Here is a rule of thumb that is more important than ever on today’s Internet: Do not post anything on the Internet that you do not want others to find out about you. Do not post it on your public Facebook profile, not on Twitter, do not use real life accounts when you make awkward [...]

It seems that those friendly, harmless little hackers from LulzSec have turned their attention, at least momentarily, from computing giants to passing bystanders in the evolving battle that has been kicking up online in past months. Friday the hacking community Lulz Security (LulzSec) posted a file which it claimed contained the username and password information [...]

Microsoft had a huge patch day yesterday with 16 security bulletins for the Windows operating system, Microsoft Office, Internet Explorer and other Microsoft software. Adobe, the company behind popular technologies such as Flash Player, Shockwave or Adobe Reader released five security bulletins on the same day after teaming up with Microsoft to coordinate security releases.. [...]

Microsoft has released a total of 16 security bulletins on this month’s patch day. Patch day refers to the second Tuesday of each month on which Microsoft will release security patches. This month’s patch day consists of many different patches. Nine of the 16 bulletins have a maximum severity rating of critical, the highest possible [...]

Spanish police announced today that they had captured three people suspected of hacking in connection with the recent attacks against Sony’s PlayStation Network, as well as government and corporate websites around the world. The National Police have identified the trio as the local leadership of the internationally infamous network of hackers known as Anonymous. Anonymous [...]

In May of 2009 a Sanford, Maine based company, Patco Construction Co, filed suit against Ocean Bank, a division of Bridgeport, Conn. Based People’s United Bank. Patco used online banking to make weekly payroll payments and claimed that cyber thieves had used a Trojan (ZeuS) to steal Patco’s online credential and then heisted $588,000 over [...]

RSA has finally opened up and started talking about the March breach into its systems. Admitting that SecurID tokens were compromised, the company has promised to replace all 40 million tokens, for any client that feels it’s necessary. Chairman Art Coviello also stated that for financial institutions, they are also offering to provide transactions monitoring. [...]

Adobe and VideoLAN have released security updates for some of their software programs today. Adobe released a new version of Adobe Flash Player which fixes a security vulnerability in the popular application. The security bulletin reveals that an important security vulnerability has been identified in Adobe Flash Player 10.3.181.16 and earlier on all supported operating [...]

LulzSec is certainly going to make a name for themselves at the rate they are going. The hacker group claims responsibility for the recent major attacks against Sony and PBS’s websites as we have written about, compromising well over an incredible number of user’s security information and exposing the poor security of both companies. Despite [...]

It is no secret to anyone that between the dates of April 17th and 19th, still as yet unnamed hackers broke into Sony’s database and stole the personal data of more than 100 million users of Sony’s PS3 Network, Qriocity entertainment service and the online gaming network, Sony Online. Sony claims to be using industry [...]

After showing you how to protect your Facebook account login from malicious attacks, it is time to show you how to protect your Google account and login as well. Your Google login can be the key to all Google services, from Google Mail and Google Apps to Google Analytics, Adwords or even plain Google Search. [...]

Skype users who use Windows as their operating system may currently receive update notifications in Skype. The update, which displays right after the launch of the voice over IP software Skype on most systems asks the user to install EasyBits Go on the system. Many of the updates characteristics are similar to that of malware [...]

An update for the popular blogging software WordPress was just released. The developers classify the update as a security update, it appears however that it fixes no zero day vulnerability. The WordPress blog lists the following security enhancements and fixes in WordPress 3.1.3. Various security hardening Taxonomy query hardening Prevent sniffing out user names of [...]

Sony’s PSN services are finally being restored. The three week long hiatus is finally over. They have instituted new rules for security’s sake. But is it enough? Why is Japan still out of the loop? How much of a black eye will Sony have due to this outage? On April 20, Sony’s PSN was hacked [...]

If you were looking for a reason to make the switch to Windows 7, you may have found it in form of Microsoft’s latest Security Intelligence Report. The document, available for public download at Microsoft’s Security Intelligence Report website, covers the state of Windows, application and web security in the year 2010. Security interested users [...]

Facebook about a month ago began to roll out a two-factor authentication system designed to protect user accounts from unauthorized access. Two-Factor authentication is designed to add a second form of authentication to the login process, usually in form of a code that is send to the user. PayPal for instance is offering VeriSign ID [...]

Question: How can you protect USB devices like sticks or drives from being infected with computer viruses? Some users are lucky enough to have USB devices that have write protection switches, just like floppy drives had back in the good old days. They just need to pull the switch to write protect their devices. Modern [...]

Web of Trust is a community driven website reputation service. It is available as a look-up service on the company website, and as an automated software for various web browsers. The service is being used by millions to verify a website’s reputation before the site is visited. The browser extensions handle those checks automatically and [...]

The developers of the popular antispyware scanner and cleaner Spybot-Search & Destroy have released a first public beta version of the soon to be released version 2.0 of the application. You will notice right away that the Spybot application has turned into a heavyweight over the years. The 66 Megabyte download indicates this already, and [...]

When it comes to security on the Internet, it can be extremely complicated for end-users to find out who is telling the truth, who is not and who is bending it. Two days ago news broke that French security company Vupen managed to bypass the Chrome browser’s sandbox, something that no one had managed to [...]

Security has been one of the top topics of the last 30 days. We have had the Last Pass incident and the Sony PSN hack. Both incidents demonstrated that your data may be at risk, even if you play by the book and use the best security practices available. If you thought that’s all for [...]

Microsoft has released two security bulletins on this month’s patch day. Every second Tuesday of a month is so called patch day at Microsoft where a number of security related updates are released. One of the security bulletin addresses securities in Microsoft Windows, the other in Microsoft Office. If you look at the maximum severity [...]

The cloud has been rather rainy, lately. Sony has had a rough month, to say the least. They’ve been hacked, and info has been stolen. At the time of writing PSN has been down for close to three weeks, and Sony Online Entertainment has been down for a week. During this time, Sony hasn’t shown [...]

Content Security Policy is a standard developed by Mozilla designed to protect against cross site scripting (XSS) attacks. Cross site scripting attacks use vulnerabilities in websites to inject JavaScript code into pages or urls of that site. The injected JavaScript code is then executed when visitors open a specifically prepared link or page on the [...]

The Encrypting File System (EFS) has been part of all professional versions of Windows since Windows 2000. The feature provides file level encryption for data stored on NTFS systems, and is directly linked to a specific user account on an operating system. Only the user who encrypted the files and folders will be able to [...]

After finding out that there might have been a security breach at LastPass, a company known for their online password management solution, I quickly changed my master password and started to think about possible consequences. For some time now, I had been thinking about switching to an offline password management solution. Not necessarily because I [...]

The latest anti-virus test figures for Windows 7 are out and there are a good few shocks to be seen in the results. In the tests performed by AVTest, BitDefender has leapt from ninth place since last year to 1st place in the chart.  Bullguard follows it closely having leapt even further all the way up from [...]

You know that I’m using LastPass as my password manager. It offers everything that I need and then some. One thing that I like about the service is that the company is dedicated and taking security seriously. A blog post at the LastPass blog entitled LastPass Security Notifications mentions that the company has noticed a [...]

It is common knowledge that a website, such as PayPal or eBay, will never ask for your password. They do not need it, but rarely do we hear about why that is the case. There are actually a few possibilities. Please note, if you ever get an e-mail requesting your username and password, it is [...]

There is always risk involved when you execute software on your local system. You can reduce that risk by updating your operating system regularly, running up to date security software or executing suspicious files in a sandboxed or virtual environment. When you review as much software as I do, you are grateful for every additional [...]

I have a lot of domains. Well, a lot is relative but it is enough to lose the overview occasionally. While the majority is hosted at one popular provider (Godaddy), some are hosted at other domain registrars and web hosting companies. I get regular automated emails from those companies. They tell me that a domain [...]

Back in the days of the floppy drive, disks where the most common way of spreading viruses and malware. The Internet has taken over, and floppy drives are long gone. They have been replaced by removable drives and optical discs, which are also capable of spreading malware. Autorun attacks, like that by the Stuxnet worm, [...]

Using secure, unique passwords for every Internet site or service is one of the best security practices out there. That does not necessarily protect you completely, as the Sony Playstation Network incident has shown, but it invalidates several popular techniques to steal passwords and log in information. With that incident in mind, I thought it [...]

Big release day at Mozilla. Mozilla Thunderbird 3.1.10 has been released next to Firefox 4.0.1 on the very same day. The release notes of the new version of the email client mention several performance, stability and security fixes without going into greater detail. The linked Security Advisory page does not list the changes in that [...]

Mozilla is currently distributing an update of the Firefox 4 browser to worldwide mirror servers to be prepared for the update rush once the updating notification appear in the web browser and on the official project homepage. For now, no sign of the update is visible on the homepage or in form of notifications in [...]

In Dropbox Insecure?, we reported on a security issue that affected all Dropbox users. A configuration file that is placed on an authorized computer after enabling Dropbox on it was improperly protected. Attackers could use the file on any other computer with Dropbox to download all files of the original owner, without entering the Dropbox [...]

Here is a task for you. Go to Google, Bing or your preferred search engine, and enter the following search term into the search box at the top: site:http://www.dropbox.com/gallery/ What’s the result? Right, 25k of unprotected Dropbox photo galleries. You can click on any of the links to see the contents of the selected gallery [...]

WordPress has just released a new version of the popular blogging platform. WordPress 3.1.2 is a security update which makes it a mandatory update for all self-hosted WordPress sites. The update “addresses a vulnerability that allowed Contributor-level users to improperly publish posts” notes Ryan Boren at the official WordPress blog. The WordPress developers suggest to [...]

In Why You Need To Protect Your Data In The Cloud I have explained why it is important to protect data that you upload to the cloud. In this guide, I will show you how to implement one of the suggestions: Encryption. I’m using the cloud hosting and synchronization service Dropbox and the Open Source [...]

Several events recently have shown some of the weaknesses, or dangers, of cloud based hosting, and the need for information and guides to aid users in protecting their data in the cloud. To keep it simple: The cloud in the context of this article refers to all remote storage locations that you do not have [...]

Popular software developer Ashampoo is currently emailing their customers about a recently discovered successful hack on one of their servers. The break-in had been discovered by Ashampoo, and the company interrupted it and closed the security gap that the hackers used to gain access. Unfortunately though, customer address data and email addresses were stolen by [...]

Hacking into an e-mail, Facebook, or other account is often a crime of opportunity. That is not to say talented individuals with advanced knowledge are not a threat, but it can be easier than you think to expose your password. For those that have had their account compromised in the past, one of these methods [...]

Adobe has released an update for Adobe Flash Player that fixes a critical security issue in the application that had been discovered earlier this month. The Google Chrome browser was the first that received a patch yesterday, followed today by all Flash Player versions for the web browsers that rely on a Flash installation and [...]

Microsoft has just released a program called Microsoft Safety Scanner, a free on-demand virus scanner for the Windows operating system. The program’s main task is to run a virus scan on a Windows system. The core difference to conventional antivirus software is the fact that it scans the PC but does not add protection to [...]

VLC Media Player is one of the most popular media players, next to Windows Media Player and MPlayer frontends. A high popularity usually has the downside that criminals try to find and exploit security vulnerabilities in the software or service. Several of the most recent updates of VLC were or did include security updates that [...]

Yesterday’s monthly patch day was a big one, with 17 patches fixing a total of 64 security issues in Microsoft products. Affected applications include Microsoft Windows, Microsoft Office and Internet Explorer. If you look closer you notice that nine of the 17 patches have a maximum severity rating of critical, the highest possible rating. The [...]

The article Dropbox authentication: insecure by design by Derek Newton got quite the press in the past week or so. So what exactly did he find out to come to this conclusion? Dropbox creates a config.db file in the main application data folder, a SQLite database file that can be edited with programs that can [...]

I have reviewed TCHunt yesterday, a free program to scan a computer system for unmounted True Crypt containers. The program can be used to prove the existence of an encrypted container on a one of the connected storage devices. What it cannot do is to decrypt the data, but proof of existence of an encrypted [...]

Flash player users, which is the majority of Internet users, do not come to rest in past years. There is seldom a month passing by without another Flash vulnerability. Adobe today released a security advisory warning for all Flash users that describes a critical security vulnerability in the popular software. Affected are more or less [...]

More and more I see spam coming from friends when I open my e-mail. In addition to this, people are telling me that they think their e-mail accounts have been hacked. Signs can be friends receiving messages you did not send, mail is marked read that they never saw, settings are changed, or anything else [...]