2011-07-31

2011-07-24

Is there a spike in hacking recently?

With so much hacking news around, with Citi, RSA, Sony, Lockheed Martin, etc. all reporting serious breaches in the last couple of months, the question is has there been an increase in the hacking activities?

A few security experts share their views.

2011-07-23

Mobile Devices

If you are as confused as I am, around which is a more secure (if not the most secure) mobile device, here is a very good comparison for the iOS, Android, WebOS, etc.

Another good article that explains why Android is more prone to attacks - no its not because it is insecure or IOS is more secure.

Another article that feels both IOS and Android are equally good and bad.

.secure Internet

US govt is proposing to setup a ".secure" Top Level Domain (TLD), which will only host secure and trusted websites.

I don't think that's such a good idea.

Anonymous Group under fire!

The Story:

FBI has arrested 14 hackers of the Anonymous hacking group, for attacking PayPal, MaterCard, Visa around Dec-2010.


Their Crime:

These 14 "hackers" as FBI calls them, downloaded a tool called LOIC, which voluntarily attached their machines to the Anonymous' botnet, which at that time were being used to attack the payment gateways, which had cut off their services to Wikileaks. So, in support to Wikileaks the Anonymous group decided to fight back (dubbed Operation Payback) and called for volunteers.


So, how did they get caught?

The tool took no effort to hide the IP address of the botnet, hence easily leading the feds to the doorstep of the attackers


Conclusion:

Guys come on, these poor people were only angered by what PayPal and Mastercard did. They for sure are not the "real" hackers here. So, why not go after the big fish in the pond?


The Story continues:

In retaliation to these arrests, this week, Anonymous broke into NATO's servers and stole over 1 GB of data.

2011-07-21

Smart Identity Cards

There are some interesting projects going around the world, for ID cards. India's UID project, went live very recently. Another project that the British are working on.

Should organizations dump Windows for Apple or Linux

Post the famous Google attack, they decided to replace their Windows desktops with Apple and Linux. That is not always the best approach to secure your organizations - there is a difference in being safe and secure.

Portable Windows

How to install Windows-XP on a portable drive

Security Tips - Internet Users

Some security tips (a little higher than a beginner level) for internet users

FireSheep

A few interesting articles on FireSheep.


FireSheep is a Firefox Addon created by Eric Butler that provides an easy way for non-hackers to access other’s login info when visiting Social Networking sites.

WikiLeaks nearly immune to takedown

Wikileaks has an unbelievably strong resilience built in (for all questionable reasons), but this can be a role model for the rest

Infrastructure vs. Application Security Spending

It's so true that we need to invest as much as we invest in securing the infrastructure

Sharing IT Resources

The delicate balance between IT Security and sharing of IT Assets to reduce costs

Lifetimes of cryptographic hash functions

A very interesting post around the various hashes, and their lifelines.

Hack Attack - Time Mag

A very interesting article by the Time magazine, around the recent hacking incidents, covering groups like LulzSec, Anonymous, etc.

Foreign policy for the safety of people

Terrorist attacks, around the world, have become so common that it makes each organization wonder what the best way is to ensure the safety of their people.

Should CIOs have a foreign policy?

90% of companies say they've been hacked

This is scary... One of the survey's claim that 90% of the companies have been hacked at least once in the last 12 months

How China swallowed 15% of internet traffic

Back in Nov-2010, China published incorrect routes which caused an internet outage for 18 minutes.

The root cause, was nothing but a known vulnerability of BGP. Makes you wonder what could be the impact if someone was to actually take down the internet