Roger A. Grimes refutes the claim that malicious hacking has become more sophisticated than ever by pointing out that the same tools are being used to exploit companies’ websites. Grimes claims that businesses and end-users simply aren’t taking the necessary steps to protect themselves, which increases the vulnerability for application exploits and SQL injection – two of the most common methods of compromise.
Firm sends bots into chats to solicit stolen data
What happens once your data is stolen? Online banking credentials, Social Security numbers and the like sometimes end up in underground networks – chat rooms and invitation-only forums – to be bought and sold. Bloomberg’s Michael Riley reports on “robot informants,” or “chat bots,” based on artificial-intelligence software designed to pose as hackers during these potential transactions and solicit stolen data.
Microsoft fixes SSL 'kill switch' blooper
Recent security breaches have prompted the removal of root certificates from multiple corporations in order to protect themselves from potential attacks in the future. ”SSL certificates are used by websites and browsers to identify a site as legitimate” and once the integrity of a website has been compromised, the possibility of “man-in-the-middle” attacks are likely. Our own Philip Hoyer recently wrote a blog post in which he claims that SSL TLS V1.0 protocol is dead – and the only way to protect transactions until the infrastructure is updated is to utilize OTP and PKI technologies.