Security Balancetrying to bring balance to the Force |
 |
According to the InfoWorld:
German bank fights phishing with electronic signaturesPostbank to begin attaching electronic signature to all e-mail correspondence with customers
By John Blau, IDG News Service
March 30, 2006
German retail banking giant Postbank AG, the target of several phishing attacks, aims to curb the theft of online personal information with the help of electronic signatures.
The bank [...]
I’ve just read a very good article about Why Phishing Works. I’m glad that some of my personal thoughts on the subject were confirmed with the study presented in the text. I’ll try to find some time and to recover some of my ancient programming skills to develop an anti-phishing toolbar Proof of Concept. I [...]
I”ve just read a very good article about doing security evaluation of IT products . I liked this part specially:
“9. Do not be sorry for a vendor.There were projects when our evaluation results literally made people cry and beg to buy their products. One vendor even offered a 100K product for free, so they could [...]
It’s the second time in this year where we have a known vulnerability that can be used to install malicious code on users’ computers without a released patch. Just remember that almost all big companies rely on the “Patch Management + Antivirus” formula to avoid this threats.
What would be a big threat for those companies? [...]
It was recently announced that the x.805 standard became also ISO18028-2. It’s a network security standard. It was presented to me by my friend Nelson Correa. It was written by people related to the telecom world, and it’s very similar to other telephony standards, with all its planes, dimensions, etc.
Anyway, I think it’s a great [...]
Yesterday I was looking the access log from this blog and noticed a sudden increase on the number of visits. I thought about what could have caused this and today my hypothesis was confirmed.
Thanks Martin McKeay for mentioning the blog in the Network Security Podcast of this week! It was the starting push I was [...]
There are lots of news in the last days about trojans targeting bank customers. Although they are making noise because of their ability to capture authentication data, I still think this is nothing very different from what was being predicted for a long time.
My main concern is with code that still has not appeared. [...]
I usually don’t like to spread FUD by asking people to leave IE and migrate to this or that browser. However, I must admit that today it’s more secure to NOT use IE.
I think there’s a difference that comes from the market share and from the amount of “haters” that MS has. People with intention [...]
I have installed an interesting application – BlogJet. It’s a cool Windows client for my blog tool (as well as for other tools). Get your copy here: http://blogjet.com
“Computers are incredibly fast, accurate and stupid; humans are incredibly slow, inaccurate and brilliant; together they are powerful beyond imagination.” — Albert Einstein
From Schneier’s blog. Not only this solves the wrong problem, according to Schneier, but it also shows that governments are victims of VERY bad Infosec advisory. It’s quite common to see defense department people responsible for advising on these matters. There are lots of trivial relationships between real warfare and information warfare, but assuming that [...]
