Cloud Computing

(get it in RSS or Atom)

HP finds that "Internet of Things" gadgets are sitting ducks

70% of internet gadgets are sitting ducks for attackers

TVs, webcams, thermostats, remote power outlets, sprinkler controllers, door locks, home alarms, scales and garage door openers: they're all flunking Security 101, with issues as bad as "Sure, go ahead, we consider '1234' to be a perfectly acceptable password."

Facebook new groups feature rife with abuse

Image (1) facebookcreategroup187.jpg for post 36104

Facebook's newly announced groups feature may not be the boon for privacy some have predicted. Although only a small percentage of Facebook's users are upgraded to the new features it would appear people are exploring the possibilities in a rather Read more…

4chan takes on MPAA, RIAA and Aiplex... and wins

4chan takes on MPAA, RIAA and Aiplex... and wins

Update 3:BPI went down occasionally for short periods of time, but they seem to have gained the upper hand in defending their site. Update 2:RIAA is back online as of 9:10 PM Pacific time. The attack on the BPI is Read more…

Twitter tightens security - Good news for social media safety

Image (1) oauth500.png for post 3451

I have been waiting for this day for over a year now. Death to the Twitter HTTP API. Long live OAuth! I have written several times that Twitter needed to get rid of their old, insecure authentication mechanism if they Read more…

Twitter attack sends disturbing "Watch Movies/ Cartoons/ TV Shows" spams

Image (1) twitterbtn525.png for post 3403

Update:More than 1000 tweets have gone out with no perceived action from Twitter. Hopefully someone is working on this issue and will assist the victim accounts with resetting their passwords. Update 2: Twitter took care of this issue on Monday Read more…

Hot chick on Twitter? Bet it's a spammer

Hot chick on Twitter? Bet it's a spammer

A new Twitter follower whose profile picture is a hot girl is usually a clue that you may be led to a spam. Especially if they are following hundreds of people and don't have a lot of followers. Fortunately this Read more…

Twitter botnet command and control captured

Image (1) twitterbot250.png for post 2805

I came across this very interesting example of a Twitter controlled botnet this evening. There has been a lot of talk the last few weeks about a new toolkit for creating simple Twitter bot armies, but little evidence of it Read more…

Google collecting Wi-Fi data is not the problem

Google collecting Wi-Fi data is not the problem

If you read the IT security rags this morning, you would think Google committed a major crime with all the bad press they've been getting. Granted, while driving down the street invading people's privacy with their car-mounted cameras, they should Read more…

Evolution of spam: Explained

Image (1) skypeviagra514.jpg for post 2803

Spammers are taking advantage of all this cloud computing nonsense to get past our best defenses. I presented at Infosec Europe on how Russian affiliate networks (Partnerka) have eased up on spamming via email and have migrated to the web, Read more…

Monetization of the Internet - User choice

Image (1) busstopnoad-wirehead2501-250.jpg for post 2796

When I started working in the computer security field 10 years ago, I would never have imagined that future battle lines would be drawn between legitimate online businesses and privacy warriors. Today aside from battling spammers, criminals, and ID thieves, Read more…

Ash-trapped - Sophos Security Chet Chat 5 and 6

Image (1) sean-richmond125.jpg for post 2794

Well, like many other Sophites I have spent some unexpected time in Europe this week. Fortunately for me, I was able to tour a bit of my homeland (Poland) and only be diverted a few days from my regular schedule. Read more…

Does Facebook privacy stand up to rivals?

Image (1) privacy-250.jpg for post 2792

At the end of March, Facebook announced some proposed privacy policy changes in compliance with their open governance policy. The same week, I logged into LinkedIn to discover they had also recently updated their privacy policy. I thought this might Read more…

Google Talk used to distribute Fake AV

Image (1) mypartygchat.jpg for post 2784

When speaking in public and delivering presentations, I am often asked "Why would they want my Google/Yahoo!/MSN/Facebook credentials? It's only a throw-away email address." These services have transformed from simple webmail and messaging experiences into fully integrated platforms for video, Read more…

Sophos Security Podcast #1

Image (1) rsa2010-250.jpg for post 2783

I am pleased to announce that we are launching a new weekly series of podcasts on relevant topics from the previous week, and interesting findings from SophosLabs. I will be having security related conversations with many people from around Sophos, Read more…

New Facebook phish: in-depth

Image (1) fbchat250.jpg for post 3143

When it comes to social networking threats, when it rains, it pours. Sophos's David Schwartzberg alerted me to a new Facebook attack this evening that could lure in even the most sophisticated of computer users. It started out with David Read more…

Twitter hack demonstrates the power of weak passwords

Image (1) dvorak4.png for post 3129

To update yesterday's story, the attack on Twitter pushing diet pills appears to be the result of weak passwords combined with brute force. Thank you to the users who contacted me, as the data you provided was helpful in researching Read more…

John C. Dvorak falls victim to Twitter hacking

Image (1) dvorak1-550.png for post 3126

In another attempt at creating Twitter spam, hackers have acquired access to hundreds of legitimate Twitter accounts. It is unclear the origin of the attack at this point. These attacks can occur in one of two primary methods. Last month Read more…

Social media security made easy

Image (1) rsa2010x550.png for post 3103

I just returned from RSA 2010, where one of the most discussed topics was social media security. Those of us in the business use the term social media quite frequently, but what we are really referring to is Facebook, Twitter, Read more…

Twitter.Grader.com hacked, tweets sent for SEO purposes

Image (1) graderviagrader.png for post 3073

The onslaught against social media continued today when someone managed to hack into Grader.com, a service to measure inbound marketing leads from Twitter, Facebook, and other media. Around 11:30 am PST this morning I started getting some tweets that were Read more…

What is identity?

What is identity?

Guest blogger Michael Argast: SSN 627-44-3942, DOB July 17th, 1971 Lie. I generally consider myself pretty truthy, but increasingly these days I find myself lying. A website needs my date of birth? Make something up. Mother's maiden name: Jones. Favorite Read more…