Informationweek Influencer
Christophe Veltsos (@DrInfoSec)
- Twitter Bio:
- InfoSec, Risk, and Privacy Strategist. More at www.linkedin.com/in/chrisveltsos
- Location:
- Mankato, MN
- Website:
- http://blog.drinfosec.com
Christophe Veltsos's Selections From the Web
Smartphones and tablets are powerful and popular, with more than a thousand new mobile apps hitting the market each day. In this fast-moving era of entrepreneurship and creativity, is security keeping up? Apps and mobile devices often rely on consumer data — including contact information, photos, and location to name a few — and can be vulnerable to digital snoops, data breaches, and real-world thieves. The Federal Trade Commission (FTC), the nation’s consumer protection agency, offers these tips to help developers approach mobile app security.There is no checklist for securing all apps. Different apps have different security needs. For
An analyst looks at code in the malware lab of a cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho, Sept. 29, 2011.An analyst looks at code in the malware lab of a cyber security defense lab at the Idaho National Laboratory in Idaho Falls, Idaho, Sept. 29, 2011.There have been security flaws in software as long as there has been software, but they have become even more critically important in the context of cyberweapons development.In the past, security researchers who stumbled on a software flaw would typically report the flaw to the manufacturer of the software, so it could be fixed. That changed, however, when
Every year the security community produces a stunning amount of new Web hacking techniques that are published in various white papers, blog posts, magazine articles, mailing list emails, conference presentations, etc. Within the thousands of pages are the latest ways to attack websites, Web browsers, Web proxies, and their mobile platform equivilents. Beyond individual vulnerabilities with CVE numbers or system compromises, here we are solely focused on new and creative methods of Web-based attack. Now it its seventh year, The Top Ten Web Hacking Techniques list encourages information sharing, provides a centralized knowledge-base, and recognizes
Roughly a third of malware sent to a virtualized environment for analysis is able to elude detection, a security expert says.
Security vendors sell virtualized appliances to run and analyze the behavior of suspicious applications to identify malware, determine how it entered a network and then plug vulnerabilities. Over the last few years this technology has been used, cyber criminals have found ways to make their malware appear benign in such environments.
"Overall, there are so many ways malware can uncover it is inside a virtual environment that it is practically impossible
Generations of hobbyists hardware hackers have spent countless hours messing with piles of radio gear, happily tinkering away in garages and basements looking for new ways to connect to people around the world. Now, a researcher has put together a new radio called HackRF that is a kind of all-in-one hacker's dream with functionality to intercept and reverse-engineer traffic from a wide range of frequencies and sources.HackRF is the work of Michael Ossmann of Great Scott Gadgets, and the idea behind the project was to build a multipurpose transceiver that a user could attach to his computer and use as a "software-defined radio". Ossmann has released
An unusual new strain of ransomware makes good on its threat, doing what the majority of other varieties only claim to do. The Trojan actually encrypts data on infected machines, effectively rendering certain files inaccessible to users on compromised computers in order to block removal.This veracious new version of the otherwise well-known police ransomware Trojan is unique but only in the sincerity of its promise. According to a report by Hynek Blinka on the AVG News and Threats blog, most ransomeware campaigns deploy a familiar warning, asserting that some crime has been committed by the user and that the user’s machine will remain locked
French security researcher firm Vupen claim to have already developed a reliable windows 8 exploit, just days after the launch of latest edition of Microsoft's flagship operating system.The sometimes controversial firm, which sells the exploits it develops to Western government agencies and deliberately avoids sharing vulnerability details with vendors, said that the exploit it has cooked up allows it to take over Windows 8 machines running Internet Explorer 10."We welcome #Windows 8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations,” Vupen’s chief exec Chaouki Bekrar boasted in a Twitter update.Windows 8 offers improved
Virtualization software maker VMware issued an update last Thursday resolving a virtual machine communication interface (VMCI) vulnerability in its ESX Server, Workstation, Fusion and View products that could lead to a privilege escalation if unpatched.According to the VMware security advisory, a local attacker could potentially exploit a control code handling vulnerability in vmci.sys in order to tamper with memory allocation in the VMCI code and eventually obtain elevated privileges on Windows-based hosts and guest operating systems.The vulnerabilities affect systems running Workstation 9.0 as well as versions prior to 8.0.5; Fusion 5.x prior
If a newly released survey is any indication, publicized data breaches aren't enough to prompt small businesses to better protect their customer or employee data.
A survey released this week by The Hartford found 85 percent of small business owners believe a data breach is unlikely and often lacked even basic measures to secure sensitive data.
"Most of the business owners surveyed believe they are not at risk, when in fact smaller businesses are increasingly being targeted," said Lynn LaGram, the assistant vice president of small commercial underwriting at The Hartford,
Upcoming Events
Live Events
- Digital Disruption - E2 Conference Boston
- The Language of UX: Beyond Buzzwords -
- Delve into technologies and business issues around mobile payments and wallets - Mobile Commerce World - Mobile Commerce World
- Learn how to best integrate mobile commerce with your current systems -- Mobile Commerce World - Mobile Commerce World
- Mobile Connect - E2 Conference Boston - E2 Conference Boston
This Week's Issue
Free Print Subscription
SubscribeSpecial Issue
Current Government Issue
- The Government CIO 25: These influential and accomplished government IT leaders are finding ways to be cost efficient and still innovate.
- Rethink Video Surveillance: It's not just about networked cameras anymore. New technology provides analytics, automation, facial recognition, real-time alerts and situational-awareness capabilities.
- Read the Current Issue
Related Whitepapers
Related Reports
