- PC Got a Virus? Consider Getting Help Offline - Security Fix
well it just goes to show, if you can't trust a suspect machine to report it's own infection state (as the saying goes) then you certainly should trust it for making online purchases
- Multi-Layering and User Education: a random thought from AVAR | ThreatBlog
one of my favourite topics - user education, and an interesting framing to boot... user education as simply another layer in a multi-layered defense... not only does that correctly imply that it's inherently an imperfect control just like all the others, it plants it squarely where it belongs - along side all the other controls, all working in unison...
- hype-free: Actively working against security...
this sound eerily familiar, but lets not talk about where i've heard this before... all i can say is i've always known it was a bad idea, and i don't care if the customer's departments don't co-operate with each other - either get buy-in from IT or go over their heads to force co-operation, but don't surreptitiously bypass their security defenses just because it's an inconvenience for you...
- Andrew Hay » Blog Archive » Tactics Must Evolve
security pros need to be students of military history and tactics? hear hear... i know security isn't really like warfare but strategy and tactics are a much bigger part of security than some people wish to admit
- ThreatExpert Blog: How to Defeat Koobface
great post - i always like to see people identifying exploitable weaknesses in malware
- Scammers Evade Spam Filters by using Email ‘From’ Fields | TrendLabs | Malware Blog - by Trend Micro
i almost laughed when i saw this - it seems so obvious now, why hasn't this happened sooner? (or has it?)
- iSpy an iPhone Spy - F-Secure Weblog : News from the Lab
well what do you know - mobile malware for the iphone... i know some people don't count these sorts of tools as malware, but this is the very picture of spyware, just like neo-call's spyphone or vervata's flexispy...
- Roger Thompson: Awww.... puppies!
scamming with puppies... the bad guys are sinking to new lows...
- Major Web browsers fail password protection tests | Zero Day | ZDNet.com
i've always said it was better to use a password manager that was separate from the browser and unable to respond to content on webpages (because some 3rd party tools are just a little TOO integrated) but now i actually have figures to point to show why
- Lois Lane and the Craigslist fake landlord scam - Graham Cluley's blog
a super(b) example of scamming a scammer
- Most Abused Infection Vector | TrendLabs | Malware Blog - by Trend Micro
always interesting to find out which methods of attack are the most active... right now it seems to be downloads (though apparently not drive-bys) and droppers (not surprised at all about that one)...
- Is there no end to the AutoRun madness? | Zero Day | ZDNet.com
a good comparison of the autorun infection vector across multiple versions of windows
- Graham Cluley's blog - Facebook data loss fiasco
i got one of the same emails graham talks about here - yes folks, facebook is training their users to be phishing victims...
Wednesday, January 07, 2009
geez, i need an alarm clock to remind me to do this or something...
Tags: suggested reading