Encrypted email isn’t secure

On a no news day it’s back into the archives… Encrypted email isn’t secure With multiple vendors dropping out of the race at the same time that consumer interest in secure email services is heating up, what are your options? How does “secured” e-mail work? Without additional configuration, the text of a message travels over

Physical separation vs. Software compartmentalization

Many people believe the Holy Grail of secure isolation is to use two or more physically separate machines. This belief seems so natural, that we often don’t give it much thought. After all, what better isolation could we possible get than physical “airgap”?  I argue with this point of view.

KISA mobile phone

Let’s put this under the label of security [and well being of our loved ones]. I came across this little gem last week. I know someone who needs one – perhaps you do as well. KISA phone is an easy to use mobile phone for children, the elderly and disabled population of Australia. Great for

Restrict and Disable Flash Cookies

Some time back, we wrote an article on browser independent cookies and talked about how to delete Flash cookies. Ever since I came to know these cookies are not normal ones, I delete them after every session. Though you can use Flash Cookie Remover or Adobe Flash Settings, you can also Internet Explorer to delete

Password Length

Earlier this month, my company, along with 1.2 billion other websites, was targeted by Russian hackers utilizing a massive “bot” attack. These bots aggressively attempted access to websites with username and password options. Attacks like this serve as a good idea that it’s not enough to password-protect everything. You must create strong passwords that make

JackPair: secure your voice phone calls

JackPair is an affordable tool that enables average citizens to protect themselves against wiretapping. It’s a pair of encryption devices you put in between your phone and headset, which are connected through standard 3.5mm audio jacks. You can secure your phone line by simply pushing the JackPair button, and your voice will be encrypted. There’s

J.P.Morgan

A number of United States banks, including JPMorgan Chase and at least four others, were struck by hackers in a series of coordinated attacks this month, according to four people briefed on a continuing investigation into the crimes. The hackers infiltrated the networks of the banks, siphoning off gigabytes of data, including checking and savings

Google dorking

In a restricted intelligence document distributed to police, public safety, and security organizations in July, the Department of Homeland Security warned of a “malicious activity” that could expose secrets and security vulnerabilities in organizations’ information systems. The name of that activity: Google dorking. Malicious cyber actors are using advanced search techniques, referred to as ‘Google

How malware gives AV the slip

Researcher James Wyke has discovered throw-off tactics used by malware to frustrate investigators. These tactics were part of a suite of impressive methods VXers used to find technical artifacts that could help them distinguish between computers belonging to victims and those used by malware researchers.

Defend like an attacker

With the constantly evolving nature of most threats, it can be difficult to address every incident and alert that occurs in your environment. Effective incident response requires effective methods of prioritization: Deciding which alerts to focus on and in which order. In general, we’ve relied on a few standard methods of prioritization. However, each of

VNC remote access

Unlike Microsoft’s proprietary Remote Desktop Protocol (RDP) protocol, VNC is platform independent. But be careful about how you setup VNC because if you don’t lock down the remote access tool with a strong password, someone somewhere could be remotely sharing and taking screenshots of your desktop. For example, during a Def Con 22 hour-long talk

Your Anonymous Posts to Secret Aren’t

Of course I would not expect any reader here to be using crap like this, but perhaps you have friends or family who are not as security concious. If so, read on … White hat hacker Ben Caudill is halfway through his sandwich when he casually reaches over to his iPhone, swipes the screen a

Baby steps

Behold the cascade of baby photos, the flood of funny kid anecdotes and the steady stream of school milestones on Facebook. It all makes Sonia Rao, a stay-at-home mother of a 1-year-old in Mountain View, California, “a little uncomfortable.” At a time when just about everyone and their mother — father, grandmother and aunt —

Tor can handle Aphex Twin

In an interview , Tor’s chief executive Andrew Lewman expressed some of his concerns about the internet in the post-Snowden era. Lewman basically told the paper that Tor is struggling to scale and suggests that spy agencies are part of the problem. “It’s been co-opted by GCHQ and the NSA that if you’re using Tor,

Renting a Zombie Farm

A robot network (or “botnet”) consists of a group of “zombie” computers, compromised by malware, which can be controlled by a bot master’s server to perform nefarious tasks. What’s even more interesting than the botnet’s function are the economics behind how a bot master makes their money. Simply put, they use their infrastructure to offer