Monday, March 10, 2008
Thursday, February 21, 2008
Sunday, February 10, 2008
Saw this Infoworld article through Rebecca Herold’s blog , “IT managers who object to employees using unauthorized software at work have another tool to worry about: Google Apps Team Edition, which requires no IT participation to implement”
As corporate Information Security professionals, does this really worry you? If you say yes, here is a list of applications to add to this,
Pownce “Pownce is a way to send stuff to your friends. What kind of stuff? You can send just about anything: music, photos, messages, links, events, and more.”
Qipit “Qipit turns camera phones and digital cameras into mobile copy centers so people can turn photographs or written and printed materials into scan-quality digital documents they can share and store on the go.”
Meebo “Meebo is a website for instant messaging from absolutely anywhere. Whether you’re at home, on campus, at work, or traveling foreign lands, hop over to meebo.com on any computer to access all of your buddies (on AIM, Yahoo!, MSN, Google Talk, ICQ and Jabber) and chat with them, no downloads or installs required”
Willselfdestruct “You can create a secure anonymous email message to a friend or colleague by entering their e-mail address and the message to see.”
The site goes on to say that “No messages or e-mail addresses are stored after the message has been viewed. We also do not log your IP address or any information about you, your message, or the recipient. Once sent, all data disappears forever.”
DocSyncer “DocSyncer automatically finds and syncs your document files to Google Docs and your DocSyncer account. DocSyncer monitors your documents for changes and syncs the updated files as well.”
YouSendIt “Our innovative service enables users to send, receive and track files, on-demand.”
These examples make a great case for deploying DLP and other monitoring solutions but understand that many of them offer ways to bypass monitoring by allowing the users to encrypt and password protect the channels and data.
Thursday, February 7, 2008
Speaking of vulnerabilities Apple (QuickTime), Adobe (Reader) and Firefox all announced patches for application flaws.
How do we check for patches like these automatically? Check my earlier post on Secunia PSI
Tuesday, February 5, 2008
Monday, January 28, 2008
Saturday, January 19, 2008
Here is an example of people still doing such things as logging into their bank accounts from public computers.
Friday, January 18, 2008
Secunia PSI - check my earlier post on this
DVDburn and CDburn from windows Resource kit - a very simple command line utility to burn CDs and DVDs
sysinternals tools - a very handy set of tools
md5summer - check my earlier post on this
windows update - keep up to date with hotfixes and service packs
sigverif - this is a windows xp tool which verifies the file integrity of the windows files that are digitally signed by Microsoft.
Don't login as Administrator or as an admin user. This is the primary reason how malicious code received via email or some other means gets executed.
Use the firefox extensions no script, refcontrol, safecache and safehistory. Also use the firefox feature to create seperate profiles, one for regular use and one while logging to banking and other financial sites. This is a great way to guard against CSRF attacks
It is also a good idea to enable logging (successful and dropped connections) on the Windows Firewall and periodically check for any unusual activity.
Wednesday, January 16, 2008
"making the profiles of 14 and 15 year old users automatically private and protecting them from being contacted by adults that they don’t already know in the physical world, and deleting registered sex offenders from MySpace. Examples of improvements MySpace will make include defaulting 16 and 17 year old users’ profiles to private and strengthening the technology that enforces the site’s minimum age of 14."
"MySpace will explore the establishment of a children’s email registry that will empower parents to prevent their children from having access to MySpace or any other social networking site."
"As part of the Principles, MySpace will organize, with the support of the Attorneys General, an industry-wide Internet Safety Technical Task Force to develop online safety tools, including a review of identity authentication tools."
Friday, January 11, 2008
I want to list some of the very important ones
- "Facebook helps you share information with your friends and people around you. You choose what information you put in your profile, including contact and personal information, pictures, interests and groups you join"
- "When you enter Facebook, we collect your browser type and IP address. This information is gathered for all Facebook visitors. In addition, we store certain information from your browser using "cookies.""
- "We recommend that minors over the age of 13 ask their parents for permission before sending any information about themselves to anyone over the Internet."
- "Facebook Beacon is a means of sharing actions you have taken on third party sites, such as when you make a purchase or post a review, with your friends on Facebook. In order to provide you as a Facebook user with clear disclosure of the activity information being collected on third party sites and potentially shared with your friends on Facebook, we collect certain information from that site and present it to you after you have completed an action on that site. You have the choice to have Facebook discard that information, or to share it with your friends."
Wednesday, January 9, 2008
Tuesday, January 8, 2008
More information here,
Monday, January 7, 2008
"The program, which Facebook CEO Mark Zuckerberg unveiled last month, allows Facebook to track its users' activities, such as purchases, on third-party Web sites that partner with the social-networking site and broadcast them to the users' friends."
"Last month, Google introduced a new feature that essentially guesses who your friends are—based on chatting habits in its Google Talk service, among other things—and automatically shows those people your shared items."
These are some of the reasons why I don't put my profile out at these sites
Saturday, January 5, 2008
Once installed the software searches for all the installed packages and verifies if they need any software updates to make it secure. The software identifies what the updates are and provides you a link where the latest updates can be found.
The new version tracks the performance week by week and gives a score of how secure the applications installed in the system is.
Download and install the software today, it is a must have software for all the home PCs.