Essential Computer Security

In the October 2007 issue of Security Management Magazine, there is a review of my book, Essential Computer Security. IT expert and author Ben Rothke gives the book a favorable assessment, summarizing with “Too few IT security books are written for the typical user. This work lives up to its title and fills an important need.” You can read the complete review here: Review- Essential Computer Security: Everyone’s Guide to Email, Internet, and Wireless Security.

Tags: Blog by Tony Bradley
1 Comment »

This is only related to computer or information security in a very tentative way, but I still think it is an important topic. I have always had a particular disdain for the USA PATRIOT (Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) Act. For one thing, the very acronym it is named for is offensive and debatable. I would disagree that there is anything “uniting” or “strengthening” about subverting the Bill of Rights, and I would argue that the tools provided are far from “appropriate”. But, “Destroying and Subverting America by Imposing Inappropriate Tools to Further Our Imperialistic Aims” doesn’t work as well as an acronym (DSA IITFOIA??).

Thankfully, I am not the only one who didn’t drink the proverbial kool-aid. This week, US District Judge Ann Aiken [Read more →]

Tags: Blog by Tony Bradley
6 Comments »

The whole TJX customer data security breach issue from earlier this year has been sort of a hot-button issue for me. I think what bothers me most is the apparent lack of fallout. A major retailer failed to follow basic security guidelines, or the regulations and standards they must comply with such as Sarbanes-Oxley (SOX), or the PCI Data Security Standard, resulting in the largest leak and potential compromise of customer data in history, and nothing really seems to have happened. The stock is doing fine. The stores are doing fine. Shoppers are still shopping [Read more →]

Tags: Blog by Tony Bradley
1 Comment »

A British security researcher, Petko Petkov, who recently identified flaws in Apple Quicktime and Microsoft’s Windows Media Player, has identified a serious flaw in the PDF file format. According to Petkov, the flaw could be exploited to take complete control of a Windows XP system if a user simply opens or views a malicious PDF file.

The media has chosen to dub it a “zero day vulnerability”. To me, that is more sensationalism or FUD (fear, uncertainty, doubt) than anything else. I may have been guilty at some point in the past of using the same hype, but as far as I’m concerned there is no such thing as a zero day vulnerability. There are zero day exploits, which are active exploits being used to attack vulnerabilities that have not even been identified, but really all vulnerabilities are “zero day” when they are discovered. For all we know, Adobe could develop and release an update to resolve the issue months before anyone comes up with a functional exploit, rendering the vulnerability meaningless.

At this point, it is accepted that the vulnerability exists. However, that is more or less theoretical since there are no known exploits yet. It is still possible that resourceful attackers have developed, or may soon develop an exploit, so users should still exercise increased caution when dealing with any PDF files- either as file attachments or opening them from within web sites. Enterprises may want to consider blocking PDF email attachments until the vulnerability is patched and raising awareness among users to beware PDF files. Discretion and diligence are warranted in my opinion, just not sensationalism and FUD.

Tags: Blog, Windows XP by Tony Bradley
Comments Off

Well, actually, I believe the answer is “most people”. But, that is more a commentary on their level of information security savvy and common sense than a fear of the malware itself. Antivirus, which has now evolved in most cases to a multi-faceted antimalware suite to protect against viruses, worms, spyware, spam, phishing and more, is accepted as  default essential for home computer users and enterprise desktop systems alike. However, as Steve Riley points out in this blog post, computer professionals who have some common sense and show some discretion, mixed with just an ounce of information security knowledge, don’t really need the extra protection. Steve is not the only security expert I have met that feels that way either. The fact is that antimalware [Read more →]

Tags: Blog by Tony Bradley
3 Comments »

Most people are aware that Windows comes with an Automatic Updates feature. I recommend that users, particularly home users, turn this feature on and let Windows do the dirty work of downloading and applying the appropriate patches and updates. When you are configuring Automatic Updates though, there are actually four options. You can choose to have Windows automatically download and install updates, automatically download and let you install updates, notify you that updates are available for download, or just never check for updates. Seems simple enough, right? [Read more →]

Tags: Blog by Tony Bradley
1 Comment »

It is very convenient to have your various usernames and passwords stored in your computer system. When you are logging into a web site or application, the information is automatically filled in for you so you don’t have to try to remember what alternate identity you used, or what unique variation of your password (or, better yet, passphrase) you used when registering. Unfortunately, as with virtually everything that provides more convenience or efficiency for you, it also represents a security concern that can be leveraged by an attacker to more conveniently and efficiently compromise your system. [Read more →]

Tags: Blog by Tony Bradley
1 Comment »

Back up your data!!! With more consumers relying solely on digital cameras to capture life’s moments, entire photographic and video histories are stored on computer hard drives. If you don’t back up your data, it could all be gone in the blink of a nanosecond. The latest trend in security suites is to include some type of maintenance and backup functionality, and Windows has included at least a rudimentary backup function for a while. Symantec takes it one step farther than the competition, providing [Read more →]

Tags: Blog by Tony Bradley
Comments Off

Rarely (if ever- I’ll have to do some research and find out) does Microsoft have 2 back-to-back months of Security Bulletin floods. This month was no exception. In August, Microsoft released 9 Security Bulletins, 6 of which were deemed Critical. For September though, Microsoft was kind and there are only 4 Security Bulletins, 1 of which [Read more →]

Tags: Blog by Tony Bradley
Comments Off

I have been talking for years about the relative insecurity of wireless networks. Companies and consumers alike buy and implement wireless technology for its convenience, without stopping to consider the security implications. If you can sit on your couch in the living room and connect to the wireless router in your den, then your neighbor can probably connect from his house, or the guy sitting in his car parked [Read more →]

Tags: Blog by Tony Bradley
3 Comments »