Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts tagged with Identity and Authentication Services
Showing posts in English
Leelin Thye | 17 Jan 2013 | 0 comments

In the article “Google Flags Ad Network Isocket for Alleged Malware; Chrome Blocks TechCrunch, Cult of Mac, others (Updated)”,[1] a large number of popular sites using a prominent advertising network was affected when  their sites were blocked by Google on suspicion of containing malware. Regardless whether the action was a result of false positive reading or not, the financial impact to advertising networks and their client sites is high when users are unable to access the websites and see a “Danger: Malware Ahead!” warning.  Business is disrupted and brand reputation compromised.

On the other hand,...

Brian Wall | 15 Jan 2013 | 0 comments

A team of university security researchers claims that 41 Android applications downloaded by as many as 185 million users are plagued by faulty encryption and inadequate SSL protection that leak data between a device and webservers.

If the vulnerability was ultimately exploited, it would allow malicious hackers to steal data related to online banking, social network credentials, email, instant message content and more. In addition, the faulty SSL protections in one of the affected apps - an antivirus application - can make data vulnerable to theft on Android devices running Ice Cream Sandwich (Android 4.0).

Interestingly, the researchers refrained from specifying particular apps with alleged faulty protection, but...

Jeannie Warner | 15 Jan 2013 | 3 comments

We're looking at a bumper crop of online frauds, cons, ID thefts, and check stealing this year. Some of them can steal your returns, others cost you your life savings or money you have not even begun to earn. As your W-2s come in, here are some simple pointers to remember about filing and online opportunities as well as methods for avoiding theft of multiple kinds.

  1. First and most important - the IRS will never email you. Ever. If you get an email from the IRS or EFTPS (Electronic Federal Tax Payment System), forward it to phishing@irs.gov and do not respond!
  1. Beware fake Tax preparation companies.  Never enter information online unless you see HTTPS: or a green bar in the URL, and look for the Preparer Tax identification Number (PTIN) on your return. You should always receive a copy of your tax return, and a reputable tax service should never do your taxes for a percentage of the refund....
Jimmy Edge | 11 Jan 2013 | 0 comments

Running an ecommerce site is a rewarding business. There are almost 2.5 billion people online, and the global consumer ecommerce market is worth around $1 trillion, which is nothing to be sneezed at.

But that opportunity also attracts criminals, which is why running any public-facing website is highly risky. The cost of cybercrime runs into the hundreds of billions each year, and in 2011, 403 million unique variants of malware were discovered, according to Symantec's Internet Security Threat Report.

That's not just stolen money we're talking about – you also need to factor in compensation payments, the time and manpower it takes to clean up after a successful attack, and the massive...

FranRosch | 08 Jan 2013 | 0 comments

By now you’re probably aware of the Turkish Certificate Authority that had mistakenly issued two intermediate CA certificates to two organizations in Turkey. With these trusted intermediate certificates, the two organizations, a Turkish bank and a Turkish government transportation agency, had the ability to issue fraudulent or unauthorized certificates for domains that they do not control. In this instance, a rogue, wildcard certificate was issued for google.com without permission from Google.

 According to the certificate authority, TURKTRUST, this incident occurred during a software migration in August 2011. In a statement released by the CA, the certificate profiles of the intermediate certificates in question were moved to a production server. This led to intermediate CA certificates being issued without the CA realizing what had happened. Google identified the rogue certificate on their domain on December 24th. Since then the bad intermediate certificates...

FranRosch | 12 Dec 2012 | 0 comments

On Tuesday, Microsoft announced that they have just upgraded their entire Outlook.com mail environment to an Always On SSL experience, protected by Extended Validation (EV).  This means that all of the user’s data is protected via 2048-bit encryption - not just the log on page - on Outlook.com, as well as Hotmail, and Live.

This is a big deal. Always-On SSL is the most recommended way for any kind of social media to be enabled for user security.  When a site is completely hosted over HTTPS, the user is much better protected from attacks and surveillance.  For example, on sites without Always On SSL, although the logon would be encrypted, if the subsequent pages are not protected by HTTPS the cookie with the login credentials could be intercepted and used for malicious purposes.

...

Brian Wall | 05 Dec 2012 | 0 comments

Attacks using malware – eg, malicious software embracing everything from computer viruses, worms, Trojan horses, spyware adware and other malicious programs –have reached epidemic proportions. Ask around your office now, or your social networking friends, and someone will have experienced such an event or know someone who has.

Have you been hit, for example, by the Dorkbot worm?  It caused havoc for untold numbers of Facebook and Twitter users, and has since been socially engineering Skype users into downloading the malware, whose payload includes a mechanism to lock down machines.

It delves through an infected Skype user's contact list and sends out the message: ‘Lol is this your new profile pic?’ in English and a similar greeting in German. Clicking on the link opens a .zip file that contains ‘skype_02102012_image.exe’. So far, so bad. Unzipping the file then opens a...

Jimmy Edge | 29 Nov 2012 | 2 comments

Making online payments for everything from gig tickets to major sporting events is one of the most convenient benefits of the internet revolution.

However, often the price is not as convenient if going through recognised channels, and it can be mightily tempting to seek out lower prices from sources that you have not used before. This could be a very risky move though.

An alarming 1 in 10 people within the UK have apparently fallen victim to scams whilst paying for tickets/products online.

Below, we have looked at a few ways in which you can stay as secure as possible when making online payments:

  1. Double check all details of your purchase before confirming the payment instruction. It sounds simple, but it is possible that you could have missed something...
Jimmy Edge | 28 Nov 2012 | 0 comments

As social networking begins to shrink the world and attract users by the billion, you won’t be surprised to hear that the hacker sharks are out there amongst them, and that they are starting to indulge in a feeding frenzy.

Recent investigations have detected a huge black market for social network fraud. Moreover, about one third of discussions in one particular hacker forum focused on training and tutorials for data theft techniques, such as SQL injection (a technique often used to attack a website) – and yet industry analysts estimate that less than 5% of IT budgets include products to mitigate attacks in the data centre. 

How does your organisation stack up against that percentage? And how much of a threat do these cyber criminals pose to you personally and, in the wider context, the business you work for? The answer has to be: a massive threat – especially when the hacker forum in question that was infiltrated contained around a quarter of a...

Brad | 26 Nov 2012 | 0 comments

With Thanksgiving approaching, the holiday season is once again upon us. While most of us consider the holiday season to give thanks and spend precious time with family and friends, we will also spend a considerable amount of money online. Nearly 120 million Americans will shop online the Monday following Thanksgiving. The growth in online spending isn’t isolated to the US, it is increasing globally. With this rise in online shopping comes an increase in cyber crime.

As more people go online worldwide, individuals are increasingly becoming targets for fraudsters and cyber-criminals. According to the 2012 Norton Cybercrime Report, cybercrime claims 556 million victims each year. Both businesses and consumers are victims of malware, phishing and malvertising threats. 

We all know how important it is to ensure that your network is secure, not only for the sake of business continuity...