The Reason Security Awareness Training is Important!

Please post your comments to this story as i’m curious to everyones thoughts on this….

It appears that an Atlanta law firm needed to get rid of some documentation that had been piling up in the office. We are talking about documentation like W2′s that contain social security numbers and a number of other sensitive information. According to the Atlanta Journal-Constitution there was enough documentation that piled five or six feet deep in a 10 by 20 foot dumpster. The person in charge of disposing the documentation was interviewed and his statement was…

I was just instructed to dispose of the documents and my understanding was it was a secure site because it’s a very high and large dumpster,” he said. “My understanding is that once stuff goes in nobody can take anything out because it’s very deep.

Are you kidding me?? This is scary since we are talking about a law firm for one and then someone who just isn’t using common sense. Would he want his W2 or the information on the W2 to be disposed of in this manner?

The rest of the story can be read here.

Will the RSA Conference Have Some Competition?

When security professionals flock to San Francisco for next week’s RSA 2010 security conference, they will have access to a set of presentations and events not found on the official RSA agenda. It’s billed as an anti-conference of sorts; a place where practitioners can go for an alternate, stripped-down view of the industry.

Check out the story of Security B-Sides – [CSO]

PHP Security Holes Addressed

An update which fixes around 40 bugs is available for the PHP 5.2 development branch. Version 5.2.13 comes highly recommended for all PHP 5.2.x users, as it includes a number of security-related fixes.

Check out the article – [The H Security]

SQL injection attack show-and-tell

SQL injection has, for a long time now, found its way to the top places of the list of favorite attack vectors of cyber criminals. Its popularity is, without a doubt, due to the relative ease of use and high success rate. For those who are not familiar with how an attack of this kind looks like in practice, here is an interesting story coming from Rafael Los, one of HP’s application security experts.

Check out the article - [Help Net Security]

Microsoft Takes Out Waledac Botnet

Microsoft has won a court-issued take-down order against scores of domains associated with controlling the spam-spewing Waledac botnet.

The software giant’s order allows the temporary cut-off of traffic to 277 Internet domains that form command and control nodes for the network of compromised machines. Infected (zombie) machines are programmed to regularly poll these control points for instructions and spam templates.

Check out the article – [The Register]

Twitter is Hit Again This Week

This screenshot shows the message sent in the latest phishing attack to hit Twitter. (Credit: Sophos)

Twitter users were being hit on Wednesday with what seems to be the second phishing attack this week, according to security firm Sophos. The latest attack features a message that says “This you????” followed by a link that leads to a fake Twitter log-in page.

Check out the article – [cnet]

The Security Pub

Random Thoughts About Security

Monthly Archives: February 2010