Educational

Cyber Diplomacy – a course from UN Office for Disarmament Affairs

I just finished the online course “Cyber Diplomacy“, a course from the United Nations Office for Disarmament Affairs. For me it was interesting to find out how much from the real world has been already applied to the cybersecurity world. Unfortunately, by seeing this, I realized that actually nobody cares about these UN resolutions. For example, did you know that a country should not allow hackers to perform attacks on another country from within its territory? And how should this be controlled? We hear almost every week that Russia, China, Iran, North Korea, and many more are performing cyberattacks on “their enemies” (observe the quotes). If they are members of UN (click the links above to see details. Conclusion: The course is interesting, even if you don’t actually learn new concepts about cybersecurity. You do learn how serious cybersecurity is being taken by the UN. And this is good…

Read More

No Image

New Android app for IT Security News with push notifications

ITSecurityNews.info is my security news aggregator, which collects RSS feeds and publishes them in WordPress automatically. A long time ago I created an app using AppSpotr, but since then things have changed. So, I decided to write one myself. Of course, not from scratch, I took an open source project called fNotifier and changed it to my needs. The app remains running as a service and polls regularly (see screenshot below – Settings) for new feeds.   And after one rejection due to Policies, it was approved in the Play Store: https://play.google.com/store/apps/details?id=org.itsecuritynews   It is actually enough to visit the website on a mobile device and you will see immediately on the top of the page an offer to install the app.  


Stack Overflow introduces … erm… copy/paste limitations

If you use Stack-Overflow today, you will be surprised to see this popup:     This has caused an explosion of Reddit comments here: https://www.reddit.com/r/webdev/comments/mhkume/stack_overflows_new_copypaste_limit/ When you click on “Learn More”, you get to see this : Aha, 3 keys for $39.99 … riiiight 🙂   If you click on the “Pre-order” you get to see this:     April Fools joke. Hahahahah 🙂     But those guys from Reddit didn’t laugh, at the beginning. 🙂


Speaking at the Virus Bulletin Conference 2020: ‘One year later: Challenges for young anti-malware products today’

Source: https://vblocalhost.com/presentations/one-year-later-challenges-for-young-anti-malware-products-today/ A year ago, at VB2019 we presented for the first time an overview of how the anti-malware world looks from the perspective of a young company trying to enter the market: how they try to build products, how they try to enter the market, how they try to convert users, and what challenges they face in these activities. In this new paper we will present an overview of the situation for such a company after one year of experience. We will look at the situation from several angles: that of the consulting company helping them to build the product and enter the market that of working with certification companies regularly, checking the products for detection and performance that of working with Microsoft to make the company compliant and keep them compliant One year later, many still have a hard time understanding that the security market is no longer the Wild Wild West, but we also see that a lot of visible efforts are being made to improve. This means that compliance with ‘clean software’ regulations is becoming an issue. We will present some interesting statistics and compare data from the past with current data. The young companies still…


The Ultimate Parent Guide for Protecting Your Child on the Internet Series

You can see in the next 8 weeks a post per week about this topic. The short versions of these posts will be published here (from the RSS feed). The full version will always be on Improve-your-security.org Start reading here: The Ultimate Parent Guide for Protecting Your Child on the Internet Series   Happy reading and try to apply some of these.    


Microsoft Updates Guideline on Windows Driver Security

Microsoft has released an updated guide on driver security. This new guide offers advice that developers could use to ensure Windows drivers are secured against basic attacks and preventable flaws.   Driver Security Guidance This section contains information on enhancing driver security. In this section Topic Description Driver security checklist This topic provides a driver security checklist for driver developers. Threat modeling for drivers Driver writers and architects should make threat modeling an integral part of the design process for any driver. This topic provides guidelines for creating threat models for drivers. Windows security model for driver developers This topic describes how the Windows security model applies to drivers and explains what driver writers must do to improve the security of their devices. Use the Device Guard Readiness Tool to evaluate HVCI driver compatibility This topic describes how to use the tool to evaluate the ability of a driver to run in a Hypervisor-protected Code Integrity (HVCI) environment.   The nice part is that all this is also available as PDF. I am starting to like these new initiatives from Microsoft. I wrote that they are taking a clear stance on PUA and now I see that they are actually…


How to block the Skype Ads

Since Microsoft took over Skype, only bad things are happening. Really, I hate Skype since they started to get their orders from Redmond. 🙁 Once of the nerving things are the ads. Yes, these:       Here is how to get rid of it: Open Control Panel, go to Network and Internet Options. If you’re in Win10, goto Settings -> Internet Options It looks like this: Then click on “Security” and select “Restricted Sites”: Then click on “Sites” and you will see this window popping up. Add there this URL: https://apps.skype.com/   Close the window and restart Skype.   The ads are gooone! PS: the arrow and the smiley are from me 😉  


Love statistics? Read here what went wrong with the USA presidential election polls

Source: http://stats.stackexchange.com/questions/245063/us-election-results-2016-what-went-wrong-with-prediction-models   Original question: First it was Brexit, now the US election. Many model predictions were off by a wide margin, and are there lessons to be learned here? As late as 4 pm PST yesterday (n.b. on 08.11), the betting markets were still favoring Hillary 4 to 1. I take it that the betting markets, with real money on the line, should act as an ensemble of all the available prediction models out there. So it’s not far-fetched to say these models didn’t do a very good job. I saw one explanation was voters were unwilling to identify themselves as Trump supporters. How could a model incorporate effects like that? One macro explanation I read is the rise of populism. The question then is how could a statistical model capture a macro trend like that? https://www.foreignaffairs.com/articles/2016-10-17/power-populism Are these prediction models out there putting too much weight on data from polls and sentiment, not enough from where the country is standing in a 100 year view? I am quoting a friend’s comments. Even if a different response won, I like these two more: The USC/LA Times poll has some accurate numbers. They predicted Trump to be in the lead….


Annoying Internet Ads: An Open Letter To Digital Marketers Everywhere

I gave a nice interview to MICHAEL O’DWYER for IPSwitch and he wrote the following article: Annoying Internet Ads: An Open Letter To Digital Marketers Everywhere “Ads consume bandwidth, especially those delivered as Flash or code. If you’re on a mobile device, with a small screen, the ads will also cover a good portion of the screen, thus making it difficult or even impossible to see the desired content you want to see,” says Sorin Mustaca, CSSLP, Security+, Project+, an independent IT security consultant. “[Over] the last 3 years, we hear[d] more and more about malvertising — the delivery of malicious software instead of ads, or in parallel with ads,” adds Mustaca. Read the entire article using the link above.   What can be done? Certainly, the solution is not to remove ads completely. They finance a large part of the free Internet. Make them not so intrusive anymore. Make them smart and useful – make them related to the content you’re reading. How? On this site and especially on www.ITSecurityNews.info I use Adsense through Google’s own WordPress plugin for Adsense. It inserts up to 3 dynamic ads on a page and if there is the danger of having too many ads…


What’s the deal with a PhD?

I found long time ago this animated GIF on the Internet and now I managed to download it. I don’t know who created it, so I can’t give credit to anyone. Why I post this here? Because it matters and because it is exactly my experience which I like to share. Not many know, but I have been part of the PhD program of the Politehnica University Bucharest in Romania for 5 years, immediately after graduating the same university’s Computer Science faculty (field: Software Engineering). My diploma was related to Distributed Systems as well, namely about how to use CORBA to write software for distributed systems. It took me 5 years to go through because I had to do it in my spare time. I was working all this time and then I left Romania to move to Germany and work for Avira. The field I chose was Distributed Systems and my thesis was supposed to be “Distributed Malware and Spam detection using a Reputation system”. It might not sound very cool now, but  remember, this was between 1997-2002 (university) and 2002-2007 (Phd)!   So, why did I not finish it despite the fact that I wrote most of the dissertation and…


%d bloggers like this: