Archive

Posts Tagged ‘security’

Windows 7 Shortcuts

October 15, 2012 5 comments

The Document above shows all available shortcuts usable on the Windows 7 Operating System. Increase performance and turn around time for your deliverables by using shortcuts instead of the boring mouse clicks. download and enjoy!!!

New App Grades Facebook Apps on Privacy


By Tony Bradley, PCWorld

When someone plays Zynga’s Words with Friends on Facebook they obviously expect to share that experience with whichever Facebook contact they play against. However, by authorizing Words with Friends–or other Facebook apps–users might be sharing much more than they’re aware of.

Facebook is a social network. By definition, the point of being on Facebook at all is to share with others. However, people like to choose which information to share, and who to share it with–they’re funny that way. Apps that collect or share information without the explicit consent of the user are shady, and infringe on the privacy users expect.

Some app developers do a much better job than others at protecting user privacy.Jim Brock, founder and CEO of PrivacyChoice, explains in a blog post, “Facebook doesn’t control or enforce app privacy practices, so it’s up to users to know the privacy risk

To help users help themselves PrivacyChoice has launched PrivacyScore–a privacy report card that grades Facebook apps on how well they respect the user’s privacy. PrivacyScore is a Facebook app as well. You simply type in the name of the app you want to check, and PrivacyScore will return a grade between 1 and 100. The PrivacyScore rating considers a variety of factors, including the privacy policies of the app vendor, and how the app handles personal data.

Don’t bother trying to get a grade on PrivacyScore itself. The PrivacyChoice started out indexing and rating the most popular apps, and does not have comprehensive coverage of all Facebook apps. Its FAQ claims that it is continuing to expand its app coverage.

via New App Grades Facebook Apps on Privacy | PCWorld Business Center.

How to Build a Successful IT Security Career


Janet Pinkerton

Wednesday, April 18, 2012

IT security pros can never stop learning about cyber threats and best security practices. Industry professionals recommend a mix of activities to continually prep for a successful IT security career.

Network Connections Network and build knowledge by joining local chapters of IT security trade associations or online communities, suggests Amy Hagerman, assistant vice president/IT security manager at Independent Bank in Ionia, Michigan. “It’s very cost effective.”

Such groups could include:

A working friendship with a group of respected, trusted peers can be a huge resource to everyone in the group. It provides a chance to learn about new challenges or technologies, and discuss problems. “Once you get plugged into some of these groups, you build up a rapport over time, so you know who really knows what they are talking about, and whom you are able to trust,” says Hagerman.

Get Educated All three IT security professionals interviewed for this blog earned IT-related bachelor’s degrees; two invested in graduate level study. “I had to take the time to get in and learn how things worked, why things like firewalls for example, worked,” says Justin Opatrny, network planner for General Mills, who holds a bachelor’s degree in management information systems from Iowa State and a Master’s in Information Assurance from Norwich University.

Understanding the fundamentals of networking, operating systems, security threats and risk is key to professional success.  “Anybody can learn to use an IT security tool like a firewall or an IPS (intrusion prevention system),” says Opatrny. “You need to know why you are using that tool, what advantages does it have, what disadvantages does it have—so you understand the full picture. Without those foundations, you’re likely to have less success running and securing your systems properly.”

Get Certified “Certification can be a great career builder,” contends Opatrny, who holds not only the CompTIA Security+ credential, but also the CISSP from ISC2 and forensic analyst and systems/network auditing credentials from GIAC. “It gives you some level of validation that you have a base knowledge of skill.” That can be a differentiator to an entry-level IT security employee. But he adds, “You’d better be able to prove on the job that you can apply these skills and knowledge—not just that you are good at taking tests.”

Get Involved Becoming involved with trade industry groups, such as CompTIA or ISSA, is good for the industry, and it’s good for you. Opatrny teaches, writes industry articles and volunteers as a subject matter expert; both Hagerman and Lee Myers, chief technology officer for the Archdiocese of Philadelphia, helped write CompTIA’s CASP exam.  The “Share the Wealth” mentality is pretty prevalent in IT security, says Opatrny. “We are already at a disadvantage against these malicious agents. We have to take every chance we have to work with our peers, share what we’ve learned or experienced, so we don’t have to figure it all out ourselves.”

Keep Reading & Researching Beyond setting RSS feeds or Google News Reader, popular online resources for IT security professionals include:

  • BugTraq — Security Focus mailing list for the “detailed” discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them. “There’s more information on there than any one person could absorb,” says Opatrny.
  • Center for Internet Security (daily cyber security tips, white papers, guides, videos and podcasts)
  • Experts Exchange (online forum where IT professionals provide answers on tech topics)
  • ISC2 (blog, journal, magazine)
  • ISSA (journal, executive forum, webcasts, whitepapers, e-news)
  • NIST’s Special Publications (800) series, and FIPS publications. The SP800 series are documents from NIST’s Information Technology Laboratory, featuring titles such as “Guidelines for Securing Wireless Local Area Networks” (published February 2012). “The SP800 Series is a great reference for learning different aspects of security,” says Opatrny. Myers adds that NIST FIPS (Federal Information Processing Standards) “give you a great framework.”
  • SANS Institute (research, whitepapers, newsletters, webinars)
  • Secure Computing (monthly magazine and online news)
  • U.S. Computer Emergency Readiness Team— The Home and Business section offers basic tutorials (e.g., “Understanding Denial of Service Attacks”), as well as alerts current security issues, vulnerabilities, and exploits and weekly summaries of new vulnerabilities (and patch information when available).
  • Verizon 2011 Investigative  Response (IR) Caseload Review and its Data Breach Investigations Report (DBIR) — The DBIR is a “very thorough evaluation of all of the incidents Verizon has responded to over the last year—where the attacks are coming from, how effective they’ve been, areas getting attacked,” says Hagerman. “I find that very helpful in identifying what we should be protecting against.”

Via: Comptia Certifications Blog

Most IT, security pros see Anonymous as serious threat

April 30, 2012 Leave a comment

Anonymous Español: Anonymous

Anonymous Español: Anonymous (Photo credit: Wikipedia)

By Lucian Constantin

April 23, 2012 10:12 AM ET

IDG News Service – The majority of IT and security professionals believe that Anonymous and hacktivists are among the groups that are most likely to attack their organizations during the next six months, according to the results of a survey sponsored by security vendor Bit9.

Sixty-four percent of the nearly 2,000 IT professionals who participated in Bit9’s 2012 Cyber Security Survey believe that their companies will suffer a cyberattack during the next six months and sixty-one percent of them chose hacktivists as the likely attackers.

Respondents had the option to select up to three groups of attackers who they believe are most likely to target their organizations. The choices were Anonymous/hacktivists, cybercriminals, nation states, corporate competitors and disgruntled employees.

Anonymous was chosen by the largest number of IT professionals overall, but there were some differences based on the type of organization. For example, nation states was the top choice for people working in the government sector, while those working in retail selected cybercriminals as the top threat.

According to Verizon’s 2012 Data Breach Investigations Report, hacktivists stole the largest quantity of data in 2011, but they were responsible for only 3 percent of the total number of breaches.

Respondents choosing hacktivists as a more likely source of cyberattacks than cybercriminals is similar to how most people fear flying more than driving, even though, statistically speaking, it’s far more likely for someone to be involved in a car accident than in a plane crash, said Bit9 chief technology officer Harry Sverdlove.

The truth is that you are less likely to be attacked by Anonymous or hacktivists — depending on what public statements you make — than to be attacked by a cybercriminal enterprise or a nation state, he said.

Despite considering Anonymous the top threat, when selecting the method of attack they are most worried about, 45 percent of respondents chose malware, which is generally associated with cybercrime rather than hacktivism.

Distributed denial-of-service (DDoS) and SQL injection, two attack types most commonly favored by hacktivists, worried only 11 percent and 6 percent of respondents, respectively.

Sverdlove believes that the reason why most IT professionals fear attacks from Anonymous is the bad publicity such attacks generate. If you’re attacked by Anonymous the world is going to know because the announcement will be on Pastebin in 24 hours, whereas if you’re attacked by cybercriminals, people might never find out, he said.

Despite this, almost 95 percent of respondents feel that data breaches should be disclosed to customers and the public. Forty-eight percent believe that companies should disclose the breach occurrence as well as what was stolen, while an additional 29 percent believe that companies should also disclose how the breach occurred.

Next >>

Facebook hacker comes clean – Computerworld

April 26, 2012 5 comments

Glenn Mangham of York, England, said he meant no harm and hoped Facebook would let him off the hook

By Jeremy Kirk

April 26, 2012 12:00 PM ET1

What’s this?IDG News Service – The hacker who stole Facebook’s source code has gone public with a deeper explanation of how he penetrated the world’s most popular social network.

Glenn Mangham, of York, England, posted a lengthy writeup on his blog and a video, saying that he accepts full responsibility for his actions and that he did not think through the potential ramifications.

“Strictly speaking what I did broke the law because at the time and subsequently it was not authorized,” Mangham wrote. “I was working under the premise that sometimes it is better to seek forgiveness than to ask permission.”

Mangham implied he meant to contact Facebook once he had noticed the social-networking site had observed his intrusions, which he did little to hide. He didn’t use proxy servers because he said it made auditing take longer due to the time delay between each request made to a server. He was also hoping that even when he got caught, Facebook would let him off the hook.

That didn’t happen.

via Facebook hacker comes clean – Computerworld.

Russian Security Firm Says Flashback Botnet Is Not Shrinking

April 24, 2012 Leave a comment

By Kevin McLaughlin, CRN April 23, 2012 4:34 PM ET

Contrary to recent reports, the worldwide botnet of Macs infected with the Flashback malware has remained relatively steady in size, the Russian security vendor Dr. Web said over the weekend.

Dr. Web discovered the botnet — which it calls BackDoor.Flashback.39 — on April 4. It claims that more than 817,000 bots have connected to the botnet thus far, and that an average of 550,000 infected machines are interacting with a command-and-control server each day.

New infected machines that have not yet been registered in the botnet — and which cannot yet be tracked — are joining every day, according to Dr. Web.

Dr. Web’s latest findings contradict those of Symantec and Kaspersky Lab, which earlier this month reported that the Flashback botnet had shrunk to less than half its peak size of 650,000 infected machines due to Apple’s work with Internet service providers to take down command-and-control servers and the release of malware removal tools from third parties.

However, Dr. Web says these findings are inaccurate because they rely on the analysis of data from hijacked botnet control servers. After conducting its own analysis, Dr. Web found that aadditional control servers have come online, and some bots had been switched to standby mode, which means the botnet is larger than Symantec and Kaspersky claim.

“This is the cause of controversial statistics — on one hand, Symantec and Kaspersky Lab reported a significant decline in the number of BackDoor.Flashback.39 bots,” Dr. Web researchers said in the blog post. “On the other hand, Doctor Web repeatedly indicated a far greater number of bots which didn’t tend to decline considerably.”

“Doctor Web once gain warns Mac OS X users of the BackDoor.Flashback.39 threat and strongly recommends you to install Java updates and scan the system to determine whether it has been infected,” the company said in the blog post.

Apple issued a patch for the Java vulnerability April 4, but security researchers criticized the company for its slow response to the issue, which was first reported in February.

via Russian Security Firm Says Flashback Botnet Is Not Shrinking.

%d bloggers like this: