Before reading the following, ask yourself if you’d recommend to the average user that they store their passwords in a local password manager. Today there are four primary ways users lose control over their web-based passwords. Phishing Scams (email or SEO), Malware (installing malware or drive-by-downloads), website break-ins (SQLi, RFI, misconfiguration, etc.), and website brute-force attacks.

Here is the original post:
Password Managers, is this the best option user’s have?

F-Secure has an additional blog that launched today. It’s called Safe and Savvy .

Read the original:
Be Savvy, Get Six Months of Internet Security

Criminals like to attack the biggest target because BIGGER generally provides a better Return On Investment (ROI). Windows is a good example. Mac is indeed safer than Windows but it isn’t necessarily because Mac is more secure

View original post here:
I’m Feeling Lucky?

The lab has a survey request.

Read the original:
Do you sign your code?

This relates to my last post where Boaz Gelbord ( Security Scoreboard ), cited something very interesting about the Massachusetts data security regulation going into effect March 1. Their listed “Computer System Security Requirements” of their “risk-based approach” is pasted below. While I can’t say any one of these security controls is a bad idea, but can someone please tell me how any of this stuff is going to thwart Web-based attacks!?

Read more:
Hey Massachusetts, where is your application security requirement?

One of our researchers, Alexey, has a request. He’d like you to participate in a survey

View post:
Answer Survey, Get Stickers

Sami, one of our test engineers, was recently seeking a Play Station 3.

Originally posted here:
Using Google Images to Investigate Fraud

February has already begun, which means Valentine’s Day is close at hand. As usual, spammers will definitely hype up their malicious activities. It is only the first day of the so-called “love month” but we have already seen at least two spam samples leveraging one of the most-celebrated special occasions when people flock to websites that advertise gifts they can give to their loved ones

See more here:
Early Hearts’ Day Presents from Spammers

The Internet has grown to become a massive venue for information exchange that everything a user encounters on the Web may potentially be treacherous, including supposed antivirus software. Trend Micro Threat Encyclopedia has, so far, over 2,000 entries related to FAKEAV . Many naive users still fall for the age-old ruse that rogue antivirus peddlers use— scareware tactics —to scam victims into believing that their systems have fallen prey to malware infections.

Continued here:
Much Ado About FAKEAV

Information leakage is a real problem. It’s especially bad for high-security organizations, like military agencies

Read the original post:
Loose Tweets Sink Fleets