The History of the Ransomware Threat

Interestingly, ransomware is not a new thing. It first appeared in 1989 with a Trojan program called, “AIDS Trojan,” which was spread by floppy disk. The AIDS Trojan used several tricks to hide files and encrypt their names using symmetric cryptography. The author extorted a $189 fee from users to provide a restoration tool. The author was identified and forced to stop the distribution,

> Read More

Eight Ways to Stay Secure While Traveling

If you travel, you’re a target for thieves—and your digital assets are highly-prized. Thieves covet usernames and passwords that give them access to a treasure trove of information and the chance to go for a ride on your dime.

What’s a road warrior to do? Common sense dictates never entering your username or password into a hotel or business center computer—or any public computer for that matter.

> Read More

iOS 9.3 to fix serious iMessages encryption flaw

For some time, Apple has forcefully pushed a message to consumers that it takes privacy seriously.

Here, for instance, is what Apple’s website says about its approach to privacy when it comes to iMessages:

Your iMessages and FaceTime calls are your business, not ours. Your communications are protected by end-to-end encryption across all your devices when you use iMessage and FaceTime,

> Read More

Will Bar Mitzvah Be The Death Knell for RC4 Crypto?

RC4 is an encryption algorithm designed by RSA in 1987. It was attractive then because it could be implemented in a few lines of code, and wasn’t computationally intensive. PC’s were 8088 or MC68000 based at the time, and 64K was enough RAM, remember? Even today RC4 has advantages. It runs fast on small devices,

> Read More

Infosec Haiku

Anata no joho sekyuritei konshu no haiku

US / UK Say
National Security
Needs Crypto Backdoors


### Notes ###
* Thanks to Ms. Etsuko vdH for the translation.
* Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published.

> Read More

Modern-Day Dr. Strangelove
Or: How I Learned to Stop Worrying and Love the NSA

Unless you’ve been living under a rock for the past couple of months [1], you know about the tremendous fallout from Edward Snowden’s revelations on the extent of the NSA’s monitoring of … well … just about everything. Plenty of discussion out there – if you Google < nsa leaks > you’ll get over 80M hits in 0.22 seconds.

> Read More

Chris’ Security Cache Contemplation: Week 5

Miscellaneous interesting news/tidbits I’ve run across whilst trying to keep up with/clean out my inbox …

Twitter Propaganda Posters. Thanks to the good folks at bOING bOING, I learned about these posters. Very cool, very funny … but there’s also a serious side to it: if your organization is going to take advantage of new social media tools such as Blogs and Twitter and such (and I think in most cases you should),

> Read More

$10 Million Ransomware Demand: Brazen or Bonehead Move?

The recent incident at the State of Virginia website – where prescription records are currently being held for ransom with a demand for a payment of $10 million is not a new scammer methodology. However, historically, scammers keep the ransom payment low to fly under the radar of law enforcement officials, so the demand for $10 million clearly stands out as either brazen or perhaps simply stupid on the part of the bad guys,

> Read More

Nasty Virus / Trojan Lurking in the Wild

With Conficker still fresh on our minds, a new potential menace has emerged.  The remote access capability of a Trojan that spreads like a Virus – W32.Virut.CF (Symantec) or W32/Scribble-A (Sophos) is poised to wreak havoc on networks over the coming days.  Embedding itself deep within infected machines, the Trojan will make it difficult to clean up.  

> Read More Pwned by the FTC

Sometimes, I’m sure, folks out there think we’re in the scaremongering business. Take, for instance, the notion that failing to protect your customers’ Personally Identifiable Information (PII) can expose your organization to both direct *and* indirect costs. You can find this notion in ad copy and whitepapers from almost all security vendors,

> Read More

Adoption of Mobile Devices in the Workplace: Striking the Right Balance

Whether the economy is doing well or not, business leaders are always looking for the technological edge to bump up productivity and get more out of their workers. But new innovations always introduce new risks. The hallmark of a good C-level executive is the ability to balance the benefit of innovation with solid risk mitigation.

> Read More