Cisco recently commissioned InsightExpress to examine security and data leak implications from business employees actions and inactions. The result is a Top 10 list of the most noteworthy behavioral findings, according to Cisco. IT personnel and business stakeholders must take action. Continue reading »
Sophos, a UK-based AntiVirus vendor, announced an eight-fold increase in the volume of malicious email attachments. Their senior technology consultant, Graham Cluley, said “Since they’re going through the effort of constantly changing code and doing it again and again, says to me it must be working.” I’m sure Sophos would agree that signature-based defenses and end-user training are not enough, something else is needed. Continue reading »
How effective are signature-based anti-malware defenses against zero-day malware and re-crafted malware? This month, Secunia, a reputable information security intelligence firm, published a report called “Internet Security Suite Test, October 2008” that found the average detection rate by leading signature-based anti-malware suites to be 4.7% (i.e., less than five percent!) for what they called “Important” malware samples. Continue reading »
This past weekend, I caught up with an old friend. He told me what he’s been up to in his life and career and I told him about mine. This led him to ask me about malware.
He recently got a new computer, installed some software, but decided that the easiest way for him to redo what he had just done was to do a System Restore. But, he found that System Restore had been nuked. He’d done no web browsing and hadn’t yet migrated his email. His machine was only days old and it was infected. Continue reading »
The current generation of web browsers have serious structural flaws that pose disturbing security risks. One class of risks concerns web browser internal security. Sensitive information can be disclosed and hackers can use stolen passwords as they please. How serious is this? What would be the consequences of posting on a public blog all of the data that runs through employee web browsers? Continue reading »
Our Security Blog with topical news and information will keep you in the know.
