Search This Blog

Wednesday, February 23, 2011

(C) 3 weeks until BSides Austin !!! InfoSec / Hacker Con

Come help us 'Keep Security Weird' !! FREE for attendees... Register at...

#InfoSec #BSides

(F) Parental filtering and monitoring solutions

If you want to filter and monitor your kids Internet access, read up on these top solutions... Don't forget Norton Internet Family and OpenDNS too.

Parental Control software review


Saturday, February 19, 2011

(W) Do you use ATM's?..

So what is wrong with one of these pictures? Can you find the two things wrong with one of these ATM's?

Brian Krebs Blog

Friday, February 18, 2011

(I) Security Blog awards from RSA 2011

If you are looking to follow some good sources of Information Security, then these award winning and runner up Blogs and RSS feeds I would recommend.

RSA 2011 Blog winners

Thursday, February 17, 2011

Google adds Two-Factor authentication to Gmail

Google has added Multiple-Factor authentication for users of Gmail and Google Apps, other Google services too.

Using your Cell phone, Google will call your cell and read you a 6 digit code that you enter after you have already entered your username and password. This solution adds 'something you have' (your cell) to the ’something you know' (username and password) to improve your Google account from being attacked by brute force password guessing and any weak passwords you might be using.

Someone with your username and password would be unable to login to your Google account without your cell phone once activated.

Similar to Verisign/Symantec VIP solution for eBay & PayPal there is an App for your smart device as well. Check out Google Authenticator for your iDevice, BlackBerry and Droid.

Google Authenticator How to enable Help

SC Magazine article on Ggogle's new authentication method

(F) Two good websites for Internet Security for the layman

Here are two websites for users interested in learning more about computer security that they may hear about or read about in Blogs such as mine. These sites do a good job explaining Internet Security related issues for the basic top advanced user to help protect you and your family.

Kids Safety
And more

GetNetWise website

OnGuard Online website

Wednesday, February 9, 2011

(W) Warning mobile phone users

It seems many developers of mobile apps are not following best practice of securing your user information... Like banks.

Master card recently published some info about their API that clearly shows they store your username and passwords on your mobile phone.

Why should you care? Well because what if you lost your phone or iPad? Your information may be stored in such a way that a person can obtain it fairly easily...

Why do they need to store this information? Ease of use is what they will tell you. In reality you can store information on a device securely and still have ease of use, the developers just refuse to practice this art of coding, not because it is hard, but most likely because it is fast, easier and they may not care about security or think you don't.

I can tell you that Malware is coming to your mobile device and if these financial institutions don't care, you should. Would you feel OK about giving a stranger your Bank Account number? Why not? (assuming it was NO Fin WAY). Apps that store usernames and passwords should do so in a secure fashion and they don't.

I have seen Dan Cornell from Denim discuss iPhones, Eric Monti with Trustwave Spiderlabs also discuss iPhones and MJ Keith discuss Droids and I can tell you that simple code can sniff off what is coming and going or stored on your phone if the developers have not done it well and securely. Worse.. It is fairly easy...

I discovered my Bank stores my account number on my phone and so I did a test to get rid of it... I deleted the App, did a hard reset and reinstalled the App... My account number was still in the login field. But I uninstalled the app and revolted the device????

Clearly the developers did NOT do it correctly. I will write more as I investigate this and see how vulnerable my Bank App is and what they say when I call them.

Monday, February 7, 2011

Security BSides Austin 2011 only 4 weeks away!!!

Hurry and reserve your FREE spot(s) for BSides Austin March 11th-12th.

It is shaping up ! All registrants will get a YubiKey !!!

The schedule for the AppSec Guerilla Camp has also been posted.

AppSec Guerilla Camp info and schedule

KeepSecurityWeird website

BSides Austin Wiki site

Registration page

Speakers and submitted papers page