Stories by Robert Vamosi

  • Security Threat: Beware the Office Multifunction Printer

    Cybercriminals are always looking for easy ways to break into your network, whether at work or at home. In a talk at this summer's <a href="https://www.defcon.org/html/defcon-19/dc-19-index.html">DefCon 19</a> conference, security researcher Deral Heiland demonstrated various ways to compromise <a href="http://www.pcworld.com/businesscenter/article/217825/cloud_printers_rain_on_security_parade.html">Internet-ready consumer-grade multifunction printers</a>. These include printers that can scan to a file, scan to email, and fax documents, and the vulnerabilities he found are similar across all vendors.

  • Keep your credit cards safe from skimmers

    You're in a restaurant, enjoying a deep conversation. Peripherally, you see the waiter take your credit card and return a few minutes with a slip for you to sign. You think nothing of it until a few hours later when you receive a call from your bank: Someone is racking up serious debt on your credit card, mostly for electronics purchases. Is it you?

  • Cross-site scripting: An old problem returns

    In May, Web security consultant George Deglin discovered a cross-site scripting (XSS) exploit that involved Facebook's controversial Instant Personalization feature. The exploit ran on Yelp, one of the three sites that Facebook had selected to test Instant Personalization. Deglin was able to obtain not only Facebook profile information shared with Yelp but also the e-mail addresses for that profile's Facebook friends--a potential gold mine for marketers and spammers alike.

  • Bugnets Could Spy on You via Mobile Devices

    Imagine sitting in a café and discussing the details of a business proposal with a potential client. Neither you nor the client has a laptop; you're just two people having a conversation. But unbeknownst to you, someone half a world away is listening to every word you say. Later, as you leave, you receive a text message referring to the proposal and demanding money in exchange for silence.

  • Protect data with on-the-go drive encryption

    This past January, the health organisation Kaiser Permanente reported a theft of an external hard drive from an em­­ployee's car. The hard drive contained data on about 15,500 Northern California patients, including their full names, medical record numbers, and, in some cases, gender, dates of birth, and other info on treatment and care received at Kaiser (but not patients' social security numbers or financial data).

  • New banking trojan horses gain polish

    Criminals today can hijack active online banking sessions, and new Trojan horses can fake the account balance to prevent victims from seeing that they're being defrauded.

  • Is your PC bot-infested? here's how to tell

    As fireworks boomed on the Fourth of July, thousands of compromised computers attacked U.S. government Web sites. A botnet of more than 200,000 computers, infected with a strain of 2004's MyDoom virus, attempted to deny legitimate access to sites such as those of the Federal Trade Commission and the White House. The assault was a bold reminder that botnets continue to be a massive problem.

  • Former Google VP Suggests User-Based Security

    At the Black Hat security conference on Wednesday, former Google VP of Engineering Douglas Merrill gave the opening keynote presentation, and it wasn't a traditional security industry talk. The takeaway: Let users dictate enterprise security needs.

  • Twitter: a growing security minefield

    In June, the world watched as tweets from the streets of Tehran flooded Twitter. Frequent Twitter users--and people who hadn't even heard of the microblogging service--were suddenly and simultaneously witnessing its potential.