There used to be a time when people touted how secure Firefox was over Internet Explorer. Not any more! At least the folks over at Mozilla are kind enough about checking the status of your plug-ins. [ Go to their separate plug-in check page ]
If you’re interested in some of the vulnerabilities that are fixed in the recent Firefox update to version 3.6.9, head on over the Firefox Security Advisories page. Of critical note are the 10 critical vulnerabilities.
Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
Note: After being advised that my Flash plug-in was out of date, Flash didn’t update properly when I went to the Adobe site. I jumped over to IE, and downloaded and installed in the plug-in for Firefox manually. Make sure to read the Adobe install message before installing, as Adobe always wants to trick you into installing some type of additional product that you don’t want, by automatically selecting the check box option for installing one of its partner’s products. Keep in mind that IE and Firefox updates are not packaged together and need to be updated separately.
Do you ever get the feeling that the competition is one up on you? Are you always losing to the same competitor? Are you questioning how someone can possibly outbid you when you’re already submitting the lowest bid reasonably possible? If you answered yes to these questions, you might want to consider the computer security implications, including insider threat.
With the amount of information about hacking and social engineering available on the Web, it’s quite easy for an unscrupulous competitor or one of its employees to compromise one or more of your company’s computer systems for the sole purpose of gather information to under bid your company on contracts. This can be accomplished by hacking into your Web servers, sending employees email that will install Trojans, directing employees to Websites that will install Trojans or obtaining physical access to your computer systems or network. With access to databases, emails, spreadsheets, documents and even contents stored on copier hard drives, it’s easy to understand how a competitor might be able to take advantage of the situation and put you out of business.
As every computer security professional will tell you, user awareness is the key. Make a video, enter the contest and get a chance to win some cool prizes:
- Two (2) tickets to see Snoop Dogg in concert
- Opportunity to meet with Snoop’s management or agent
- A $1,000 travel stipend, awarded in the form of airline vouchers
- Hotel accommodations for two days and one night
- A super cool Toshiba laptop
Visit the site: http://www.hackiswack.com/
The most important concept to understand in computer security is compromise vector. It is the key concept to understanding everything there is know about computer security and hacking. Once you get your mind wrapped around the concept, you will view computer security from a completely different perspective.
Simply put, compromise vectors are the various avenues of attack that can be used to compromise systems, information and credentials. When a vulnerability is announced, the most important thing for people to ask themselves (or a computer security professional) is how the exploit associated with the vulnerability applies to the hardware, operating systems and applications they use or manage, or to other system to which they connect. Some compromise vectors are obvious, others are not so obvious, but know that there are no “secret” compromise vectors – just variations and combinations of known techniques that tend to surprise those who don’t think like the most devious of hackers. In some cases, a vulnerability may be of no significance because it’s technically impossible to exploit the vulnerability given the compromise vector requirements.
Anthony M. Freed posted an interesting discussion he had with Larry Clinton, Internet Security Alliance (ISA) President and CEO. This is probably the most intelligent and grounded perspective on computer security I’ve read in a long time.
We are extremely fortunate Mr. Clinton has set aside some time from his very busy schedule to offer some insight into the critical role ISA plays in shaping the future of cybersecurity.
via Infosec Island
There are a lot of really smart people in Internet land and I think it’s important to understand everyone’s perspective on computer security to see the big picture. Each of us has something to contribute to the discussion. No single person can have enough knowledge to solve the world’s computer security crisis by himself, but by sharing ideas and working together, we can collectively make a difference to make computing secure.
Mac users like to say their computers are more secure than Windows-based computers. I’m not saying all Mac users say OS X is more secure than Windows, but I’m sure everyone knows somebody that does. I usually keep my mouth zipped when someone states it, because it’s pointless to argue with someone that believes their operating system is less exploitable just because another operating system is more exploitable. Apple’s Security Update 2010-005 provides all the evidence that’s needed to set the record straight once and for all.
Mainstream media is filled with stories that cybersecurity personnel are in demand these days, which is convincing some people to consider a career in computer security. But what type of jobs are available and what might interest someone like you? Computer security jobs can be broadly categorized into these general areas:
Securing systems. A person is responsible for implementing security check lists, applying security patches, managing permissions to specific resources and checking log files. System and network administrators typically do this as part of their regular duties for the equipment they manage.