November 2012 - Posts
As there are "no free lunches" on the Internet, a new Facebook scam has surfaced that should be avoided.
http://facecrooks.com/Scam-Watch/Get-Free-400-Costco-voucher-Now-Claim-your-Free-400-Costco-Voucher-Facebook-Scam.html
QUOTE: We have seen this popular landing page on so many scams before. This should be a huge red flag by now. After completing all three steps, you are redirected to the landing page shown below. If you read the fine print, you have to complete user surveys and a several reward offers. We have never known of one person to actually receive the item being offered in promotions like this. They appear to be fraudulent marketing gimmicks!
Skype users should promptly apply this key update:
https://isc.sans.edu/diary/Skype+account+hijack+vulnerability+fixed/14512
http://countermeasures.trendmicro.eu/skype-vulnerability/
http://heartbeat.skype.com/2012/11/security_issue.html
QUOTE: The folks over at Microsoft (who now owns Skype) fixed a bug earlier today that potentially would have allowed anyone to hijack a Skype account simply by knowing the e-mail address the account was associated with.
Security updates are available to patch vulnerabilities in Windows, IIS, Excel, IE and Framework are available.
Please promptly install these critical protective updates.
https://isc.sans.edu/diary.html?storyid=14503
http://technet.microsoft.com/en-us/security/bulletin/ms12-nov
Some interesting techniques ... the technique for voice mail might save a minute or more, which could add up over time
http://www.nbcnews.com/technology/gadgetbox/how-skip-outgoing-voicemail-automated-phone-systems-1C6983977
QUOTE: The next time you make a phone call and are greeted with a machine (voicemail or automated phone system) instead of a person, save some time and get straight to your message or the extension you need to dial with these simple phone tips.
For voicemail: When you start to hear the outgoing message, press # and it should take you straight to the beep. (Tested and works on my phone.) Alternately, you can try * (should work for Verizon) or 7 for AT&T.
For automated phone systems (IVRs): There are a number of strategies to quickly get you past the annoying prompts ("press 1 for your account balance, press 2 for directions, press 3..."). The first one is a pretty old technique we've covereda couple of times before and it works on all phones: In the address book for your contact, add a comma after the phone number you want to dial and then the extension or menu options (insert a comma between each menu option). Your phone will dial the number, pause, and then automatically enter the numbers after. (On some keypads, you get the comma by tapping the "pause" button or by holding down the +*= button.)
Mozilla documents it's commitment to security during Cyber Security Awareness month
https://blog.mozilla.org/security/2012/10/31/mozillas-commitment-to-security/
QUOTE: October is National Cyber Security Awareness month and we want to take the opportunity to reiterate Mozilla’s security commitment to the Web. From Firefox for Windows, Mac, Linux and Android to Firefox OS to the Firefox Marketplace, Persona and more – Mozilla is committed to delivering secure applications and services that protect our users’ data and privacy. This is more than just a commitment; it’s even in our manifesto. Individuals’ security on the Internet is fundamental and cannot be treated as optional. http://www.mozilla.org/about/manifesto.html
Let’s take a quick look at the variety of mechanisms we include within our secure software development lifecycle.
* Threat Modeling – During design we gather security experts, developers and architects to evaluate potential risks of a design and ensure proper security controls are present in the design of the new system or feature.
* Fuzzing – Automated scripts and tools send a variety of malformed data into our applications to ensure our products properly handle all sorts of unexpected scenarios that could otherwise lead to vulnerabilities.
* Security Code Review – Our security experts and developers manually review critical code to identify the proper use of security controls and proactively find potential flaws.
* Penetration Testing – We perform the same actions that a real attacker would take against our applications and ensure all security defenses are properly functioning.
* Bug Bounty Program – Mozilla began the first browser bug bounty program in 2004 and expanded to include critical web applications in 2010. This program builds our larger security community and is another way we proactively discovery security issues and provide fixes long before users are ever at risk.
More Posts
« Previous page