Norman Safeground Blogs

insight, opinion & information


Tag Archives: Vulnerabilities / Exploits

Malware in the Watering Hole

Just when we’re getting accustomed to the terms malware, phishing and DDoS, someone, somewhere creates an even more obscure internet security term: the “watering hole”. But what does it mean – and how big a threat is it? On the web, a “watering hole” has the same meaning as in … Read More

April 2012 Patch Tuesday Addresses Critical Issues in Popular Microsoft Products

Right on schedule, Microsoft has released its monthly batch of security updates. The April update includes six bulletins, four of which Microsoft categorizes as critical. Microsoft rates the remaining two bulletins as important. In total, the six bulletins resolve eleven vulnerabilities in Windows, Internet Explorer, .Net Framework, Office, SQL Server … Read More

Patch Tuesday Problems – When 30 Days Was In Fact 2

We recently wrote about Microsoft’s March Patch Tuesday. This month, the company’s monthly patch cycle was relatively mild, addressing six issues in total, but only a single critical vulnerability – a flaw that allowed an attacker to execute any code they desired remotely without authentication. According to the security bulletin, … Read More

The insecurity paradox

The formula here attempts to explain a paradox in security analysis: If it is true that security is only as strong as its weakest link, why are not those who use insecure passwords, skip installing security patches, avoid updating or using antivirus software, and in general act insecure – not hacked and exploited continuously? … Read More

Purchasing and Downloading Outdated Software

Last week in the “JoshMeister On Security” blog, the topic was about Apple’s Mac App Store, and the fact that software available from this store may not be the latest version. The blog’s author – Joshua Long – uses the web browser Opera to illustrate his point. While Opera software … Read More

Zero Day – a Review

For some strange reason Easter in Norway is traditionally the high season for reading crime and thrillers. One reason may be the need to fill several consecutive days away from work (the public holiday lasts five days!) with some action. This Easter I had targeted a book that turned out … Read More

Damage Caused by Internet Banking Fraud Quintuples… What’s Next?

It is not a surprise, more and more people are banking online and thus cybercriminals move more and more into that region. Banking fraud on the internet is not new. It has been existing for a few years and with different variants of the Zeus Banking Trojan, many people became … Read More

Fake Security Program… for Android

Earlier this week I wrote about the malicious Android apps that Google had removed from users’ devices. As another part of Google’s cleaning-up procedures, the company pushed a security application to the affected devices, to revert the actions performed by the malware. The technique used by this security app – … Read More

Google Uses ‘the kill switch’ to Remove Downloaded Malware

In Norman’s yearly summary of security incidents, we also attempt to look into our crystal ball to predict what will happen in the year to come. One of the forecasts made in our 2010 summary was: More widespread malware for handheld devices will emerge. Several examples in the first two … Read More

A More Secure Facebook

A few months ago Norman published a security article about the tool Firesheep, an extension to Firefox, which enabled taking over another user’s unsecured session with a web site. Social networks like Facebook etc. were particularly focused upon, due to the personal information often posted to and available in these … Read More

Norman's Bloggers

Norman Safeground Blogs Archive