03 Jun Security policies: portable applications Kirill Kruglov
23 Sep Turbulence in the blogosphere Roel
14 Apr Blogging bad for you? David
26 Oct Welcome to the Weblog Eugene
26 Oct Secure blogging Costin Raiu
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
Everyone has their own preferences in choosing applications: a favorite browser or instant messenger, media player or email client, etc. Many users are so accustomed to them in everyday life that they feel uncomfortable without access to their favorite programs at work or in college. As a result, they come to use the portable applications which we will discuss in this article.
Portable applications, stored on removable media, are very convenient: they need no installation and can be used in almost any environment. For users, this means their favorite tools are always at hand, and ready to do anything from playing movies and music to analyzing and restoring the system.
However, such applications can also pose a threat to information security. Users who do not have local administrator rights cannot install software on the PC, but they can bypass this restriction by taking advantage of portable applications that do not require installation. Since these applications are mobile and are stored on removable media, they often go undetected by auditing applications on the LAN. This makes it more difficult to investigate incidents related to the use of portable applications as the information about removable media and software installed on it is often unavailable to the IT security specialists.
An analytical company engaged in processing large amounts of personal information offered part-time work to students and non-IT-specialists: a couple of days a week they would transfer data from paper into electronic forms, recheck the available data for errors and contact people for further information.
It's been a bit of a bumpy ride in the Dutch blogosphere over the last couple of days.
One blog - www.geencommentaar.nl - decided to set up something I like to call a 'web 2.0 honeypot' in the form of a petition. The idea behind this was to attract the attention of the biggest blog in the Netherlands - www.geenstijl.nl - and get GeenStijl readers to comment.
GeenCommentaar logged the IP addresses of users who made offensive comments on the blog and created a database. (A lot of the offensive comments came from GeenStijl users). Other bloggers could then check the database to see if a particular IP address had been tagged as offensive. Supposedly the idea behind this was to make life easy for other site/ blog owners, by offering an automatic way to filter out (probably) unwanted comments/ content.
Weblogs are springing up all over the place, on every topic under the sun. And not surprisingly, blogs have drawn the attention of virus writers as a new way of infecting computers. A recent report shows that blogs are being used to install viruses, keyloggers and other malicious code.
So should we close our blog? Or tell you to stop reading weblogs altogether?
I don't think so. But weblogs are a potential threat, so here are our guidelines on how to protect your computer.
In short: use the latest anti-virus protection and be very very careful who you trust...
Welcome to the Weblog. The world of malware is technically complex, full of incident and mal-innovations, and keeps growing. The computer underground is looking for new intrusion and infection technologies. On the other hand the anti-virus companies keep developing protection. The e-arms race goes on full speed. We are here to explain the details.
Welcome to the Weblog. Hackers have mastered social engineering, cheating, fraud and phishing. They want to watch you from inside of your computer - we are here to inform you about most "successful" ways they do that. We'll help you to be more protected today, than yesterday.
Welcome to the Weblog. The software giant(s) are under attack. The complexity and flexibility of networks, operating systems and applications are searched and abused by the hackers, virus writers, spammers and advertisers. The vendors do their best to release patched products, to install new and better walls against the flow of malware. We are here to present our expertise about these changes.
Welcome to the Weblog. You're looking for answers? You're afraid of being hacked? Our ideas will help.
Finally, we're here! A weblog from the international antivirus lab at Kaspersky, with news, interesting details, top level security information and from time to time, even pictures! :-)
While on the subject of blogging, I have to say that posting to this weblog is probably one of the most complex (and secure!) online processes I've seen. IP-based authentication, public/secret key pairs, passwords plus a few other extra security protocols which I cannot disclose. Just the way a proper security product should be. (grin)
Speaking of security and weblogs, there's a new popular exploit on the internet targetting WordPress, maybe the most powerful weblogging software out there. This vulnerability is fixed by the WordPress 1.2.1 release, so if you are an WordPress user, make sure you run the latest update.