Stories by Steve Ragan

Attackers embedding backdoors into image files

Researchers at Sucuri, a firm focused on website security awareness and attack recovery, have discovered attackers using a known, but a rather uncommon method of maintaining access to an already compromised server: They're hiding backdoors inside the headers of legitimate image files.

Steve Ragan | 18 Jul | Read more

SCADA vendor faces public backlash over bug bounty program

Bug bounty programs are rather popular these days. Companies such as Google, Microsoft, and Mozilla pay respectable amounts of money to researchers who disclose vulnerabilities to them. While the argument can be made that some vulnerabilities are worth far more on the open market than the bounty paid, most vendors respect this and offer as much as they can, but do so knowing they can't compete with many organizations.

Steve Ragan | 18 Jul | Read more

Why help desk employees are a social engineer's favorite target

A new report from the SANS Institute and RSA on help desk security and privacy finds help desk workers are the easiest victims for a determined social engineering criminal. Due to metrics and basic job requirements, end user and network support operations are still the top target when it comes to breaching corporate security. The reason is that help desk operators are being too helpful, which results in attackers gaining access simply by asking.

Steve Ragan | 17 Jul | Read more

Sony drops PSN breach appeal after risk assessment

Sony, entertainment giant and the company most noted in the security world as the source of a massive breach that impacted millions of accounts in 2011, has said they will abandon the appeal that was filed with the Information Commissioner's Office (ICO) in the U.K., due to security concerns. The move means they will pay the £250,000 fine ($377,400) levied against the company earlier this year and walk away from the table.

Steve Ragan | 15 Jul | Read more