Three lessons were learned at Philips in the last few years that we can all benefit from too.

The lessons were learned by both Philips internal computer security staff and their account holders (customers and employees). The first 3 lessons came from a relatively new collective of digital malicious malcontents (erroneously called hackers) that calls themselves “R00tbeersec”.

A not-so-new vulnerability hit the headlines again. UPnP (Universal Plug N Play) has been misused and reported as a major security problem since about 2001. But now, the Department of Homeland is suggesting people disable it.

About 2001 is the time when I started seriously studying security and I remember wondering how someone could not see it as a threat. Being able to remotely discover the capabilities of a firewall/router/switch was bad enough, but you could actually use UPnP to turn on or alter certain capabilities.

South Carolina recently announced that the South Carolina Department of Revenue (SCDOR) was broken into and many of the taxpaying citizens have had their Social Security and/or Credit/Debit Cards numbers stolen.

3.6 million Social Security Numbers (SSN) and 386,000 Credit/Debit Card Numbers (CCN) were stolen in a state with a population of 4.7 million. And any person or business who has filed with South Carolina since 1998 is at risk.

Last June (June 2012) over 6 million passwords for linkedin and last.fm were leaked and the passwords have been under study ever since.
According to antivirus software provider ESET, the 25 most common passwords are easy to guess.

This is a response to many analysis' of the Stuxnet virus/worm, especially a YouTube video about it. In a nutshell, the video over played the threat and gave the worries I had 9 months ago.

A relatively new way to process credit card payments, Square-Up is in use now. It was created by one of the pillars in the Web2.0 world (Jack Dorsey who is the "Twitter creator"). However, will it help or hurt the merchant?

Square-up is a device you plug into a mobile device's USB port to make that mobile device a credit card scanner. But this kind of set-up comes with many security problems and it will cause even more problems with PCI-DSS compliance which anybody who takes credit card payments has to now worry about.

What is the difference between Julian Assange and Dan Egerstad? Technically, nothing. Ethically a lot. In this article, I'll go into the details of what happened and how it will affect the Internet.

I've advised people to check suspicious files at virustotal.com, now I'll say be careful. VirusTotal.com is still what it used to be, but there is now a fake out there. Here's a tweet from the project manager at VirusTotal. http://twitter.com/jcanto/status/9685945726

According to a report published in the "Network World", the biggest vectors for web hacking in 2009 were social networks, SQL injection, cross-site-scripting, authentication abuse, and cross-domain-request-forgery.

The concern about social networks is something I've written about before. I use twitter to announce my money making projects, linked-in to outline my professional achievements, and face-book to socialize with others. However; I do not tweet my intimate thoughts, put a detailed resume on linked-in, or reveal anything too personal on my FB wall.

In January there was a big attack against Google that apparently used a flaw in Internet Explorer which got the name "aurora".