02 Sep Lab Matters - Kaspersky Academy - a platform for connection Ryan Naraine
18 Apr Infiltrate 2011 and Offensive Security Kurt Baumgartner
11 Jan Techfest Mumbai 2011 Costin Raiu
18 Dec Last minute shopping - keep safe! Dmitry Bestuzhev
10 Apr Malware Defence Workshop details David
02 Apr Prepare to meet your malware David
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
Kaspersky Lab is paying a lot of attention to IT security education & literacy development sharing its knowledge & experience actively through its educational program "Kaspersky Academy" which offers unique opportunities for students & young professionals to improve their knowledge of IT security, gain new experience and communicate with industry experts, realize their scientific potential as well as get exciting career opportunities & open the door to the professional world of IT security. Ram Herkanaidu, educational manager, is telling about academic initiatives of the company.
Security researchers from around the world are digesting the weekend's fare at Infiltrate2011, organized by security outfit Immunity. "No policy or high-level presentations, just hardcore thought-provoking technical meat" was promised, and presenters served it up sizzling.The sessions folded in a variety of topics slicing up current offensive security issues with some defensive interest mixed in. Discussions spread from technical wizardry attacking hardened linux kernels to general network exploration and reconnaisance. Infiltrate2011 itself follows somewhat on the Blackhat/Defcon conference model, but reduces the corporate marketing at those conferences. The peer reviewed set of presentations and research sponsored by one of the best known offensive security/penetration testing groups in the business sets the bar high and undistracted for the level of technical content. The final agenda is listed here.
The holidays are nearly here! If you're still searching for the final perfect present, and are thinking of buying online, here's a few practical tips to help keep your last-minute purchases secure:
Using the virtual keyboard prevents Trojans from stealing information which you enter via the keyboard or other input device.
The address bar should have an ‘https’ string before the page address.
Remember - NEVER shop on a page which doesn’t have ‘https’ in the address bar:
or if the padlock is open or broken, or if you get a warning regarding the digital certificate of the page you’re on!
Wishing you safe online shopping and happy holidays!
Following on from last Wednesday's post - if you're interested in attending our Malware Defence Workshop (which includes puzzles like the one shown above!), do contact us on malwaredefence [at] kasperskylab.co.uk and we'll send you a schedule.
Over here in the UK we're launching our Malware Defence Workshop. If you're responsible for corporate security, developing security strategies, or keeping your company network free of malware, this workshop is for you.
We're offering a mix of theoretical, practical and demonstration sessions to give an insight into how malware works – in a secure, risk-free environment.
Topics range from how malware has developed over the years, through propagation methods, Trojans, botnets, ransomware and mobile malware. There'll be sessions on evaluating security solutions, and what the future may hold.
We'll be running the workshop regularly, so if you're interested in meeting malware face-to-face, do contact us for more details.
Roel recently posted about user education. Last week I co-moderated a discussion workgroup at Net Focus UK on 'Building and managing an effective IT security training and awareness program'. I thought I'd share some of the key points that came out of the discussions on the subject of staff awareness as part of an overall security strategy.
Yesterday I took part in a symposium organized by "De Consumentenbond", the Dutch consumer organization.
One of the goals was to get security professionals and users to mingle, which was quite educational for both groups. I certainly encountered some terms that weren't familiar to me, such as "trojan virus" as well as a number of Dutch terms.
It’s clear that some of these terms are being used to simplify security issues, making it easier for end users to get to grips with the topic. But I'm not sure that it will make things easier - not only were some terms translated into Dutch, while others were left in English. When a user wants to search for additional information on a topic, s/he will come up empty handed, as security companies aren’t using these terms.
It's clear that user education is in some ways similar to malware classification - efforts still have to be made in terms of co-ordination and terminology.
The number of phishing scams continues to grow: the Anti-Phishing Working Group recording its highest number of unique phishing web sites ever in June 2006. And, of course, financial services continues to be the biggest target for the phishers.
Clearly the losses from this type of financial fraud are high. But who pays? Well, in a case reported today, the bank did. Bank of Ireland has agreed to compensate customers who fell victim to phishing scams. However, this was a 'goodwill gesture', rather than matter of general policy.
Of course, it's hardly surprising if financial institutions are reluctant to routinely compensate customers in such situations. The key issue for consumers is being able to demonstrate that they have taken adequate precautions to avoid falling victim to phsihing scams, as highlighted by APACS [APACS, the UK payments association] in one of its BankSafeOnline FAQs.
The onus will be on the customer to demonstrate that they have 'acted with reasonable care'. The increasing sophistication of the phishers may make this harder to do.
We all know how complicated it can be to demonstrate that you have 'acted with reasonable care', so we're providing a checklist that should help you. Pin it up on the wall and be sure to follow the recommendations.
We've just received a report of a destructive virus that will wipe all data from the hard disk. We're not the least bit worried though. Why? Well, it's just a hoax.
So what is a hoax? Typically, a hoax takes the form of an e-mail message that carries a warning about the 'imminent danger' posed by a non-existent threat. The aim is to scare users into sending the false warning to their contacts: friends, family, colleagues. Hoaxes cause no direct harm to data. However, a user's well-meaning action in forwarding the message gives credence to the hoax, spreads the fear, doubt and uncertainty even further and clogs up networks with increasing amounts of 'self-inflicted spam'.
Trying to stamp out a hoax can be as difficult as putting out a forest fire: 'successful' hoaxes often come back again and again, like recurrent bouts of malaria. To make matters worse, sometimes a real threat will model itself on the 'look-and-feel' of a previous hoax.
So how do you decide if something's a hoax or not? Here are some general guidelines.