Week in review:
Here’s an overview of some of last week’s most interesting news, interviews, articles, reviews and podcasts:
A foolproof drive-by-download blocking tool?
A seemingly foolproof tool for blocking drive-by-download attacks has been developed by a group of researchers at the Georgia Institute of Technology and California-based SRI International.
Questions to ask of a cloud provider
At the RSA Conference Europe 2010, the Cloud Security Alliance (CSA) released version 1.0 of the Consensus Assessments Initiative Questionnaire.
Bugat Trojan linked to LinkedIn phishing campaign
The emergence of this new version of Bugat appears to be an attempt by criminals to diversify their attack tools using a platform that is less well known and therefore harder to detect and block.
Patching challenges and techniques
Wolfgang Kandek is the CTO and Vice President of Engineering at Qualys. In this interview he discusses Microsoft security bulletins, patching difficulties in general, patching tools and techniques as well as Adobe Reader and Flash.
Developing a secure product lifecycle for Flash content
In this podcast recorded at the RSA Conference 2010 in London, Peleus Uhley, Platform Security Strategist for Secure Software Engineering at Adobe talks about developing a secure product lifecycle for Flash content.
Facebook introduces one-time passwords
For all those who simply must access Facebook from a public computer, the social network introduced the option of receiving a one-time password to be used instead of their regular one.
A closer look at SafeCopy Backup
SafeCopy Backup is an online backup service that allows you to backup files from an unlimited number of Windows and Mac computers and mobile devices, to access them from anywhere, and to share them with anyone.
Facebook: The rise of the privacy killer
As the most significant social network in the world, with more than 500 million users disclosing a wealth of information on a daily basis, Facebook is a dominant repository of personal information. Does Facebook care about users’ privacy? Absolutely not.
Application security: The good, the bad and the ugly
In this podcast recorded at the RSA Conference 2010 in London, Chris Eng, Senior Director of Security Research at Veracode and leader of its research lab, talks about the good, the bad and the ugly facts that the company’s latest State of Software Security Report has brought to light.
Microsoft’s Network compromised, used to route traffic to spam websites
Microsoft has confirmed that two network devices on its network have indeed been compromised and were being used by criminals to route traffic to more than a thousand websites used to push fake pills.
How to become a published author in information security
A large security event is always filled with exceptionally clever attendees who are writers in one way or another. Some produce training materials for their employers, others write whitepapers or articles and have blogs. But how do you translate this type of writing into a book? What kind of information do you need?
5 tips for protecting against spam attacks
To help overcome the growing problems associated with spam, Cloudmark offers handy tips to help consumers reduce, identify and manage spam.
How to sell security to senior management
While companies know they have to invest in IT to do their jobs, IT security always ends up looking like an added cost in the eyes of the management. So, what are the things you need to learn about the company you’re pitching to before you get through the door?
ZeuS developers up the ante with beefed up variant
New variants are using the brand new LICAT file infector as a way of making computer download the from a variety of sources and execute them.
How to protect employees with a web filtering solution
As invaluable a tool as the Internet is, as empowering as having unlimited information instantly accessible is, and as enabling as virtually instant communication is, the Internet is full of bad things against which we must protect our employees.
Weather forecast: Cloudy with a chance of compliance
At the RSA Conference 2010 held in London, RSA’s CEO Art Coviello illustrated the depth of some of the key issues the industry is dealing with, and acknowledged the growing complexity of the job at hand.