- Malware Learn Better Security Breach PR from Harold Sun's Halfhearted Apology
Herald Sun's website was compromised to serve rogue antivirus, but their brief apology offered few details and underplayed the risk. Better post-incident communications require promptness, clarity,...
- Malware The Changing Landscape of Malware for Mobile Devices
Mobile malware targets sensitive transactions including banking and two-factor authentication. ZeuS variants intercept SMS authentication codes across Symbian, BlackBerry, Windows Mobile, and...
- Encryption What Information Security Can Learn from NYC Restaurant Inspections
NYC's restaurant letter grades publicly signal food safety compliance, motivating improvements—72% of initially failing restaurants improved to A or B on second inspection. InfoSec could benefit from...
- Social Networking How Clickjacking Attacks Work
Clickjacking tricks users into clicking invisible elements from other sites—commonly used to propagate Facebook links. Advanced variations can de-anonymize visitors by capturing their identity when...
- Malware Reflections Upon Deception-Based Security Tactics
Deception tactics for IT defense include network honeypots to detect lateral movement, host-based decoys like fake files and slow service emulators, and endpoint approaches that fool evasive malware...
- Assessments Cheat Sheet for Creating Security Assessment Reports
There's surprisingly little online guidance about creating good security assessment reports. This one-page cheat sheet covers the general approach, data analysis, methodology documentation, scope...