Imagine a vulnerability that would allow malware to take over your mobile device; turn on the microphone, camera and GPS; and transmit everything it hears, while simultaneously sending copies of e-mail and text messages to a remote server. Sounds like a nightmare, right? Unfortunately, it exists. Worse, your security software can’t stop it.

There are a lot of easy answers to the problem of attacks on your network. You’ve heard them: “Get a new firewall,” or, “Get a better firewall like an NG firewall.” And of course always the tried and true, “If you’d configured your firewall properly, you wouldn’t have had this problem.”

Now that Google revealed it’s been using something called the “Bouncer” to scan apps for malware before they’re placed into the Android Market, users shouldn’t have to worry about getting malware delivered to their phones. Maybe. But while it’s probably a safe bet that new apps in the Market are safe, don't assume your Android device is safe.

Last year’s Carrier IQ controversy may be getting some legislative help in the form of a law that would require the explicit consent of a mobile device owner before such monitoring software could be used.

When General Keith Alexander, head of the U.S. Cyber Command and the National Security Agency (NSA), says the military’s massive web of networks isn’t defensible, it can make you stop and think: If the combined efforts of the Cyber Command and the NSA can’t defend a network, who can?

The FBI, acting in concert with law enforcement authorities in other countries (primarily New Zealand), took down the popular website Megauploads by seizing its servers and other assets, shutting down its domains and arresting the people who run the site. It was a well-planned, coordinated attack that missed a few people, but got most of the principals.

As of midnight, Jan. 12, 2012, you can register for a vanity top level domain (TLD). In other words, this blog entry could appear on www.techsecuritytoday.techsecure or you might be able to look for burgers at www.mickyd. ICANN has thrown open the doors for anyone to choose whatever top level domain they want.

By now you’re familiar with the basic phishing e-mail. You know the one -- it comes from a bank you don’t do business with asking you to verify personal information such as your name, Social Security Number and your existing bank account information. The e-mail may claim the bank it purports to represent has a check to deposit to your account, is trying to clear a check or something else along those lines. These phishing e-mails are easy to spot, their misspelled words obvious and the bogus links show up clearly. They’re also fairly easy to fight.

There’s a fairly good chance at some point your company will be the victim of an advanced persistent threat (APT), and it might not notice the attack until it’s too late. To make matters worse, your company may not be the intended victim but simply a key to the door they really want to open.

When any security discussion turns to cyberwarfare, the first thing that comes to some people's minds is China. Despite the pro forma denials by the Chinese government, China is the most active and the most aggressive cyberwarfare operation anywhere.

The news about Carrier IQ that’s been all over the Internet of late misses one critical factor: Logging everything that happens on a person's smartphone probably violates a variety of federal privacy and data protection regulations. If your Android phone is collecting the protected information that you send in e-mails, text messages or by other means, you could land in prison.

The Internet has been ablaze over suggestions that hackers remotely could set HP LaserJet printers on fire. This story has become such a big deal that it’s made it onto television news reports. The idea, according to the reports, is that a Bad Guy could take over your printer and set it alight by issuing a series of destructive commands. But like many stories that circulate and create alarm, this one is basically, well, hogwash.

Perhaps the toughest part of securing your endpoints is finding out who in the company has administrative rights to the computer they’re using. This is especially the case in companies where there hasn’t really been a consistent procurement or configuration policy, which is probably most companies.

The approach of the Christmas buying season poses a number of security threats for retailers, both brick-and-mortar and online. Those threats include heightened risks for merchants and for their customers. Worse, not all of those risks are easy to spot or easy to remedy.