This is the problem with some security issues(complicated technical issues that require expertise to fix): http://www.kb.cert.org/vuls/id/361684 Home routers implementing the UPnP protocol do not sufficiently randomize UUIDs in UPnP control URLs, or implement other UPnP security measures. This attack has the beginnings of a potential problem, some vendors have sufficient protection built-in: “Some vendors have … Read more
I want to highlight 2 current articles: http://www.infosecurity-magazine.com/news/pawn-storm-serves-malware-via-fake/ and http://googleonlinesecurity.blogspot.com/2015/07/new-research-comparing-how-security.html It is best to use good passwords, 2factor authentication, and patch your systems The first article points to how a fake website was set up and delivers a zero-day java exploit attack onto unsuspecting users as they come in the website, and you … Read more
There is a great white paper at sans.org Elizabeth Stanton wrote it to highlight “Security through Quality Assurance Practices” I found it by doing a google search “quality computer security”. In my quest for trying to explain to non-security people why they need to pay more attention to computer security without blasting headlines … Read more
An interesting paper on the analysis of the frequency of data breaches. It is an attempt by Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest. These researchers obtained the data from https://www.privacyrights.org breach info. The PRC(Privacy Rights Clearinghouse) has compiled a Chronology of Data Breaches” dataset that, as of February 23, 2015, contains information on 4,486 publicized data breaches that have occurred … Read more
As I was scanning the Internet for interesting relevant articles this is the one I thought was unique in discussing a fundamental issue of our time(in 2015) http://www.infoworld.com/article/2616931/firewall-software/why-you-don-t-need-a-firewall.html Plus Roger Grimes discusses buffer overflows. { For nearly three decades, remote buffer overflows were the most dreaded tool in the hacker’s arsenal. Simply find an open … Read more