After talking about how your next operating system is not going to be related to Windows or Mac or Linux (hint – you are reading this post using it… more details on our Annual report and predictions paper), I came across this research from Microsoft (direct to the PDF here) that talks about how to [...]
Posts from ‘February, 2009’
If Gears was a problem then how about running Gmail offline on Air?
So, yesterday I wrote about the new (and much expected) vulnerabilities in Google’s Gears technology. The issue is clear – Gears is picking up speed and traction as Google’s applications start to use it (i.e. Gmail, Docs, etc…) and its security model is being scrutinized. And then I stumbled across GeeMail. It’s basically offline Gmail [...]
The oracle strikes again – “Browser OS” threats start to appear
Moving on from the social networking issues we outlined in the past couple of weeks, after following the predictions, and their materialization (here, here, here in the announcement of Gmail offline, here, and here), we can already see the “Browser OS”, as we dubbed it in our annual threat and predictions report, begin to materialize [...]
Social networking threats – the “hacker” story
As the social networking threats angle is picking up a lot of traction lately <pat_on_own_back>, the folks at Netragard have posted a great write-up on using social networks as an attack tool – involving both social engineering as well as technical exploits. The post can be found here, and I just want to quote a couple of [...]
Blocking Facebook? Not popular, and not effective
OK, so we know that social networking sites have their issues and threats associated with them, we’ll be the first to admit it. But on the same note, we also know that just blocking/censoring them (pick the more politically correct term) is not working either. This is in light of the Maryland general assembly’s decision [...]
Fighting an infection vector with new standards – ClickJacking
If you haven’t heard yet, the newest version of Microsoft’s Internet Explorer 8 (RC1) have been endowed with support for “Anti-Clickjacking” (for more background on clickjacking, check out: http://ha.ckers.org/blog/20080915/clickjacking/). This new feature is basically an implementation for a new header (X-FRAME-OPTIONS) that is returned from a server which defines the scope of “netsing” that is [...]
BlueHat post on the state of web security
I’ve been asked to contribute once again to the Microsoft BlueHat blog, and have written a quick “state of the web security” post. Check it out, and as always, feel free to comment or discuss whether in agreement or not. The post is located here. Cheers.
More predictions see the light of day?
A recent report from McAffee reaffirms our 2009 predictions, and talks about how eCrime is starting to benefit from ex-employees, noting that this trend is not limited to the IT guys… As we recall – the possibility to participate in the emerging eCrime business is closer than ever, with a quick buck to be made, [...]