Vulnerabilities Archives - Tech Prognosis Blog

Why We Should Thank, Not Demonize LulzSec, Anon

So the 50-day cruise is over and the guys at LulzSec are going back underground. That should worry some of us because if they did not want us to know what they were doing, I don’t think any sane person would argue that they could not have done so.

While the media has been abuzz about the exploits of Anonymous and LulzSec, the bigger question we should be asking is, are any of their exploits new or did they just give us a wake up call that there is no security, at least in the way we normally define it. What they have demonstrated is that security is a term we use to make ourselves feel good. (more…)

Comments Off

June 26, 2011

Cloud Computing / Enterprise Computing / Ethics / Featured / Hardware / Security / Security Breach / Vulnerabilities

The RSA Breach: Time for Full Disclosure?

As more companies with national security interests come forward with admission of breaches related to the hacking of RSA’s SecurID technology, one wonders if it is time for RSA to break its stubborn refusal to tell the public what exactly was stolen or when the breach actually occurred. At this stage, it is not just enough to tell the public that it had been hit by a phishing email exploiting a zero-day vulnerability in Adobe Reader. (more…)

Comments Off

June 3, 2011

Cloud Computing / Compliance / Enterprise Computing / Featured / Malware / Open Source / Security / Security Breach / Small Business / Vulnerabilities

Encryption Tools for the Mobile Executive

Most companies provide their senior executives with laptops or netbooks and tablets so they can be productive even when on the road. This is even more true of corporate executives who sometimes demand anytime, anywhere access to data residing on corporate servers. The big corporations can afford to spend millions of dollars on data protection hardware and software.

The same cannot be said of executives in small and medium-sized organizations, especially when it comes to loss of personal information, including credit card data, patient records or other financial information, stored by the company. Data breaches happen and information is lost every day due to small mistakes that could have been avoided. For small businesses, these events can be devastating. (more…)

Comments Off

May 28, 2011

Cloud Computing / Email and Spam / Enterprise Computing / Ethics / Featured / Vulnerabilities / Web Technology

Is Facebook’s Login Approvals a Setback for Mobility?

“Today, we’re announcing our newest opt-in security feature that I’ve worked to build over the past few months: Login Approvals.”

With that, Facebook announced Login approvals, “…a Two Factor Authentication system that requires you to enter a code we send to your mobile phone via text message whenever you log into Facebook from a new or unrecognized computer.”

The idea behind the new feature is to help users combat unauthorized access or the now infamous “I have been hacked” incidents that have plagued users of the Social Network. The new feature, which is currently optional is expected to add a second layer of protection to users’ login process.

What exactly is it? Here is Facebook’s explanation of Login Approvals: (more…)

2 Comments

May 24, 2011

Enterprise Computing / Featured / Security / Storage / Vulnerabilities

Breaching the Bastille: When Security Vendors Get Hacked

The recent rash of exposures about successful attacks against information security vendors may come as no surprise to a lot of people in the information security world who probably see or hear about it frequently, but it will surely come as “shocking” to most “ordinary” folks.

HBGary, RSA, Comodo and Barracuda Networks are the latest of high-profile security vendors to be breached. As a quick refresher, EMC’s RSA group disclosed that someone had broken into its networks and obtained information that could compromise its SecurID products. (more…)

Comments Off

May 14, 2011

Ethics / Featured / Security / Storage / Vulnerabilities / Web Technology

Beware The Ides of April: Web Indexing and Tax Data

Tax season is in high gear and with it comes the need to be extra vigilant on how tax records are handled. After all, your tax records “has everything” that can be considered as Personally Identifiable Information (PII). PII refers to information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.

Stephen Chapman over at ZDNet observed that as of 4/10/2011, there were over 50 tax documents containing any given combination of Social Security numbers, credit card information, names, addresses, tax IDs, and phone numbers being made available online. (more…)

Comments Off

April 13, 2011