Physical Security is Part of Cyber Security | APNIC Blog

Physical Security is Part of Cyber Security

By Adli Wahid on 11 Nov 2014

Some of you may have read about a piece of malicious software (malware) called Tyupkin being used  for illegally withdrawing funds from ATMs (Automated Teller Machines). If you haven’t then have a look at the Karpesky Lab and the Interpol article.

The timing of the article seemed to coincide well with reports from authorities in Malaysia about criminals using malware to withdraw a lot of money from 18 ATMs around the country.

Malware on other than stock PCs or laptops is definitely interesting to discuss. While there is a lot of discussion about the malware itself, for example, ‘payload’ (what it does) or how it works, it is important also to understand how it gets installed on the ATM in the first place. Your typical malware-of-the-day relies a lot of exploiting client side vulnerabilities (that is, drive-by-downloads) or authentication weaknesses in Internet facing services. But what about ATMs ? How do they got infected to begin with?

18 months later, and Facebook Profile Viewer rogue apps still successfully tricking users | Naked Security by SOPHOS

Found this article to be share among us.

Back in January 2011, I wrote an article bemoaning the state of Facebook security, and specifically its apparent inability to stamp out fake messages which claim to let you find out who has viewed your Facebook profile.
18 months on, and has anything changed?

Seemingly not, judging by the messages many Facebook users are seeing in their newsfeed.

COOL!! i cant believe its real and official we can now see who's viewing our profile, Check Who's Viewing Your Profile here: [LINK]

Is it Time to License Cyber Security Professionals? | InfoSecurity

At the 2012 Colloquium for Information Systems Security Education (CISSE) last month, a speaker from the US Department of Homeland Security (DHS), National Cyber Security Division, provided a glimpse of a study that was being pursued with the National Academy of Science. The speaker described a number of licensing programs used in such fields as medicine and aviation, where data reportedly concluded that to be recognized as a professional, one must be licensed.

What was surprising about the presentation was the lack of objectivity in comparing the medical field to information technology (IT). It must be understood that IT and information security are rapidly changing and evolving disciplines in a relatively new field and cannot be compared to one of the oldest and most established professions in history. Both the medical and engineering fields have well-defined areas of expertise that have been taught in colleges and universities for decades. Information security is only now being discussed as a separate discipline, and there are almost no universities that have a separate school of information security. Most colleges and universities combine information security in with their math, finance or IT departments. If the information security profession were to evolve into a licensing regime, it would at the very least need to be considered a discrete discipline on its own.