Archive for March, 2012

So just as I start up my new security blog on WordPress with a video where I talk about some of the risks (including malware) of social media, guess what shows up?

You got it! A story about 30,000 WordPress blogs being infected to distribute none other than malware. Here’s a link to the story:

http://www.pcworld.com/article/251374/30000_wordpress_blogs_infected_to_distribute_rogue_antivirus_software.html#tk.nl_dnx_t_crawl

This is really nothing new, of course. Drive-by download attacks have been around in various forms for years. I wrote about the risk in my book a dozen years ago when most users assumed that the mere act of browsing a web site was safe.

Unfortunately, as long as we have browsers with bugs, some of those bugs will result in security vulnerabilities and some of those vulnerabilities will be exploited.

No defense is 100% foolproof but one of the better ones in this area is the NoScript add-on for the Firefox browser. NoScript prevents mobile code such as JavaScript, Java and Flash (inherently avoids the exposure of ActiveX that exists in Internet Explorer) from being downloaded and executed by your browser for untrusted sites.

It does result in some pages not being rendered correctly but you can either temporarily override the block or add the site to your trusted list to get around this issue. It’s more trouble, but well worth the effort in my opinion.

I attended IBM’s Pulse Conference in Las Vegas this week (March 4-7, 2012) and what a show it was! IBM Fellow Grady Booch’s interview with Apple co-founder, Steve Wozniak (Woz starts about 56 mins in), was a real highlight as was the Maroon 5 concert the night before. They even let me join in on the fun with a video interview of “all things security” which ranged from discussing the significance of launching of the new IBM Security Systems division to the changing nature in both motivation and sophistication in the current hacker threat.

Welcome to Inside Internet Security — the blog. I qualify it that way since it is named after a book I wrote about a dozen years ago which, in a sense, served as the launch pad for what has been an amazing personal journey through the intricacies of IT security in the age of the Internet.

It seems somehow appropriate to commence this new (for me) means of outreach through social media with an exploration of some of the security risks inherent in this format. So in that spirit, I offer up a link to a keynote talk I did in September of 2011 at the New York Institute of Technology’s Cyber Security Conference for your consideration in hopes that it will provoke some thinking on the topic.

In this talk I discuss some of the vulnerabilities in the social networking format as well as cite examples of real world attacks and compromises that have occurred on Facebook and LinkedIn along with some discussion of the weaknesses that exist in current authentication technologies such as passwords and biometrics. (There were some technical difficulties with the audio at the start but it smooths out soon.)

Enjoy …

https://i0.wp.com/www.nyit.edu/images/uploads/calendar/cybersecurity-200_1.gif

NYIT Cyber Security Conference: How Secure Are We? Identify Management and Social Networking Threats