Tuesday, February 21, 2012

Students Steal Laptops for Class Credit?

This recent story by Charlie Osborne at ZDNet highlights a research project where students at the University of Twente were told to steal 30 laptops from faculty and staff on campus. The "thefts" were part of a PhD thesis titled "Alignment of Organizational Security Policies, Theory and Practice" that explored the ways in which human behavior and habits can thwart good security practices.

During the project, the laptops had been "loaned" to random individuals by the researcher, Trajce Dimkov, and the recipients were asked to safeguard the laptops by either chaining them to their desk, locking them up, or securing them witha password. Students then used various creative methods of "stealing" the laptops. In over half the attempts that were made, students were successful in stealing the laptops.

What's the lesson? 
  •  Pay attention to where your computers are and whether or not they are secure from theft. 
  • Unlocked offices are great targets for theft.
  • Don't get too comfortable in your habits or think "it will never happen to me."

Tuesday, February 14, 2012

Mozilla Fixes Critical Bug in Firefox 10

Just one week after Firefox version 10 was released, Mozilla has pushed out a fix for a critical flaw that could be exploited to crash the browser.  Students and home users are encouraged to download and apply the fix immediately.  The security patch will be pushed automatically to all University and UKP-owned workstations.

For more information, read the Mozille Security Advisory.

Thursday, February 9, 2012

How Do I Secure My Mobile Apps?


iPad, Xoom, Evo, GalaxyTab....whatever your mobile device is, you've probably thought about or even downloaded apps onto it.  Everybody wants to play Angry Birds, right? 

But you need to be aware of the risks that come with downloading apps as well.  In this SANS Securing The Human newsletter, you'll learn what the risks are and great tips on how to make sure your apps are useful and not harmful.

Friday, February 3, 2012

Apple Issues First Mac Security Update for 2012

Apple has released its first 2012 security update to address more than 50 vulnerabilities for Mac OS X.
Updates are available for Mac IS X 10.7 (Lion), and for 10.6 (Snow Leopard).  OS X users should apply the appropriate update as soon as possible.

NOTE:  There have been reports of issues with version 10.7.3 including rendering the system unbootable, so users with that version should be careful applying the patches.  More info on the issues can be found at Apple: OS X Lion 10.7.3 and Security Update 2012-001

For more information:

EWeek:  Apples Fixes 52 Bugs in OS X
Cnet: OS X 10.7.3 Update Causing Issues
ComputerWorld: Apple Update Patches 51 bugs in Mac OS X

Wednesday, February 1, 2012

Symntec Releases pcAnywhere patch

Symantec has released hotfixes for its pcAnywhere software. The updates address all known  security issues in versions 12.0, 12.1 and 12.5 (including SP2, SP2, and SP3). Concerns still abound because the source code has been stolen by hackers, giving them unlimited access to find other security issues within the software.

We are already seeing someone scanning for open pcAnywhere installations on the Internet on port 5631.  Users of pcAnywhere software should apply the patch immediately.

For more information:

Symantec Vulnerability Advisor
Information Week:  Symantec Patches pcAnywhere, but should you delete?