Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Eugene Kaspersky has warned global leaders that the world needs international agreements about cyber-weapons in the same way as it needs agreements about nuclear or biological weaponry. The chairman and chief executive officer of Kaspersky Lab, warned delegates at CeBIT Australia that cyber-warfare and terrorism was the number one internet threat facing the world today. He said the Stuxnet industrial virus had demonstrated that cyber-weapons were capable of damaging physical infrastructure, and were "a thousand times cheaper" to develop than conventional weaponry. more
Global Payments, an Atlanta-based payment card processing firm, announced yesterday that they had suffered "unauthorized access into a portion of its processing system". Sometime in early March they uncovered the attack, and there are some indications that the breach occurred between January 21st and February 25th of this year... There are a number of unverified reports that a New York City street gang with Central American ties took control of "an administrative account that was not protected sufficiently". more
Well, given the amount of malicious JavaScript, malware, and other possibilities to use Facebook (and other similar social networking platforms) for abuse, I certainly wouldn't categorize this news as a "clever move"... In fact, I foresee this as an extraordinarily short-sighted move with far-reaching security implications -- which will allow the levels of malicious abuse to reach new heights. more
Internet Security is a topic that has drawn a lot of attention over the past year. As awareness grows that cooperation is necessary, it dawns on people that there are many and very different stakeholders involved, stakeholders that may never have met before. Let alone have cooperated. An example of an approach is the National Cyber Security Council (NCSC) that was installed in The Netherlands on 30 June. This is a high level council that will give advice to public as well as private entities on how to better secure themselves and society at large against cyber attacks and how to become more resilient. However, without the right approach it is doomed to become a talking shop. more
Unlike consultant-led penetration testing, periodic or continual vulnerability scanning programs have to operate harmoniously with a corporation's perimeter defenses. Firewalls, intrusion prevention systems, web proxies, dynamic malware analysis systems, and even content delivery networks, are deployed to protect against the continuous probes and exploit attempts of remote adversaries -- yet they need to ignore (or at least not escalate) similar probes and tests being launched by the managed security service providers an organization has employed to identify and alert upon any new vulnerabilities within the infrastructure or applications that are to be protected. more
How do we help coordinate responses to attacks against Internet infrastructure and users? Internet technology has to scale or it won't survive for long as the network of networks grows ever larger. But it's not just the technology, it's also the people, processes and organisations involved in developing, operating and evolving the Internet that need ways to scale up to the challenges that a growing global network can create. more
The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) this week issued a malware analysis report on Trojan malware variants linked to the North Korean government. more
While most people I know are at either VoiceCon or CTIA this week, this one is worth staying home for. Also, I'm sure all the Skype followers are focused today on the news about working with the iPhone -- and that IS a big story. However -- for very different reasons -- I'm sure you'll find this one of interest too. This was a front page story in today's Globe and Mail, and no doubt many other Canadian dailies... more
In my last post I blogged about greylisting, a well-known anti-spam technique for rejecting spam sent by botnets. When a mail server receives a an attempt to deliver mail from an IP address that's never sent mail before, it rejects the message with a "soft fail" error which tells the sender to try again later. Real mail senders always retry, badly written spamware often doesn't. I found that even though everyone knows about greylisting, about 2/3 of IPs don't successfully retry. more
Over the past few years, we have seen a plethora of over-hyped articles in the popular press and blogosphere crowing wrong-headedly about how 'email is dead'. Social networks like Facebook and Twitter, new and as-yet unproven technologies are the supposed death-knell for our old reliable friend, e-mail. I wrote about the rumours of email's death being exaggerated back in 2007 in response to such inanity. Since then, we've seen such a cornucopia of silliness of the 'Such & such is killing email' variety that Mark Brownlow compiled a bunch of articles, and their rebuttals at his excellent site... more
Over the weekend and this morning, Microsoft, working in conjunction with others, issued civil lawsuits to sinkhole numerous domains associated with the Zeus botnet. When I say "botnet", I use the term loosely because Zeus is not a botnet in the sense that Rustock or Waledac is (or was). Rather, Zeus is a tool kit that online criminals can buy that lets them create phishing pages, perform fast fluxing, host drive-by downloads in addition to spamming. It's more like infrastructure than a botnet, although it does have a large botnet under its control. more
On Webwereld an article was published following a new Kaspersky malware report Q1-2013. Nothing new was mentioned here. The Netherlands remains the number 3 as far as sending malware from Dutch servers is concerned. At the same time Kaspersky writes that The Netherlands is one of the most safe countries as far as infections go. So what is going on here? more
The US government is looking at telling ISPs how to deal with compromised customers and botnets. They're a bit late to the party, though. Most of the major commercial ISPs have been implementing significant botnet controls for many years now. more
Many have heard of botnets, but for those that aren't certain what they are: Botnets are armies of hacked zombie computers that have malware on them, and send spam email at the command of operators anywhere in the world. They can also be told to deploy denial of service attacks, by all hitting the homepage of a given company, or attacking the DNS server or a service or country. more
Previously, I wrote that the total amount of spam that we are seeing has seen a significant decline over the past year and a half. What does this mean in real terms? Are we finally winning the fight against spam? There are multiple angles. On the one hand, processing spam takes significant system resources... more
A World-Renowned Source for Internet Developments. Serving Since 2002.