Posts by author:
spinman
Who are these certificate authorities? At the beginning of Web history, there were only a handful of companies, like Verisign, Equifax, and Thawte, that made near-monopoly profits from being the only providers trusted by Internet Explorer or Netscape Navigator. But over time, browsers have trusted more and more organizations to verify Web sites. Safari and Firefox now trust more than 60 separate certificate authorities by default. Microsoft’s software trusts more than 100 private and government institutions.
Read the full article – [Schneier on Security]
In this video from OWASP AppSec Research 2010, David Byrne and Charles Henderson from Trustwave talk about automated vs. manual security.
Facebook has announced another security feature which will allow you to logout of your account remotely. So now if you use someone else’s computer or phone to access your facebook account and forget to logoff of when your done, you will be able to login from another device and end that session. This feature will more than likely be rolled out gradually and below is an image of what you will see when it is.
To check to see if you have it already, simply go to your Account Settings page and choose to change you Account Security. The information provided for each active session will consist of the login time, device name (if you have named it), a ballpark location derived from the IP address, and the browser and operating system on the used device. This way, even if someone accesses you account after you or your account credentials get phished and used, you can lock out those users by terminating the session remotely and changing the password for the account.
In case you forgot Facebook also rolled out a security feature in May that when enabled will notify you when your account has been accessed from an unapproved device. Below is what that screen will look like.
Take the Pub Poll!
The countdown to the saturation of the IPv4 address supply is now down to a matter of months: and along with the vast address space of the next-generation IPv6 architecture comes more built-in network security as well as some new potential security threats.
Check out the rest of the article – [Dark Reading]
I bet Apple didn’t expect this when they released iTunes 10 and the new iTunes Ping a social network for music. Spammers and scammers have quickly exploited this new feature that launched on Wednesday. Ping is a cross between Facebook and Twitter, giving over 160 million iTunes users the ability to have networks of friends.
Sophos researchers have found that Ping is being over-run by scams and spam messages, some of which try and direct users into believing they will receive a free iPhone if they complete online surveys.
Most of the security industry has been pointing out the migration of spam from an email-only venture to blog/forum comments, Facebook, Twitter and other Web 2.0 platforms,” writes Chester Wisniewski of Sophos. “But apparently Apple didn’t consider this when designing Ping, as the service implements no spam or URL filtering. It is no big shock that less than 24 hours after launch, Ping is drowning in scams and spams.
More information about the Ping spam attacks, including screenshots, can be found in Chester Wisniewski’s Blog from Sophos.
Microsoft has released a new version of a software tool that developers and administrators can use to harden older applications against common vulnerabilities. Short for Enhanced Mitigation Experience Toolkit, EMET version 2.0 brings several new protections to operating systems and applications such as Windows XP or Internet Explorer 6, which remain widely used even though they are not as secure as more recent releases.
Check out the rest of the article – The Register
