Web App Security

  • Most Topular Stories

  • Testing for Heartbleed vulnerability without exploiting the server.

    Mozilla Security Blog
    dchan
    12 Apr 2014 | 8:19 am
    Heartbleed is a serious vulnerability in OpenSSL that was disclosed on Tuesday, April 8th, and impacted any sites or services using OpenSSL 1.01 – 1.01.f and 1.0.2-beta1. Due to the nature of the bug, the only obvious way to test a server for the bug was an invasive attempt to retrieve memory–and this could lead to the compromise of sensitive data and/or potentially crash the service. I developed a new test case that neither accesses sensitive data nor impacts service performance, and am posting the details here to help organizations conduct safe testing for Heartbleed…
  • Liquidmatrix Security Digest Podcast – Episode 3D

    Liquidmatrix Security Digest
    James Arlen
    10 Apr 2014 | 8:10 am
    Episode 0x3D My Heart Bleeds for Windows XP Well this is certainly an exciting week around these here parts. I reckon we’ve not seen this much marketeering since the APT1 days of ought 13. Goodness gracious I’m not a huge fan of this crap. Do not listen to this podcast at more than 1.5x speed while operating a motor vehicle or heavy equipment. Your face may melt according to some studies conducted by a Murican we know. Upcoming this week… Lots of News Breaches SCADA / Cyber, cyber… etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs…
  • Heartbleed Check Added to ZULU

    Zscaler Research
    Michael Sutton
    17 Apr 2014 | 10:29 am
    Many of you already regularly use ZULU, our free service for analyzing any URL to determine it's overall risk and we've just made it better by adding a 'heartbleed' check.  ZULU operates by applying a variety of checks to the content, URL and host for a given web page, along with doing the same for external page elements. You will now note that the Content Checks section includes a Heartbleed
  • Bypassing the XSS filter using function reassignment

    The Spanner
    Gareth Heyes
    7 Apr 2014 | 10:54 am
    The XSS filter introduced in IE8 is a really powerful defence against XSS. I tested the filter for a number of years and found various bypasses one of which I would like to share with you now. You can read more about the filter and its goal in the following blog post. Scope There have been numerous public bypasses of the filter however very few within the intended scope of the filter. The filter blocks reflected XSS in HTML context, script, style and event context. It does not support attacks that use multiple parameters or same origin requests. Once you are aware of the intended scope the…
  • HTML out of the Browser

    Mozilla Hacks - the Web developer blog
    Raymond Camden
    17 Apr 2014 | 1:39 am
    Amongst my friends, I’m known as something of a Star Wars nerd. My longtime nick has been cfjedimaster (a combination of two passions, the other being ColdFusion), I work in a room packed to the gills with Star Wars toys, and I’ve actually gotten inked up twice now with Star Wars tats. That being said, it was another movie that had the most influence on my current career – Tron. I had already discovered an interest in computers before then, but it was Tron that really crystallized the idea for me. All of sudden I imagined myself being the programmer – creating…
  • add this feed to my.Alltop

    Mozilla Security Blog

  • Testing for Heartbleed vulnerability without exploiting the server.

    dchan
    12 Apr 2014 | 8:19 am
    Heartbleed is a serious vulnerability in OpenSSL that was disclosed on Tuesday, April 8th, and impacted any sites or services using OpenSSL 1.01 – 1.01.f and 1.0.2-beta1. Due to the nature of the bug, the only obvious way to test a server for the bug was an invasive attempt to retrieve memory–and this could lead to the compromise of sensitive data and/or potentially crash the service. I developed a new test case that neither accesses sensitive data nor impacts service performance, and am posting the details here to help organizations conduct safe testing for Heartbleed…
  • Heartbleed Security Advisory

    Sid Stamm
    8 Apr 2014 | 11:25 pm
    Issue OpenSSL is a widely-used cryptographic library which implements the TLS protocol and protects communications on the Internet. On April 7, 2014, a bug in OpenSSL known as “Heartbleed” was disclosed (CVE-2014-0160). This bug allows attackers to read portions of the affected server’s memory, potentially revealing data that the server did not intend to reveal. Impact Two Mozilla systems were affected by Heartbleed. Most Persona and Firefox Account (FxA) servers run in Amazon Web Services (AWS), and their encrypted TLS connections are terminated on AWS Elastic Load…
  • Using FuzzDB for Testing Website Security

    amuntner
    25 Mar 2014 | 2:14 pm
    After posting an introduction to FuzzDB I received the suggestion to write more detailed walkthroughs of the data files and how they could be used during black-box web application penetration testing. This article highlights some of my favorite FuzzDB files and discusses ways I’ve used them in the past. If there are particular parts or usages of FuzzDB you’d like to see explored in a future blog post, let me know. Exploiting Local File Inclusion Scenario: While testing a website you identify a Local File Inclusion (LFI) vulnerability. Considering the various ways of exploiting LFI…
  • Update on Plugin Activation

    Chad Weiner
    28 Feb 2014 | 3:24 pm
    To provide a better and safer experience on the Web, we have been working to move Firefox away from plugins. After much testing and iteration, we determined that Firefox would no longer activate most plugins by default and instead opted to let people choose when to enable plugins on sites they visit. We call this feature in Firefox click-to-play plugins. We strongly encourage site authors to phase out their use of plugins. The power of the Web itself, especially with new technologies like emscripten and asm.js, makes plugins much less essential than they once were. Plus, plugins present real…
  • Mozilla Security @ BSidesVancouver and CanSecWest

    yboily
    7 Feb 2014 | 11:28 am
    This year Mozilla will be sponsoring BSidesVancouver, a free community oriented event on March 10th & 11th in Vancouver, BC. This event is very much in the spirit of the Mozilla community and mission, and several of our security team members will be attending both BSidesVancouver and CanSecWest. In addition to our team members attending the event, Jeff Bryner and Curtis Koenig will be speaking at the event about some aspects of the security processes and technologies that Mozilla uses and has built. If you are going to be at these events and would like to connect with us at…
 
  • add this feed to my.Alltop

    Liquidmatrix Security Digest

  • Liquidmatrix Security Digest Podcast – Episode 3D

    James Arlen
    10 Apr 2014 | 8:10 am
    Episode 0x3D My Heart Bleeds for Windows XP Well this is certainly an exciting week around these here parts. I reckon we’ve not seen this much marketeering since the APT1 days of ought 13. Goodness gracious I’m not a huge fan of this crap. Do not listen to this podcast at more than 1.5x speed while operating a motor vehicle or heavy equipment. Your face may melt according to some studies conducted by a Murican we know. Upcoming this week… Lots of News Breaches SCADA / Cyber, cyber… etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs…
  • Aegis ICS Fuzzing Framework

    Chris Sistrunk
    7 Apr 2014 | 1:38 pm
    SUCCESS: 26/26 (100%) Tests passed pic.twitter.com/Eh4tzKgiQV — Bernd Lörwald (@bloerwald) March 25, 2014 As you may or may not know, Adam Crain @jadamcrain and I have been working on an ICS/SCADA procotol fuzzing framework -Aegis- for a year now.  It is a generational type fuzzer that tests both the server/slave and client/master side of industrial protocols.  Adam originally wrote Aegis to test his openDNP3 protocol stack.  It turned out to be very effective in finding bugs in DNP3 stacks and Project Robus was born.  After finding many broken DNP3 implementations and getting many…
  • Liquidmatrix Security Digest Podcast – Episode 3C

    James Arlen
    27 Mar 2014 | 9:48 am
    Episode 0x3C You Got Breached. And in other news… April 8 is coming up FAST. Upcoming this week… Lots of News Breaches SCADA / Cyber, cyber… etc. finishing it off with DERPs/Mailbag (or Deep Dive) And there are weekly Briefs – no arguing or discussion allowed And if you’ve got commentary, please sent it to mailbag@liquidmatrix.org for us to check out. DISCLAIMER: It’s not that explicit, but you may want to use headphones if you’re at work. ADDITIONAL DISCLAIMER: In case it is unclear, this is the story of 5 opinionated infosec pros who have sufficient…
  • Mt. Gox “Found” Some Missing Bitcoins

    Dave Lewis
    21 Mar 2014 | 7:42 am
    Exactly how does this happen? Sheer incompetence, that’s how. Today I read that Mt. Gox discovered an “old” wallet with 200,000 bitcoins in it. What the ever living…are you kidding me? From CNN: “On March 7, 2014, Mt.Gox Co., Ltd. confirmed that an old-format wallet which was used prior to June 2011 held a balance of approximately 200,000 BTC,” the statement said. Karpeles said that the discovery was reported to lawyers on March 8. The bitcoins were later moved to “offline” wallets. I’m sorry but, how in the hell do bitcoin supporters…
  • “Cyber”: Critical to security nutrition

    Jack Whitsitt
    3 Feb 2014 | 11:36 am
    A few weeks ago, I sat down next to a friend who happened to be in the middle of a conversation between a lawyer, a hacker, and philosopher and I was just in time for the “I hate the word ‘cyber’. FamousHacker#2138123 and I are trying to get people to stop using it.” Sigh.  At this stage the anti-“cyber” routine is really starting to sound a little bit high pitched – and I even *come from* a hacker community. But, it reminded me both that I owed Liquid Matrix an introductory post and that even though there is a place and role for the word, much of the hacker/security…
  • add this feed to my.Alltop

    Zscaler Research

  • Heartbleed Check Added to ZULU

    Michael Sutton
    17 Apr 2014 | 10:29 am
    Many of you already regularly use ZULU, our free service for analyzing any URL to determine it's overall risk and we've just made it better by adding a 'heartbleed' check.  ZULU operates by applying a variety of checks to the content, URL and host for a given web page, along with doing the same for external page elements. You will now note that the Content Checks section includes a Heartbleed
  • Why you should care about the OpenSSL heartbleed vulnerability

    Michael Sutton
    8 Apr 2014 | 10:16 pm
    Yesterday, researchers from Google and Codenomicon made quite a splash when they revealed details of a vulnerability in OpenSSL's implementation of the heartbeat extension, which they have affectionately dubbed heartbleed.  In short, heartbleed represents a classic example of a simple programming oversight - not properly validating the length of a message, which leads to a serious memory leak.
  • Corporate users dive into March Madness

    Chris Mannon
    4 Apr 2014 | 10:18 pm
    Here in the ThreatlabZ, we track stats and trends for all Zscaler customers. While our primary focus is on malicious traffic, it's intriguing to also track surges of traffic caused by non-security events.  We weren't surprised to see the NCAA basketball March Madness games cause peak traffic in both the Streaming Media and Sports categories.  There are clearly no shortage of users that
  • Walkthrough of a Recent Zbot Infection and associated CnC Server

    rubin azad
    25 Mar 2014 | 10:47 pm
    During routine ThreatLabZ log analysis, we encountered the following malicious Zbot executable connecting back to it's CnC and exfiltrating data via POST requests. MD5: 0b43d6a65f67ef48f4da3a1cc09335a1 Size: 442368 bytes Detected as PWS:Win32/Zbot by Microsoft (VT 43/49) [POST DATA] iTpRAQWetIVVzRx502Gqds3DKmG80ru/P1ggedWTJAgrue/EVaoL95bMH6K0It8I9/wGHEIKbkXhcoxGOKgJOxGFYkvfoWsUM/NWAUQ+
  • Scams Taking Advantage of Malaysia Airlines 370 Disappearance

    Michael Sutton
    21 Mar 2014 | 2:20 pm
    I spent some time today looking for sites that are taking advantage of the disappearance of Malaysia Airlines flight 370 (MH370) to profit from the tragedy. Unsurprisingly, it was all too easy to find examples of this as it is almost a given that scammers will attempt to profit from any breaking news story, especially those where the public is desperate for the latest tidbit of news - regardless
 
  • add this feed to my.Alltop

    The Spanner

  • Bypassing the XSS filter using function reassignment

    Gareth Heyes
    7 Apr 2014 | 10:54 am
    The XSS filter introduced in IE8 is a really powerful defence against XSS. I tested the filter for a number of years and found various bypasses one of which I would like to share with you now. You can read more about the filter and its goal in the following blog post. Scope There have been numerous public bypasses of the filter however very few within the intended scope of the filter. The filter blocks reflected XSS in HTML context, script, style and event context. It does not support attacks that use multiple parameters or same origin requests. Once you are aware of the intended scope the…
  • RPO

    Gareth Heyes
    21 Mar 2014 | 2:09 pm
    Relative VS Absolute RPO (Relative Path Overwrite) is a technique to take advantage of relative URLs by overwriting their target file. To understand the technique we must first look into the differences between relative and absolute URLs. An absolute URL is basically the full URL for a destination address including the protocol and domain name whereas a relative URL doesn’t specify a domain or protocol and uses the existing destination to determine the protocol and domain. Absolute URL https://hackvertor.co.uk/public Relative URL public/somedirectory The relative URL shown will look for…
  • Sandboxed jQuery

    Gareth Heyes
    12 Feb 2014 | 2:13 pm
    My new personal challenge was to get jQuery working correctly in a sandboxed environment this proved to be really tricky. The first problem I encountered was my fake DOM environment wasn’t returning the correct value for nodeType on the document element, this made jQuery assume another state and breaking selectors. I ensured the DOM environment was correctly returning the node type & node name. Next my environment wasn’t returning Array.prototype.push and slice correctly, the functions I created was incorrectly returning false. I changed my object whitelist function to return…
  • X-Domain scroll detection on IE using focus

    Gareth Heyes
    11 Dec 2013 | 11:13 am
    This is a pretty cool bug. I use the focus event on an iframe to detect if the iframe has been scrolled x-domain. It’s because IE fires the onfocus event of the iframe when the scroll occurs. This means using 1 network request we can discover if a site contains a particular id provided the page scrolls inside the iframe. Using multiple iframes you could quite easily bruteforce larger numbers or maybe a dictionary list of words and because we are using hash the future requests aren’t sent to the server. First we need a page with an id we can scroll to. <p>test</p>…
  • Epic fail IE

    Gareth Heyes
    8 Nov 2013 | 10:35 am
    gaz: omg more epic fail in IE larry: huh? gaz: what is “&#x0000041;” in IE compat? larry: hm A? gaz: no larry: ? gaz: lol ? larry: NUL ? gaz: &#x0000041; –> ? &#x000041; –> A larry: ah! out of bounds I get it gaz: what is this in IE compat: &#x41 larry: :-h A? gaz: no lol &#x41 –> &#x41 larry: #!$% me! why?? gaz: hahahhaha what is &#x41 in standards? larry: A ? gaz: yeah haha larry: weeee gaz: how messed up is that? larry: entirely as usual
  • add this feed to my.Alltop

    Mozilla Hacks - the Web developer blog

  • HTML out of the Browser

    Raymond Camden
    17 Apr 2014 | 1:39 am
    Amongst my friends, I’m known as something of a Star Wars nerd. My longtime nick has been cfjedimaster (a combination of two passions, the other being ColdFusion), I work in a room packed to the gills with Star Wars toys, and I’ve actually gotten inked up twice now with Star Wars tats. That being said, it was another movie that had the most influence on my current career – Tron. I had already discovered an interest in computers before then, but it was Tron that really crystallized the idea for me. All of sudden I imagined myself being the programmer – creating…
  • Powerful tools for developing Web Apps

    Frederic Wenzel
    15 Apr 2014 | 8:58 am
    In the recent years, web development changed drastically. The emergence of the mobile web and the new form factor of smart phones created the demand for different solutions than the former desktop-only web. Since then a lot of frameworks and tools have been created, with new ones being added almost weekly. Now, we web developers are faced with a different problem: for every development concern, there are multiple options to consider, without clear pros or cons. It is easy to feel intimidated not only by the choices available, but also by how similar those choices are. Every day, web…
  • Introducing PredictionIO

    Donald Szeto
    10 Apr 2014 | 5:38 am
    PredictionIO is an open source machine learning server for software developers to create predictive features, such as personalization, recommendation and content discovery. Building a production-grade engine to predict users’ preferences and personalize content for them used to be time-consuming. Not anymore with PredictionIO’s latest v0.7 release. We are going to show you how PredictionIO streamlines the data process and make it friendly for developers and production deployment. A movie recommendation case will be used for illustration purpose. We want to offer “Top 10 Personalized…
  • Measuring power consumption on phones

    Jonathan Hylands
    8 Apr 2014 | 2:12 am
    While learning about and measuring what happens on phones, we’re learned a great deal around power consumption. Therefore we want to share some learnings and what have resulted in the FxOS Powertool! Introducing the FxOS Powertool! With the FxOS Powertool!, we can optimize apps for power consumption, but also verify and fix bugs related to that. It is a command line utility with a number of options: usage: powertool [-h] -d {yocto,mozilla} [-p PATH] -u {tk,cli} [-f FILE] [-o OUT] [-s SHOW]   Mozilla Powertool  …
  • Coordinate Conversion Made Easy – the power of GeometryUtils

    roc
    3 Apr 2014 | 6:14 am
    In a previous post we introduced the GeometryUtils interface and the getBoxQuads() API for retrieving the CSS box geometry of a DOM node. GeometryUtils also takes care of another important problem: converting coordinates reliably from one DOM node to another. For example, you might want to find the bounding-box of one element relative to another element, or you might want to convert event coordinates from the viewport to some arbitrary element. Existing APIs Until now, simple cases could be handled using getBoundingClientRect() and some math, but complex cases (e.g. involving CSS transforms)…
 
  • add this feed to my.Alltop

    Didier Stevens

  • Heartbleed: Testing From a Cisco IOS Router – ssltest.tcl

    Didier Stevens
    18 Apr 2014 | 2:12 am
    I wanted to know if I could exploit Heartbleed CVE-2014-0160 from a Cisco IOS router. So I wrote a Tcl script based on Jared Stafford’s Python program ssltest.py. Turns out I can: router#tclsh ssltest.tcl Opening connection Translating "cloudflarechallenge.com"...domain server (8.8.8.8) [OK] Sending handshake Received TLS record Type: 0x16 Version: 0x0301 First data byte: 0x02 Length: 66 Received TLS record Type: 0x16 Version: 0x0301 First data byte: 0x0b Length: 6113 Received TLS record Type: 0x16 Version: 0x0301 First data byte: 0x0c Length: 331 Received TLS record Type: 0x16 Version:…
  • nmap Grepable Script Output – Heartbleed

    Didier Stevens
    15 Apr 2014 | 5:11 pm
    Peter was looking for a way to make nmap’s heartbleed script output grepable. He ended up hacking the script. I propose a method without modification of the NSE heartbleed script. Some time ago I recommended to include xml output with your nmap scans. Script output is included with each port element: I quickly adapted an old program to produce a Python script to generate a CSV file from XML with one line per host, including only ports with script output (any script, not only ssl-heartbleed). Like this: address;vendor;hostname;port;state;service;script;output…
  • Heartbleed: Packet Capture – Full TLS

    Didier Stevens
    10 Apr 2014 | 3:34 pm
    Yesterday I posted my heartbleed packet capture with an unencrypted heartbeat record. Now I post a capture with full TLS session setup, hence here the heartbeat records are encrypted. I use heartbleed.c by HackerFantastic. heartbleed_packet_capture_tls.zip (https) MD5: 7D19146C2ACC28AFAD6E1FD217E908BB SHA256: 7FDECDD05269731EDD57FFEE24323C672D620A533CD412089F055D6266C76164
  • Heartbleed: Packet Capture

    Didier Stevens
    9 Apr 2014 | 2:39 pm
    I could call this a cardiogram, but let’s not get carried away… I took a packet capture of the heartbleed bug (CVE-2014-0160) in action: I have OpenSSL 1.0.1 14 March 2012 running on Apache2 (Ubuntu, VMware) and executed Jared Stafford’s ssltest.py script. One small modification to the script: I removed line 132 (the script transmits 2 heartbeat requests, I want only 1 request). PS: as I expected, I didn’t find an entry in the Apache logs for this request. heartbleed_packet_capture.zip (https) MD5: 8302CDF315A91DD6FC32BB81AE0FB80D SHA256:…
  • PDF Rainbow Tables

    Didier Stevens
    8 Apr 2014 | 5:57 pm
    Looks I hadn’t blogged this video:
  • add this feed to my.Alltop

    CERIAS Combined Feed

  • A Special Opportunity to Support CERIAS

    Gene Spafford
    17 Apr 2014 | 7:02 am
    Purdue University is a land-grant university, founded in 1869. As a land-grant university, our focus has always been on service to the public good — providing excellent education and research results for the betterment of the world around us. While many universities take great pride at their faculty’s leverage of research to launch new companies or publish many academic papers, we’ve always been very focused on delivering a truly world-class education and performing “game changer” discovery. The Purdue community just celebrated a reunion of astronaut alumni — a visible symbol of…
  • CERIAS Students, Staff Receive Awards at the 15th Annual Information Security Symposium

    CERIAS Webmaster
    11 Apr 2014 | 11:03 am
    (March 27, 2014) Eugene Spafford, Executive director of CERIAS, honored CERIAS Students and staff with awards at the 15th Annual Information Security Symposium. PhD candidate, Rahul Potharaju, was awarded the CERIAS Diamond Award. The Diamond Award goes to a student that most exemplifies the “diamond in the rough” transition through outstanding academic achievement and/or research excellence. The Pillar of CERIAS award was given to Adam Hammer, Sr. Academic IT Specialist for CERIAS. Also receiving awards for the poster competition were: 1st Place (tie) - Mohammed Almeshekah - The Case of…
  • RSA 2014: The Benefits of an Intelligence-driven Security Strategy

    CERIAS Webmaster
    10 Apr 2014 | 12:37 pm
    At the RSA 2014 Conference in San Francisco in February, Spafford sat down with SearchCompliance editor Ben Cole to discuss the current state of cybersecurity threats and how companies can benefit from an intelligence-driven security strategy. More information »
  • Thoughts on the RSA Conference, Boycotts, and Babes

    Gene Spafford
    6 Apr 2014 | 12:41 pm
    I’ve been delayed in posting this as I have been caught up in travel, teaching, and the other exigencies of my “day job,” including our 15th annual CERIAS Symposium. That means this posting is a little stale, but maybe it is also a little more complete. I try to attend the RSA Conference every year. The talks are not usually that useful, but the RSAC is the best event to see what is new in the market, and to catch up with many of my colleagues (new and old), touch base with some organizations, see CERIAS alumni, sample both some exotic cuisines and questionable hors d'oeuvres, and…
  • Why Recruiting Women is a Challenge

    CERIAS Webmaster
    1 Apr 2014 | 8:51 am
    As with other computer science fields, the information security space lacks female executives. And Eugene Spafford says there are several big reasons why women remain a minority in the sector. More information »
  • add this feed to my.Alltop

    Security Intelligence

  • Identity Management in the Cloud: Top Tips for Secure Identities

    Fran Howarth
    17 Apr 2014 | 11:11 am
    With high-profile data breaches appearing increasingly often in the news, organizations must consider identity management in cloud computing services.
  • People Access: The Weakest Link in Security

    Satyakam Jyotiprakash
    16 Apr 2014 | 9:48 am
    In this era of mobile, cloud and social, have you done enough to secure access to your most critical business resources? Security is as strong as its weakest link, and the weakest link these days is people, your users who access your business resources. Explore how to prevent insider threats and identity frauds and how to safeguard your mobile, cloud and social interactions through a powerful access management strategy.
  • What You Need to Know to Survive Windows XP’s End-of-Life

    Dana Tamir
    14 Apr 2014 | 6:04 am
    After almost 13 years of Windows XP, Microsoft announced that the still-popular operating system (OS) has reached its end-of-life (EOL). This means that Microsoft will no longer provide patches to new vulnerabilities found in Windows XP.
  • Cloud Security: A Blind Spot Where Ignorance Is Not Bliss

    Vikash Abraham
    9 Apr 2014 | 11:43 am
    The cloud has been a major talking point for a while now but when it comes to cloud security some aspects remain something of a mystery. One common blind spot in the cloud is virtualization, one of the main components of the cloud.
  • BYOD: Why You Better Not Ignore It

    Jeff Crume
    1 Apr 2014 | 11:57 am
    When it comes to BYOD, there are two types of organizations: Those that have programs in place to support it; and those that pretend it isn't happening in their environment. Regarding the latter, with employees bringing their own devices, the security group has its head buried in the sand.
 
  • add this feed to my.Alltop

    blog.hotspotshield.com

  • Malvertising: The Biggest Threat to Mobile Security

    Peter Nguyen
    16 Apr 2014 | 11:28 pm
    Every time you use your mobile device to access the Internet, millions upon millions of invisible threads connect your device with the cyberverse. While the Internet is an invaluable tool, it is also a breeding ground for every kind of digital threat, and those threats constantly evolve. Take malvertising, for example; according to experts, it recently surpassed pornography as the largest threat to mobile security. So what exactly is malvertising, and how does it threaten your device’s security? Malvertising: The Worst of Two Worlds The terms “malvertising” and “malverts” are…
  • Internet Safety Tips for Seniors

    Peter Nguyen
    15 Apr 2014 | 9:36 am
    Senior citizens are connecting to the Internet in greater numbers every year. According to the findings by the Pew Research Center, 53% of American seniors age 65 and over use the Internet or email. This makes  seniors are among the fastest group of internet users. Unfortunately, seniors are vulnerable to identity theft & various internet scams due to their lack of internet and computer skills. They are also more trusting. These factors make them easy targets for cyber criminals to prey on. The infographic below reveals some important internet safety tips to protect seniors from…
  • Can Posting Selfies Online Get You Hacked?

    Peter Nguyen
    9 Apr 2014 | 11:06 pm
    Selfies are a rapidly growing trend, with data indicating that selfies make up nearly a third of all photos taken by people age 18 to 24. Roughly half of all men and significantly more than half of all women have taken a selfie at some point. What many people don’t realize, however, is that these seemingly innocent self-pics can harbor some serious threats. Read on to find out how posting a selfie really can get you hacked, and what you can do to limit these dangers. The Data Contained in a Selfie Most photos taken on a smartphone get tagged with the exact coordinates of the location…
  • How to Keep Your Kids Safe Online

    Robert Siciliano
    8 Apr 2014 | 11:04 am
    Every parent should know all the ways they can keep their kids safe in the online world. In McAfee’s 2013 study, Digital Deception: Exploring the Online Disconnect between Parents and Kids, it was found that: 86% of kids think social sites are safe and post personal information such as their email addresses (50%) and phone numbers (32%) 48% have looked at content their parents would disapprove of 29% of teens access pirated illegal digital media 12% of teens met a stranger online and then in the physical world 54% of kids say their parents aren’t involved in their digital lives at all…
  • How Data Brokers Get Your Personal Information

    Robert Siciliano
    4 Apr 2014 | 10:33 am
    Data brokers have lots of personal information about you; here’s what you can do about that. Ever heard of the term “data broker”?  What do you think that is? Think about that for a moment. Yep, you got it: An entity that goes after your data and sells it to another entity. The entity that gets the data, the broker, is called a consumer data company. They snatch huge amounts of data from individuals all over the planet and sell it. And who wants your personal information? Your information is of significant value to marketers, companies doing background checks and in some cases, and the…
Log in