Tiger Blood, Adonis DNA, Malware … Oh My!

As sure as night follows day, malware follows the meme. And latest meme, apparently, is all Charlie Sheen, all the time.

I don’t watch much TV (read: none), and don’t read many celebrity gossip blogs (read: none), but even *I* am painfully aware of Charlie Sheen’s seemingly wacked out 20/20 special and the sundry other interviews.

> Read More

Yes Virginia, Mac’s Can Get Viruses

Before getting flamed as an Apple basher, first let me state that I like Apple products. I am not foolishly going to disregard the risks of the environment we live / work in today however. In my business and personal life I own 3 Apple laptops, 4 Apple desktops, 2 iPads and 2 iPhones. Along with my Apple products I also own HP products –

> Read More

Whitelisting: Fill in the Gaps Where Traditional Efforts have Failed

You’ve probably heard about three recent security-related events that attracted lots of attention. In January, Google announced that it suffered a “highly sophisticated” and targeted hacker attack—originating from China— against its corporate network. In April, an ill-fated false-positive antivirus signature was pushed out that accidentally removed a key part of Windows from machines. And a year after,

> Read More

Moving from a Threat Centric to Trust Centric Endpoint Management Model

There’s been a lot of talk about what role whitelisting will play in the endpoint protection suites of the future.  Opinions dissent about what it will take for whitelisting to become easily implementable for users and whether it will replace or augment the traditional anti-virus approach.  Whatever the opinion, I think most folks can agree that there are more malware threats coming at us than we can keep up with today and a better overall approach to endpoint management (and ultimately change control) is needed for the future.

> Read More

Sex Still Sells: Malware on the Internet

A new video is reportedly making the rounds on the Internet – supposedly a keyhole camera was used to tape an unsuspecting ESPN Reporter Erin Andrews undressing in a hotel room. While lawyers for Erin Andrews work to have sites posting the video immediately remove it, the bad guys are yet again taking advantage of a timely “event” by quickly putting up fake websites to dupe unsuspecting web surfers into downloading malware.

> Read More

Could a Far-Reaching Microsoft Security Patent Impact iPhone OS?

The second sentence in a recently granted Microsoft patent (#7,536,726) reads as follows:

“The operating system restricts the functionality of the operating system… by limiting the user’s ability to add software applications or device drivers to the computer.”

This patent was filed in 2000 when Microsoft Windows was really taking a beating due to the widespread proliferation of virus’ and worms.

> Read More

Chris’ Security Cache Contemplation: Week 2

Miscellaneous interesting news / tidbits I’ve run across whilst trying to keep up with/clean out my RSS feed …

Insider Threat (but mostly to himself). Did you hear about the computer repairman who stole a client’s hard drive and then offered to “retrieve” the data? He was arrested. Epic Fail.

> Read More

Nasty Virus / Trojan Lurking in the Wild

With Conficker still fresh on our minds, a new potential menace has emerged.  The remote access capability of a Trojan that spreads like a Virus – W32.Virut.CF (Symantec) or W32/Scribble-A (Sophos) is poised to wreak havoc on networks over the coming days.  Embedding itself deep within infected machines, the Trojan will make it difficult to clean up.  

> Read More

Is Banning Facebook or MySpace the Solution?

According to this by Maryland-based blogger/attorney Judd Legum, the state Office of Legislative Information Services there banned access to Facebook and MySpace last week. And not for the usual time-wasting or inappropriate usage reasons. Nope, it was the “significant increase in viruses and malware … [which they] have determined … are originating from pages hosted on Facebook and MySpace.”


> Read More

Is Power Blackout Due to Irresponsible Patch Management in Our Future?

As the security by obscurity veil is lifted from the systems that control and protect our national infrastructure, we are again reminded of the importance of a prudent vulnerability / patch management program.

Multiple vulnerabilities in the AREVA e-terrahabitat SCADA system that is used to control core components of power plants and power distribution globally are at risk.

> Read More