Articles by Sorin Mustaca

Targeted Malware on the rise

  Ever wondered what a “spear phishing” is ? Or a “targeted malware” ? See below: It is an email targeted to a member of an organization, which is made to look as legitimate as possible. The difference between normal phishing and malware emails and a targeted one is that the contents of the emails are referring to locations or persons of the organization being targeted. In this case, Avira: as you can see below, there are apparent links to internal locations. Of course, they are all fake (like in phishing). In reality, they point to malicious documents and locations…


Experiment started: HTTPS for ITSecurityNews.info

The Internet is telling everyone to switch to HTTPS for various reasons: better security better SEO from the search engines (read: Google) others While I agree with most of the reasons, I think that it is not really necessary for a read-only news portal to have HTTPS. It is no secret transferred, no login, nothing… Just text and links. And Ads… 🙂 So, my hosting provider Strato is giving me a free SSL certificate. After a long thinking and testing, I activated it for ItSecurityNews.info. From now on, you’ll be redirected to the HTTPS://ItSecurityNews.info even if you just type ItSecurityNews.info…


Exclusive interview for IPSwitch: When Security Awareness Training Overwhelms Users, Can Technology Help?

A new article of Michael O’Dwyer got published in IPSwitch: When Security Awareness Training Overwhelms Users, Can Technology Help? I am happy to say that I was the only one interviewed, so this is actually an exclusive interview with me.   “I would say that humans are the biggest problem, because they are the weakest link. It is true and quite normal that humans make mistakes,” said Sorin Mustaca, CSSLP, Security+, Project+, an independent IT security consultant.   “Unfortunately, there are more and more security companies out there which have a bigger marketing department than R&D. They have no problem…


Security for free, update after 4 years

About 4 years ago, while I was working at Avira,  I wrote this article for (ISC)2’s blog. Security “for free”? I wrote back then about how to cover all attack vectors for malware. I also wrote about the hidden costs, which many people tend to ignore. These costs are not acquisition costs. They are even not easily visible. I concluded, that it is possible to achieve a decent degree of security without any acquisition costs. However, there are drawbacks and there are hidden maintenance costs. For those who are interested in having software that works for them and not the…


Lack of security made simple: Casual Insecurity

I am travelling quite a lot because of my job, working with Avira’s customers to integrate their OEM Technologies. For this reason, I am very often in hotels and airports. Almost everywhere these days, I can find free WiFis: wireless networks with free of charge access. We all know that accessing resources through free WiFis is not the best ideas. Especially, if these networks do not have any kind of password set.   This is how I think that the Lack of Security is made so simple: offer something everybody needs for free and make that as unsecure as possible….


WannaCry Ransomware – Executive summary

If you want news from the IT Security industry, please check IT Security News here: http://www.itsecuritynews.info/?s=WannaCry This is my summary, inspired from various sources on the web mentioned in the Sources (see at the end).   The ransomware Wannacry has infected systems across the globe and has been the topic of discussion among security professionals for quite some days now. The WannaCry ransomware attack – 5 things you need to know A ransomware attack of “unprecedented level” (Europol) started spreading WannaCry ransomware around the world on Friday, May 12, 2017, around 11 AM ET/3PM GMT. Until now, hundreds of thousands…


Colorful spams are back!

Yeeesss, the Spam/Trash folder is no longer so boring! Finally, the spammers are now using all the features of the email clients and have made the subjects to look much nicer. Do you know how they do that? They add UTF8 characters in the subject and then they encode the entire string using Quoted-Printable encoding: Content-Type: text/html; charset=”utf-8″ Content-Transfer-Encoding: quoted-printable Subject: =?utf-8?q?=F0=9F=91=B6_Free_Trial_of_Diapers_from_The_Honest_Company_?= =?utf-8?b?8J+Rtg==?= This is the output:   Another example: Content-Type: text/html; charset=”utf-8″ Content-Transfer-Encoding: quoted-printable Subject: =?utf-8?b?8J+YqCBXaWZlIFdhbGtlZCBJbiAtIE9PUHMhISEhISDwn5io?=


How to get rid of disturbing and traumatizing “children” films on YouTube

If you have children, then you must allow them from time to time to watch some children films on Youtube. They must have missed some episodes of their favorite series and you definitely can find them there. In any language you want. Just search for “Caillou”, “Barbie”, “Batman” , “Elsa” , “Spiderman” or anything alike and you will get something. There is a huge market for “children’s” YouTube content. But, what happens when the results are not for children?   How do you filter them? You can’t… So, what do you do ? You ban them from using the tablet…


I received the first “nigerian scam” on XING

As a premiere, I received the first Nigerian Scam on XING. It is quite common to receive such requests on LinkedIn, but for me it is the first time on XING. This is the text: Hello Sorin Mustaca, I have partners who I front for to assist source for a foreign partner who could be of help to receive fund for the purpose of various viable investment abroad on their behalf, they are all still in service and want anonymity to protect their reputation in service.I will furnish you with their mode of operations after receiving your readiness. Regards, Dr….


Google Search Console fail over notifications for the WordPress updates

I have quite a lot of WordPress based websites which I run and maintain. One of these is this blog: www.SorinMustaca.com All my WordPress websites are configured to autoupdate to the latest WordPress update. The same applies to their plugins and themes. Google Search Console (GSC) is a tool I used to manage better the registration of my websites with the search engine and their advertising platform Adsense. Yesterday evening I received a couple of emails, one for each of my websites registered with the GSC : Here is the text: Recommended WordPress update available for http://sorinmustaca.com/ To: Webmaster of…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close