Ironpaper Current: Web design, online marketing, internet news, security and business online
Ironpaper on LinkedIn



RSS: Ironpaper, Current

  • Ironpaper: Current

    Internet strategy, web design, web security, cross-platform and website technology, online business development and web campaigns, SEO, SEM and online marketing topics.

  • Featured Service

    Web design for business success.

  • Tags

    analysis branding business collaboration design ecommerce economy Flash intelligence internet Internet engineering Internet gaming iphone IT jobs law Malware marketing mobile development New York City online advertising publishing security seo social media software technology telephony video web web browsers web design web development web development web hosting web search website web traffic

  • Recent Posts

  • Archives

    • Other Ironpaper blogs:
    Design & Development Tips
    Ironpaper updates

    Posts Tagged ‘security’

    « Older Entries

    Mobile security health poor in Europe, Morocco and Thailand, researcher finds

    Sunday, December 25th, 2011

    Recently, a mobile security expert, Karsten Nohl, revealed that many mobile network operators provide poor security for consumers againstunlawful surveillance and identity theft in Europe, Morocco and Thailand. His work spanned 11 countries and showed that he was able to hack into mobile conversations and texts, as well as imitate the account identities of mobile users using a cheap, Motorola cell and some free decryption software.

    Mr. Nohl also stated that operators could quite have easily fixed such security vulnerabilities with a simple software patch. Only two of the operators that he studied, T-Mobile in Germany and Swisscom in Switzerland, had taken steps to improve the security of their mobile and data services, which are simple and low cost procedures.

    Source: NY TIMES, DEC 25, 2011

    URL: http://www.nytimes.com/2011/12/26/technology/26iht-hack26.html

    Tags: ,
    Posted in Industry News | Comments Off

    Before patch, a work-around for Win32k TrueType font parsing engine

    Saturday, November 5th, 2011

    Microsoft has issued a work-around for the attack against the Win32k TrueType font parsing engine, which is an advanced piece of malicious software still undergoing analysis by researchers.

    As Microsoft builds a patch for the vulnerability, they have issued a temporary work-around to “blunt” attacks against the Win32k TrueType font parsing engine–Duqu attacks. This attack can be delivered by a malicious Microsoft Word document, which could easily be sent as an email attachment or distributed by a website download.

    Microsoft’s workarounds are a few lines of code that run at an administrative command prompt. But, by running the code, it would cause some  applications that rely on embedded font technology to not run correctly or display properly.

    The workarounds apply to Microsoft’s XP, Vista and 7 operating systems as well as to various Windows Server products.

    Tags: ,
    Posted in Industry News | Comments Off

    Privacy concerns abated for Google Analytics bug on exit pages

    Thursday, October 27th, 2011

    Alex Moss discovered a bug with Google Analytics within the “Landing Pages” > “Exit Pages” reports will result in calling (not the expected data but) a random website. A Google spokesperson confirmed that what Alex Moss discovered was, in fact, a bug. The company however is convinced that there is no privacy concern with the bug and that the website that is shown is entirely random.

    Google said: We are aware of a potential issue where some users who click to open pages in their Content Reports via the icon in Google Analytics are seeing random domains rather than the website being tracked in their account. No private information is being shared during this process. Our team is working hard to fix it.

    The bug was fixed the same day.

    Tags: ,
    Posted in Industry News | Comments Off

    XML encryption may have weakness exposing API data

    Sunday, October 23rd, 2011

    Researchers have recently proven that a vulnerability in XML Encryption provides a chance for attackers to gain access to sensitive information in API applications. XML Encryption is used in securing data shared between Web services by many businesses and web applications.  Researchers from the Ruhr University of Bochum (RUB) in Germany have created an attack method that would expose data that was assumed to be secure using DES (Data Encryption Standard) or the AES (Advanced Encryption Standard) in CBC (cipher block chaining) mode.

    SOURCE: 10/19/2011 – rub.de -  http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de

    Tags: ,
    Posted in Industry News | Comments Off

    How popular will QR codes be for malware developers?

    Saturday, October 22nd, 2011

    QR codes are being popularized by companies all around the world, yet studies suggest that consumer usage isn’t so hot. According to a study by Toluna Quick, only 31% of UK users and consumers knew what QR codes were. Also in that study, only 19% of consumers actually scanned a QR code on their mobile device. A similar study by Simpson Carpenter revealed that only 11% of consumers actually used QR codes. Also, according to a survey by eConsultancy.com, only 64% of consumers have an idea of what a QR code is used for.

    Despite these numbers, companies are forging ahead with the use of QR codes, which will certainly expand their popularity through exposure. There is another hurdle in the way of QR codes popularization. As they become more popular, they could easily be used as a vector of attack against consumers or to further the spread and infection of malware programs. According to the International Business Times, in an article QR Codes May Contain Malware, Kaspersky Lab has discovered the first known incident of QR code tampering. The incident occurred in Russia in Sept 2011, where  mobile internet users were tricked into believing they were downloading a new Android app called Jimm, but the application instead caused the phones to send numerous SMS codes to a premium rate number (similar to 900 numbers) that charged for each message–about $6 for each text.

    Tags: , ,
    Posted in Industry News | Comments Off

    Germany doesn’t like the Like button

    Monday, August 22nd, 2011

    Germany flag facebook like - privacy for website users

    The German Independent Center for Privacy Protection (ULD) cited privacy violations and banned the Facebook Like button in the German state of Schlewsing-Holstein. The center called for the Facebook Like button to be removed. The ULD assert that the technology violates the the Telemedia Act and the Federal Data Protection Act in that it transfers data back to the US and out of German jurisdiction. Additionally, they claim that the button illegally tracks users’ web habits.

    Essentially, this order calls for users, web designers and webmasters to shut down their fan pages on Facebook and remove social plug-ins such as the “like”-button from their websites. The German Government-issued press release also specifically points out that Facebook’s web analytics tracking which tracks users of the plug-in for two years does adhere to EU or German standards of privacy protection. The center also cautioned users to not click on the Like button or set up Facebook profiles.

    Fines for violating this new law could reach TMG at 50,000 €, and the deadline for responding is September 2011.

    Source: ULD an Webseitenbetreiber: “Facebook-Reichweitenanalyse abschalten” – 19.08.2011 – P R E S S E M I T T E I L U N G
    Web source: https://www.datenschutzzentrum.de/facebook/

    Tags: , ,
    Posted in Industry News | Comments Off

    US military taking cyber security lessons from the private sector

    Sunday, July 17th, 2011

    As evidenced by a new document from the DOD, DEPARTMENT OF DEFENSE STRATEGY FOR OPERATING IN CYBERSPACE, published July 2011, the US military is taking “learning lessons” from the private sector in cyber security, agility, lifecycle management and supply-chain protection.

    The new agenda calls for copying attributes in the private sector, including best practices for securing networks.

    “DoD will integrate the private sector’s continuous renewal method to harden its own computing devices and sustain its cyber hygiene best practices.”

    In addition, the new initiative relies on the private sector for meeting some of it’s goals. This may include a working relationship between ISPs and the government–helping to mitigate risks that affect military networks.

    Additionally, to advance the modernity of it’s approach, the military will shorten the lifecycle for network infrastructure to come in line with common private industry practices–from the previous 7-8 years to now 12-36 months.

    Tags: , ,
    Posted in Industry News | Comments Off

    Is Secure DNS an answer to our Internet insecurity woes?

    Saturday, June 25th, 2011

    Problems with Internet security are becoming a common occurrence for governments, large corporations, non-profits, small businesses and individuals alike.

    In Singapore this week, a small but global gathering of security researchers to began the launch of an approach to online security, which will ultimately require the participation of governments and businesses world-wide. The approach is intended to make the Internet and email more security by validating the identity of communications by passing and guiding requests through through highly secure servers. These servers would be highly guarded fortresses that would help to provide confidence in the identity of the communicating entities.

    This security framework could be adopted by the US this coming Spring as it attempts to create a system of “trusted Internet connections (TIC).”  The purpose of this US Government project (Trusted Internet Connections (TIC) Initiative) will be to  optimize and create standards for the security of individual external network connections.

    Tags: ,
    Posted in Industry News | Comments Off

    Database security breach at Sega

    Sunday, June 19th, 2011

    Sega, the video game company, reported a database intrusion with approximately sensitive information on about 1.3 million customers may have been compromised.

    The comprised database was on the Sega Pass website, and the compromised information included customer names, dates of birth, e-mail addresses and encrypted passwords. The company noted that the customer passwords were not stored in plain text. Even though the passwords were encrypted, it is recommended that users who maintain the same user/passwords across multiple websites change update their access information for all sites.

    Sega sent an email to Sega Pass registered users informing them of the data breach.

    Tags: , ,
    Posted in Industry News | Comments Off

    Citi data theft represents a growing problem

    Friday, June 10th, 2011

    Hackers broke into and stole customer data from the Citigroup databases. The company waited from early May to notify 200,000 credit card holders that their financial information was in the wrong hands. Now that this fact has come to light, Citigroup has a serious PR problem on their hands–in two parts. The first is an issue that all credit card companies are facing–that hackers are becoming more sophisticated than ever before and that Citigroup did not notify their customers at the time of discovery–putting the company’s interests ahead of their customers’ security.

    Customers are increasingly feeling vulnerable as more and more major websites and online services fall victim to intrusions and theft. The credit card industry is plagued by this issue, and it may arise as one of the most poignant PR and branding issues of the day.

    Financial institutions may come under fire by Government finger pointing and civil or state cases soon–especially Citibank for their delayed response. There will be questions whether financial institutions are investing enough in protections against attack. Certainly, there will be a push for uniform standards in data security as a result of this Citibank theft.

    Tags:
    Posted in Industry News | Comments Off

    « Older Entries