In early 2010, PDF exploits were by far the most common malware tactic, representing more than 47 percent of all Q1 infections tracked by Kaspersky Labs. By mid-year, PDF exploits had fallen to 30 percent, overtaken by Java. However, PDF remains the world’s second most popular target. For those running PDF software – lead by […]
Last year, Android became the world’s second favorite mobile OS, racing past BlackBerry and Apple. 67 million of the nearly 300 million smartphones sold in 2010 were Android-powered devices like the Samsung Galaxy S, Motorola Droid X, and HTC EVO. New Android 3.0 (“Honeycomb”) tablets will spur even more growth this year. As a result, […]
No organization wants to make breach headlines; many have spent considerable sums to avoid them. And yet, huge data breaches are still being reported. The Identity Theft Resource Center catalogued 662 breaches in 2010, exposing more than 16 million records. Back in 2009, Heartland took first place by losing 130 million records to one SQL […]
Learn how to surf websites vulnerable to Firesheep without getting fleeced. Years after BlackHat sidejacking demos, far too many websites remain vulnerable to this session cookie hijack attack. Frustrated by apathy and inaction, web developer Eric Butler and colleague Ian Gallagher decided to raise awareness with Firesheep – a Firefox plug-in that makes sidejacking as […]
Wireless security concerns don’t seem to be slowing hotspot growth. In 3Q09, AT&T hotspots serviced over 25 million Wi-Fi sessions – 66 percent more than in 2Q09. Aircell now offers in-flight Wi-Fi service on over 4,000 flights per day. In my hometown (Philadelphia), Comcast just launched over 2000 new Xfinity hotspots. Yet, few public hotspots […]
Protocol analyzers are often used to capture, decode, and evaluate traffic flows and packets for network debugging, troubleshooting, and optimization. But did you know that a protocol analyzer can also be indispensable for security incident investigation? Perhaps the best-known open source protocol analyzer is Wireshark (nee Ethereal), capable of decoding scads of protocols, captured from […]
All new Wi-Fi CERTIFIED products support WPA2 (AES-CCMP) security, but that’s not enough to harden a WLAN against attack. Breaches can still be caused by policy, configuration, and coding mistakes, overly-friendly clients, or unauthorized APs. Continuous surveillance and periodic assessments are important to spot (and then patch!) these and other WLAN vulnerabilities. You can’t conduct […]
Every e-mail user has experienced phishing first-hand. Phishing refers to fraudulent communications that use social engineering and technical subterfuge to bait victims into disclosing personal identities and credentials. Phishing is big business: Criminals reel in billions from fraudulent financial transactions, executed with phished data. With so much at stake, can you recognize a phish when […]
Gone are the early days of Wi-Fi, when CSOs lost sleep over threats like WEP cracking and war driving. 802.11n products have matured to the point where many enterprises are investing in larger, faster WLANs to support mission-critical applications. And yet, pros know that security is never to be taken for granted. Here, we offer […]
The flaws that make WEP vulnerable were documented back in 2001, prompting development of dozens of cracking tools. Until recently, those attacks focused on traffic captured from active networks, requiring proximity to the targeted business. But lately, focus has shifted to off-site clients that are not connected to any network. By exploiting driver flaws, exposed […]
Subscribe to Cybersecurity Insider for top news, trends & analysis