Category Archives: Other

How to Break Into Security, Miller Edition

August 7, 2012

For this fifth edition in a series of advice columns for folks interested in learning more about security as a craft or profession, I interviewed Charlie Miller, a software bug-finder extraordinaire and principal research consultant with Accuvant LABS.

Probably best known for his skills at hacking Apple’s products, Miller spent five years at the National Security Agency as a “global network exploitation analyst.” After leaving the NSA, Miller carved out a niche for himself as an independent security consultant before joining Accuvant in May 2011.

Uptick in Cyber Attacks on Small Businesses

August 3, 2012

38 Comments

New data suggests that cyber attacks aimed at smaller businesses have increased markedly over the past six months, a finding that dovetails with my own reporting on businesses that are suffering six-figure losses from sophisticated cyber heists.

According to Symantec, attacks against small businesses doubled in the first six months of 2012 compared to the latter half of 2011. In its June intelligence report, the security firm found that 36 percent of all targeted attacks (58 per day) during the last six months were directed at businesses with 250 or fewer employees. That figure was 18 percent at the end of Dec. 2011.

Banking on a Live CD

July 12, 2012

133 Comments

An investigative series I’ve been writing over the past three years about organized cyber crime gangs using malware to steal millions of dollars from small to mid-sized organizations has generated more than a few responses from business owners concerned about… Read More »

How to Break Into Security, Schneier Edition

July 2, 2012

41 Comments

Last month I published the first in a series of advice columns for people who are interested in learning more about security as a craft or as a profession. In this second installment, I asked noted cryptographer, author and security rock star Bruce Schneier for his thoughts.

I regularly receive e-mail from people who want advice on how to learn more about computer security, either as a course of study in college or as an IT person considering it as a career choice.

Adware Stages Comeback Via Browser Extensions

May 21, 2012

14 Comments

The Wikimedia Foundation last week warned that readers who are seeing ads on Wikipedia articles are likely using a Web browser that has been infected with malware. The warning points to an apparent resurgence in adware and spyware that is being delivered via cleverly disguised browser extensions and plugins that are bundled with other software or foisted in social engineering schemes.

Avast Antivirus Drops iYogi Support

March 15, 2012

69 Comments

iYogi Refers to Incident as ‘Tylenol Moment’ Avast, an antivirus maker that claims more than 150 million customers, is suspending its relationship with iYogi, a company that it has relied upon for the past two years to provide live customer… Read More »

Hackers Offer Bounty for Windows RDP Exploit

March 15, 2012

16 Comments

A Web site that bills itself as a place where independent and open source software developers can hire each other has secured promises to award at least $1,435 to the first person who can develop a working exploit that takes advantage of newly disclosed and dangerous security hole in all supported versions of Microsoft Windows.

That reward, which is sure to only increase with each passing day, is offered to any developer who can devise an exploit for one of two critical vulnerabilities that Microsoft patched on Tuesday in its Remote Desktop Protocol (RDP), designed as a way to let administrators control and configure machines remotely over a network.

Double the Love from Friends and Enemies

March 4, 2012

31 Comments

KrebsOnSecurity.com earned two honors this week at the RSA Security Conference. For the second year running, it was voted the blog that best represents the security industry by judges at the Social Security Bloggers Awards. I was also recognized for the Security Bloggers Hall of Fame award, alongside noted security expert Bruce Schneier.

Microsoft AV Flags Google.com as ‘Blacole’ Malware

February 14, 2012

13 Comments

Computers running Microsoft’s antivirus and security software may be flagging google.com — the world’s most-visited Web site — as malicious, apparently due to a faulty Valentine’s Day security update shipped by Microsoft.

Not long after Microsoft released software updates to fix at least 21 security holes in its Windows operating system and other software, the company’s Technet support forums lit up with complaints about Internet Explorer sounding the malware alarm when users visited google.com.

The alerts appear to be the result of a “false positive” detection shipped to users of Microsoft’s antivirus and security products, most notably its Forefront technology and free “Security Essentials” antivirus software.

Happy 2nd Birthday, KrebsOnSecurity.com!

December 29, 2011

48 Comments

I’m taking a short break from some year-end downtime to observe that KrebsOnSecurity.com turns two years old today!