SecurityThreats

The 23rd  USENIX  Security conference 8/20 – 8/22 2014 discussed  many subjects There is a specific paper about “An Internet-Wide View of Internet-Wide Scanning” by Zakir Durumeric University of Michigan zakir@umich.edu, Michael Bailey University of Michigan mibailey@umich.edu and, J. Alex Halderman University of Michigan jhalderm@umich.edu So that you do not have to fish the 13 pages out of the 1000 page main document … Read more

In the realm of incidence reporting and response Management: CERT has a process to use. One has to have a Computer Security Incident Response Team (CSIRT) A security incident occurs when unwanted scans and attacks are happening. Breaking a security policy is also a security incident.   Of course breaking into a server and stealing data … Read more

In 2011 Cisco put out a report  there are 12.5 Billion devices connected to the Internet  and since we have 6.8 Billion people there are more devices than people (tablets, smartphones etc). In fact according to this Cisco report the year 2008 is when the number of connected items (or Internet of things) exceeded the number … Read more

Bromium report has the information plus a lot more. Two items of note in the report: 1. the type of exploits occurring in IE, Java and Flash The security system of the Operating system(ASLR and DEP) was exploited in Zero-day attacks in Internet Explorer(IE). The new Adobe Action Script feature was exploited in Flash And … Read more

OWASP has a good description of Man-in-the-Browser or MITB attacks. I am trying to explain it with an image (this is a fictional account)- 1. the Customer (person trying to go use a financial website) goes to “Bank in USA” website. 2. The “Bank in USA” sends information to create a web interface for Customer. … Read more