Friday, January 15, 2010

Scary Facebook Security Glitch or Bad Software?

As if there hasn't been enough publicity about the security evils of Facebook, this one is really off the wall. In this case, a woman from Georgia and her two daughters wound up in the account of some strangers when logging onto Facebook from their mobile phones.

All kinds of private information was exposed about the strangers. And, AT&T, the wireless provider for the family's mobile phones, said the glitch was due to a "routing problem," according to this news item two hours ago from the Associated Press.

The issue has far reaching implications beyond Facebook, since other sites, not just the famous social networking site, could be affected by such routing errors.

Basically, the issue wasn't due to problems with the Facebook web site, but possibly poorly configured network equipment and poorly coded network software. The issue might be hard for a hacker to exploit, since the routing error was random and one-off, something hard for a malicious user to engineer.

Interestingly enough, Facebook announced a partnership this week with McAfee to offer security software.

Tuesday, January 05, 2010

Summary of 2010 Security Predictions

It's that time of year again, when everybody is out there with their annual predictions for IT security this year.

This little summary from Michael Kassner's post on Chad Perrin's IT Security blog at TechRepublic covers not only Kassner's own thoughts but also covers predictions from eWeek, Verizon, Help Net and IT PRO.

Then there was this from Andreas M. Antonopoulos posted at both Network World and Computer World, and from Larry Seltzer at PC Mag, who also cited reports from Symantec, F-Secure, Websense and Trend Micro.

Common themes? Well, it seems to run the gamut, but cloud computing, mobile security and malware were all common topics.

Monday, January 04, 2010

Adobe on Hacker Radar in 2010

This should come as no surprise, but a recent report by McAfee, predicting threats for this year, says Adobe will be popular with hackers. In fact, according to the report, Adobe and Flash will beat out Microsoft software, finally, for the hacker attack vector of choice.

That's good news for Microsoft, which has been, until now, the favorite whipping boy for hackers.

Interestingly enough, the report also cites the tried-and-true oldest trick in the book, malicious e-mail attachments, as still another favorite attack vector. E-mail is also popular because it's a great way to burrow into corporate networks, past their finely tuned firewalls and DMZs. All an employee has to do at some company is click on the attachment and, well, the game is over.

And could one of those attachments be a malicious Adobe document? No way.