Security Bites podcast

Security Bites 121: What Microsoft's Geneva means for online IDs

In this week's Security Bites podcast, CNET's Robert Vamosi talks about user authentication with Kim Cameron, chief architect with the Identity and Security group at Microsoft.

At this year's PDC and again at WinHec, Microsoft certainly talked up its new Windows Azure cloud-based services, along with Windows 7. It has also been talking about Geneva, the code name for the next version of CardSpace, the Microsoft user authentication system. One goal of Geneva is to extend the reach of its predecessor, Active Directory Federation Services.

To help developers, Microsoft unveiled at PDC and WinHec the Geneva Server … Read more

Security Bites 120: When social networks host malware

In this week's Security Bites podcast, Robert Vamosi speaks with Ryan Naraine, security evangelist for Kaspersky and Zero Day blogger for ZDNet, about malicious software.

Naraine recently spoke at a conference on emerging security threats sponsored by the Georgia Tech Information Security Center about the increasing risks of malware on social networks, such as Facebook pages that to lead people to Google pages with additional links to malware sites (a two-step infection process), and the more straightforward approach of Facebook being used for botnets.

In this podcast, Naraine and Vamosi talk about the changing nature of threats today and … Read more

Security Bites 119: Does the Internet need its own Interpol?

In this week's Security Bites podcast, Robert Vamosi spoke with Patrik Runald, chief security adviser at F-Secure, about the need for a new international agency to handle cybercrime. Although there have been several high-profile arrests--such as that of "Chao," an alleged Turkish ATM skimmer-- Runald said, "the message we're sending today is not enough."

With a budget of only about $90 million (U.S.), Interpol was created, in part, to fight drug trafficking and human trafficking worldwide, and now it has taken on Internet crimes without any direct increase in funding. Runald concludes, &… Read more

Security Bites 118: Voting in America

Voting--it's the cornerstone of our democracy. But in recent years, both the systems we use and the trust we have in the accuracy of our votes have been challenged.

A new report (PDF) looks at all the systems currently in use--from paper ballots to Direct-Recording Electronic machines--and the issues that surround them. Researchers at Fortify analyzed threats against three phases of an election (voter registration, casting votes, and tabulating votes), highlighting specific ways voting systems have been compromised, summarizing the strengths and weaknesses of current voting techniques, and then providing guidance for voters to ensure their votes are handled … Read more

Security Bites 117: How 'Clickjacking' attacks hide behind the mouse

Criminals may have found a way to get you to click on malware without you even knowing. Worse, they might also be able to open the microphone or Webcam on your PC to eavesdrop.

Called Clickjacking, the process allows the attacker to trick you the user into clicking on something only briefly visible on the screen. While it's mostly a problem for the browser makers, it also affects Adobe Flash, Microsoft Silverlight, and Sun's Java.

Although clickjacking, which may contain up to half dozen specific vulnerabilities, has been around for years, it has recently come to the attention … Read more

Security Bites 116: Investigating data breaches

According to a report this week from Verizon Business, risk factors for data breaches vary industry to industry and defy a "cookie cutter" approach to security, which is why Verizon has revisited an earlier report. The goal of both the new and the prior report is to offer detailed insight into how data breaches occur, so that companies can address the problems within their specific industry.

The June 2008 report spanned four years and included more than 500 forensic investigations involving 230 million compromised records. The new report uses that same data but drills down within four key … Read more

Security Bites 115: Inside ID fraud's underground forums

This week Tom Rusin, president and chief executive officer of Affinion's North America operation, is Robert Vamosi's guest. His company monitors the criminal underground for several thousand banking institutions by lurking in carder chat rooms.

"Carders" are the people who buy, sell, and trade online the credit card data stolen from phishing sites or from large data breaches at retail stores. Affinion is global, with offices in more than a dozen countries. And over the years they have provided a wealth of information to the U.S. Secret Service and the FBI. A few weeks ago, … Read more

Security Bites 114: Desktop application risk

It may seem trivial to you what applications are on your desktop, but from a business or organization's perspective, it can be a serious matter. If an application provides unfiltered access to the outside world, this could create regulatory issues. Certain desktop applications can also indirectly or directly introduce malware inside the perimeter through file sharing. At the very least, some applications simply take away bandwidth (for example, streaming audio or video).

In its second report on Application Usage and Risk, Palo Alto Networks finds that 56 percent of the desktop applications surveyed use HTTP. Use of port 80, … Read more

Security Bites 113: The security of Chrome

Google has entered the browser space. Chrome, its browser still in beta, is based on the open source Webkit project. Some will recognize Webkit as the foundation for another browser, Apple Safari. But Chrome also borrows heavily from Mozilla Firefox and Microsoft Internet Explorer, giving this new browser an old and familiar feel.

There is, however, innovation.

Tabs are arrayed atop the browser instead of in the traditional toolbar. And users can drag and drop the tabs on the desktop outside the browser. There is also a way to make an icon for GMail and Google Calendar on your desktop. … Read more