End users still have the the keys to the kingdom and malware and phishing have clearly marked them for targeting.  The Standard number of targeted phishings at my employer is well over 20 a month.  The human element is still opening email from “DEAD cousin NED”  and we apparently all have a “Nigerian relative that needs our help”.

I was just at a security conference were David Kennedy  aka rel1c the author of SET the founder of truestedsec was presenting. His talk was on burning down security as we know it and his demo did not work because of the OSX maverick upgrade. OR as I see it Steve jobs from the great beyond,  the demo portion of these talks used to be the real value of security conferences.  They provide good stories and the proof of what we all know and a way to show the risk.  Over the last Year FUD and good stories have really gone the way of the dinosaurs.  Having to prove that something bad could and does happens seems to have gone from a lot of proof  and good stories to just de facto accepted thanks to Adobe and their issues…… and Dave on the Katie Couric show  .

Oh yeah back to Steve Jobs and his hate for all things Adobe…
As a senior checkpoint executive said at the same conference Steve dies and 6 months later Apple is softer on Adobe and he see on his home network from a mac his first malware/trojanware.

How very odd java is getting harder to manipulate but Flash and Air maybe it’s replacement for the darkside who generally also want your browsers cookies…Or yes they have cookies…

till later

The post Well it’s been a year or so since I last mused about security and it’s still appeared first on Security Wandering.

Over on the post “Check Point aims for 1Tbps firewall | Security – InfoWorld” contains this text:

AUGUST 02, 2011 Check Point aims for 1Tbps firewall Among the company’s latest hardware offerings is a chassis that will grow to support 1Tbps throughput

By Tim Greene | Network World Print|Add a comment

Check Point Software has new, heavy-duty security gateway hardware for data centers and service providers, including one chassis that will grow to support a 1Tbps firewall.

The new device, called Check Point 61000, is available now, and fully loaded the 14-slot chassis achieves 200Gbps firewall throughput, with that number growing to 400Gbps next year with new blades and eventually to 1Tbps with yet another generation of blades, the company says. Pricing starts at $195,000.

[ Master your security with InfoWorld’s interactive Security iGuide. | Stay up to date on t”

The post Check Point aims for 1Tbps firewall | Security – InfoWorld appeared first on Security Wandering.

Over on the post “Symantec scraps RSA tokens – Web/client – SC Magazine Australia – Secure Business Intelligence” contains this text:

“Symantec scraps RSA tokens By Darren Pauli on Jul 8, 2011 2:16 PM Filed under Web/client Managed Security Services? customers “encouraged” to dump RSA.

inShare Comment Now and 3 Reactions Symantec has begun to replace its global fleet of RSA SecurID tokens following its acquisition of VeriSign’s Authentication Services last year.

The swap comes in the wake of the high-profile breach of RSA tokens in March, although the company said it already had planned to “eat its own cookie” and  dump RSA for Versign’s Public Key Infrastructure platform.

The SecurID token system, used globally by Symantec, was compromised in a multi-pronged attack this year, forcing RSA to replace the keys for some affected customers and offer security services to others.

“There has been a long-running transition to Versign since the acqusition,” Symantec said.

Symantec reportedly kicked off the transition overnight by enabling support of VeriSign Identity Protection (VIP) and X.509 certificates for its Managed Security Services (MSS).

“… customers accessing the MSS portal will see these new capabilities. This release begins Symantec MSS’ migration away from using RSA SecurID tokens for portal access,” a unverified pastebin post said. Symantec spokeswoman Debbie Sassine could not immediately validate the information this morning.

“

The post Symantec scraps RSA tokens – Web/client – SC Magazine Australia – Secure Business Intelligence appeared first on Security Wandering.

bout airplane tickest a while ago…..great price
Day before try to get 2 seats together  online at check in….

That did not happen, normal not a big deal.
but this time the wife is in a walking boot for her ankle and the kid always flys next to the wife.

Security at the airport was a breeze for everyone including the wife in her ankle boot contraption.
security made sure that the kid did not go wondering off well mom got scanned.
I get to deal with the 10 little gray bins and getting them thru the xray thing
as odd as it sounds it was like they wanted to help….got to love that.

Get to the gate wait for the gate folks to get there.
Now the gate folks had always been very helpful  for me

So I know they could easily fix the seating issue for me…..

WRONG
“the flight is full figure it out yourself when you get on the plane” 
The message from the gate folks

it was like they were more concerned about themselves then helping me an mine.
no even an earl boarding invite….wife in a walking boot for her ankle injure and 7 year old boy….

so we wait and yet more self involved airline folks come and go.

they open the plane for boarding…

final yet another group of airline folks…
about half way thu boarding we get invited to board after the wife hobbles around in the waiting line.

I new face from airline….who had just helped a 13 year old traveling alone… was the yes please go bored voice of reason

we go down the empty gate ramp took like 5 minutes down hill walking slow….
get on the plane and there are people sitting in all of our seats….
kid starts crying… have i mentioned yet that the wife “does not like to fly “motion sickens””

get the tickets from the wife…
kick an old couple out of my seat and the 13 year old seat….
then the 13 year old says I’ll change with you..

So the the wife and the kids get 2 seats together…..finally
the 13 year old stranger gets a window seat beind me…

Oh yeah forgot to mention the flight crew losing it because we had stopped anyone from boarding  the plane.
that kind of happens on the small jets  when you are in row 3 waiting for some folks to move out of your seats….

longer story short..

flight was great 20 minutes early kind of great.

moral of the story you should always call the airplane phone support folks to fix seating issues and wait on hold for an hour to talk to 
SAM “shrewas”  who think that the yankees are a florida baseball team……

The post what happens when airlines merge…or why no ones cares once they get your cash appeared first on Security Wandering.

Over on the post “Facebook spam prevention scam spreading like wildfire • The Register” contains this text:

Facebook spam prevention scam spreading like wildfire Alert Print Post comment Retweet Facebook Social media worm d’jour By John Leyden • Get more from this author

Posted in Spam, 12th May 2011 10:22 GMT Free whitepaper – BitDefender Business Solutions v3.5 The growing prevalence of junk messages on Facebook is been used to bait a new scam doing the rounds on the social network.

Prospective marks in receipt of the fraudulent messages are invited to ‘verify’ their account in order to ‘prevent spam’. Recipients who respond to the message by clicking on a link end up sharing it on their wall as well as spreading highly obfuscated JavaScript.

‘With all the unexpected Sharing going on, this message has spread like wild-fire,’ warns net security firm Sophos. ‘Instead of preventing spam, this par”

The post Facebook spam prevention scam spreading like wildfire • The Register appeared first on Security Wandering.

Over on the post “The Spot Connect sends location data when there’s no wireless available” contains this text:

The Spot Connect sends location data when there’s no wireless available By Mark Gibbs, Network World May 11, 2011 09:56 AM ET

Comment Print

Do you need to boldly go where you haven’t gone before and where cellphone service may not be available? You might just need the Spot Connect, a waterproof (to 1 meter for 30 minutes) GPS receiver combined with a low earth orbit satellite messaging system that connects via Bluetooth to smartphones in a package that is just 3-inch-by-2.6-inch-by-1.2-inch and “

The post The Spot Connect sends location data when there’s no wireless available appeared first on Security Wandering.

Over on the post “What LastPass security issue means for RoboForm (Q&A) | Security – CNET News” contains this text:

Share After LastPass reported a possible security breach and potential theft of some of its users’ master passwords last week, we wondered what it meant for other password managers, such as RoboForm. Both LastPass and RoboForm help you create and manage strong passwords to log into the increasing array of secure Web sites that we all juggle these days. But is there an inherent vulnerability in relying on a single service to keep track of all your passwords? Should RoboForm users be concerned about the possibility of a similar ‘anomaly’ exposing any of their data?

Bill Carey, RoboForm’s vice president of marketing (Credit: RoboFor”

The post What LastPass security issue means for RoboForm (Q&A) | Security – CNET News appeared first on Security Wandering.

Over on the post “Enterprise Security Today | EC2 Outage Takes Out Multiple Sites, Including Foursquare” contains this text:

“EC2 Outage Takes Out Multiple Sites, Including Foursquare By Barry Levine April 21, 2011 1:54PM

Foursquare and other web sites were affected by problems at Amazon’s Elastic Compute Cloud data center. Amazon said additional capacity was added to support EC2’s ‘affected availability zone’ in Virginia. The outage is likely to add to the debate about reliability and security when using a vendor data center like Amazon’s EC2.   Related Topics Foursquare Amazon EC2 Outage Data Center Security Latest News EC2 Outage Takes Out Multiple Sites National Lab Needs Cybersecurity Your iPhone Knows Where You Were U.S. CIO Sets Ambitious Cloud Goals Windows 8: What’s in Store for OS?

Amazon’s cloud -based platform suffered outages Thursday. The company said the problems involved latency and other errors, and it brought down the web sites of Foursquare, Quora, HootSuite, Reddit and other companies. The problems hit the part of Amazon Elastic Compute Cloud (EC2) that supports start-ups. In a statement, Amazon said it is ‘now seeing significantly reduced failures and latency,’ and it continues to recover. It added that additional capacity has been brought online to support ‘the affected availability zone.'”

The post Enterprise Security Today | EC2 Outage Takes Out Multiple Sites, Including Foursquare appeared first on Security Wandering.

Over on the post “iSpy Conspiracy: Break Apple’s Secret Tracking with This App” contains this text:

“iSpy Conspiracy: Break Apple’s Secret Tracking with This App

 

Sam Biddle — Not entirely cool with the idea of your iPhone or iPad following your every move without your consent? Understandable! Luckily, only a day after the privacy revelation, a fix has been cooked up that switches off Apple’s covert tracking. The root of the tracking problem is a single file that logs your location. Untrackerd nukes the location logs from that database. Although it requires a jailbroken device, it’s a cinch to use—it simply runs in the background, erasing that dubious info: ‘A package installs a daemon (process that can run in the background) to clean consolidated.db file. No new icons are added to your homescreen. There are no options to configure.’

Sounds good to us! This is, however, only a bandaid—a fairly inconvenient bandaid. This is a problem that affects and potentially compromises the privacy of every single iPhone and iPad user. And most of these users aren’t ever going to consider jailbreaking.

So as much as Untrackerd is a laudable effort, it answers none of the underlying questions about why this data was being logged in the first place where normal—not just carriers and law enforcement—can get to it from our computers and handsets. The only real fix will be one that comes from Apple, allowing all users to opt-out of the tracking with a simple tap. Or hey, crazy idea—don’t have it enabled to begin with. [via TNW]”

The post iSpy Conspiracy: Break Apple’s Secret Tracking with This App appeared first on Security Wandering.

Over on the post “Facebook’s two-factor authentication announcement raises questions | Naked Security” contains this text:

“cebook’s two-factor authentication announcement raises questions Hi there! If you’re new here, you might want to subscribe to the RSS feed for updates. X

 

by Graham Cluley on April 21, 2011 | Comments (8) FILED UNDER: Data loss, Featured, Mobile, Social networks Amid mounting criticism of Facebook’s attitude to its users’ privacy and safety, the social network has announced that it is introducing a two-factor authentication system in an attempt to prevent unauthorised logins to accounts.

The idea is that if you log into your Facebook account from a computer or mobile device that Facebook doesn’t recognise as one that you have used before to access the website, then you’ll have to enter a code to confirm you are who you say you are.”

The post Facebook’s two-factor authentication announcement raises questions | Naked Security appeared first on Security Wandering.