Your Thoughts?

 Posted by SecExtra on May 07th, 2008

Portable media devices – from USB keys, to media cards and storage cards are now ubiquitous and convenient. But how many of us treat them with the same vigilance as our laptops? And if you think regularly deleting files from these devices will afford you some protection, think again.

Laptops are the easiest to protect. Provided you use a secure erasing tool it’s possible to remove your deleted files for good. In addition to commercial versions, such as that offered by PGP, there are also freeware versions, such as Eraser, which are readily available online. Beware anyone who tells you a defragmenter will do the job. They do not …

Your Thoughts?

 Posted by SecExtra on May 05th, 2008

Fortify Software, says that this week’s reports of a rash of SQL attacks on Web sites should make software developers sit up and take notice.

"Newswire reports suggest that hundreds of thousands of Web site have been hit by a mass SQL attack. This is symptomatic of hackers developing highly sophisticated and semi-automated attack routines," said Jacob West, Manager of Fortify’s Security Research Group.

West added that “The script or tool behind the attack uses Google to search for sites that include a file type and parameter that appear to often be susceptible to SQL injection and uses that list returned from Google to …

Continue reading…

Your Thoughts?

 Posted by SecExtra on April 24th, 2008

Unless you’ve been on Mars for the past six months, you won’t have missed the high-profile data breaches suffered by both Government and private sector organisations.  But why have these breaches been happening?

The proliferation of portable storage devices such as laptops, portable hard drives, USB sticks and ‘lifestyle’ products such as MP3 players, alongside unmanaged PC connectivity has created a recipe for disaster.  It really is just too easy to accidentally leave a USB stick in the pub or a laptop in the back of a taxi - or, indeed, lose a CD in the post.

Whatever policies are in place governing the treatment of sensitive …

Your Thoughts?

 Posted by SecExtra on April 18th, 2008

They really are starting to watch you everywhere. You don’t have to be in front of a CCTV camera to be under the watchful eye of the establishment. The announcement by Greater Manchester Police (GMP) about using Facebook as means of gathering intelligence illustrates the increasing adoption of social networking sites by organisations. As always there is a spin that tries to make us feel like we are going to be protected and benefit from the new police tactics.

GMP has announced it is working with Facebook to develop a Web 2.0 application that will allow users to receive a news feed, as well as links to a crime-reporting …

Your Thoughts?

 Posted by SecExtra on April 16th, 2008

Password security is often seen as something of an oxy moron. We regularly hear of how easy they can be to crack and it’s now common for sites to ‘rank’ how secure your chosen password is. But the password is still a highly effective means of authentication. Even a lower case-only, five character password takes 65,780 guesses to guarantee finding the correct moniker. A strong password of eight characters including letters, numbers and other characters (!”£$% etc) may take upwards of 6 trillion combinations.

Eager to replace your humble password are the new kids on the block: biometric, token and smartcard technologies. These technologies have been around for a while, and have all fallen foul of early-development security weaknesses and vulnerabilities. They are maturing, but they are still no substitute for a good username and password. Determined attackers, careless users, and under-informed IT staff still present a very real threat to these authentication systems.