BreachBytes

On BreachyBytes we most frequently focus on network security for enterprise networks. However I did stumble across an interesting article on Continuity Central that did a nice job breaking down the top ten threats to small and medium-sized businesses. Although these points are relevant to smaller businesses I think that many are applicable to large enterprises and home users as well. Here is their list:

1. Insiders
2. Lack of contingency plans
3. Unchanged factory defaults
4. The unsecured home
5. Reckless use of public networks
6. Loss of portable devices
7. Compromised WebServers
8. Reckless web surfing
9. Malicious HTML e-mail
10. Unpatched vulnerabilities open to known exploits

Read the article for more information.

In case you missed it, Google has their own browser called Google Chrome. You can read about it in plenty of places but I am specifically addressing the security aspects of the browser. There a two key security benefits provided by Chrome that Google calls Safe Browsing: sandboxing and malware/phising URL detection.

(more…)

According to SC Magazine Australia, MTV experienced a breach compromising the confidential information of over 5,000 employees.

…it appears an employee may have fallen victim to a social engineering trick that allowed a trojan to be installed on his or her machine.”

Interestingly, more and more breaches are as a result of tactics to dupe unsuspecting employees with access to corporate credentials as is the case with this latest breach.

In the end of 2007 we first noted the FastHosts breaches in the BreachBytes links to breach articles. On January 14, 2008, ComputerWorld reported that the seemingly benign and random breach(es) at FastHost - The UK’s largest hosting company - in late 2007 appear to be much worse than originally thought due to the damage that is now happening as a result. Here is the article:

New mass hack strikes sites, confounds researchers

It is interesting to see that the hackers continue to use more sophisticated methods to perform their damage and a variety of the knowledgeable security companies are quoted as not really knowing how to determine which sites were in fact infected.

Poor Salesforce.com.

They continue to be under attack by phishing scams. As a customer I have been satisfied with their responsiveness and continue to root for them. My first sighting of the last Salesforce.com attack popped up my ZDNet.com RSS Feed on 11/06/07. The same day I received an email from Salesforce.com explaining what had happened and what they were doing about it. They offered a surprising level of transparency which, in my mind, showed courage and confidence based on their timely disclosure. Over the intervening days changes were implemented that were mildly inconvenient to the user yet improved the security of the Salesforce.com installation (and more importantly our data).

(more…)