Monthly Archives: September 2011

CVE-2011-3002 (firefox, seamonkey)

Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 7.0 and SeaMonkey before 2.4, does not validate the return value of a GrowAtomTable function call, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger a memory-allocation error and a resulting buffer overflow.

Paul’s Security Weekly – Episode 259 Part 1 – September 15th 2011

Dino Dai Zovi Interview:

Elie Bursztein talks about An Analysis of Private Browsing Modes in Modern Browsers:

Episode 259 Show Notes

Episode 259 Part 1 Direct Audio Download

Episode Hosts:

  • Paul Asadoorian
  • John Strand
  • Larry Pesce
  • Carlos Perez
  • Darren Wigley
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Tips for Small Businesses from a Cyber Security Expert

    The Internet offers small businesses a competitive advantage in a tough market thanks to the exposure they receive online. However, while they can compete with larger businesses online in terms of marketing and visibility, their IT budgets and security efforts simply can't keep up. Cybercriminals realize that small businesses are easy targets because they are less likely to have a security plan in place. Here are tips for small businesses from a cyber security expert whose personal mission is to secure organizations by creating solutions to unique and complex computer problems.

    Create an Internet Policy
    One of the best ways to keep critical data protected is by establishing guidelines and boundaries for employees, no matter how small the organization may be. An Internet use policy lets employees know what software and files are okay to download, how to create strong passwords, and which websites cannot be viewed while surfing the Web. Any security expert would agree that letting employees know their responsibilities when it comes to using the Internet is the first step towards a comprehensive security plan.

    Install the Latest Anti-Virus Software
    Most new computers come with anti-virus and anti-malware programs installed. However, an experienced cyber security expert recommends going above and beyond these basic software packages by purchasing a comprehensive security suite. Not only do they detect threats, but they automatically repair the system every time viruses or malware is detected. According to a computer security specialist, increasing the protection of critical data by paying for additional safety features is worth the investment because it brings small business owners the peace of mind they need.

    Secure Wireless Connections
    Some business owners do not secure their wireless connections because they don't realize how important this step is when it comes to protecting the company's information. If they had the same knowledge and experience as a trained cyber security expert, they would realize just how serious this threat is. Here are a few simple steps business owners can take to secure these connections:
    • Change passwords regularly
    • Add a VPN service
    • Limit access to the network

    Security Expert Advice: Choosing Strong Passwords

    So far, 2011 has been a big year for cyber-attacks. American businesses and the United States government were the targets of hackers who stole credit card information, took down websites, and deleted military files. These attacks sent companies and government agencies scrambling to explain how their data was stolen, compromised, or lost. It also forced them to examine their computer security practices. As they attempt to pick up the pieces, security experts are using these events to emphasize the importance of good risk management – namely preventing targeted attacks against companies before it's too late. One way of increasing cyber security is by creating strong passwords. Here are tips for protecting your personal or professional digital identity, straight from a computer security specialist.

    • Use a combination of letters and numbers – never use only one or the other.
    • Stay away from using names of spouses, children, or pets.
    • Use a bizarre combination of words that only you would remember.
    • Don't use your phone number or birthday – these are considered "weak" passwords.

    Just about everyone has at least one password; some people have upwards of ten. According to technology writer Clive Thompson, "the truth is we humans are pretty bad at remembering characters that make for a really strong password." For people who need multiple passwords, remembering just one would be easier but such a shortcut is also dangerous. As difficult as it may be, the importance of choosing a unique and complex combination of letters and numbers cannot be emphasized enough. Any experienced security expert will tell you that weak and non-existent passwords are partly to blame for online security breaches, so your safety depends on generating a strong password for each different account.

    Tips for Using an Expert Witness Effectively

    In our culture we are urged to "trust the expert" – even in a court of law. The simple fact that the testimony of an expert witness is admissible in a trial shows how much we value the opinions of people who are considered authorities in their fields. This can have a very persuasive effect on a case, as long as the experts are carefully chosen and thoroughly prepared. Here are some tips for using an expert witness successfully.

    • Examine the case and determine what kind of expert you need.
    • Search trade organizations, referrals, and the Internet for expert witness options.
    • Analyze potential experts based on the following: reputation, experience, qualifications, scholarly work
    • Choose as many as necessary, and make sure to fully understand their opinions.
    • Help the expert witness become familiar with the case.
    • Work with the expert on his or her report through guidance, but it should reflect his or her own opinions.
    • Prepare the witness for examination.

    From selection to a successful testimony at trail, there is a lot of research and preparation that goes into finding the best expert witness. Just because a person has a lot of experience in his or her field doesn't necessarily mean he or she has what it takes to deliver a successful expert witness testimony. Interview every option and spend time talking with them to find experts who have pleasing yet firm personalities and perform well under the highest degree of pressure.

    Paul’s Security Weekly – Episode 258 Part 2 – September 8th 2011

    Paul, Larry, Jack, and the gang talks about the latest news for the week, including APT, cyber criminals, SSL, and how to pick a good password (Just kidding, we actually did talk about stuff that you may care about):

    Episode 258 Show Notes

    Episode 258 Part 2 Direct Audio Download

    Episode Hosts:

  • Paul Asadoorian
  • John Strand
  • Larry Pesce
  • Jack Daniel
  • Darren Wigley
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Paul’s Security Weekly – Episode 257 Part 2 – September 1st 2011

    Drunken Security News for episode 257 features SSL certs gone wild, attacking the PHY layer, undercovering social media, and more!:

    Episode 257 Show Notes

    Episode 257 Part 2 Direct Audio Download

    Episode Hosts:

  • Paul Asadoorian
  • Carlos Perez
  • Jack Daniel
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Travel Tips from a Security Expert

    Most businesses recognize the critical need to implement security measures in the office. Now that people can connect to wireless networks through their mobile devices, new technologies are breaking down office walls. And according to any security expert, this raises serious concerns. Businesses whose employees travel, work from home, or simply view important documents on their laptops or smartphones anywhere they go are exposing critical data to hackers, cybercriminals, and other security breaches. Here we will focus on tips for staying protected while traveling, straight from a computer security specialist.

    Backup your mobile devices – including laptops and cell phones – before taking that important business trip. If you have any important information stored on them that you won't need during the trip – don't bring it with you. When you return you will be able to put any and all of this data back onto your devices if necessary.

    Any security expert will tell you to make sure your anti-virus software is current. This will prevent your devices from being infected by dangerous viruses and malware that can damage your system and affect important data files. It is important to have this software enabled during the entire trip. Taking a vacation from your anti-virus security software is a mistake that can cost you critical information, or worse – your job.

    Use a hard-wired connection whenever you can. Sure wireless networks are convenient, but they carry a higher risk of security breaches. Many hotels come equipped with a cable you can use, but if you don't see one in the room, ask the front desk. If you must use a wireless connection, either at the hotel or in the airport, only use encrypted hotspots for maximum protection.

    Important Qualities in a Data Security Keynote Speaker

    When it comes to corporate events, conferences, and retreats, nothing is worse than a boring guest speaker. Unless the audience is properly informed and entertained, the message could fall flat, causing the entire event to lose steam. In order to keep the momentum going during these events, it's important to choose a keynote speaker who is credible, professional, and charismatic all at the same time. Here are some of the things to look for in an effective data security keynote speaker to maximize the impact of your next big event.

    Experience:

    Dr. Eric Cole has extensive experience as a cyber-security expert. He has over 20 years of hands-on experience in the industry, in which he thrives on creating new companies, organizations, and products. Dr. Cole is an expert witness in cyber security, which is a testament to his broad background in the computer world as well as his professional and approachable demeanor in everything he does. This experience has helped him become a knowledgeable keynote speaker who can turn complex topics into simple concepts.

    Entertain:

    The key to an effective guest speaker is being able to entertain an entire room while remaining professional, credible, and knowledgeable. Taking a potentially boring topic like Internet security and turning it into an interesting presentation isn't easy, but Dr. Cole is able to bring technology topics to life. Full of practical information based on his personal experiences, Dr. Cole's presentations continue to captivate audiences and inspire people to apply his solutions to their everyday lives. Read some of the sample topics he has addressed during his career as a data security keynote speaker by clicking here.
    If you are looking for a guest speaker who can provide practical solutions to complex business problems, contact Dr. Eric Cole. As an experienced data security keynote speaker, his meaningful presentations can help your organization embrace technology in a safe, secure, and beneficial way.

    Paul’s Security Weekly – Episode 257 Part 1 – September 1st 2011

    In this episode's first part we interview Don Bailey on Hacking Cars with "War Texting":

    Then onto Hacking Prisons with John Strauchs, Tiffany Rad, & Teague Newman:

    We also talk about "Sneakers"!

    Episode 257 Show Notes

    Episode 257 Part 1 Direct Audio Download

    Episode Hosts:

  • Paul Asadoorian
  • Carlos Perez
  • Jack Daniel
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Paul’s Security Weekly – Episode 256 Part 2 – August 26th 2011

    In Part 2 we discuss Apache DoS, HP problems, UPnP hacking tool, no black and white security, customizing Nessus scanners, Paul agrees with Gartner, Senior moments with Jack Daniel

    Episode 256 Show Notes

    Episode 256 Part 2 Direct Audio Download

    Episode Hosts:

  • Paul Asadoorian
  • Carlos Perez
  • "Intern Ian"
  • Jack "I have senior moments" Daniel
  • Darren "The Sound Man" Wigley
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds:

    Paul’s Security Weekly – Episode 256 Part 1 – August 26th 2011

    Mark Russinovich is a Technical Fellow in Windows Azure, Microsoft's cloud operating system group. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006 and is author of the high tech thriller Zero Day: A Novel. We interview Mark in this segment, and kill some bugs:

    Episode 256 Show Notes

    Episode 256 Part 1 Direct Audio Download

    Episode Hosts:

  • Paul Asadoorian
  • Carlos Perez
  • "Intern Ian"
  • Jack Daniel
  • John Strand
  • Darren "The Sound Man" Wigley
  • Tune in to Paul's Security Weekly TV episodes on our Bliptv channel.

    Audio Feeds:

    Video Feeds: