Security & Mobility Now
Security is top-of-mind everywhere, especially right here where Juniper experts share their thoughts on the latest security breakthroughs and product advancements

Displaying articles for: 07-08-2012 - 07-14-2012

KyleAdams

The Yahoo Breach: Not All SQL Injection Attacks Are Created Equal

by Juniper Employee ‎07-12-2012 01:40 PM - edited ‎07-12-2012 04:00 PM

Early this week, Yahoo joined the ranks of many other large organizations that were successfully and publically breached this summer.  The group claiming responsibility, known as ‘D33Ds Company, claims the breach was intended as a wakeup call to Yahoo’s security team and not as a malicious act.  The breach involved the extraction of sensitive information such as the usernames and passwords or nearly half a million users, as well as the full database architecture of the web application. D33Ds Company was able to steal the information by exploiting a SQL injection vulnerability in an undisclosed Yahoo! web application that some have speculated is related to the company’s VOIP phone service. 

Read more...

I as in Boston a couple of weeks ago with my family. As we got into a taxi to go to the restaurant for dinner, I found an iPhone on the seat, and gave it to the driver. Turns out the taxi driver had just dropped a friend off at the airport for a flight, and his buddy left his iPhone in the cab. The driver wanted to get in touch with his friend’s girlfriend, in case his friend called her from the airport worried about where his iPhone may have ended up. But, his friend’s iPhone was locked. The cabbie complained about the iPhone being locked, and wondered aloud why anyone would need a password on their mobile phone.

 

It was the wrong question to ask with me in the cab. I started listing for him all the reasons why anyone – better yet, EVERYone – should have a passcode set on their mobile device.

Read more...

July 2012 Microsoft Patch Tuesday Summary

 

Welcome to another edition of patch Tuesday summary blog.  This month we are patching 16 vulnerabilities over 9 bulletins.

Here is a list of the vulnerabilities fixed in today’s patches and the corresponding IPS signature(s) that covers the Microsoft vulnerabilties:

Read more...

skathuria

Wireless Medical Devices – Don’t Forget to Secure Them!

by Juniper Employee ‎07-09-2012 10:16 AM - edited ‎07-09-2012 10:17 AM

The healthcare industry is beginning to adopt technology to better assist patients, gain easier access to medical information and to administer medication. In particular, certain practitioners are either considering or have started adopting wireless (a.k.a., mobile) medical devices, such as implantable medical devices, external medical devices, or portable computers such as iPads, tablets, and smartphones, for such purposes. However, this isn’t without risk, according to The Department of Homeland Security (DHS). It recently announced that the US Food and Drug Administration (FDA), responsible for regulating medical devices, cannot regulate mobile medical device use or users, including how users are linked to or configured within networks such as private/public/hybrid clouds (managed data centers) which house medical data.

 

For the benefit of organizations that are considering adoption of mobile medical devices, an article published May 23, 2012, outlined five risks suggested by the DHS that should be considered:

1)      Insider Theft – Employees stealing data via network transfer (e.g., e-mail, remote access, or file transfer).

 

2)      Malware – Examples are keystroke loggers, Trojans, and other spyware designed to uncover, capture, and transmit to malicious third parties easily accessible sensitive data once inside the network.

 

3)      Spearphishing – E-mail based attack where customized e-mails containing malicious attachments or links are sent to key personnel; these e-mails are especially convincing because they appear to be sent from a legitimate source.

 

4)      Web – Methods such as silent redirection, obfuscated JavaScript and search engine optimization (SEO) poisoning, as well as legacy threats such as data communications interception and rogue access points can be used to penetrate a network, then ultimately access an organization’s data.

 

5)      Lost or stolen equipment – If a smartphone or tablet is lost or stolen, and then compromised, it can be an entry point into a health entity’s network and records.

 

To mitigate risks from adoption of wireless medical devices, healthcare providers should deploy security on these devices. Access control should be applied on a user level, based on the user’s role, so that irrespective of which device or location the user connects from, he/she is given access to only that data which is required for the applicable business purposes. Anti-malware and Web protection should be enabled for every Internet-connected mobile device, whether it is a medical device or a personal smartphone or iPad used to access the network and increase user productivity. Furthermore, in case a device is lost or stolen, it should be possible to remotely lock the device and/or wipe all its content, including logins and passwords, so that no one else can use the device to gain access to any sensitive data or exploit stored information. To learn about Juniper’s mobile device protection and management solutions, visit: Junos Pulse Mobile Security Suite

Read more...

About Security & Mobility Now

Discussing a wide range of topics impacting enterprises and
data center security.

Subscribe RSS Icon

Our Bloggers

Kyle Adams
Senior Software Engineer

Profile | Subscribe

Ritesh Agrawal
Director
Software Engineering

Profile | Subscribe

Erin K. Banks
Senior Technical Marketing Manager

Profile | Subscribe

Ajay Bharadwaj
Product Manager

Profile | Subscribe

Michael Callahan
Vice President
Product Marketing

Profile | Subscribe

Scott Emo
Director
Product Marketing

Profile | Subscribe

Mora Gozani
Senior Manager
Product Marketing

Profile | Subscribe

Ashur Kanoon
Sr. Manager
Technical Marketing

Profile | Subscribe

Seema Kathuria
Manager
Product Marketing

Profile | Subscribe

Kevin Kennedy
Senior Director
Product Management

Profile | Subscribe

Dave Killion
Software Engineer

Profile | Subscribe

Rebecca Lawson
Senior Director
Product Marketing

Profile | Subscribe

Rajoo Nagar
Senior Manager
Product Marketing

Profile | Subscribe

Erin O'Malley
Manager
Product Marketing

Profile | Subscribe

Galina Pildush
Strategy & Planning
Architect

Profile | Subscribe

Edward Roberts
Director
Product Marketing

Profile | Subscribe

Bill Shelton
Director Field Sales

Profile | Subscribe

Ashutosh Thakur
Product Line Manager

Profile | Subscribe

Troy Vennon
Software Engineer

Profile | Subscribe

Brad Woodberg
Product Manager

Profile | Subscribe

Labels
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.