I recently finished reading Mandiant‘s fantastic APT1 Report. One of the gems is on page 29, which details some of the tactics used by phishing attacks carried out by APT1, (speculated to be the elite cyber-attack wing of the Chinese military). (more…)
Archive for the ‘Security’ Category
We have several clients who have stated that they “need to have all employees’ passwords.” They don’t, and furthermore, after a brief explanation, they realize they don’t want them either. Here’s why.
This weekend, Evernote announced that they were hacked, joining Apple, Facebook, Microsoft, and NBC. All this in the first quarter of 2013!
Below is an email that was sent to all Evernote users, informing them of the event, and steps Evernote took to safeguard their users’ data. (more…)
Do you remember Agent Smith from “The Matrix?” These guys were pretty scary. They could move with blinding speed, possessed superhuman strength and reflexes, and, scariest of all, if you killed one, he could suddenly reincarnate as anyone… anyone else around you. There was no way to tell if the innocent grandmother or fruit vendor you were talking to would suddenly morph into an Agent and shoot you on the spot. And the same is true of all of those websites that you visit every day. (more…)
Recent security holes with Oracle’s Java and Microsoft Internet Explorer have underscored the need for two web browsers (or two different computers) to separate your business processes while surfing the Internet. (more…)
We recently handled an incident response case where our client was infected by malware which was delivered by email. The client plead ignorance, and asked “how can we tell what is real and what is a virus?” Here’s a quick tip to do just that!
For starters, several email clients and web browsers will show you the address of a link before you click on it… provided you take a few seconds and look before clicking! Most people just click away without giving a second thought, which is like running out across the street and then, if ever, looking to see if there is any oncoming traffic, so try to resist that urge and put safety first.
Here’s a sample “LinkedIn” notification I just received.
Here’s a quick self-assessment on your password. Please take 1 minute to answer the questions on our brief password age survey, and we’ll report the findings back here soon.
Something that frequently confuses many of our clients is the concept of a user versus that of a computer. Now, I’m not saying that they can’t tell the difference by looking at the two, (imagine the HR nightmares that would result), but functionally speaking, it’s not at all uncommon for us to encounter locations where Internet content filtering is done by computer, certain computers are used to run certain tasks and, worst of all, everyone uses the same username and password on a computer. Here’s why these are bad. (more…)