This Blog has Moved!

This blog is moving to


Thank you for visiting! Content will remain here for archival purposes.

Space Weather Outlook March 30, 2014 at 09:24PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-13 2014 March 30 at 7:12 p.m. MDT (2014 March 31 0112 UTC) **** SPACE WEATHER OUTLOOK **** Summary For March 24-30 An R3 (Strong) radio blackout occurred on 29 March at 1748 UTC. R1 (minor) radio blackouts were observed on 28 March at 1918 and 2351 UTC and on 30 March at 1155 UTC. No G1 (minor) or greater geomagnetic storms were observed. No S1 (minor) or greater solar radiation storms were observed. Outlook For March 31-April 6 R1 or greater radio blackouts are likely through the forecast period. A G1 (minor) geomagnetic storm is forecast to occur on 02 April. There is a slight chance for an S1 (minor) or greater solar radiation event through the forecast period. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

Introducing the Advance Fee Fraud Loan Scam

I recently have seen a new scam hitting Facebook and my Inbox - the "Loan Scam".

How it works:
Example scam from Facebook

A random person on the Internet offers you a loan, over Facebook or Email. The loan offers extremely low rates, and promises that since it's not a bank, only a few documents are needed, and that they lend to anyone regardless of credit.

Once you express interest, you'll be asked to provide some basic information. They may or may not ask for information which can be used in identity theft, such as Social Security number, or bank account numbers.

Eventually, you'll be asked to pay some sort of "processing fee". In fact, you'll probably find yourself being requested one fee after another, until you finally realize that you're being scammed.

It's very unfortunate that this scam targets those who are already having financial difficulties - because it ends up making their situation even worse.

It's important to make your friends and family aware of these scams, so that they don't fall for one of these scams.

Putting a Face on Caffeine Security - What a Long Strange Trip It's Been!

So I decided today that I should put a face onto Caffeine Security. For the longest time now, you've all
probably known me as @CaffSec. My real name is Ken, and I really am a Cyber Security professional.

What a long strange trip it's been! I've explored a LOT of interesting aspects of Cyber Security, and really enjoyed doing so.

You might have noticed the "external content" which has been frequently appearing on this blog. In the interest of full disclosure, I get paid anytime someone downloads or signs up for a magazine through one of those external links.  Not much mind you - typically about $1.00. I get one or two checks per year, and typically use the money for a nice steak dinner. However, I don't have those links posting for the money. A lot of good content is available through those links, such as study guides for security certifications, or whitepapers on the latest threats facing the Internet.

Don't be surprised if Caffeine Security gets a redesign in the near future.  I've decided to take it a whole new direction - and I think it will be exciting!

So, stay tuned for great things to come!


Please do not mistake this as a spam, your winning is real

So, I don't post these as often as I used to, but I thought this was worth a good chuckle.  I'll let you know if I get any response.

ATM MasterCard Department.
Attn: Beneficiary,
I write to you concerning the international email bullock drawn winning which Zenith Bank Plc do every 4years.This year 2014, your email happen to be one of the luckiest email which came out as a winning from the drawn and the Panel Zenith Bank Plc, has approved to send your winning through an International Swift (ATM MasterCard) valid sum of $2,500.000.00. (Two Million, Five hundred Thousand United State Dollars) Which is access able in any ATM Machine location Worldwide.
Your winning payment has today been approved by the federal ministry of finance with authority to remit your payment ATM MasterCard. Please know that your winning ATM MasterCard has been handed over to zenith Bank Admin director, Mr Anthony Morrison. All useful papers with Proof of Ownership Certificate will be attached to you as the possible beneficiary of the said fund before shipment. Also letting you know that a concrete shipping arrangement has been setup with Fedex courier service to receive your ATM MasterCard in the next 48Hrs for pick up.But you will have to secure the shipping papers and insurance permit order to execute an express deliver to you. Honestly It will cost you $280.00 and no further fee attached after that.
If you desire to receive your ATM MasterCard now and start usage to your funds, Than complete the bellow information accordingly and send to  (mr.anthonymorrison101@gmail.com) to start processing your shipment with immediate effect
(1) Your Full Name :
(2) Full Residential Address : (P.O.BOX NOT ALLOWED)
(3) Direct and Current Phone :
(4) Present Country :
Once your details is been submitted to Mr Anthony Morrison as instructed, Then all useful papers and guide lines will be given accordingly to secure your ATM shipment with the courier service and the tracking for pick up. Please do not mistake this as a spam, your winning is real.
Also, do not be difficult with the $280.00 required to obtain the shipping papers with the courier service. It is the only mince since you not located close to Zenith Bank head Quarter here for pick up in person.
congratulation in advance to receive your winning funds.
Thanks for your co-operation.
Tel-Number: +234-704-637-1100


...and now for my response!


Hello!
I am quite surprised by this email, and extremely overjoyed!  I mean, holy crap, you only do this drawing once every 4 years, and I was lucky enough to get picked? WOW! That's amazing!
I'm a little concerned though.  I mean... $2.5 million...on a single ATM card?
What happens if I lose it!?!?!?!?!
Can you split it into several ATM cards? Maybe 5? That way if I lose one I won't lose all of my money.
Also, I don't think I need a Proof of Ownership certificate. I'd also be ok with standard delivery instead of express.  So I've done some rough calculations, and I think that would only cost me about $150, right?  So is that ok? I'll send you $150 and you send me 5 ATM cards, no Proof of Ownership, and not Express? Also, why can't I use my Post Office box? Does the stuff have to be shipped FedEx? The last time I got something from FedEx, they mistook my neighbor's compost bin for a mailbox - and let me tell you that Grateful Dead CD I ordered from Amazon STILL stinks! So, if I could get it delivered to a post office box that would be great.
I tried calling you at 704-637-1100 but I got some law firm in North Carolina who had never heard of you.
Look forward to hearing from you!
Ken

History of Cryptography

The following is external content provided as a free resource for blog readers.





This white paper presents a brief history of cryptography and how encryption-related technologies have evolved and will continue to evolve as well as the measures Internet users should consider when implementing modern encryptions.



Request Free!

Fraud Alert: New Phishing Tacticsand How They Impact Your Business

The following is external content provided as a free resource for blog readers.





In this fraud alert paper, we'll highlight the current trends in today's phishing schemes, with a particular focus on the latest threats emerging from China. Then we'll offer some ideas and best practices for applying technology to protect both yourself and your customers.



Request Free!

Choosing a Cloud Hosting Provider with Confidence

The following is external content provided as a free resource for blog readers.





The goal of this white paper is to help enterprises make pragmatic decisions about where and when to use cloud solutions by outlining specific issues that enterprises should raise with hosting providers before selecting a vendor, and by highlighting the ways in which SSL from a trusted Certificate Authority (CA) can help enterprises conduct business in the cloud with confidence.



Request Free!

How to Choose a Certificate Authority for Safer Web Security

The following is external content provided as a free resource for blog readers.





Criminals are exploiting Internet users in many ways. Download this white paper to learn more.



Request Free!

Choosing the Right Security Solution

The following is external content provided as a free resource for blog readers.





This paper discusses how online businesses can instill trust and confidence in their websites, protect valuable brands, and safeguard customers' sensitive information. It is critical to choose e-commerce security solutions that continually evolve and extend to address a range of ever-changing needs. SSL-based security platforms with solid track records of meeting new challenges are the best way to defend, and future proof, e-commerce environments against a growing and dynamic Internet threat environment.



Request Free!

A New Way to Buy and Easily Manage SSL Certificates

The following is external content provided as a free resource for blog readers.





IT departments face a range of issues -- some obvious, some more subtle -- when dealing with SSL certificates. These issues can have serious business and security consequences. GeoTrust Enterprise Security Center was designed with customer input to address these problems.



Request Free!

Space Weather Outlook March 24, 2014 at 12:59AM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-12 2014 March 23 at 10:48 p.m. MDT (2014 March 24 0448 UTC) **** SPACE WEATHER OUTLOOK **** Summary For March 17-23 R1 (Minor) radio blackouts were observed on 20 and 22 March due to solar flare activity from active sunspot Regions 2010 and 2011. Outlook For March 24-30 R1 to R2 (Minor to Moderate) radio blackouts are likely from 26-30 March due to potential solar flare activity from the return of old Region 1996. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

Solutions for Financial Services: FIX

The following is external content provided as a free resource for blog readers.





In this paper, we review the history of FIX, related standards and key securities applications, and we show how A10's Advanced Core Operating System (ACOS®) is ideally suited to cope with the low latency/low jitter demands of securities trading. We discuss how A10 Networks high-performance Application Services Gateway (ASG) products are ideally suited for optimizing, accelerating and securing FIX messaging, as well as higher level Web traffic, across a range of applications that help scale server pools and improve user experience. We discuss how A10 solutions deliver fast, secure and highly resilient services; features that improve the customer experience and ultimately increase customer loyalty.



Request Free!

3 Big Data Security Analytics Techniques You Can Apply Now to Catch Advanced Persistent Threats

The following is external content provided as a free resource for blog readers.





APTs use a “low and slow” attack profile that is difficult to distinguish from legitimate activity. But by correlating massive amounts of data from multiple sources you can detect and stop them. The paper presents three techniques that you can apply to any IT environment:

  1. Detect account abuse by insiders and APTs.

  2. Identify data exfiltration by APTs.

  3. Identify and alert to new program execution.


For each technique, the paper presents an approach to detecting the situation and details the steps to implement the approach. Then it goes further to show how HP ArcSight does it. Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.



Request Free!

IDC Spotlight - HPArcSight ESM Solution Helps Finansbank to Combat Fraud and Increase Customer Satisfaction

The following is external content provided as a free resource for blog readers.





Within six months Finansbank was able to use HP ArcSight ESM to authorize transactions in near real time. Using its flexible rules engine and advanced correlation, they reduced false positives by 90% and the time to resolve flagged transactions by 80%. Read the report to learn how.



Request Free!

Why You Need a Next-Generation Firewall

The following is external content provided as a free resource for blog readers.





Mobile applications have taken the overall scheme of corporate IT, and NG firewalls enable organizations to incorporate full-stack inspection to support intrusion prevention. This white paper explores the reasons for implementing NG firewalls and lays out a path to success for overburdened IT organizations.



Request Free!

Not Your Father's IPS: SANS Survey on Network Security Results

The following is external content provided as a free resource for blog readers.





This study details a survey of 439 IT security and network professionals conducted by the SANS Institute. It explores use of IPS within respondents' organizations and their plans for future NGIPS. Read the results to understand how contemporaries are using IPS and how NGIPS is evolving to counter today's cyber threat.



Request Free!

Does Application Security Pay? Measuring the Business Impact of Software Security Assurance Solutions

The following is external content provided as a free resource for blog readers.





Their findings: HP Fortify customers reduced application vulnerabilities from hundreds to tens, the average time to fix them from weeks to hours, and time-to-market delays due to vulnerabilities from 120 days per year to none. And companies who used HP Fortify on Demand—a cloud-based solution—saw results and achieved time to value faster. Read the report to learn how.



Request Free!

Ensuring the Security of Your Mobile Business Intelligence

The following is external content provided as a free resource for blog readers.





IBM® Cognos® Mobile software enables users to interact with trusted BI content on their Apple iPad and iPhone and on their Android tablets and smartphones. Making Cognos Business Intelligence available to more mobile device users invariably raises questions about the security of the BI they view and work with.



This paper describes how Cognos Mobile is secured on Apple and Android tablets and smartphones, with additional information about the Cognos Mobile web application.



Request Free!

Space Weather Outlook March 16, 2014 at 11:18PM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-11 2014 March 16 at 9:05 p.m. MDT (2014 March 17 0305 UTC) **** SPACE WEATHER OUTLOOK **** Summary For March 10-16 Category R1 (Minor) radio blackouts were observed from 10 - 13 March due to flare activity from active solar Regions 1991, 1996 and 2002. A Category R2 (Moderate) radio blackout was observed on 12 March due to flare activity from active solar Region 1996. Category G1 (Minor) geomagnetic storms were observed on 13 March due to coronal hole high speed stream activity. Outlook For March 17-23 A chance for Category R1 (Minor) radio blackouts exists on 23 March as old Region 1991 rotates back onto the visible disk. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

Re-Defining Security with Software-Defined Protection

The following is external content provided as a free resource for blog readers.





Software-Defined Protection (SDP) is a new, modular and dynamic security architecture that quickly adapts to today's evolving threats and IT environments.



SDP architecture is applicable for all industries and protects organizations of all sizes at any location: headquarters, branch offices, mobile devices or in the cloud.



The SDP architecture partitions the security infrastructure into three interconnected layers:

  • ENFORCEMENT LAYER - Inspects traffic and enforces protection in well-defined segments

  • CONTROL LAYER - Delivers real-time protections to the enforcement points

  • MANAGEMENT LAYER - Integrates security with business process


This framework decouples the control layer from the enforcement layer, enabling robust and highly-reliable enforcement points.



Request Free!

Supporting Your Data Management Strategy with a Phased Approach to Master Data Management

The following is external content provided as a free resource for blog readers.





Master Data Management (MDM) is a transformative effort, often requiring organizations to rethink their human resources, business policies and internal processes. This paper by data quality and MDM thought leader David Loshin, examines how an incremental approach to MDM can reframe the implementation to focus on near-term business user expectations as well as the long-term needs of the organization. By assessing your existing data governance, metadata, data quality, identity management and change management capabilities, you can prioritize these components within your MDM implementation and establish a more achievable path to MDM.



Request Free!

Don't Let Your Next Technology Purchase Include a Trojan Horse

The following is external content provided as a free resource for blog readers.





Are you involved with purchasing technology for either personal use or your company? If so, read on. Supply chain is something that most take for granted and usually don't even think about. We buy phones, servers, firewalls, and so on-and we assume it is safe and secure. But, do we really know where it came from, who built and assembled each individual piece? Many instances exist where technology that's built or assembled in other countries comes preloaded with malware or backdoors. Learn what you need to know and what can you do.



Request Free!

Hackers, Hacking, and CEHv8

The following is external content provided as a free resource for blog readers.





The Art of War describes how an understanding of your enemy ensures your success against them in battle. Our battleground is not a field with opposing warriors, but rather, opposing cyber-forces. In this conflict, both the defenders and attackers must use the same tools to gain the same advantages. You can only successfully defend when you understand your opponent, their techniques, and how they use their weapons.



Request Free!

Pay As-You-Grow Data Protection

The following is external content provided as a free resource for blog readers.





IBM Tivoli Storage Manager Suite for Unified Recovery (TSM SUR) includes the advanced functionality of solutions designed for the enterprise data center, but is offered in a way that is easily implemented and consumed by the SMB.



Request Free!

The New Era of Hybrid Cloud Data Protection

The following is external content provided as a free resource for blog readers.





But what's the best way to get started with cloud-based data protection?



IBM offers an easy-to-use, scalable, efficient infrastructure that addresses both the technical and business requirements for hybrid cloud data protection. And IBM Business Partners and managed service providers are expanding upon the IBM infrastructure to provide an extensive selection of validated solutions. Find out how the hybrid cloud model can help you reduce the complexity of data protection without sacrificing performance.



Request Free!

Armatix "Smart Gun" - Possible Interference from Portable Phones

Several weeks ago, I sent the following inquiry to Armatix, the makers of the "Smart System iP1", a "smart gun" secured by a RFID watch. Today I recieved an email stating that they will not be answering my questions because the information is "company confidential". My original letter and the resulting email string are as follows.


Security Trends 2014

The following is external content provided as a free resource for blog readers.





Several security concerns examined in this paper have grown more significant over the last year. Now more than ever, the risks are greater and the stakes are higher. Security experts are working diligently to offer hope and protection, but we must stay alert, be cautious, and educate ourselves. Find out what you need to know about security trends in 2014.



Request Free!

5 Ways to Reduce Advertising Network Latency

The following is external content provided as a free resource for blog readers.





Just the smallest amount of latency can cost you thousands of views, clicks, and conversions. By following these 5 guidelines, you can reduce your overall network latency and keep those clicks coming.



Request Free!

5 Ways to Reduce Advertising Network Latency (and not keep your customers waiting)

The following is external content provided as a free resource for blog readers.





Whether it's display, mobile, or video ads, visitors are not likely to wait around for your ad to load to see what it's all about. Just the smallest amount of latency can cost you thousands of views, clicks, and conversions. By following these 5 guidelines, you can reduce your overall network latency and keep those clicks coming.



Request Free!

Email Security For IT: How To Keep Your Brand Safe

The following is external content provided as a free resource for blog readers.





Not only can phishers hurt your company and customers, but your brand can take a beating, too. Find out what you should be implementing to keep your brand safe.



Request Free!

Build your Sender Reputation in Four Steps

The following is external content provided as a free resource for blog readers.





Similar to a credit score, sender reputations reflect how good or bad your sending habits are. If your reputation is lower than you'd like, just follow these 4 easy steps to start hitting the inbox.



Request Free!

Closing Web Application Security Vunerabilities with Fortify

Recently I've started looking at the various source code vulnerability scanner programs.

Here is a great video demonstrating cross site scripting and SQL injection vulnerabilities in web applications. Take a look!

Space Weather Outlook March 10, 2014 at 03:05AM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-10 2014 March 10 at 12:51 a.m. MDT (2014 March 10 0651 UTC) **** SPACE WEATHER OUTLOOK **** Summary For March 3-9 Category R1 (Minor) radio blackouts were observed on 03, 05, 08, and 09 March due to solar flare activity from active sunspot Regions 1989, 1991, and 2002. A Category S1 (Minor) solar radiation storm was observed on 03 March due to solar flare activity from active sunspot Region 1990 that began on 25 February. Outlook For March 10-16 Category R1-R2 (Minor-Moderate) levels are likely from 10-16 March due to potential solar flare activity from Regions 2002 and the return of old Regions 1986, 1982, and a new Region near N14, L=253. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.

Armatix Response Pending

Two weeks ago, I sent an inquiry to Armatix, the manufacturer of the "Smart System iP1" weapon system. This inquiry asked important questions about the security of the communications between the "smart gun" and its corresponding "smart watch".

I have sent a second email to Armatix hoping for a response, but I'm not sure it's going to be in their interests to answer my questions.

UPDATE: Armatix has sent me the following:

we are processing your inquiry and will get back to you as soon as possible.


Kind regards,



Valentin <removed>
Sales Department

Adopting Agile Methods for Safety-Critical Systems Development

The following is external content provided as a free resource for blog readers.





Because of the discipline and efficiency that agile brings to development, agile can be - and is - applied to the development of safety critical systems.



Request Free!

Space Weather Outlook March 03, 2014 at 01:50AM

Official Space Weather Advisory issued by NOAA Space Weather Prediction Center Boulder, Colorado, USA SPACE WEATHER ADVISORY OUTLOOK #14-9 2014 March 2 at 11:38 p.m. MST (2014 March 3 0638 UTC) **** SPACE WEATHER OUTLOOK **** Summary For February 24-March 2 An R3 (Strong) radio blackout occurred on 25/0049 UTC from an X4/2b flare from Region 1990. An S1 (Minor) radiation storm began at 25/1355 UTC, reached S2 (Moderate) levels on 28/0835 UTC, and ended at 03/0150 UTC. A G2 (Moderate) geomagnetic storm occurred on 27/1800-2100 UTC when the CME associated with the R3 flare arrived. Outlook For March 3-9 R1-R2 (Minor-Moderate) radio blackouts are likely, with a chance for an R3 (Strong) event, throughout the forecast period. There is a chance for an S1 (minor) radiation storm during the forecast period. No G1 (Minor) or greater geomagnetic storms are expected in the absence of any transient features. Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. More information is available at SWPC's Web site http://swpc.noaa.gov Thank you for using the Product Subscription Service. If you would like to remove a product subscription or update the personal information in your account, go to the Product Subscription Site. Please do not use the from address for correspondence, as it is not monitored. For comments or help, please contact SWPC Help.