Newsletter Archive: 2008
Gmail Security Vulnerability Found In Filter System
Brandon at GeekCondition reports of a Gmail security vulnerability which lets an attacker set up automated filters in your Gmail account, provided the attacker manages to lure you onto a page of theirs first. Brandon does not post the full exploit (obtaining a certain variable for this exploit "is tricky but possible", Brandon says, adding that he's "not going to tell you how to do it, if you search hard enough online you'll find out how"), and I'm not sure if this works on just any browser.

Date: 2008-12-02

How Can We Protect Web 2.0 From The Cyber War
No Surprise security engineers falling behind in hacking skills. There is no reason that we should as a security profession be losing the cyber war, or failing to protect our companies, and our friends from cyber attacks.

Date: 2008-11-12

Emerging Threat Trends For 2009
The Georgia Tech Information Security Center has released what its trends an indicators are for emerging information security threats for 2009. Unfortunately, these are all things we have been battling for years and just not winning..

Date: 2008-10-29

The Security Department Needs To Step Up To The Challenge
With the economy in the tank, now is the time for the security department to get creative and start supporting the business, and help it grow. There is no room for the standard reaction of "no" this time around; we will be in the recession for at least another year..

Date: 2008-10-13

Know The Hacker That Hits Your Business
Do you know what kind of hacker is hitting the companies' access to the internet? It could range from the run of the mill script kiddy to the more elite and interesting corporate intellectual property thief. It is important to know, because this will help you arrange your corporate defenses better.

Date: 2008-09-25

Security Flaws In Google's Chrome Browser
Now that the enormous amount of noise over the debut of the Google chrome browser has died out a bit, what does it look like from a security viewpoint? For some reason, they based their browser on WebKit that Apple's safari browser also uses.

Date: 2008-09-04

Customize Company Security Procedures
To ensure adequate security, as appropriate for the security classification of the project. Method Security processes include physical, data, and personnel security. Customize company security procedures as appropriate for the security classification of the project.

Date: 2008-08-21

The Smart and Cost-Effective Green Hosting Solution
Managed hosting is the smart and cost-effective solution for those needing 100% network uptime, responsiveness, technical expertise and a secure, high-end infrastructure.

Date: 2008-07-25

Server Theft Trumps Server Hacking
The brute force technique applied to physical goods long before it ever came up in the conversation about breaking passwords to gain access to resources. Spend a lot of time carefully tweaking your router, your firewall, your on-board security software, and you probably feel reasonably confident about the state of security for your computer.

Date: 2008-07-23

Breaking Privacy Policy Rules
The disconnect between information security and the rest of the company marches on smartly in a report by While the security group might think that the policies and procedures they have developed to secure and keep customer information safe, or puts limitations on what information can be handed to third parties, the reality is that the market department might not even be paying attention to those rules at all.

Date: 2008-07-02

Over the past five years, the anti-virus market has experienced tremendous growth as many new technologies have emerged in response to current conditions. What was once a market consisting of very few players has evolved into a multi-billion dollar enterprise consisting of dozens of companies with huge assortment of anti-virus products varying in focus and quality.

Date: 2008-06-11

HackerSafe Program Not So Safe
And with cause, if XSS is not a security issue, then there are at least 62 doomed sites carrying the HackerSafe/McAfee logo that could seriously damage someone's day.

Date: 2008-05-21

Enterprise 2.0: A Security Nightmare
Steve Lohr posts Enterprise 2.0: A Security Nightmare on the NY Times Bits blog. Its the kind of fear sells story that is inevitable. There are apps happenging outside your firewall. P2P, unauthorized-by-the-enterprise proxies, YouTube and Google Apps.

Date: 2008-04-30

Our Broken Information Security Business
4.2 million accounts were exposed in a supermarket data hack. This will probably go down as the biggest breach in this quarter, but unlikely to go down as the biggest data breach for 2008. What is interesting through is that the data breach actually occurred in December of 2007, and was not noticed or caught until the 27th of February.

Date: 2008-04-02

G-Archiver Pulls Their Software From Distribution
G-Archiver, the software that was previously caught by coding horror and blogged about here has pulled the version of the software that captures user credentials and e-mails them to Google. From the time it was discovered by Coding Horror on the 7th through to this morning when the tainted version was pulled is about 5 days.

Date: 2008-03-12

Enterprise CMS Fall Short on Security Demands
CMS Watch released research that finds Enterprise Content Management (ECM) products ill-equipped to meet the security requirements of Service Oriented Architectures (SOA). In its most recent research, CMS Watch looked at 30 leading ECM vendors around the globe and found that all fell far short in one way or another of meeting the security demands of an enterprise SOA strategy.

Date: 2008-02-13

Flash Vulnerabilities Discovered By Google Researchers
The Register reports that Google Researchers have documented serious vulnerabilities in Adobe Flash content which leave tens of thousands of websites susceptible to attacks that steal the personal details of visitors.

Date: 2008-01-08

2007 Archive

2006 Archive