Aug
17
Darkreading has an article about
Verus Inc. closing doors. There are many times when security does not seem like a priority and gets ignored. Sensitive data is sent as clear text, firewalls are configured badly and web applications are deployed without any security testing done.
In a way, it's good to see that this doesn't always go unnoticed - especially when it comes to sensitive information such as medical data.
However, in the long run, it might be more important to see why a lot of companies are still not practicing basic security. Is it lack of knowledge (competence etc), or is it simply the case that most of the times implementing security is still seen as an extra?
I personally think its a bit of both.
The solution to the first problem would probably be reputation and elimination - which is what (apparently) happened to Verus Inc. However the second problem might be more tricky.
This book might be particularly interesting for those interested in the subject of security and usability. In the end of the day, security needs to be built in and be easily accessible.
And for those interested in the case, if you google around you'll find
posts which shed more detail.
Posted by Sandro Gauci
Aug
10
This article sheds some light on what emails such as the one below consist of:
MAKE EXTRA $$$ WORKING FROM HOME! NO SPECIAL SKILLS REQUIRED! EARN HUNDREDS OR THOUSANDS EACH MONTH!
Mafia and terrorist organizations have been using mules for a long while to launder money.
When it comes to the internet, this is how it works:
- Phisher starts spamming people with links to phishing sites to steal bank account info and so on
- At the same some the phisher starts spamming people with these "work from home" emails
- As bank account details start rolling in, the phisher starts moving small fractions of money to other bank customers who have accepted to "work from home" aka mules.
- The mules keep a percentage of the money, send the money to the phisher and eventually get caught
- The phisher gets away with the rest of the money .. and most of the times doesn't get caught
- Not a happy ending
Posted by Sandro Gauci
Aug
4
So people please keep your eyes open for websites such as the Virtu Ferries Internet Booking Service. This initially showed up as a quick article on
geekbazaar.org by Spacer who copy and pasted what he was presented with after he put in his reservation details online:
Payment may be effected by e-mailing your credit card details (Card Type - VISA/MasterCard/AMEX; Card Number; Security Code and expiry MM/YY) to creditcards@virtuferries.com together with the booking reference. Kindly note that if payment is not effected within 24 hours, your reservation may be cancelled.
Thank you for choosing Virtu Ferries
Albeit unbelievable, please
DO NOT go ahead with sending your credit card details in an EMAIL !!!
If you have to send credit card details as requested above, make sure you do so on a webpage that is secure (SSL)
Look for the padlock on the bottom of your browser. For the record, emails are transmitted in clear text and can be viewed by any administrator when in transit to its final destination. Needless to say they can also be abused.
The original post can be read
here...
Posted by Donald Tabone
Aug
3
So, following up on a previous article by Sandro
"Why passwords suck" finally comes a website offering the technology empowering tokenless dual factor authentication...
Taken from their
website I guess here at Maltainfosec.org we couldn't agree more
Passwords are often the weakest link in data security. Users pick terrible passwords. Bots and keyloggers harvest passwords by the thousands. Phishing sites trick users into giving passwords away. Passwords can be passed around, sold, or posted on the Internet. Users reuse passwords in- and outside of the office network. They're better than nothing, but most companies need something stronger than passwords.
How does it work?
PhoneFactor works by placing a confirmation call to your phone during login. You simply answer your phone and press # to confirm the login.Because it just uses a phone call, PhoneFactor is compatible with any TouchTone phone. There is no software to install, and it works with regular phones just as well as with mobiles.
Best of all PhoneFactor is FREE
PhoneFactor can be installed and configured in minutes with unlimited users and authentications. There are no tokens to mail, no hardware to buy, and no licensing fees to pay.
Well we've been waiting for something like this to come around and finally here it is in a variety of ways we can use it!
Posted by Donald Tabone
Aug
3
Information Security Day was started to spread the awareness of information security issues. Information Security, also known as Information Systems Security (INFOSEC) deals with the different aspects of information and its protection. Information Security Day aims at reducing the risk associated with the information systems by increasing the awareness of user community. The INFOSec Day aims at increasing the awareness in the following areas:
- Understanding the various information system components
- Security Management Principles
- Risk Assessment, Sensitivity and Criticality
- Disaster Recover and Emergency Procedures
- Logical Security
- Physical Security
- Managerial Security Measures
More information about the event is
here
PS> There is also a T-Shirt to buy to get you more in the mood 
Of course we support the cause !
Posted by Donald Tabone
Twitter
