Libertés Numériques

I attend a lot of conferences. I mean a LOT of conferences. There has been a growing theme at all of these events among practitioners...

Firewalls are dead. Anti-virus is dead. IDS/IPS is dead. [insert security product X here] is dead.

Meanwhile, all of the presentations at these conferences tell us why product Y is garbage and company Z is incompetent and how to break SSL into tiny pieces.

Where have all the defenders gone? Is it a lost cause? Are we well and truly hopeless and defeated?

Absolutely not. In fact it is one of my favourite reasons to attend a Security BSides event. Real local IT people sharing actual techniques that are helping them defend their organizations...

With less than 16 hours to go, internet con men are taking advantage of the largest yearly event in sport. The American Super Bowl contest has garnered extra attention this year because the coaches of the opposing teams are brothers.

As usual, internet fraudsters are capitalizing on the spectacle and luring unsuspecting NFL fans into completing a survey. The purveyors of this survey are not who you think.

An authentication bypass vulnerability was found in Facebook leading to Google searches that could allow attackers to impersonate people on Facebook without a password.

We've all seen the emails, "*FRIEND* wants to be friends with you on Facebook", or "*FRIEND* commented on your status."When you receive these messages there is a convenient button "Confirm friend request" or "See comment" embedded in the email message.

To ensure a frictionless experience, Facebook was embedding a cookie-like identifier in the links so you would not need to login to Facebook to acknowledge friend requests and other messages.

Anytime there is a method to bypass a security mechanism it will be abused and this feature was no exception.