Thursday, May 24, 2012

Little Black Book Now on Kindle

The Little Black Book of Computer Security, Second Edition, which I just released again as a reprint, is now available from Amazon on Kindle.

This is my first book on Kindle and, of course, my first experience with e-books. It should be interesting.

Wednesday, May 09, 2012

The Little Black Book Now Available Again

I've just republished my book, The Little Black Book of Computer Security, Second Edition, which had gone out of print last year.

I also reduced the price to $14.95 and made the format a bit bigger -- but it's still a "little black book".

The book is available again on Amazon or CreateSpace.

The Little Black Book of Computer Security, Second Edition

Friday, November 04, 2011

Digital Pickpockets on TV

I appeared on a TV program last night about so-called "digital pickpockets," who skim and clone credit cards. The program also had a demonstration of how card numbers can be sniffed from RFID cards right from people as they walk down the street.

Besides punching a hole in your credit card to remove the RFID chip, as the reporter dramatically showed at the end of the program, the best ways to protect your credit card are still the old-fashioned way -- frequently checking your credit card statements, keeping your card within eye sight and being careful where you use your card.

Wednesday, March 02, 2011

TV Appearance -- Again

I was interviewed briefly on local television about ATM security. Thieves were allegedly using a master code to steal from ATM machines. The victim, in this case, was the machine, not individual accounts, since the alleged crooks used the code to pilfer the contents of the ATMs and not the accounts of individual credit or debit card holders.

My last television appearance was in 2009, also on a local station, about my book, The Little Black Book of Computer Security, Second Edition.

Friday, August 27, 2010

Remember Infected Floppies? Now They're USB Devices

Remember the good old days when you could get virus infections through infected floppy disks? That was long before there was a Web, or an Internet, available to the average person. Well, now, those infected floppies, tossed away long ago in the trash, have been replaced by USB devices, according to Computer World.

Quoting the 2nd International Security Barometer report from Panda Security, a quarter of worm infections are spread through portable storage devices. The study of 10,000 small- and medium-sized businesses said 27% of attacks by malware were found to have originated from USB devices.

Among those victimized by USB-laden malware have been the U.S. military, which was hit when an infected USB drive was plugged into the U.S. Central Command's (CENTCOM) network, which is the regional command for the Middle East, including Iraq and Afghanistan.

Another USB thumb drive loaded with W32.SillyFDC, a low-risk worm, burrowed into both classified and non-classified military networks in 2008, in what is being described as the most significant breach of U.S. military computers.

In the private sector, the Stuxnet worm, which was aimed at PCs used in large-scale industrial control networks, was discovered in July to have also been spread by USB drives, according to a report from Computer World.

Protection can be found using Panda USB Vaccine, a free download for preventing infections on USB devices.

Thursday, July 22, 2010

Cyberduped by Fake Sexy Cybergeek

This is another one about the perils of not being careful when using social networks. A security researcher set up a series of fake Facebook, LinkedIn and Twitter accounts, bearing information and a seductive mug shot of a young lady, posing as a Navy cyberthreat analyst.

The fictitous flirty little Sage, as the dupe was called, established links with around 300 - mostly men, not surprisingly, but also some women - in the U.S. military, intelligence and information security communities. Some of her new found "friends" even considered offering her a job, according to this story in Computerworld.

Interestingly, the flesh honeypot wasn't able to attract any attention from either of the two top notch schools - MIT and St. Paul's, a New Hampshire prep school - listed on LinkedIn to demonstrate her high educational pedigree.

It seems the prep schools were a bit more choosy in who they friend. "One of the things I found was that MIT and St. Paul's [prep school] were very cliquey. If they don't remember seeing you, they are not going to click. You had less of a chance of penetrating those groups than the actual intel and security communities," Thomas Ryan, the real person behind the phony social networker, was quoted as saying.

The lesson is simple and obvious: If you don't know them personally, don't friend them. No matter how cute, knowledgeable or well-educated they appear. Matahari has now moved to cyberspace.

Monday, July 05, 2010

Hackers Hit YouTube XSS Flaw

YouTube was attacked yesterday by hackers using a Cross-Site Scripting (XSS) vulnerability on its web site. Press reports indicate the flaw was fixed by Google, YouTube's owner, within a few hours.

The flaw apparently allowed the attackers to post JavaScript code in the comments section of videos. The attack redirected users looking for videos of Canadian singer Justin Bieber, alleging falsely that he was killed in a car accident. Twitter tweeted away that YouTube was hit by a virus.

Some more technical details were reported on Techie Buzz, and the Internet Storm Center at SANS mentioned the exploit could steal the cookies of YouTube users, which they said wouldn't be of much value.