Sophos - Naked SecurityWhen we think of secure programs we think about things like buffer overflows, null pointer dereferences and other technical jargon. Adam Shostack of Microsoft explained the importance of designing usable interfaces to help users make smart security decisions at last week's BSides conference in Vancouver Canada.
Sophos - Naked SecurityLast year, a Googler named Dr. Elie Bursztein noticed that Apple's App Store protocols were using HTTP where HTTPS would have been much better.
Some time later, Apple has changed its ways.
Paul Ducklin explains why it matters...
Sophos - Naked SecurityMozilla and Google have already pushed out patches to stop the exploits that got past their browsers at this year's PWN2OWN competition!
That certainly throws down the gauntlet to Microsoft, whose Internet Explorer 10 browser was also successfully breached in the competition.
Germans bombarded in malware attack, shipment firm caught in crossfire forced to suspend email addressSophos - Naked SecurityA hard-hitting malware attack is hitting German email inboxes, and causing a headache for an innocent shipment firm mentioned in the messages.
Sophos - Naked SecurityPWN2OWN 2013 finished off today.
A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...
Sophos - Naked SecurityNo real damage was done, a judge ruled, and besides, paying for premium membership isn't a guarantee that you'll get premium security.
Ouch! So much for promises made in privacy policies.
Sophos - Naked SecurityOf the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.
Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...
Sophos - Naked SecurityA cybercriminal attack uses the fear of vulnerabilities and malware infection to trick users into unwittingly compromising their Windows computers.
Sophos - Naked SecurityJapanese boffins think they might have found an imaginative way to stop malware stealing your passwords as you enter them online.
But will it really work?
Sophos - Naked Security"OK, Microsoft... no more Mr. Nice Guy," the European Commission said to the company that just can't seem to figure out how to give PC users a browser choice.
Sign up now »
Create and deliver online assessments to identify business risks and track their mitigation and resolution.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.