ANX Corporate Blog

Epsilon, one of the world’s largest email marketing services companies and marketing unit of Alliance Data Systems Corp., announced on April 1 that an outside intrusion had hacked into some of its customer files. Epsilon sends e-mail campaigns and offers to consumers who register for a company's website or who give their e-mail addresses while shopping. Epsilon sends more than 40 billion e-mails annually and also runs loyalty programs for many large companies. Epsilon's databases house consumer information cybercriminals could use for targeted phishing, better known as spear phishing, attacks. 

At this point, it is unclear to the depth of this attack. What is known is the stolen data is limited to email addresses and possible user names associated with those email addresses....

Read more

By now all of you are aware of the Adobe Zero-day vulnerability affecting both Adobe Flash and Reader. While patches have been released correcting this vulnerability, the question remains how do consumers (and by that I mean SMB, general consumers and Enterprises) protect themselves in the future. While we continue to state the obvious (and sometimes archaic) patches and malware protection, the reality is much more than that.

There continues to be an explosion of web applications in this rapidly expanding social web presence. The rush to deliver a product to market is more often over shadowed by good programming with a security focus.

Can the existing security technologies keep up with this explosion? Adobe is not the only vendor to deal with vulnerabilities, and they won’t...

Read more

The latest Adobe Flash Player vulnerability reinforces just how challenging it is to safeguard your company against targeted attacks.  On March 14, Adobe issued security advisory CVE-2011-0609 which warned of an attack that could cause a crash and potentially allow an attacker to take control of the affected system.  This occurs when a malicious Flash (.swf) file is embedded in a Microsoft Excel (.xls) file and delivered as an email attachment.  That’s an insidious method of attack!  Check out the blog post by Jeong Wook Oh & Marian Radu for a thorough technical analysis of this vulnerability.  Needless to say, it's easy to envision how such an attack could succeed.  The evil doer just needs to obtain some insider knowledge about a company which then aids the open rates of the...

Read more

Day 1 of RSA is in full swing, and I've already learned some great information.  One of my favorite topics these days is best practices for passwords.  Last year I was a victim of password theft.  My personal Gmail account was hacked.  After a day of having my friends and acquaintances bombed with spam from my account, I vowed to do a better job with my passwords.

During a session this morning, I heard a great suggestion for creating a complex password that's difficult to hack and easy to remember.  There are three elements as follows:

1.  Pick a unique phrase that's memorable to you only.  Something like, "Bill's girlfriend is from Spain".  Now, take the first letter from each word in the phrase.  In this example, it would be "bgifs".

2.  Add a non-alpha character - let's...

Read more

HA! Remember when I said that Google Buzz posed a serious privacy flaw? Well, on Tuesday I received an email from Google personally! (Along with several million other users):

Google rarely contacts Gmail [or any] users via email, but we are making an exception to let you know that we've reached a settlement in a lawsuit regarding Google Buzz (http://buzz.google.com), a service we launched within Gmail in February of this year.

Shortly after its launch, we heard from a number of people who were concerned about privacy. In addition, we were sued by a group of Buzz users and recently reached a settlement in this case.

The settlement acknowledges that we quickly changed the service to address users' concerns. In addition, Google has committed $8.5 million to an independent fund,...

Read more