Towerwall's InfoSec Blog

10) Change your password. If you've been using the same password for a long time, then it's time to change it. You should not only change your passwords regularly but not use the same one for every app or website. Try to use more than 13 characters.

by Mark Stockley This quick fix will show you how to clear out cookies and the cookie-like things that can be used to track you online. If you already know what cookies are all about then you can skip the next bit and go straight to the instructions.

Towerwall Application Security Alert Vol 13.73 Hackers have amassed a vast collection of stolen data, including 1.2 billion unique username/password pairs, by compromising over 420,000 websites using SQL injection techniques. Researchers monitored the gang for over seven months, thought to be "fewer than a dozen men in their 20s who know one another personally" based in a small city in central Russia. They found that the group, working together since at least 2011, had rented time on false

1.2 billion logins scooped up by CyberVor hacking crew - what you need to do Hackers have amassed a vast collection of stolen data, including 1.2 billion unique username/password pairs, by compromising over 420,000 websites using SQL injection techniques. Researchers monitored the gang for over seven months, thought to be "fewer than a dozen men in their 20s who know one another personally" based in a small city in central Russia. They found that the group, working together since at least 2011,false

I am excited to announce the launch of our quarterly newsletter, the Data Security Review.

10. Malware Is On The Rise The threat of malware on mobile platforms is growing steadily as more cybercriminals target mobile devices in increasingly sophisticated ways.

Hi all, there is an e-mail scam doing the rounds. The message is an invite from some random person you won’t know with a link (how original). If you get such a message don’t use the link, check your LinkedIn account as if it’s a legit request it will be there waiting for approval. Even if it is legit, make sure you vet all invite requests carefully. I have had several dodgy requests from what I believe to be bogus profiles who are likely up to no good. LinkedIn is about the quality of yourfalse

Remember last week, Facebook leaked email addresses and phone numbers for 6 million users, but that it was really kind of a modest leak, given that it's a billion-user service? OK, scratch the "modest" part. The researchers who originally found out that Facebook is actually creating secret dossiers for users are now saying the numbers don't quite match up. The number of affected users Facebook noted in a posting on its security blog is far less than what they themselves found, and Facebook isfalse

After the last zero day exploit on Java we reported some weeks ago it appears that a new 0day has been found in Internet Explorer by the same authors that created the Java one. Yesterday, Eric Romang reported the findings of a new exploit code on the same server that the Java 0day was found some weeks ago. The new vulnerability appears to affect Internet Explorer 7 and 8 and seems to be exploitable at least on Windows XP. The exploit code found in the server works as follow: - The filefalse

Beware any emails which claim to come from privacy@microsoft.com - it could be that you're being targeted in an attack designed to steal your AOL, Gmail, Yahoo or Windows Live password. At first glance, if you don't look too carefully, the emails entitled "Microsoft Windows Update" may appear harmless enough. But the grammatical errors and occasional odd language should raise alarms bells that the emails may not really be from Microsoft. Dear Windows User, It has come to our attention thatfalse