ICSA Labs Security Testing Blog

As fears of copiers grow, how can we protect ourselves?

On March 31 of this year, ICSA Labs blogged about the security risks associated with network attached copiers (Is your photocopier putting your company at risk?)

Securing the Smart Grid – The Perception Issue

On March 12, I posted a blog entry on securing the smart grid (available here). Since that time, there has been a virtual firestorm in the media around the security of the smart grid, especially focusing on smart meters.

A series of articles, both print and online, have given the impression that smart meters are inherently insecure. Unfortunately, and also very fortunately, this is not accurate.

Library of Congress Project to Archive Every Twitter Message – What Does It Mean for Malware?

Recently it was announced by the Library of Congress that it has entered into an agreement with Twitter to acquire the entire Twitter archive (to read the Library of Congress’s blog entry, click here).

Picking and Choosing When it Comes to Security Products

A vendor sales rep calls you up.  And why not?  After all, you’re the guy or gal who procures security products for the organization.  He knows you are looking for the best UberSwitchy Protection System on the market.  He says theirs is a great fit – a perfect fit in fact – for your environment.  If this product was in a high school yearbook, he says, “next to its photograph the caption would read, ‘most likely to secure you.’”  The salesman goes on-and-on about it.  Wowed by the praise, believing the hype, and hop

Is your photocopier putting your company at risk?

While most users realize that their office printers are connected to their network, they often do not realize what other devices are connected to their network.

For example, do you know if your photocopier is plugged into your network?  Do you also know that some photocopiers store a digital copy of every document you copy onto a hard drive?  Do you know the default passwords for these devices can be readily found on the Internet?  I think you can see where this is headed.

On the Origin of Spam

So you received another spam e-mail message. On the surface it seems rather ordinary. It’s an advertisement for a handful of brand-name prescription drugs. When viewed from your e-mail client, you can tell that it’s clearly html -- having brightly colored text with an image above the text. The image, loaded automatically by your client, comes from some .com domain according to the e-mail’s html source code.

Give me Independent Testing or Give me Death

235 years ago today (March 23, 1775), Patrick Henry gave a powerful speech to Virginia’s delegates in Richmond that ended in the famous saying, “give me liberty, or give me death.”  Liberty, freedom, and independence are powerful ideas central to free nations, and also advocated by many businesses in those nations.  

The Smart Grid, It's All About Security

All too often you read about security breaches that cost firms millions of dollars or hit individuals with loss of personal data or both. But all this pales in comparison when you consider the implications of a security breach somewhere on the electrical grid.
 
Plausible scenario #1
 

Malware – It keeps going, and going and going…

Would it not be enough for you to worry about picking up a malware infection via an e-mail, infected program or social media Web site.  Now consumers have to worry about every intelligent device they plug into your computer. This is not new news. We have already seen reports of infected digital picture frames, GPS devices, etc. The latest non-techie device to spread malware is a battery recharging unit.  Yup, that’s right – battery recharging unit. The Duo Charger, USB-powered battery recharger contains malicious code.

Why a Test Lab Needs to be Wary of Commercial Exploit Packet Captures

When it comes to testing coverage protection for their network intrusion prevention system (IPS), enterprise end users may use a commercial tool that contains and replays many exploit packet captures.[1]