Purveyor of High-Quality Verbiage

Would You Fire This Person?

Lisa Vaas — Thu, 29 Dec 2011 22:34:56 +0000

In this case study, I present you with a problem employee. You are hereby invited to help his frazzled boss either a) deal with this employee or b) show the guy the nearest exit. I solicited input from a bunch of IT bosses and management experts regarding how they’d respond, and at the end I reveal the true fate of this real-life IT worker. Check out the story at Input-Output.

In God We Trust, but Security Vendors Need to Sign the Papers

Lisa Vaas — Tue, 27 Dec 2011 02:12:37 +0000

If Anonymous, LulzSec et al. can pwn security vendors, who can protect us? Here’s help on how to rate security vendors on the sitting-duck scale.

In this two-part look at how to vet security vendors, my first article—In God We Trust, but Security Vendors Need to Sign the Papers—focuses on assessing a vendor. This is done at arm’s length by simple online research as well as by holding security vendors accountable for not living up to various agreed-upon levels of service, similar to what’s being done increasingly by the industries Veracode notes.

The second article, In God We Trust, but It’s Nice to Do a Physical Walk-Through on Security Vendors, features input from Infosec professionals on what to watch for if you can conduct an on-site visit to a security vendor.

Windows Phone 7.5 susceptible to SMS hack

Lisa Vaas — Wed, 14 Dec 2011 22:04:47 +0000

A researcher has discovered a flaw in Windows Phone 7.5 “Mango” that can crash the message center by simply receiving a malformed SMS, Tweet or Facebook message. Here’s the story.

Google-funded study finds Firefox least secure browser, Chrome the best

Lisa Vaas — Wed, 14 Dec 2011 22:01:49 +0000

A new study has tossed the big browsers into the security mosh pit and decreed that Google’s Chrome comes in first, ahead of Internet Explorer and Firefox. But when it comes to the top three, is security more about your browser being up to date and properly configured than its brand? The full story is here.

Four Romanians charged with multimillion-dollar hack of Subway, others

Lisa Vaas — Wed, 14 Dec 2011 21:59:30 +0000

The US Department of Justice has indicted and arrested four Romanians for credit card fraud perpetrated against Subway restaurants and other retailers concluding a three year investigation. Looks like default/easily cracked passwords enabled another needless theft. Here’s the full story.

Verizon blocks Google Wallet over security concerns

Lisa Vaas — Wed, 14 Dec 2011 21:54:37 +0000

Verizon and Google are sparring over who will control mobile phone payment systems, but consumers seem to be left without choice in the United States. Read more here.

Election-day cyber attack scandal rocks South Korea’s ruling party

Lisa Vaas — Wed, 14 Dec 2011 21:51:49 +0000

Did governing politicians in South Korea approve an election-day cyber attack? Three of South Korea’s top seven leaders quit their posts over the DDoS scandal. Read more.

XXX porn web domain names now up for grabs

Lisa Vaas — Wed, 14 Dec 2011 21:48:02 +0000

Pornography domain names ending in .xxx are now up for general sale, with 100,000 having already been snatched up in a previous, restricted sale. All registered .xxx sites will be scanned for malware daily, but don’t trust that to replace up-to-date anti-virus software. Here’s the story.

Condom ad poses as Facebook friend request from your fetus

Lisa Vaas — Wed, 14 Dec 2011 21:45:22 +0000

A condom company is sending friend requests from unborn sons to male users on Facebook. Do you feel it’s harmless advertising or a step too far (and a breach of Facebook’s terms and conditions)? Read the story.

New zero-day Yahoo Messenger exploit allows malware to spread via hijacked status updates

Lisa Vaas — Wed, 14 Dec 2011 21:42:29 +0000

An unpatched zero-day flaw in Yahoo Messenger allows remote attackers to meddle with any user’s status message, opening an opportunity for malware to spread. Check out the full story.