REVIEW: IRISCard Anywhere 4
REVIEW: Adobe Captivate 5
REVIEW: Buffalo TeraStation WSS
REVIEW: Microsoft Visual Studio 2010
REVIEW: Microsoft Office Web Apps
REVIEW: Intuit QuickBooks 2010 Premier
REVIEW: FileMaker Pro 11
REVIEW: Apple Mac Mini Server
REVIEW: Symantec Backup Exec 2010
REVIEW: Microsoft SharePoint 2010
Aug 31st, 2010
Security Out Of Focus: An Incomplete Thought
Someone sent me this quote in an attempt to convince me that we should focus on vulnerabilities and not threats…I don’t think they are mutually exclusive, but here nor there… “Our data tells us that focusing on vulnerabilities is more effective in reducing risk than focusing on threats. In fact, of nine specific types of [...]
Aug 13th, 2010
Apple Pushes iOS 4.0.2 Update For iPhone And iPod Touch
Apple has updated the iOS on iPhones and iPods through its iTunes service to fix two vulnerabilities, including the widely discussed .pdf security problem that made headlines earlier this month. That hole (CVE-2010-1797) made it possible for a malicious PDF document with specially crafted embedded fonts to execute code on the devices. [...]
Aug 12th, 2010
The Nebulous Notion Of Securing The Cloud
In a recent business survey covering the UK, France and Germany, 65% of all respondents said security is the most important aspect of their Cloud-based B2B integration service. These concerns are justified. Cloud-based services are generally broken down into three categories: infrastructure as a service, platform as a service and the application as a service, [...]
Aug 6th, 2010
Patch Tuesday: Preview For August 2010
This August is bringing a record setting number of updates from Microsoft. In addition to last week’s LNK update, there will be another 14 bulletins addressing 34 vulnerabilities, that IT admins will have to take care of in the weeks after Patch Tuesday. Including the LNK update,9 bulletins have a rating of critical and affect [...]
Aug 4th, 2010
Apple iOS 4 Devices Hacked Through PDF Security Breach
Apple devices, such as the iPhone and iPad, can be hacked through a flaw in the way iOS 4 deals with PDF files. The bug can be exploited when a user visits a web address using Safari. The web browser can automatically load a PDF file containing a malicious code, hidden within a font, causing [...]
May 28th, 2010
The Simple Elegance Of Faith: When Good Enough Is
Michal Zalewski, a security researcher at Google, recently wrote a guest editorial for ZDNet entitled “Security Engineering: Broken Promises”. The article lays out a series of issues with the security industry, specifically looking at an inability to provide any suitable frameworks for software assurance or code security. We have in essence completely failed to come up with even [...]
Apr 1st, 2010
Quiet The Perfect Cyber Crime Storm With Enterprise Threat And Risk Monitoring
The perfect storm is upon us as sophisticated cyber criminals attack unprepared businesses. Today’s cyber criminals have evolved their skills and techniques to such an extent that they can breach the network of any company at will. The secure perimeter protecting a business has become a thing of the past as cyber criminals target business [...]
Mar 10th, 2010
Which Browser Is The Most Secure – Is That The Question?
Over the past week I have been asked twice now for my opinion on the question “Which browser is the most secure?” Probably as a result of the release of Microsoft’s “Browser Choice” update. In my view, this choice that people are being prompted to make is leading most of us to [...]
Mar 9th, 2010
Cloud Security Alliance Highlights Top Threats To Cloud Computing
A new report commissioned by Hewlett Packard on behalf of the Cloud Security Alliance has revealed – or highlighted – the major challenges facing the adoption of cloud computing technologies. The peer-reviewed research paper, entitled “Top Threats to Cloud Computing Report,” is the result of a broad examination of information security experts [...]
Jan 19th, 2010
Internet Explorer 0Day Vulnerability: The Aurora Exploit
In the modern age vulnerabilities are discovered in one of two ways; organizations, researcher, testers and white hats test applications for vulnerabilities due to their line of work or simply to build a reputation. Once these individuals find vulnerabilities they inform the vendor, wait for a fix to be developed and deployed before revealing details [...]
Jan 13th, 2010
Microsoft Starts 2010 Slowly – A Single Bulletin Containing One Vulnerability
Microsoft starts 2010 slowly – a single bulletin containing one vulnerability in the embedded OpenType Font (EOT) engine. Due to the memory model in Windows 2000 the vulnerability is critical on that version of the Windows Operating System, all others receive a low severity rating. The flaw can be exploited through any OpenType enabled application such [...]
Jan 12th, 2010
Risk Modelling – The Secret To Successful Post-Merger Network Convergence
Many organisations in today’s economy see a merger or acquisition as an attractive business strategy to improve financial position and weather a down market. This is especially true in the financial services sector, where even very large organisations are being acquired by equally large organisations as a basic survival strategy. While the results may favour shareholder [...]
Jan 11th, 2010
Don’t Update Your Email Settings
Pushdo is once again using a blended email and web attack to try and infect PCs with the Zeus (Zbot) Trojan Horse. This time the attack starts with a spam email claiming that your email settings have been changed and that to apply the new settings you must click on the link. The email and [...]
Dec 15th, 2009
Pushdo Distributing Malicious VISA Statements
Pushdo has moved on to yet another blended threats campaign designed to install the Zeus Trojan horse onto user’s PCs. Over the past months Pushdo has conducted a number of different email campaigns, many of which we have previously written about on this blog. This time there is a VISA card theme where the recipient [...]
Dec 4th, 2009
Adobe Warns Of Critical Flash And Air Vulnerabilities
Adobe has published a security advisory announcing that it will be issuing a critical update to its Flash and Air products next week. Details of the vulnerabilities, which will apply to Adobe Flash Player 10.0.32.18 and earlier, and Adobe AIR 1.5.2 and previous versions, have not yet been made public, but users are being advised to [...]
