InfoSec Philippines

Information Security, Technology News and Opinions

Categories
- (ISC)²
- Annual Security Reports
- Anonymization
- Anti-Malware
- Awareness
- Career
- Certification
- Change Management
- Compliance
- conferences
- DOS
- El Sibakero
- encryption
- Free
- Glossary
- Home Grown Apps
- Incident Management
- ISMS
- Lean IT
- Legal
- malware
- Malware Analysis
- Metrics
- News
- Opinion
- Philippines
- Presentations
- Privacy
- Security Policy
- seminars
- Site News
- social engineering
- Social Networking
- Survey
- tools
- vulnerability
- vulnerability assessment
- Webinars
- Whitepapers
- Windows
- Wireless
Archives
Pages
Subscribe
- Entries (RSS)
- Comments (RSS)

Twitter Updates
- Inaudible ultrasound attack can stealthily control your phone, smart speaker bleepingcomputer.com/news/security/… 16 hours ago
- Microsoft pushes OOB security updates for Windows Snipping tool flaw bleepingcomputer.com/news/microsoft… 18 hours ago
- New CISA tool detects hacking activity in Microsoft cloud services bleepingcomputer.com/news/security/… 2 days ago
- Mandiant: Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace mandiant.com/resources/blog… 3 days ago
- Should the US ban TikTok? Can it? A cybersecurity expert explains the risks the app poses and the challenges to blo… twitter.com/i/web/status/1… 3 days ago
2008 2009 27001:2005 A.9 27001:2005 A.11.7.1 A.11.7.1 Antivirus apple ATM botnet bpo Breach browser security Citibank clickjacking comelec conference conferences conventions Cybercrime DDOS E&Y e-mail encryption ENISA Facebook fbi Forensics Free Friendster hacking IE Intel iphone ISACA key logger log management Mac malware Manila Metrics Microsoft Mobile Security News nmap Nokia obama patch patch tuesday pci compliance Philippines Physical Security Podcasts/Webcasts Presentations proxy SANS secure coding Security seminars social engineering Social Networking software vulnerability Survey tools Tor trojan vlc vulnerability web application Webinars Whitepapers Windows Wireless worm wpa zero day

Posts Tagged ‘27001:2005 A.9’

Mostly Browser News, Dec 16, 2008

Posted by Jaime Raphael Licauco, CISSP, GSEC on December 16, 2008

A couple of news items regarding browser security have been cropping up these days, mostly about Internet Explorer vulnerabilities.

(Heise) Zero day exploit for Internet Explorer is spreading
(Heise) Internet Explorer 6 and 8 also affected by zero-day vulnerability
(SC Mag US) Internet Explorer zero-day infection rates grow
(SC Mag US) New zero-day Internet Explorer exploit uncovered

One of the ways this risk can be mitigated (aside from not using IE) is removing Admin rights. Beyondtrust gives a webinar on how to eliminate Admin rights using their Privilege Manger here. For typical SOHO users, just make a limited user account and as much as possible, try not to use your Admin account.

For people that aren’t paranoid enough surfing the web and having the appropriate controls while doing so, this article on Heise Security online talks about the Fiesta exploit pack (yes the name is correct) which costs $850 and contains 25 different exploits designed to infect users when they VISIT a webpage.

A different article on the same website talks about Chrome being at the bottom in terms of password management. I personally do not recommend allowing your browser to remember passwords. Google Chrome fans might want to check out the Iron Browser which is a more secure version of Chrome. Speaking of Chrome being the most insecure browser for password management… Google has released a browser security handbook which talks about the security features of browsers and issues that could lead to weaknesses. The current version of the handbook covers IE 6, IE 7, Firefox 2, Firefox 3, Safari 3.2, Opera 9.62, Google Chrome 1.0.154.36 and the Android embedded browser.

Other InfoSec News:
(Times Online UK Blog) This woman sent Nigerian scam artists $400,000 – a fool or a victim?
(Computerworld) Apple patches 21 Mac OS X Vulnerabilities
(BBC) Inmate escapes German jail in box
(Wall Street Journal March 10, 2008 article) NSA’s Domestic Spying
(SC Mag US) Forecast: Security threats for 2009
(SC Mag US) The five myths of two-factor authentication

Posted in Awareness, News, social engineering | Tagged: 2009, 27001:2005 A.9, browser security | Leave a Comment »

Info Sec News: Nov 18, 2008

Posted by Jaime Raphael Licauco, CISSP, GSEC on November 18, 2008

BBC Click on Biometrics

A few weeks ago BBC News Click published How biometrics could change security. The week after, they then published, “The pitfalls of biometric systems“.

Since its somewhat related to physical security, A UK fingerprint developer can read a letter from its envelope.

More news about the keyboard electromagnetic sniffing that was making the news last month:

From The Register Swiss boffins sniff passwords from (wired) keyboards 65 feet away

From BBC Keyboard sniffers to steal data

Video on keyboard sniffing from the very people that did the experiment can be found at COMPROMISING ELECTROMAGNETIC EMANATIONS OF WIRED KEYBOARDS.

The Register gives a tutorial on encrypting e-mails in, “Still sending naked email? Get your protection here“.

Pretty sad that a UK Anti-Fraud site has crashed due to DDOS attack.

The popular and free AVG Anti-virus has once again identified a trojan that isn’t one.

A Vulnerability has also been discovered in the SSH Specification.

The New York Times reports that Privacy Laws Trip Up Google’s Expansion in Parts of Europe

The Federation of American Scientists (FAS) Secrecy blog, reports that terrorists can presumably use twitter, instant messaging, etc. The article Spy Fears: Twitter Terrorists, Cell Phone Jihadists by Noah Shachtman on Wired talks about it more.

If you’re interested on the pdf exploit (also see below in other news), Didier Steven’s Blog, talks about Shoulder Surfing a Malicious PDF Author.

Other News:

Email ruse uses Federal Reserve Bank name to drop PDF exploit

Cybercrime expected to ramp during holiday season

New attack targeting Windows Mobile phones

Apple issues 11 security updates for Safari browser

How Outsourced Call Centers Are Costing Millions In Identity Theft

Although somewhat unrelated, InfoSec Professionals might also be interested in this article on airport security, The Things He Carried

White paper on Designing and implementing malicious hardware presented at the LEET ’08

White Hat World Webinar on 10 Reasons your Existing SIEM Sucks! This will be held on Thursday, November 20, 2008 4:00 am Philippine time.

Posted in ISMS, News | Tagged: 27001:2005 A.10.8, 27001:2005 A.11.7.1, 27001:2005 A.9, airport security, Apple Safari, bpo, call center, e-mail, electromagnetic emanation, encryption, keyboard attack, pdf exploit, Physical Security, social engineering, ssh, vulnerability, Webinars, Whitepapers | Leave a Comment »