Mark Ciampa's Blog (Security+ 4ed) - All Comments

re: App Store Woes

A_Carbone — Fri, 06 Apr 2012 18:26:13 GMT

Great post! I think Android is dealing with the same issues, but worse. Apple requires developers to pay a fee to use the development software, whereas there are no fees for Android. This allows anyone with basic knowledge of HTML5 and PHP to submit their apps, malicious or not.

There was a recent article about the ads in free applications are now a major concern because many of them carry malware.

re: Security+ 4th Edition Book Now Available

Don Campbell — Tue, 03 Jan 2012 15:48:35 GMT

Hi Mark,

Will the chapter lecture videos be updated for the 4th ed?

The 3rd edition was great, looking forward to going through the 4th.

Thanks,

re: It's Not 400, It's Only 80 Vulnerabilities

felabram88 — Wed, 14 Dec 2011 15:58:30 GMT

It seems that Adobe Flash Player issues updates on a frequent basis because im promted to update at least 2 or 3 times a month.

Adobe should use there money to make all their product safer for users, not just flash. Tho Flash Player is used more, making its updates more frequent makes sence. But by not updating the other software and releasing the vulnerabilities users dont know how to defend against those attacks, and will then go to a more secre and safe product.

re: More Social Engineering Tricks

felabram88 — Wed, 14 Dec 2011 15:13:36 GMT

First off you should know who your getting emails from. Pay attention to the actuall email address. Add emails to your contact list of people and organizations/companies that you know. In the case of Trick 1 the person who received the email should have went to "C Johnson" and made sure that he sent the email before he opened the attachment up. If he wasnt expecting the email that should have raised a red flag.

Trick 2- The person who received the email from the attorney should have done some kind of search for the name of the attorney. If the name was legit then contact them verbally or physically. If the email was true then the attorneys office wouldnt be sending an email letting that person know they would have found a way to contact them in a more professional manner.

re: Duqu Details

Joe Pliss — Mon, 21 Nov 2011 17:39:41 GMT

Do the big software antivirus/security companies, like Norton, CA, etc., provide updates to detect Duqu? How long does it typically take for these antivirus services to update? Or does Duqu really need the specialized software for detection?

re: Security+ 4th Edition Book Now Available

Deanne Cranford — Tue, 25 Oct 2011 14:35:59 GMT

Mark,

Great information, I am preparing for the exam and utilizing the book to study. I teach the Security + curriculum and the Wireless curriculum and utilize your textbook. You and I have met several times. I would like to discuss and opportunity with you. Would you please email me at deanne.cranford@davenport.edu.