A recent article on Forbes talks about a Lieutenant Colonel of the Army purchasing Apple Macintosh computers to decrease their risk of exploitation. Primarily in response to the recent security breach of the Pentagon back in June as well as a few other incidents. It is widely discussed that Macintosh computers are more secure than Windows & Linux based computers because fewer vulnerabilities exist for the Mac platform.

What I never hear talked about in these discussions is the alarming fact that Macintosh had five and a half more vulnerabilities per month on average than Windows throughout the year 2007. You can see the details and the numbers in a recent ZDNet article. It is quite common to see Macintosh users without any active Malware (Anti-Virus, Worm, Trojan, Spyware) protection.

Back in April 3Com held a short lived contest that resulted in compromising a fully patched Macintosh laptop for a prize of $10,000 and the MacBook.

Author: Christopher

(No Ratings Yet)

 Loading ...

According to Microsoft’s own MSDN (Microsoft Developer Network) site Dual_EC_DRBG random number generator is being added to the future release of Vista Service Pack 1 and their new server OS Windows Server 2008. The reason this is a significant newsworthy point of fact is because there are many rumors there is a back door to this random number generator. A majority of the rumors point to the NSA having the keys to this back door. Encryption based off a random number generator that has been compromised is only a little better than clear text.

A presentation from a few research developers at Microsoft provides some insight on the math, but reading it requires a masters in advanced mathematics.

Author: Christopher

(No Ratings Yet)

 Loading ...

Throughout November we compiled data for the source of Zombie IPs and their geographic locations.

• 14% U.S.
• 6% Russia
• 6% Brazil
• 5% Italy
• 5% Poland
• 5% Mexico
• 5% Turkey
• 4% Spain
• 4% Germany
• 4% China
• 3% U.K.
• 3% Korea
• 3% France
• 31% Other

Zombie IPs frequently change to conceal their identity, and they may even force an IP change on their infected host.

Author: Christopher

(No Ratings Yet)

 Loading ...

41% of the wireless installations used in business implement WEP (Wired Equivalent Privacy) Wi-Fi security. The largest data breach in the United States is contributed directly to a flaw in WEP security, resulting in the compromise of 94 million payment card numbers.

Vivek Ramachandran of AirTight Networks recently presented a technique to hack WEP in about the time it takes to finish a cup of coffee. Unfortunately this is one of many documented attacks to the WEP security protocol.

If your business still uses WEP security it is only a matter of time your network will be breached and that your data and intellectual property will be compromised.

WPA (Wi-Fi Protected Access) is considered best practice for wireless security, WPA 2 being even better.  If you haven’t already, I highly suggest you upgrade.

Author: Christopher

(No Ratings Yet)

 Loading ...

Top 5 attacks used by U.S. hackers

1. Generic File Inclusion
2. Mambo register_globals Emulation Layer Overwrite
3. File Inclusion attacks against php developed applications
4. Microsoft Windows COM Objects Handling Vulnerability
5. Nachi Worm WebDAV attack

Top 5 attacks used by foreign hackers

1. HTTP overflow attack
2. Generic File Inclusion Blocking HTTP Incoming
3. WebDAV Overflow Attempt
4. Mambo register_globals Emulation Layer Overwrite
5. phpBB Activity Module File Inclusion

Source: SecureWorks

Author: Christopher

(No Ratings Yet)

 Loading ...

Al Gore’s Word-Press blog to promote his film “An Inconvenient Truth” was recently hacked with links selling online pharmaceuticals. These types of attacks are far too common with spammers looking for ways to peddle their wares. Like many other blog platforms, Word-Press has been plagued with security exploits and vulnerabilities.

Hackers compromise high profile sites like these to build legitimate links to their empire of sites to build traffic storms and search engine rank.

One of the most effective ways to protect your blogs is to keep the software up to date. It is also common for hackers to add malicious code to blog skins then distribute them publicly through sites like WP-Shere.

Author: Christopher

(No Ratings Yet)

 Loading ...