Keeping PCs Safe on the Internet

PC Security Journal

Subscribe to PC Security Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get PC Security Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Steve Hamm (@stevehamm31) of BusinessWeek - pictured below -got a big article on #cloudcomputing into last week’s issue.  It rightly points out that cloud computing is the big thing and will keep us busy for the next 10 years.  Unfortunately, a lot of the article is misleading or missing key context. His first example cited is Avon’s use of a smartphone- and PC-accessible system for connecting Avon’s 150,000 “sales leaders” with their reps (sales leaders are the consultants who recruit and run other consultants/reps and get a cut of the “upline” commission).  Nothing in the article explains how this is a “cloud computing” solution.  Remote/mobile accessible applications have been around almost as long as the Internet.  The article doesn’t say, but I suspect that the system serving up all this info is a traditionally developed and deployed one sitting inside the Avo... (more)

Twittergate Reveals E-Mail is Bigger Security Risk than Twitter

First, everyone needs to calm down. Twitter.com itself was not breached. According to Evan Williams as quoted in a TechCrunch article, the attack did not breach Twitter.com or its administrative functions, nor were user accounts affected in any way. So everyone can just stop with the “Twitter needs to revamp its security!” and “Twitter isn’t secure” headlines and articles because it’s not only blatantly wrong, it’s diverting attention that should be devoted to the real problem: e-mail and account self-service. THE E-MAIL FACTOR What was compromised remains somewhat of a mystery... (more)

Are You Scrubbing the Twitter Stream on Your Web Site?

Web 2.0 is as much about integration as it is interactivity. Thus it’s no surprise that an increasing number of organizations are including a feed of their recent Twitter activity on their site. But like any user generated content, and it is user generated after all, there’s a potential risk to the organization and its visitors from integrating such content without validation. A recent political effort in the UK included launching a web site that integrated a live Twitter stream based on a particular hashtag. That’s a fairly common practice, nothing to get excited about. What ha... (more)

Jedi Mind Tricks: HTTP Request Smuggling

HTTP Request Smuggling (HRS) is not a new technique; it's been around since 2005. It takes advantage of architectures where one or more intermediaries (proxies) are deployed between the client and the server. HRS is can be used to poison web-caches and bypass security solutions such as web application firewalls as well as for the delivery of malicious payloads such as worms, viruses, and those used to exploit known vulnerabilities in web and application servers. The good news is that to exploit HRS, according to OWASP, "some specific conditions must exist, such as the presence o... (more)

Attorneys Protect Email Communications with Comodo Secure Email

Patent-pending technology from Comodo allows attorneys and clients to communicate at the speed of the Internet and yet to protect their privileged communications easily. Without exchanging public keys, senders can encrypt confidential information in transit. Jersey City, NJ, May 05, 2009 - Attorneys sometimes need to transmit vast amounts of sensitive data, rapidly. If they choose to do so by email, they must consider that email, though convenient, is not secure Press release about Comodo Secure Email for Attorneys.. More information about Comodo Secure Email. ... (more)

Tomorrow’s IBM “Smart Business” Cloud Computing Strategy

The NY Times broke IBM’s embargo this morning by publishing their story on IBM’s new cloud computing initiatives.  I’ve posted the full release here on CloudBzz. The diagram below gives a bit of insight into where IBM is today and where they are heading. IBM is also updating their collateral with a bit more detail.  Here is a fact sheet for their Smart Business initiative: Fact sheet: IBM Smart Business Smart Business is IBM’s commonly branded set of cloud computing offerings for business. This set of offerings gives clients three choices to deliver and consume cloud services t... (more)