While the news will not be terribly surprising to CircleID readers, Google's latest report on the status of spam and 2009 predictions posted today, might be of particular interest due to the company's shear email processing volume at 2 billion enterprise email connections per day (drawn from company owned Postini Message Security network)... more
Dennis Fisher of Thread Post reports: "The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the criminals have taken the next step and begun setting up their own virtual data centers." more
There's often a lot of discussion about whether a piece of malware is advanced or not. To a large extent these discussions can be categorized as academic nitpicking because, at the end of the day, the malware's sophistication only needs to be at the level for which it is required to perform -- no more, no less. Perhaps the "advanced" malware label should more precisely be reattributed as "feature rich" instead. more
Not long after the message that Microsoft will stop updating Windows XP from 8 April onwards, after extending it beyond the regular life cycle for over a year already, came the soothing message that malware will be monitored for another year. That may be good news to some, but the fact remains that this is not the same as patching. Remaining on XP leads to a vulnerable state of the desktop, lap top and any other machine running on XP; vulnerable to potential hacks, cyber crimes, becoming part of a botnet, etc. more
Canada's Communications Security Establishment (CSE) which rarely discloses detail of its activities has taken the "unprecedented step" of releasing one of its own cyber defense tools to the public, in a bid to help companies and organizations better defend their computers and networks against malicious threats. more
A number of security predictions have been doing the rounds over the last few weeks, so I decided to put pen to paper and write a list of my own. However, I have a quite a few predictions so I have listed them over several blog posts. After all, I didn't want to bombard you with too much information in one go! Part three examines the threats associated with data breaches. more
The Online Trust Alliance (OTA) joined a unanimous vote at the Federal Communications Commission's (FCC) Communications Security, Reliability and Interoperability Council (CSRIC) meeting today, approving the voluntary U.S. Anti-Bot Code of Conduct for Internet Service Providers (ISPs), also known as the ABCs for ISPs. As a member of the CSRIC appointed by FCC Chairman Julius Genachowski, the OTA has been working with the FCC and leading ISPs to develop this voluntary Code. more
Every year M3AAWG gives an award for lifetime work in fighting abuse and making the Internet a better place. Yesterday at its Dublin meeting they awarded it to Rodney Joffe, who has been quietly working for over 20 years. I can't imagine anyone who deserves it more. more
The Australian has a good article describing the efforts some of their ISPs are making in an attempt to clean up their act: the government is encouraging ISPs to detect computers on their network that are infected and part of botnets, and to communicate to the customer that their system is compromised... Unless the customer feels a little bit of pain they will not change their ways. more
Throughout the second half of 2012 many security folks have been asking "how much is a zero-day vulnerability worth?" and it's often been hard to believe the numbers that have been (and continue to be) thrown around. For the sake of clarity though, I do believe that it's the wrong question... the correct question should be "how much do people pay for working exploits against zero-day vulnerabilities?" more
The majority of network breaches begin and end with the installation of malware upon a vulnerable device. For the rest, once that initial malware beachhead has been achieved, the story is only just beginning. The breach disclosures that make the news are often confusing as they're frequently compiled from third-hand reports, opinions and technical assumptions. More often than not, they include a discussion about the malware - how advanced it was, etc. - and whether any 0-day vulnerabilities were likely used by the mysterious attacker. more
If current predictions are correct, 2009 will be a tougher year than 2008 in terms of the economy. In tough economic times such as these it becomes increasingly important for us to follow recommended safety practices when going online. As the numbers of Internet-related fraud and financial scams continue to increase we should expect the current economic situation to produce more victims of cybercrime. Knowledge and vigilance are the keys to remaining safe while online. more
You have just a couple of days to either complete a survey or submit a paper to join the "Coordinating Attack Response at Internet Scale (CARIS)" Workshop happening on June 19, 2015, in Berlin, Germany... If you are interested in helping improve the overall security and resilience of the Internet through increased communication between the groups responding to the large-scale attacks happening on the Internet every day, I would strongly encourage you to apply! more
The 2010 version of the now-annual Messaging Anti-abuse Working Group (MAAWG) 'Email Security Awareness and Usage Report' was released yesterday. While un-belied by the title, the vernacular name might get a bit more attention: "The MAAWG Consumer Email Survey". ... Consumers were surveyed in North America and across Europe with variety of questions from computer expertise and savvy, to their preferences of email. more
The European Commission is apparently considering the promulgation and adoption of a directive that would, at least in part, criminalize botnets. As I understand it, the premise behind adopting such a directive is that since botnets are capable of inflicting "harm" on a large scale, we need to separately criminalize them. I decided to examine the need for and utility of such legislation in this post. more
A World-Renowned Source for Internet Developments. Serving Since 2002.