SLACKWARE ENCRYPTED SWAP

22. January 2013, 21:36 | by WD Milner | Full Article | Comments

When available memory drops below a certain point, the Linux kernel will swap the contents of memory pages to swap space. This content may include sensitive information such as passwords, usernames, PINS, banking or other identity information. This data is usually in plain text and so can be read without effort. Encrypting the system swap space protects its contents against unauthorized access and attack should access to the hard drive be compromised or physically removed.

Categories: ,



INSIDER THREAT MITIGATION

21. May 2012, 22:26 | by WD Milner | Full Article | Comments

Ask any computer professional who works in security what the biggest threat to an information system is and you might be surprised at the answer. It's not outside “hackers”, it is insiders within the organization itself. And the best way to stop these internal attacks is by putting a solid prevention program in place.

Categories: ,



SEASONAL OIL THEFT A RISK

5. February 2012, 10:58 | by WD Milner | Full Article | Comments

Once again winter brings with it the necessity for many to fill their furnace oil tanks and burn an increasingly costly resource in order to keep their homes and organization’s buildings habitable in cooler/colder climates. Given the price of heating oil it is perhaps not surprising, though contemptible, that those with no scruples find profit in stealing it, sometimes by the tankful.

Categories: ,



PASSWORD SECURITY AWARENESS

5. July 2011, 12:13 | by WD Milner | Full Article | Comments

People are increasingly connected to some information network or other, be it the office, at home, an airport lounge or your local coffee shop. With this increased connectivity comes increased risk.

Categories: ,



COMMUNICATING SECURITY

28. May 2011, 15:08 | by WD Milner | Full Article | Comments

In light of recent high profile security breaches , one cannot help but ask: “Are these people asleep at the wheel?” Often Security departments are ignored or played down in the interests of economics. Not only is security expensive, it gets in people’s way and makes then uncomfortable and/or frustrated. The end result of which is that either proper procedures don't get implemented or they fall on deaf ears.

Categories: ,



SECURE SSD ERASURE

1. March 2011, 18:32 | by WD Milner | Full Article | Comments

California researchers recently published a paper at the Usenix conference on File and Storage Technologies that examined the effectiveness of secure erasure methodologies on SSDs (Solid State Disks).

Categories: ,



SHORTENED URLS: A RISKY CLICK

20. January 2011, 17:24 | by WD Milner | Full Article | Comments

Recently security software vendor McAfee Inc. has been warning of the security risk of shortened URLs for use on social media sites such as Twitter.

Categories: ,



MICROSOFT SHORTCUT VULNERABILITY

17. July 2010, 16:34 | by WD Milner | Full Article | Comments

Researchers have discovered a new variation on malware that piggybacks on USB storage devices and takes advantage of an (apparently) unknown security vulnerability in the manner Microsoft Windows processes shortcut files.

Categories: ,



WHEN PASSWORD IS YOUR PASSWORD

7. June 2010, 20:27 | by WD Milner | Full Article | Comments

We have all heard the stories about the folks who come up with long strange secure passwords, and then write them down on a ubiquitous yellow Post-It® style sticky note and place it on their monitors so they won't forget it. Sadly, they are not just stories but are common occurrences. The hardest part of information systems security is not the hardware and software, but accounting for and attempting to control the human factor.

Categories: ,



PRINTER SECURITY - OVERLOOKED LEAK

10. May 2010, 13:51 | by WD Milner | Full Article | Comments

A much overlooked item when considering information security is the printer. Often these printers contain hard drives that retain data even after printing, or in the case of multifunction devices after scanning documents, FAX options that permit sending to anyone, and completed documents left in out and in trays. There are some basic stes that can be taken to help reduce or eliminate security risks associated with printers.

Categories: ,



IS YOUR SWAP FILE LEAKING INFORMATION ?

24. April 2010, 19:02 | by WD Milner | Full Article | Comments

Almost all computer operating systems use some form of “swap file” (sometimes called a paging file) for aiding in memory management and speeding up certain operations. In some systems it is a separate partition on a hard disk drive, rather than a file within the file system.

Categories: ,



DESK SECRETS HYGIENE

4. April 2010, 01:06 | by WD Milner | Full Article | Comments

Messy desks can leak secrets. Working papers and items we use every day can give away secrets, divulge intellectual property, or negatively impinge our privacy and that of others if left laying about in plain view.

Categories: ,



HOME SECURITY

10. August 2009, 17:41 | by WD Milner | Full Article | Comments

Most criminals who do serious break and enter (as opposed to impulse crimes) will “case” the neighbourhood before they choose a residence to burglarize. The overwhelming first choice is an empty dwelling. Anything you can do to make your home occupied while you are away from it will help deter burglars. The following are some useful tips.

Categories: ,



TOP HOME WI-FI ERRORS

19. July 2009, 15:38 | by WD Milner | Full Article | Comments

Research has shown that eighty percent of people with wireless home networks don’t turn on the security features. The biggest reason given is that it slows down the network. Compounding this, most wi-fi routers ship from the manufacturer with security turned off by default. The following are five common security errors made with wi-fi networks.

Categories: ,



RFID INSECURITY REDUX

30. June 2009, 17:30 | by WD Milner | Full Article | Comments

When RFID was starting to become popular a few years ago, those who suggested that there were security problems that were not being addressed (such as reading tags from a distance) were considered, if not part of the tinfoil hat crowd, then perhaps just that wee bit too paranoid. Proponents of RFID laughed at the idea that tags could be read more than a few inches away and that surrepticiously stealing data wasn't possible. Guess what?

Categories: ,



MICROSOFT INJECTS VULNERABILITY INTO FIREFOX

3. June 2009, 17:49 | by WD Milner | Full Article | Comments

Microsoft has done it again. The draconian and sheer corporate arrogance have resurfaced yet again in a Windows Update that surrepticiously installs a FireFox extension that opens wide vulnerabilities in that browser. Not surprisingly Microsoft feels no need to apologize and indeed considers this compromise to system security to be a service.

Categories: ,



TEXT MESSAGING & 911

19. May 2009, 16:45 | by WD Milner | Full Article | Comments

Text messaging continues its growth in popularity as the service and phones which support it become more and more widespread. With this increasing use will come the need for 911 call centres to be able to handle text messages. This has both life-saving potential, and immense challenges for those who man these centres.

Categories: ,



IDENTITY THEFT REDUX

28. April 2009, 17:35 | by WD Milner | Full Article | Comments

About two years ago I did a little piece on identity theft. After a conversation with a friend about lost credit cards, I thought it worth revisiting.

Categories: ,



NEED TO KNOW

23. February 2009, 21:33 | by WD Milner | Full Article | Comments

A long standing and well known concept in many security and intelligence communities is “need to know”. This is the idea that unless there is some specific compelling reson for a person to have access to a piece of information then they should not have access to it.

Categories: ,



ETHICAL HACKING OR ILLEGAL TRESPASS ?

7. October 2008, 18:06 | by WD Milner | Full Article | Comments

An article that recently appeared on the ITBusiness.ca website covered a story about the discovery that some cyber-criminals have obtained log in credentials for thousands of websites, compromising them and using them as a base for further attack vectors elsewhere.

Categories: ,



CISCO PIX FIREWALL GUIDE

31. May 2008, 15:17 | by WD Milner | Full Article | Comments

While looking through some older whitepapers I came across a useful document for those using some of the various models of Cisco PIX firewall. Despite its age it is still useful.

Categories: ,



ARE SECURITY BEST PRACTICES A MYTH ?

23. January 2008, 20:57 | by WD Milner | Full Article

An often used term in business is “best practices”. Generally, this means a commonly accepted, informally standardized set of procedures and policies aimed at a particular goal. But can one really say that the concept can be applied to security?

Categories: ,



SIX STEPS TO BETTER SECURITY

29. November 2007, 16:20 | by WD Milner | Full Article | Comments

While network attacks are expected to rise in 2008, small businesses can protect themselves by implementing some practical steps.

Categories: ,



DEFCON HACKERS OUT DATELINE NBC REPORTER

8. August 2007, 15:28 | by WD Milner | Full Article | Comments

Things got interesting at this year’s DefCon conference when an associate producer with television news magazine Dateline NBC fled Friday after being publicly identified her as an undercover reporter in front of the crowd gathered for a popular conference session.

Categories: ,



FORENSICS INVESTIGATION GUIDELINES

2. May 2007, 19:11 | by WD Milner | Full Article | Comments

When an incident occurs requiring a computer forensic investigation it must be done in the most responsible manner possible. While it is a given that it be done in a legal and ethical manner, it must also be done in an effective manner. The following are some basics guidelines to follow to help ensure that any investigation provides the needed information.

Categories: ,



PITFALLS TO SSID CLOAKING

7. April 2007, 18:07 | by WD Milner | Full Article | Comments

Service Set Identification (SSID) has been frequently used as a method to add another layer of security to wireless LANs. While commonly considered a means to improve security, and indeed a recommended best-practice, it can in many cases actually reduce the effective security of the network.

Categories: ,



ULTRA CERTIFIED OR CERTIFIABLY USELESS ?

13. March 2007, 16:05 | by WD Milner | Full Article | Comments

I recent received a letter from Verisign promoting their new Extended Validation (EV) SSL Certificates. The latest “spin” seems just another way to get companies to jump through more compliance hoops and spend more of their money, most likely ineffectually.

Categories: ,



CORPORATE COERCION

1. March 2007, 16:27 | by WD Milner | Full Article | Comments

Legal threats from manufacturers prevent security researchers from presenting a discussion paper on flaws of radio tag-embedded (RFID) building access ID cards.

Categories: ,



QUICK AND EASY SECURITY CHECKS

24. February 2007, 21:21 | by WD Milner | Full Article | Comments

The Internet can be a wonderful place to find information about many things. The one thing you don't want though is for it to be a place to find out about things you regard as confidential. Here are a few quick and easy ways to check for possible security leaks without ever leaving your chair.

Categories: ,



LOCKING DOWN YOUR WIRELESS NETWORK

17. February 2007, 22:19 | by WD Milner | Full Article | Comments

Most wireless routers and access points are totally insecure out of the box. While fixing that situation only requires a few minutes, it is easy to become lost in the sometimes confusing options of the router’s management tool menus. To help ease the process, the following guide will help you secure your wireless network.

Categories: ,



GHOSTS IN THE MACHINES

8. February 2007, 18:26 | by WD Milner | Full Article | Comments

An ever increasing problem for those enterprises looking for better LAN security are the numerous “ghosts” that are wandering about their networks.

Categories: ,



AN INTRODUCTION TO IDENTITY THEFT

22. January 2007, 18:04 | by WD Milner | Full Article | Comments [2]

While definitions vary, identity theft is generally considered to be “obtaining or using someone's personal information without their consent or in a fraudulent manner for economic gain or other purpose”. Protecting yourself is a matter of awareness of how it happens, how to prevent it and how to address the problem if you become a victim.

Categories: ,



INTERNET EXPLORER 7 BUGGED ALREADY

20. October 2006, 15:10 | by WD Milner | Full Article | Comments

After almost two years of development and over five years since the last major upgrade to the company's browser Microsoft has released Internet Explorer 7. Within hours, a security company warned users of the new browser's first official bug.

Categories: ,



RETAIN OR DELETE

17. October 2006, 22:06 | by WD Milner | Full Article | Comments

Which electronics records should you save; which are you required to save; and which should you delete? The retention of data or it's permanent deletion are flip sides of a coin that all companies must increasingly deal with. Beyond legal and ethical considerations, it is also a critical storage and security issue for any IT department.

Categories: ,



OF SPAM & SPAMMERS

27. September 2006, 16:47 | by WD Milner | Full Article | Comments

Spammers harvest e-mail addresses wherever they can. Here are some of their techniques, and some tips to help alleviate the load on your in-box.

Categories: ,



DECISIONS, DECISIONS

24. August 2006, 12:55 | by WD Milner | Full Article | Comments

While it may be startling to some it comes as no surprise to those working in the IT security field that the executives most influential in security decision making are not those who are most supportive of security spending. This tends to have the perhaps inevitible effect of insufficient funding for IT securiity to be as effective as it could be.

Categories: ,



LAPTOP, NOTEBOOK ... TARGET!

22. August 2006, 20:26 | by WD Milner | Full Article | Comments

A recent spate of laptop thefts have returned to the spotlight a problem that has existed for as long as there have been laptop computers - theft of same. You would think that after approximately 20 years of use that individuals and business would have learned and this would not be such a serious issue. Sadly that is seldom the case.

Categories: ,



NOVA SCOTIA’S IT IN-SECURITIES

27. July 2006, 13:21 | by WD Milner | Full Article | Comments

Incidents documented in a report by Nova Scotia’s Auditor General, Jacques Lapointe would be enough to get any IT administrator in the private sector shown the door. After less than six months in the position, Nova Scotia’s new Auditor General has found major IT related bungling. Unfortuantely, in this province this will not provoke the outrage and reaction from government that it should.

Categories: ,



ISO & SECURITY

12. May 2006, 15:10 | by WD Milner | Full Article | Comments

While much discussion has occured surrounding the general inability to prevent cyberattacks, the addition of new technology at best impede attackers and forces them to find other approaches. A recently approved ISO specification may help some organizations.

Categories: ,



GELATIN PASSES BIOMETRICS

1. August 2002, 19:12 | by WD Milner | Full Article | Comments

Japanese cryptographer Tsutomu Matsumoto recently demonstrated the vulnerabilities in current fingerprint recognition systems.

Categories: ,



CONSCIENCE OF A HACKER

10. October 1991, 22:28 | by WD Milner | Full Article | Comments

The Hacker’s Manifesto was written by a ‘hacker’ named Loyd Blankenship (aka The Mentor). The first time I encountered the Manifesto was its initial publication in Phrack Magazine (Volume One, Issue 7, Phile 3, January 8, 1986). Since then it has found its way first across the electronic bulletin board systems (BBS) of the world, and then across the Internet. It has been translated into many languages and has even seen dissemination in a very abbreviated, abridged and somewhat reworded form by Hollywood in the movie Hackers. One can only hope that permissions, credit (and royalties) for its use were accorded to Mr Blankenship.

Categories: ,


Article Category: Security


Comments are not enabled for all articles or documents.


Categories

Business
Communications
Electronics
Entertainment
Environment
Government
Internet and WWW
Miscellany
Music and Audio
News
Photography
Privacy
Psychology
Security
Society and Culture
Stage and Screen
Technology
Theology
Tips and Tricks
Web Design
Web Site


The Birches - Milner.ca Support Child Safety Online

 

 
 
 Help to FIGHT spam!
 • 
  •
•••