August 4, 2008

Comments Off on Think before you click “send”

Think before you click “send”

The Internet is littered with countless stories of individuals who sent emails they shouldn’t have or sent emails to unintended recipients. Before you send an email, ensure that it’s only going to go to the intended recipients and think twice about sending it if it could have a negative impact if it was read by […]

Continue reading...

August 2, 2008

Comments Off on GIFAR attack – it looks like an image, but it has a malicious paylod

GIFAR attack – it looks like an image, but it has a malicious paylod

At this week’s Black Hat security conference, researchers will discuss an attack which they’ve coined the GIFAR attack. The attack involves combining a JAR (Java Archive) file with another file, such as a GIF image file (GIF + JAR = GIFAR). The user’s browser would consider the file a valid image file and display it […]

Continue reading...

July 31, 2008

Comments Off on SANS web application security course

SANS web application security course

The SANS Institute is offering their Web Applications Security Essentials course (SEC422) via their @Home (webcast) program. There’s a 40% discount for those who attended their now defunct Web Application Security Workshop in the last 18 months. VCU hosted that course last June and numerous VCU staff attended it. @Home consists of live webcasts, though […]

Continue reading...

July 30, 2008

Comments Off on Application feature – alerting user of concurrent sessions

Application feature – alerting user of concurrent sessions

Earlier this month Google’s Gmail added several new security features to the latest version of Gmail. A user can now see a list of current open sessions associated with the user’s account. See an open session from an IP address you don’t recognize or an access type you don’t use (Mobile for example)? It may […]

Continue reading...

July 28, 2008

Comments Off on Companies collect and share your data – check it for free

Companies collect and share your data – check it for free

Numerous private organizations collect data about you and share it with your creditors, employers and insurers. The Fair Credit Reporting Act requires that the 3 national consume reporting companies (Equifax, Experian and TransUnion) each provide you a free copy of your credit report at your request once every 12 months. You can request all 3 […]

Continue reading...

July 25, 2008

Comments Off on “Spam King” sentenced, but another spammer escapes

“Spam King” sentenced, but another spammer escapes

In a victory for email recipients everywhere, “Spam King” Robert Soloway was sentenced to 47 months in federal prison. Soloway had been accused of violating the federal CAN-SPAM Act. In loosely related news, convicted spammer Edward “Eddie” Davidson escaped from a minimum security federal prison camp in Colorado after serving 5 weeks of a 21 […]

Continue reading...

July 24, 2008

Comments Off on SSN exposure at University of Maryland

SSN exposure at University of Maryland

The University of Maryland mailed parking brochures to 24,000 students with their SSNs affixed to the brochures.

Continue reading...

July 23, 2008

Comments Off on The cat’s out of the bag – DNS flaw details revealed

The cat’s out of the bag – DNS flaw details revealed

Dan Kaminsky’s huge DNS flaw has been revealed.

Continue reading...

July 22, 2008

Comments Off on Distance education required to play Big Brother?

Distance education required to play Big Brother?

A change to the Higher Education Act will require distance education programs to verify that a student who participates in a class is the same person who registered for it.

Continue reading...

July 21, 2008

Comments Off on San Francisco’s rogue network admin

San Francisco’s rogue network admin

A network engineer for the city of San Francisco was arrested and charged with computer tampering for failing to disclose the administrative password for the WAN.

Continue reading...