- Authentication We Still Suck at Protecting Logon Credentials
Recent breaches at Lockheed Martin, Mt. Gox, PBS, and Sony PlayStation show we still fail at protecting credentials. Attackers compromise them via remote password guessing, SQL injection to retrieve...
- Malware 11 Recommendations for Coming Up to Speed on Bitcoin
Bitcoin represents a precursor to future distributed online payment approaches. Security implications include compromised computers being used for mining, trojans designed to steal Bitcoin wallets,...
- Malware 8 Practical Tips for Detecting a Website Compromise for Free
Detect website compromises using host intrusion detection tools like OSSEC, network IDS watching for anomalies, and centralized log review. Tactical measures include scanning for iframes and...
- Malware 6 Ideas for a Protean Information Security Architecture
Protean security architecture uses deception to complicate attackers' jobs asymmetrically—opening fake ports redirected to honeypots, deploying honeytokens mimicking applications, using DNS...
- Malware Malvertising: Dealing With Malicious Ads - Who and How?
Ad networks could validate advertisers, research domain registrations, and examine Flash ads for malicious logic—but practices are ineffective or ignored. One organization reduced malware infections...
- Malware Malvertising: How Malicious Ads Are Deployed
Attackers deploy malvertisements by compromising ad network infrastructure or by impersonating agencies representing legitimate clients. They sound professional, pay for campaigns, and sometimes...