Stories by David Braue

Malicious QR codes: a mobile security blind spot

It's hard to read in-store signage, magazine or newspaper advertisements or product brochures these days without seeing a quick response Code (QR Code) – the blocky, square two-dimensional barcodes that let smartphone users quickly jump to a Web address by simply taking a photo of the code block.

David Braue | 02 May | Read more

The week in security: Flashback, brethren continue assault

Malware authors continued to pull new cards from their bags of tricks, with suggestions a new approach uses JavaScript to look for mouse movements, indicating that the visitor is a real person and not a security vendor’s automated malware scanner. In the absence of mouse movement, no malware will be offered.

David Braue | 17 Apr | Read more

The week in security: 600,000 reasons for Mac users to be afraid

Cyber-attacks may have been adjudged to be one of the most serious security threats facing the world, and the nasties out there were certainly doing their part to make sure we didn't forget it. Credit-card payments processor Global Payments said that fewer than 1.5 million cards were affected by the recent data theft, but struggled with its corporate messaging in the wake of the significant breach. .

David Braue | 11 Apr | Read more

The week in security: hackers work as quick as a Flash

The use of Facebook and Google credentials to log onto multiple services has been heralded as a benchmark in service integration, but a recent study has shown the protocols used to facilitate such logins remain woefully inadequate. This is a significant weak point in cloud-based services, while Microsoft's decision to release an anti-malware tool for its Azure cloud service seems to counter the company's own advice that one of Azure's benefits is to avoid reliance on security software.

David Braue | 03 Apr | Read more

The week in security: If you must poke a bear, use a long stick

It's a lesson learnt all too painfully by all sorts of people in the past: don't cross a hacker or you never know what will happen. Sadly, the developers of the Ruby on Rails team learned this this hard way after a user, who had warned of a vulnerability in the project's code repository on GitHub, hacked into the site to make a point after the development team dismissed his notification.

David Braue | 14 Mar | Read more

The week in security: When corporate 'security' just isn't

Following on from the hack of analyst firm Stratfor in December, Wikileaks has published more than five million emails from the group — painting in stark clarity just what can happen if you don't take your security seriously enough. And while CIOs should consider their risk culture and are expected to boost security spending in 2012, it's crucial to make sure your company's site is secure before you try to implement anti-distributed denial of service (DDoS) systems, one group warned.

David Braue | 05 Mar | Read more