStation show we still fail at protecting credentials. Attackers compromise them via remote password guessing, SQL injection to retrieve...
- Malware Protect Processes from Spyware With Windows Integrity Levels
Windows mandatory integrity levels (Low/Medium/High) can protect against keyloggers. User-mode malware typically runs at Medium level; launching sensitive applications like password vaults with "Run...
- Authentication Better Internal Vulnerability Scanning With Authentication
Authenticated vulnerability scans provide far more comprehensive results than anonymous scans by allowing the tool to examine installed applications, patches, and configurations. Create dedicated...
- Authentication Critical Log Review Checklist for Security Incidents
This checklist covers log review for incident response and routine monitoring: copy logs centrally, minimize noise by removing benign entries, verify timestamps, focus on changes and failures, work...