You may have noticed that the focus and the format of the Security Corner has changed a bit. I will be posting current news items and short tips twice per week, mostly in the form of links. Two or three times per month, I will post longer articles as well.
The MiFi – cool tool, but, it has a GPS, so your provider has a record of where you are and where you have been. As it turns out, they may not be the only ones that know.
Be careful where you get your Quicktime movies. There is a buffer overflow vulnerability in older versions of QT. A malformed .mov file can be used to execute code. The current version has not been shown to be vulnerable to remote code execution, but may crash. If it can be crashed, remote code execution is usually around the corner.
Not all threats come from the outside. “Trusted” employees can represent even greater threats because they have privileged access.
ATM fraud – more common than you think. Check out this skimmer – complete with a camera to record pin number entries. Pay attention when visiting tht ATM!
The “Google attack” had broad implications. The Chinese attack on Google is one of the biggest security stories in recent months. I have had little to say about it, because it has been so well covered by the media. The broader implication is that even a company like Google (not to mention Adobe and many others) is vulnerable to zero-day attacks. Never ASSUME your clients are safe – check for signs of unusual activity and NEVER, NEVER stop raising their level of awareness.
Dennis H in West Virginia, US
January 18, 2010