Sunday, January 07, 2007

Weekend Reading

A Tour of the Google Blacklist

I recently decided to devote a day to walking through the Google Blacklist. While some of the findings were to be expected, others proved somewhat surprising. The Google Blacklist is a listing of URLs suspected to be phishing sites. It is used by the Google Safe Browsing for Firefox extension which is now part of the Google Toolbar for Firefox. It is also leveraged by the Firefox 2 web browser. Google maintains a number of different safe browsing lists to combat phishing including a URL blacklist, an encoded/hashed blacklist, a URL whitelist, a domain whitelist and a sandbox text list, which contains keywords included in URLs. While Google doesn't reveal exactly how these lists are developed, it's clear that user input is an important variable given that both the Google Toolbar and Firefox 2 allow for optional user feedback when phishing sites are encountered.

Read more HERE.

==================================================================
Microsoft's Achilles' Heel: Office

Ken Dunham, director of iDefense's rapid response team, said similarities in the computer code of all three malicious programs strongly suggested the handiwork of a Chinese hacking group known to write computer viruses for hire. And in each case, the attackers designed their hidden viruses to take advantage of security holes recently discovered in the Microsoft Office programs.

Read more HERE.

==================================================================

Coming soon: Microsoft Windows Home Server?

There's been radio chatter this week of a possible new addition to the Windows family: a "Home Server." If the chatter is right, Microsoft will unveil it at CES, which kicks off next week. "Home Server," according to my sources, is about centralized storage, home automation and security.

Read more HERE.

==================================================================
Microsoft Office 2007 - Where is everything?

There is a big downside to this gutsy redesign: It requires a steep learning curve that many people might rather avoid. In my own tests, I was cursing the program for weeks because I couldn't find familiar functions and commands, even though Microsoft provides lots of help and guidance.

Read more HERE.

==================================================================
Spoofed/Forged Email

This document provides a general overview of email spoofing and the problems that can result from it. It includes information that will help you respond to such activity.

Read more HERE.

==================================================================
Banking on Multifactor Authentication

The Windows-based authentication application -- Bharosa's Authenticator -- uses multiple levels of user verification, including username and password as well as a unique image and text phrase for the user. The KeyPad Authenticator, for instance, looks like a graphical keyboard, but behind the scenes, it's a tool that encrypts the user's authentication data so hackers can't intercept it.

Read more HERE.

==================================================================
Secure your network - NSA-style

The [PDF] guide, which checks in at just under 50 pages, is serious about airtight network security, urging you, for example, to enforce a password history of at least 24 different 12+ character passwords, swapping out passwords at least once every 90 days.

Read more HERE.

==================================================================
Another free anti-virus - PC Tools


Nowadays, more and more software companies are coming out with their own free version of their security software, both anti-virus and firewall software. PC Tools have released a free version of their Anti-Virus software called “PC Tools AntiVirus Free Edition”.

Read more HERE.


==================================================================
Security by Insanity

It all began on the first interview, the moment I entered their building. I was asked to sign a four-page Non-Disclosure Agreement and was sternly warned that no recording devices of any kind were allowed in the building. It didn't seem that unheard of, so I assured them that I had no intention of recording the interview and signed the agreement, thereby swearing on my life that I would never describe to another living soul what I saw on the premises that day. To this day, I cannot reveal which motivational poster I saw framed in the only room I was allowed to see: the conference room off the entrance.

Read the article HERE.

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Home