The Glider

The Payment Card Industry's Data Security Standard (PCI DSS) has matured in the six years since it was enacted, but businesses are failing to maintain their compliance with the security standard.

The recent discovery of Morto, the RDP password-guessing worm, provides a great opportunity to revisit the importance of fine-tuning your organization's defensive strategies. Morto, after all, doesn't simply exploit an unpatched software vulnerability; it employs multivector attacks, tricking users into downloading it, then using authentication guessing to break into accounts. IT admins need to be prepared to identify and defend against these sorts of multipronged threats.

read more

For nearly two decades now, security experts have debated whether Microsoft or Apple offers superior security. The battle heated up again in the wake of news out of Black Hat about a newfound weakness in the Mac platform. However, the question of whether Microsoft or Apple is more secure is no longer even relevant: Security threats of today and tomorrow aren't as tied to specific desktop platforms as they once were.

read more

McAfee's latest report on advanced persistent threats, which detailed vulnerabilities in least 72 companies over a five-year period, has caused quite a stir.

Dealing with civil unrest is a tricky business -- even more so when the civil unrest takes place online.

A security consultant has notified Skype of a cross-site scripting flaw that could be used to change the password on someone's account, according to details posted online. Skype said it would issue a fix next week.

The consultant, Levent Kayan, based in Berlin, posted details of the flaw on his blog on Wednesday and notified Skype a day later. He said on Friday he hasn't heard a response yet.

Much of the computer security blogosphere was abuzz last week over NetraGard's clever hack of a client's network using a specially modified Logitech mouse USB mouse. The mouse contained firmware code that automatically launched when the socially engineered user plugged it in to his or her computer. The attack code simply dialed home to let NetraGard know it had been successful in penetrating the victim's network. Victory and success!

read more

Living on the East Coast, I often wonder how the early pioneers lived without Doppler radar and the Weather Channel. Today, we know about hurricanes weeks ahead of time, and you have days to batten down the hatches, gas up the car, and buy strawberry Pop-Tarts at Wal-Mart. Think I'm kidding about the last item? It's a consumer behavior proven to be an early indicator of where a hurricane will actually strike. Just look up the phrase "hurricane poptarts walmart" in your favorite search engine.

read more

If you haven't yet checked to see if your email address and password are now public knowledge, it would be a good idea to take a couple of minutes to make sure your information wasn't compromised in the past few days.

Working in the IT security field, you spend every waking hour striving to improve protection and lower risk. Then another computing technology emerges -- the Internet, wireless networking, mobile computing, social networking, and so on -- and you have to learn every security lesson all over, as if something new and surprising has come along.

read more