Face Recognition At Home

In a previous post, Biased Privacy Violation I mentioned two web sites, DontDateHimGirl.com, DontDateHerMan.com and the associated privacy implications out of these. Just came across to MyHeritage.com whose face recognition feature works remarkably well -- for relatives and everyone in between varying on the sample."Recognizing faces is done by algorithms that compare the faces in your photo,

Read More

Cyber Terrorism Communications and Propaganda

Further expanding the previous discussion on Tracking Down Internet Terrorist Propaganda, and patterns of Arabic Extremist Group Forum Messages' Characteristics, there've also been some recent developments on Hezbollah's never-ending use of U.S hosting companies as a media/communication/fund raising/recruitment/propaganda platform:"Hezbollah used the Broadwing Communications fiber-optic network

Read More

Virus Outbreak Response Time

In a previous posts I discussed various trends related to malware families, and mentioned CipherTrust's Real Time PC Zombie Statistics. You might also be interested in IronPort's Virus Outbreak Response Times for the last 24 hours which currently tracks, IronPort themselves, Sophos, Trend Micro, Symantec, and McAfee. Although vendor's bias often exist, let's just say that self-serving statements

Read More

U.S Air Force on MySpace

Seems like the U.S Air Force is joining MySpace:"The Air Force profile will show users five video clips that the Recruiting Service says gives them “a behind-the-scenes look at the extraordinary things airmen accomplish every day,” according to a press release. Users will be able to view longer videos of airmen as they fly jets, call in air strikes, navigate satellites and jump out of airplanes,

Read More

North Korea's Strategic Developments and Financial Operations

Catching up with the latest developments at the hottest -- at least from a national security point of view -- zone in Asia. North Korea seems to be taking external provocations rather seriously, and feeling endangered for the colapse of its regime is actively working on its nuclear test sites development, disinformation in between for sure. According to a recent article at Reuters, North Korea

Read More

On the Insecurities of Sun Tanning

You definitely don't need a CISSP certificate to blog on this one, just make sure you don't forget that there should be a limit on everything, even the hugs on the beach.

Read More

AOL's Search Queries Data Mined

While one of AOL's searchers was publicly identified, enthusiasts are tweaking, and randomly scrolling the then leaked, now publicly available search queries data. Here's someone that's neatly data mining and providing relevant summary of the top result sites, and the top keywords. SEO Sleuth :"was created out of the recently released AOL search data. Welcome to the AOL Keyword Analyser. This

Read More

Bed Time Reading - Symbian OS Platform Security: Software Development Using the Symbian OS Security Architecture

Prr, did I hear someone start counting mobile malware samples, prr?Try getting to know the OS itself, the main proof of concept faciliator representing today's constantly growing mobile malware family. A review of this recommended bed time reading book :"Symbian OS is an advanced, customizable operating system, which is licensed by the world's leading mobile phone manufacturers. The latest

Read More

Anti Satellite Weapons

Continuing the discussion on the ongoing weaponization of space, and the consequently emerging space warfare arms race. Micro satellites directly matching other satellites trajectories, and taking advantage of high energy concentration in the form of lasers? For sure, but why bother damaging an entire reconnaissance satellite when you can basically spray its lenses to prevent it from using its

Read More

China's Internet Censorship Report 2006

Censorship is as bad, as looking directly into the sun which causes blindness, and still remains the among the few key prerequisites for successfully running a modern communism type of government, namely the leader's appearance. And while it's obvious that wearing eyeglasses is supposedly making you look smarter, I'm certain that it's not reading on candles, but censorship that's causing the

Read More

Malware Statistics on Social Networking Sites

Huge traffic aggregators such as the majority of social networking sites,attract not only huge percentage of the Internet's population on a regular basis, but also malware authors taking advantage of the medium as an infection vector -- and why not as a propagation one as well?ScanSafe just came up with some nice stats on the average number of social networking pages hosting malware - based on

Read More

Analyzing the Intelligence Analysts' Factors of Productivity

Outstanding perspective, given the author is an ex-CIA analyst himself. Controversial to the common wisdom of a Project Manhattan type of departamental seperation -- everyone's working to achieve the same goal, whereas no one knows what the others are doing -- there's a growing trend of better analyzing and responding to an intelligence analyst's productivity needs. Watchin' the Analysts greatly

Read More

AOL's Search Leak User 4417749 Identified

A Chief Privacy Officer and basic common sense anyone?As you all know, during the weekend 20M search queries of 650,000 AOL users leaked, and are all over the Internet available for download. It's simple unbeliavable that the only measure to ensure the privacy of the data was the "unique ID", and how often does the excuse of improving search results pop out. No need for subpoenas this time, but

Read More

Big Momma Knows Best

Wish it was the Chinese equivalent of Big Brother I'm refering to, in this case it's a mother of six tracking down teenagers who toilet-papered her house, and mind you, she didn't even bother to use MySpace, instead :"Base persuaded supermarket managers to tally daily toilet-paper buys for the week and a Stater Bros. manager said there was a run on bathroom tissue two days before her home was

Read More

JitterBugs - Covert Keyboard Communication Channels

WarTyping, keyboard acoustic emanations, and here comes a full-scale covert espionage tool recently discussed in an in-depth research at the 15th USENIX Security Symposium. Researchers at the CS department of University of Pennsylvania developed a working prototype of a JitterBug Covert Channel :"This paper introduces JitterBugs, a class of inline interception mechanisms that covertly transmit

Read More

Malware Bot Families, Technology and Trends

In case you want to know more about the evolution of bots, and ease of assembling a botnet, why families take the largest zombie share compared to single bachelors only, or which technologies dominate the threatscape - go through the slides of this study on identifying "interesting" bot technologies within a large malware collection. Bot Feature & Technology Trends by Robert Lyda also highlights

Read More

DVD of the Weekend - The Final Cut

This weekend's featured DVD is a marvelous representation of a full-scale 1984 type of mass surveillance society, but compared to an utopian party acting as the caring BigBrother, here it's the inavitable advances of technology, and availability of services leading to the ultimate digital preservation of our entire living -- through our own eye-embedded implants. Worth taking your time to watch

Read More

Future in Malicious Code 2006

What's new on the malware front? Quite some new developments to be included in Q2's summary for 2006, I'm about to finalize any time now. Just came across to a great continuation of my original Malware - Future Trends publication, this time courtesy of the Royal Canadian Mounted Police, quoting and further expending the discussion on my key points :- Mobile malware will be successfully monetized-

Read More

Mobile Devices Hacking Through a Suitcase

Define:nerd "Luca Carettoni and Claudio Merloni are security consultants at Milan, Italy-based Secure Network. The two created the BlueBag to raise awareness about the potential of attacks against Bluetooth-enabled devices, they said in an interview at the Black Hat security event in Las Vegas. The BlueBag is a roll-aboard suitcase filled with hardware. That gear is loaded with software to scan

Read More

Achieving Information Warfare Dominance Back in 1962

The point here isn't the consolidation indicated in the article :"The consolidation involves Singer’s headquarters staff, and subordinate Naval Security Group Activities (NSGA) and detachments (NSGD). When fully completed, the action will combine the Navy's enlisted Cryptologic Technicians and Information Warfare officers into the same organization as the Navy’s Information Systems Technicians

Read More

One Time Password Generating Credit Card

This is cute as it solves a major problem with customers having to use, and more easily lose tokens. Neat integration with the push of a button on the one time password generating credit card :"It took InCard four years to develop the card, Finkelstein said. The company combined technology from a Taiwanese display maker, a U.S. battery manufacturer and a French security team, he said. A Swiss

Read More

But Of Course It's a Pleasant Transaction

Great example of automated bots attacking Ebay's core trust establishing process- the feedbacks provided by users taking advantage of the wisdom of crowds to judge on their truthfulness :"Again, a sharp eye may notice that feedback comments received from sellers are identical, and read almost in the same order. This is because most 1-cent-plus-no-delivery-cost sellers automate the whole

Read More

Things Money Cannot Buy

1. Love with tingles2. True Friends3. Respect, one when the results go beyond the position and size of market capitalization4. Style5. Childhood full of joy6. Knowledge, diploma and insider leaks are something else7. And obviously Innovation as you can see at this slide and compare it to the rough reality for the top tech R&D spenders. 800 pound market capitalization gorillas for sure, but not

Read More

Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems

With China breathing down Japan's neck, and North Korea crying for attention by actively experimenting with symmetric and asymmetric warfare capabilities, Japan's need for better reconnaissance, and limiting of its imagery gathering dependence has been in the execution stage for years as Reliance on U.S. intelligence on missile launch shows need for improvement :"The two spy satellites currently

Read More

DVD of the Weekend - Path to War

As I've been busy catching up with way too many things to list them, I'd better finalize my creativity efforts and provide you with the results as they appear during the week. Meanwhile, current events being constantly streamed and brainwashed from every TV channel you try to watch -- remember how in 1984 only the party leaders had the privillege to turn off their 24/7 propaganda streams? Feel

Read More

The Beauty of the Surrealistic Spam Art

Given the volume of spam representing over 50% of the world's email traffic, obviously to some it represents a huge sample to draw sadness or anger out of, and of course, visualize the findings. One man's spam is Alex Dragulescu's art :"He doesn't use Photoshop but simply writes code to create computer art. For the Spam Plants, he parsed the data within junk e-mail--including subject lines,

Read More

Splitting a Botnet's Bandwidth Capacity

Metaphorically speaking, I always say that the masssess of end users' bandwidth is reaching that of a mid size ISP, while the lack of incentives or plain simple awarenss is resulting in today's easily assembled botnets. Freaky perspective, but that's what I perceive the trade-off out of this major economic boost given the improved connectivity France Telecom is about to offer to its customers in

Read More

Latest Report on Click Fraud

Google does have countless features, and it's not even considering to stop rolling new ones, but the secret to its huge market capitalization and revenue stream remains its advertising model fully utilizing the Long tail's concept. Therefore, click fraud remains the key issue to deal with, if they want to continue beating Wall Street's expectations. Last week Google released a commissioned report

Read More

An Intergalactic Security Statement

Hell of a comment on the Malware Search Engine. Hackers crack secret Google malware search codes :"Hidden malware search capabilities within Google which were reserved for antivirus and security research firms just weeks ago have been cracked by hackers, according to security industry sources. The key to finding malware in Google lies in having the signature for the specific malware program,

Read More

Searching for Source Code Security Vulnerabilities

While Google was quick enough to censor the colourful Malware Search logo -- colourful branding -- here's another recently started initiative, Bugle - a google based source code bug finder :"Bugle is a collection of search queries which can help to identify software security bugs in source code available on the web. The list at the moment is rather small (you get the idea though), hopefully

Read More

Detailed Penetration Testing Framework

This framework is simply amazing, as it takes you through the entire process of penetration testing, step-by-step in between references to the tools necessary to conduct a test -- wish experience was commodity as well. Best practices are prone to evolve the way experience does, so consider adding some of your know-how, and going through Fyodor's Top 100 Network Security Tools list in case you're

Read More

Anti Virus Signatures Update - It Could Wait

It's a common myth that all AV vendors exchange the malware they come across in between themselves, whereas that's obviously not always the case. And even if they don't, you'd better achieve a higher state of security in respect to ensuring your PC or network are protected from the majority of known malware threats, trouble is the average end users whose Internet connection speed is reaching that

Read More

When Financial and Information Security Risks are Supposed to Intersect

Interesting security event at Morgan Stanley's NYC headquarters related to insider abuse, mostly interesting because the clients' list and charged fees weren't even uploaded on any removable media, but forwarded to the consultant's private email account :"A former consultant to Morgan Stanley has been arrested and charged with stealing an electronic list of hedge funds and the rates the

Read More

Budget Allocation Myopia and Prioritizing Your Expenditures

Top management's empowerment - the dream of every CSO, or IT manager responsible for allocating the infosec budget, and requesting future increases. The biggest downsize of your current or future empowerment, is how easy it is to get lost in a budget allocating myopia compared to actual prioritizing of your expenditures. According to Gartner, security is all about percentage of budget allocation

Read More

Open Source North Korean IMINT Reloaded

Continuing the latest coverage on North Korea, and the Travel Without Moving series, yesterday I came across to an ongoing initiative on Google-Earthing the North Korean Military pointing out that :"In fact, there are several military and intelligence employees, some retired and some active, who turn the defense job into a hobby, helping to point out and explain foreign military curiosities at

Read More

Malware Search Engine

While it seems that it takes a publicly traded Internet filtering company to come up with quite some creativity, it's always coming back to the community to break through the FUD and release a PoC Malware Search Engine.The concept is great, excluding the dark web(closed behind authentication, and basic crawler blocking approaches), but what bothers me besides all the fuss is that it's a signature

Read More

Weaponizing Space and the Emerging Space Warfare Arms Race

Satellites Jamming, Hijacking, Space SIGINT, Space Kill Vehicles are just the tip of the iceberg in the ongoing weaponization of Space. In previous posts "Who needs nuclear weapons anymore?", "EMP warfare - Electronic Domination in Reverse", and "Is a Space Warfare arms race really comming?" I expressed my opinion on the current and emerging efforts to install and experiment with space weapons,

Read More

Scientifically Predicting Software Vulnerabilities

I recently came across to a research on "Modeling the Vulnerability Discovery Process" discussing :"A few models for the vulnerability discovery process have just been published recently. Such models will allow effective resource allocation for patch development and are also needed for evaluating the risk of vulnerability exploitation. Here we examine these models for the vulnerability discovery

Read More

North Korea's Cyber Warfare Unit 121

In a previous post, "Who's Who in Cyber Warfare" I commented on a very informative research on the topic, and pointed out that :"Technology as the next Revolution in Military Affairs (RMA) was inevitable development, what's important to keep in mind is knowing who's up to what, what are the foundations of their military thinking, as well as who's copying attitude from who. Having the capacity to

Read More

Spreading Psychological Imagination Streams

Wish I could reference all the copywriting materials I've ever written and got commissioned for, but I'd rather we play a "words creativity" game. There's no better personal benchmark for keeping yourself in a good shape, and most importantly, indirectly summarizing what's going on in my head at a particular moment, than of coming up with random/instant sentences out of key words I come across to

Read More

India's Espionage Leaks

You may find this brief overview of Indian security's leaky past cases informative :- "Defence Research and Development Organisation (DRDO) hard drive theft. The hard drives were stolen from the offices of the Scientific Analyses Group (SAG) and the Institute for System Studies and Analyses (ISSA) inside the DRDO complex. The SAG is responsible for cryptography. In other words, all codes and

Read More

South Korea's View on China's Media Control and Censorship

Got bored of China's Internet censorship efforts, and its interest to control mobile communications as well? I haven't, and I doubt I ever will given China is among the many other countries on the world's map actively restricting access to information, and, of course, controlling the way it reaches the final audience -- if it does.A recent article at The Korean Times, makes some very good points

Read More

Security Research Reference Coverage

I’ve recently started getting more requests on participating or guiding to a certain extend, student theses and various other research papers. There's nothing more pleasant than exchanging points of view, don't preach, but teach and question everything is what I have in mind. So, I've decided to share some publications featuring some of my previous papers, and by the way, I'm very near to

Read More

Delicious Information Warfare - 27/07

Given the interest in the perspective, I'm continuing to share my daily reads for the last week and a half. Catch up with previous summaries, and see the big picture as well.01. The fine art of shoulder surfing - Many hackers download their tools but traditionalists skilled in shoulder surfing still pose a threat. to Security on july 202. VCs discuss the next big things - Cell phone gambling in

Read More

$960M and the FBI's Art of Branding Insecurity

In previous posts "Are cyber criminals or bureaucrats the industry's top performer?", and "Insiders - insights, trends and possible solutions" I emphasized on how bureaucracy results in major insecurities, and provided further info on various issues related to insiders and risk management solutions -- ones the FBI is obviously far from implementing given the access control issues they have in

Read More

Travel Without Moving - North Korea Missile Launch Pad

Seems like it's North Korea's most active PR month given the public outbreak due to their unsuccessful launch of an intercontinental missile, so in these Travel Without Moving series I decided to feature the launch pad, originally came across it, nowhere else but at Cryptome's well sorted photo gallery of the event. Whereas the U.S is activating diplomatic ties in order to put more pressure on

Read More

How to Win the U.S Elections

Juicy barbecues, hugging babies, in between offering, and asking for the Moon days are over. E-voting is the future of technological political engineering. So, how can you win the U.S Elections?01. Ensure one company holds a virtual monopoly in E-voting systems, thus contributing to yet another monocultural insecurity. If it naturally has some competition, insist its systems are placed in key

Read More

BBC under the Intelligence Shadow

Nothing is impossible, the impossible just takes a little while. A relatively typical practices for the ex-USSR, namely controlling the media and profiling the journalists including the readers, seem to have been going on in London during the same period as well. According to the Sunday Telegraph, the BBC let intelligence agents vet staff :"Confidential papers obtained by the Sunday Telegraph

Read More

China's Interest of Censoring Mobile Communications

Just came across to a great article at the IHT on China's interest of tightening control of cellphones :"The new measures being contemplated for tightening control of cellphone use reportedly include mandatory user registration. Users now can easily buy cellphone cards at any convenience store, instantly obtaining a new phone number without identifying themselves. Whether through speech or short

Read More

Hacktivism Tensions - Israel vs Palestine Cyberwars

Oops, they did it again. The most recent case of hacktivism recently occurred :"Shortly after IDF tanks rolled into Gaza, another old front of conflict was reopened early Wednesday morning, but in this battle Kassam rockets and artillery shells were replaced by worms and viruses as pro-Palestinian hackers shut down approximately 700 Israeli web domains. A range of different Web sites were

Read More

Real-Time PC Zombie Statistics

Zombies inevitably turning into botnets represent a huge, automated and efficient advantage to malicious attackers, I topic and most of its dimensions I covered in my Future trends of malware research. CipherTrust's Zombie Stats help you measure the approximate population of infected zombie PCs according to the vendor's TrustedSource. Not surprisingly, China's steadily increasing novice Internet

Read More

The WarDriving Police and Pringles Hacking

These days you never know where the next hacking attempt on your wireless network may come from. In this case, it's from the police, as authorities start mimicking wardriving behavior :"The Douglas Country Sheriff's DOffice says it's going to start warning computer users that their networks may be vulnerable to hackers. The Sheriff's Department plans to equip several of its community service and

Read More

North Korea - Turn On the Lights, Please

North Korea's recent missile launch furor, and the obvious conventional weaponry doctrine in place, as well as my comments in the Travel Without Moving series - Korean Demilitarized Zone, reminded me of a how they tend to fuel growth in military spending/the regime, where the trade-off is a developing economy, or any economy at all. I feel North Korea is still quite dark these days, very

Read More

Tracking Down Internet Terrorist Propaganda

I always knew there's a team of cheap marketers behind every terrorist organization trying to market yet another multimedia killing, or put it simple fear, treats, and no respect for life. Why cheap? Mainly because there's no segmentation or niche issues to deal with, but mostly mass marketing, while harnessing the power of the never ending resonation from the media echo.Rather biased, today's

Read More

Delicious Information Warfare - 24/27 June

Go through my daily reads for 13/24 June as well.01. Meteorite Collision - "Japanese animation showing what would happen if a giant meteor hit the Earth." to Space on june 2502. Should We Lift North Korean Sanctions? - "Quentin Hardy summed up his side’s argument: “Capitalism has corrupted other authoritarian regimes, why not North Korea?”to Investing on june 2503. The ABCs of New Security

Read More

Malicious Web Crawling

SiteAdvisor indeed cashed for evaluating the maliciosness of the web, and New Zealand feels that nation wide google hacking initiatives are a more feasible solution to the problem of google hacking, compared to the Catawba County Schools Board of Education who blamed Google for indexing student test scores & social security numbers. It's like having a just-moved, 25/30 years old neighbors next

Read More

Shots From the Wild - Terrorism Information Awareness Program Demo Portal

A lot has changed since my last post on "Data mining, terrorism and security", namely NSA's warrantless surveillance efforts. So, in the spirit of a second possible NSA facility, I've decided to post a shot from the TIA's early stages of development obtained though the most detailed, conceptual, and from a developer's point of view description of the program.There've also been speculations on the

Read More

Dealing with Spam - The O'Reilly.com Way

While China feels that centralization is the core of everything, and is licensing the use of mail servers to fight spam, thus totally ignoring the evolution of spam techniques, the other day I came across to some recent Spam Statistics from Oreilly.com -- scary numbers!"Our mail servers accepted 1,438,909 connections, attempting to deliver 1,677,649 messages. We rejected 1,629,900 messages and

Read More

Big Brother in the Restroom

Wikes! This is nasty, and while the porn industry has commercialized the idea a long time ago, I never imagined the levels of crime in public restrooms would "reach" levels requiring CCTVs to be installed -- if there's so much vandalism going on in public restrooms, these will definitely get stolen as well, picture the situation! Norway installs surveillance cameras in park restrooms.Hint : once

Read More

World's Internet Censorship Map

While it seems rather quiet on the Internet's censorship front, the media coverage on the topic represents a cyclical buzz that reemerges with the time.Thankfully, initiatives as the OpenNet one, and organizations such as Reporters Without Borders never stop being the society's true watchdogs when it comes to Internet censorship. ONI's neat visualization of the Internet filtering map is a great

Read More

Delicious Information Warfare - 13/24 June

Brief summaries of key events for the last week and a half, catch up with previous ones as well. I intend to continue sharing my daily reads while emphasizing on the big picture, and emerging trends. Great quote courtesy of the The Royal Swedish Academy of War Sciences : “The world isn’t run by weapons anymore, or energy, or money. It’s run by little ones and zeros, little bits of data. It’s all

Read More

Travel Without Moving - Erasmus Bridge

Catching up with last week's Travel Without Moving shot, this one isn't intelligence of military related, but a marvelous engineering achievement, Erasmus Bridge -- perhaps the perfect moment to demonstrate my amateur photographer skills while tripping around. I will definitely share more shots from cons and life, the way I experience it, anytime now. And meanwhile, you can take a peek at the

Read More

No Other Place Like 127.0.0.1

Sincere apologies for the sudden disappearance, but thanks for the interest even though I haven't been active for the last week due to quality offline activities. No other place like 127.0.0.1, and the smell of an untouched by human hand, Cold War era postage stamps glue on my high value collections -- I do own several "stamp anomalies". Collecting postage stamps is a challenging hobby for a

Read More

Web Application Email Harvesting Worm

This is a rare example of a web application vulnerability worm, targeting one of the most popular free email providers by harvesting emails within their 1GB mailboxes, and of course propagating further."Yahoo! on Monday has repaired a vulnerability in its email service that allowed a worm to harvest email addresses from a user accounts and further spread itself. The JS/Yamanner worm automatically

Read More

Consolidation, or Startups Popping out Like Mushrooms?

If technology is the enabler, and the hot commodity these days, spammers will definitely twist the concept of targeted marketing, while taking advantage of them. Last week I've mentioned the concepts of VoIP, WiFi and Cell phone spam that are slowly starting to take place.Gartner recently expressed a (pricey) opinion on the upcoming consolidation of spam vendors, while I feel they totally ignored

Read More

It's Getting Cloudy, and Delicious

For real. A brief summary of the instant links for the last two days :01. Eight Indian Startups to Watch - "Some startups are offering unique solutions for India’s burgeoning domestic market, others are targeting global markets. Several are going after both. Red Herring has chosen a few below-the-radar young companies that we think are worth watching." - to Investing Technology India on june

Read More

Travel Without Moving - Georgi Markov's KGB Assassination Spot

In the spirit of the previous hot spot in the Travel Without Moving series, here's another one, this time Georgi Markov's KGB Assassination spot. Georgi Markov was killed in London, in 1978, using a tiny pellet fired from an umbrella containing 0.2 milligram dose of poison ricin.You may also find this Time Out's briefing on London's espionage locations interesting.

Read More

Going Deeper Underground

IT Security Goes Nuclear, at least that's what they say."Venture capitalists are predicting a "business boom below ground" as blue-chip companies turn to nuclear bunkers built at the height of the Cold War in the battle to protect sensitive electronic data. The latest private equity investor to move in on the area is Foresight Venture Partners, which has just taken a 20 per cent stake in The

Read More

There You Go With Your Financial Performance Transparency

Truly amazing, and the inavitable consequence of communication retention in the financial sector, but I feel it's the magnitude that resulted in Enron's entire email communication achive that's seems available online right now."Search through more hundreds of thousands of email messages to and from 176 former Enron executives and employees from the power-trading operations in 2000-2002. For the

Read More

All Your Confidentiality Are Belong To Us

The proof that commercial and open source encryption has surpassed the technologies to police it, or the idea that privacy and business growth as top priorities would ruin the whole initiative?"The Government has launched a public consultation into a draft code of practice for a controversial UK law that critics have said could alienate big business and IT professionals. Part III of the

Read More

Brace Yourself - AOL to Enter Security Business

In the re-emergence of the Web, AOL got the attention it never imagined it would get, Microsoft and Google fighting for a share of its modest, but strategic amount of eyeballs. After being an exclusive part of Time Warner's balance sheet since its early acquisition, and with a $510M fine, dial-up business that was profitable by the time telecoms started offering cable connections, due to the

Read More

An Over-performing Spammer

Th3 4r7 0f $3nd!ng spam messages is evolving like never before, and while spammers are still catching up with the newest technologies such as VoIP, WiFi, Cell phones -- newest at least in respect to spamming -- trying to avoid the now mature indystry's practices, and taking advantage of the growing economies and their newbie users as victims, is what keeps it going.I simply couldn't resist not to

Read More

Bedtime Reading - Rome Inc.

If the Baby Business helped you envision the future, "Rome Inc - The Rise and Fall of the First Multinational Corporation" is going to help you perceive the past within today's corporate culture -- and Stanley Bing makes good points on every stage of the empire.Basically, the book emphasizes on the "first multinational corporation" Rome, selling the ultimate product of its time - citizenship.

Read More

Phantom Planes in the Skies

I can barely imagine the panic with a non-responding -- can it respond when it's not there? -- plane in the sky, at least by the time a visual confirmation reveals the truth. In the post 9/11 world, airports were among the first strategic targets to get the funding necessary to protect against the threats fabricated in a think-tank somewhere. Money are wasted in this very same fashion on a daily

Read More

Where's my Fingerprint, Dude?

Personal data security breaches continue occurring, and with the trend towards evolving to a digital economy, it's inevitably going to get ever worse. In a recently revealed case "Lost IRS laptop stored employee fingerprints", from the article :"A laptop computer containing fingerprints of Internal Revenue Service employees is missing, MSNBC.com has learned. The computer was lost during transit

Read More

Skype as the Attack Vector

It's often hard to actually measure the risk exposure to a threat, given how overhyped certain market segments/products' insecurities get with the time. Gartner, and the rest of the popular marketing research agencies seem to be obsessed with Skype as the major threat to enterprises, while Skype isn't really bad news, compliance is, in respect to VoIP, P2P, IM and Email communications retention

Read More

Travel Without Moving - KGB Lubyanka Headquarters

Yet another hot spot in this week's Travel Without Moving series - this time it's Lubyanka Square's KGB Headquarters. There are still lots of Cold War sentiments in the air among yesterday's and today's super powers and you just can't deny it. Today's FSB, the successor to the KGB, is taking a very serious approach towards counter-intelligence, and offensive scientific intelligence practices in a

Read More

May's Security Streams

Here's May's summary of all the security streams during the month. This is perhaps among the few posts in which I can actually say something about the blog, the individual behind it, and its purpose, which is to - question, provoke, and inform on the big picture. After all, "I want to know God's thoughts... all the rest are details", one of my favorite Albert Einstein's quotes. The way we often

Read More

Healthy Paranoia

More developments on the US-China Commission's decision not to use Chinese manufactured PCs on the SIRPnet follow, an event I covered in a previous post "Espionage Ghosts Busters". The oficially stated attack vector, namely that "..a significant portion" of Lenovo is owned by the Chinese Academy of Sciences, an arm of the Chinese government." is nothing more than a healthy paranoia to me, one

Read More

The Global Security Challenge - Bring Your Know-How

It's a public secret that the majority of innovative ideas come from either the academic enviroment, or plain simple entrepreneurial spirits. I find such annual competitions as a valuable incentive for both sides to unleash the full power of their ideas, or commercialize them - consciously or subconciously. SpaceShipOne is a case study on how elephants can't dance, or at least how they dance on

Read More

Covert Competitive Intelligence

Yet another agreement on alleged covert competitive intelligence, this time, "WestJet Airlines says it’s sorry that members of its management team covertly accessed a confidential Air Canada website, and has agreed pay $15.5 million. In a joint news release from the two carriers, WestJet said that in 2003-2004, members of their management team "engaged in an extensive practice of covertly

Read More

Microsoft in the Information Security Market

Microsoft is emptying its pockets with tiny acquisitions of security solution providers with the idea to target the masses in its all-in-one security service OneCare. There's nothing wrong with offering up to three licenses for $49.95 per year, at least not from a marketing point of view. Microsoft's Security Ambitions are getting huge "as it continues to reveal its security ambitions in very

Read More

No Anti Virus Software, No E-banking For You

Malware and Phishing are the true enemies of E-commerce, its future penetration, and E-banking altogether. Still, there are often banks envisioning the very basic risks, and hedging them one way or another, as "Barclays gives anti-virus software to customers" "Barclays Bank is issuing UK internet banking customers with anti-virus software, as part of attempts to reduce online identity theft. The

Read More

Who's Who in Cyber Warfare?

Wondering what's the current state of cyber warfare capabilities of certain countries, I recently finished reading a report "Cyber Warfare: An Analysis of the Means and Motivations of Selected Nation States", a very in-depth summary of Nation2Nation Cyber conflicts and developments I recommend you to read in case you're interested. It covers China, India, Iran, North Korea, Pakistan, and, of

Read More

Delaying Yesterday's "0day" Security Vulnerability

I never imagined we would be waiting for the release of a "0day" vulnerability, but I guess that's what happens if you're not a customer of an informediary in the growing market for software vulnerabilities -- growth in respect to, researchers, infomediaries and security vulnerabilities. Stay tuned for "Exploit Of Windows 2000 Zero-day To Hit In June", and take your time to appreciate that it's

Read More

Forgotten Security

It's one thing to expose a Pengaton conference's attendees list, and another Mr. Blair's security plans intended to protect the Prime Minister from a terrorist attack during the Labour Party conference". From the article : "Security plans intended to protect the Prime Minister from a terrorist attack during the Labour Party conference have been left in a hotel. The documents include a list of

Read More

Aha, a Backdoor!

Security precautions can indeed blur the transparency of a company's financial performance -- one that's extremely important in the post-Enron corporate world. Under fire over some of the biggest corporate scandals during the last decade, the Securities and Exchange Commission (SEC) has been trying to change the data standards to ensure greater accountability and support decision makers. On the

Read More

Travel Without Moving - Korean Demilitarized Zone

Continuing the travel without moving series, the Korean Demilitarized Zone remains a hot spot with North Korea publicly stating its ambtions of joining the nuclear club. How big of a threat is the statement anyway? I believe it's a desperate move from the North Koreans' side, while trying to put itself on the world's map again -- and the news of course. What they lost was the momentum, one that

Read More

Bedtime Reading - The Baby Business

While not necessarily an AI, a Project 2501 type of living entity breakthrough development, there's a growing (underground) market for genetically modified newborns, a scary scenario that reminds of previous episodes (Criminal Nature) of the Outer Limits and of course Gattaca in all of its twisted beauty and utopian representation of Space as the "final destination".The Baby Business explains how

Read More

The Current, Emerging, and Future State of Hacktivism

Zone-H recently reported yet another major hacktivism case in what's stated to be the biggest hacking incident in the web-hosting history-- single hack, multiple targets exposed and their audiences' attention "acquired". The very same type of tension happened several weeks ago due to the Muhammad cartoons. It may seem questionable whether Hacktivism would survive in today's for-profit online

Read More

Arabic Extremist Group Forum Messages' Characteristics

Ever wondered what's the font size of a terrorist forum posting? These guys are really deep into using AI for gathering intelligence on various Cyberterrorism threats, and as you can see they neatly visualize their findings. "Applying Authorship Analysis to Extremist-Group Web Forum Messages" by Ahmed Abbasi and Hsinchun Chen, University of Arizona seem to have found a way, or at least patters of

Read More

Espionage Ghosts Busters

In previous posts, "Insider Competition in the Defense Industry", and "The anti virus industry's panacea - a virus recovery button" , I gave examples of insider trading, of malware infecting border-screening computers, or the plain truth on how U.S "manufactured" PCs are actually assembled in China these days.Obviously, plain old paranoia without solid background still dominates as "

Read More

Nation Wide Google Hacking Initiative

The idea of doing reconnaissance for the purpose of pen testing ormalicious activity through google hacking, has already reached levels of automation -- the problem is how the threat gets often neglected by those that actually suffer from a breach later on. I came across to an article pointing out that :"Anyone who wants to hack into sensitive information on New Zealand internet sites might be

Read More

Travel Without Moving - Cheyenne Mountain Operations Center

It's a small world -- and a busy one, this post was supposed to appear the previous week so here it goes. There are certain places you just can't miss on the world's map, and the Cheyenne Mountain Operations Center is one of them. Remember the typical massive gate in the War Games movie, or in pretty much any other military/intelligence thriller you've watched? Try this one. Nuke it, EMP it, it's

Read More

Techno Imperialism and the Effect of Cyberterrorism

It's been a while since I've last blogged about Cyberterrorism, and while many did mentioned the topic in between the recent DRDoS attacks, Cyberterrorism is so much more than simply shutting down the Internet, namely the ability to communicate, research, recruit and use propaganda to achieve goals based on ideological beliefs, or the convergence of Terrorism and the Internet.Can we argue that

Read More

Insider Competition in the Defense Industry

While there aren't any smoking emails mentioned in this case, where else can we spot insiders if not in the defense industry, an industry where securing government-backed contracts, or teasing military decion makers with the latest technologies ensures the long-term existence of the business itself? From the article :"Boeing has been under investigation for improperly acquiring thousands of pages

Read More

EMP Attacks - Electronic Domination in Reverse

Yesterday, I came across to an updated(April 14, 2006) CRS report - High Altitude Electromagnetic Pulse (HEMP) and High Power Microwave (HPM) Devices: Threat Assessments, a topic I covered in a previous post related to asymmetric warfare.Basically, it outlines critical issues such as, what is the U.S(or pretty much any other country thinking asymmetric warfare) doing to ensure critical civil

Read More

Valuing Security and Prioritizing Your Expenditures

I often blog on various market trends related to information security and try to provide an in-depth coverage of emerging or current trends -- in between active comments. In previous posts "FBI's 2005 Computer Crime Survey - what's to consider?", "Spotting valuable investments in the information security market", "Why we cannot measure the real cost of cybercrime?", "Personal Data Security

Read More

Terrorist Social Network Analysis

In previous posts "Visualization, Intelligence and the Starlight project" and "Visualization in the Security and New Media world" I covered various security and intelligence related projects and mostly emphasized on the future potential of visualizing data. Data mining is still everyday's reality -- social networking as well. Just came across this at DefenseTech :"It'd be one thing if the NSA's

Read More

Travel Without Moving - Scratching the Floor

You don't really need a reconnaissance satellite to spot this, it's precisely the type of "sight" you can see for yourself on daily basis -- but he's still moving isn't he? :)

Read More

Pocket Anonymity

While the threats posed by improper use of removable media will continue to make headlines, here's a company that's offering the complete all-in-one pocket anonymity solution -- at least that's how they position it. From the article :"Last month, a company called Stealth Ideas Inc. of Woodland Hills, Calif., came out with its StealthSurfer II ID Protect. The miniature flash drive lets you surf

Read More

Is Bin Laden Lacking a Point?

If I were to name the masters of PSYOPS, that would be terrorists, who without a super power's financial capabilities still manage to achieve the "media echo" effect they seem to be so good at. As you will eventually read in case you haven't though about it before, to me Al Jazeera always seems to be the launching platform given its strategic position in the region, and the rest of the world's

Read More

Pass the Scissors

Counterfeiting U.S currency is a profitable business given its stability and actual valuation, and so is money printing! It's just that sometimes there are too much legally printed money as well, and the Fed is raising the interest rates for the sixteenth time during the last two years -- which doesn't stop it from making a buck in between. Did you know you could get Uncut Currency sheets "of

Read More

Snooping on Historical Click Streams

In a previous post "The Feds, Google, MSN's reaction, and how you got "bigbrothered"? I gave practical advices on how can easily do your homework on the popularity of certain search terms and sites, without the need of issuing a subpoena. The other day, AlltheWeb (Yahoo!) introduced their Livesearch feature, seems nice, still it basically clusters possible opportunities. Now the interesting part

Read More

Wiretapping VoIP Order Questioned

There's been a lot of buzz recently on the FCC's order requiring all VoIP providers to begin compliance with CALEA in order to lawfully intercept VoIP communications by the middle of 2007 . Yesterday, a U.S judge seems to have challenged the order, from the article :"The skepticism expressed so openly toward the administration's case encouraged civil liberties and education groups that argued

Read More

The Cell-phone Industry and Privacy Advocates VS Cell Phone Tracking

I've once mentioned various privacy issues related to mobile devices, the growing trend of "assets tracking", and of course, cell phones tracking. Yesterday I came across to great summary of the current situation -- privacy groups make a point of it. From the article :"Real-time tracking of cell phones is possible because mobile phones are constantly sending data to cell towers, which allows

Read More

Shaping the Market for Security Vulnerabilities Through Exploit Derivatives

In a previous post "0bay - how realistic is the market for security vulnerabilities?" I gave a brief overview of the current market infomediaries and their position, listed various research I recommend you to go through, and speculated on an auction based market model. During April, at the CanSecWest Security Conference "Groups argued over merits of flaw bounties" some quotes :"The only economic

Read More

The Current State of Web Application Worms

Remeber the most recent Yahoo! Mail's XSS vulnerabilities, or the MySpace worm? I just read through a well written summary on Web Application Worms by Jeremiah Grossman, from WhiteHat Security, "Cross-Site Scripting Worms and Viruses - The Impending Threat and the Best Defense", an excerpt :"Samy, the author of the worm, was on a mission to be famous, and as such the payload was relatively benign

Read More

Travel Without Moving - Typhoon Class Submarines

In previous posts "Security quotes : a FSB (successor to the KGB) analyst on Google Earth", "Suri Pluma - a satellite image processing tool and visualizer", "The "threat" by Google Earth has just vanished in the air" I talked about various issues related to satellite imagery and security. Moreover, I'm also actively covering various emerging Space Warfare issues, and with the recent speculation

Read More

Biased Privacy Violation

This is a very interesting initiative, going beyond the usual MySpace's teen heaven privacy issues, but directly exposing the mature audience in a way I find as a totally biased one. Girls writing stories on men that supposedly chated on them. DontDateHimGirl.com aims to :"DontDateHimGirl.com is an online resource for women who have shared the experience of dating a no-good man! Browse our search

Read More

April's Security Streams

Hi folks, it's about time to quickly summarize April's Security Streams. As of today, my blog is officially six months old and the feeling of witnessing change and improvements has always been a pleasant one. Blogging "my way" takes a lot of time, that is, posts going beyond "preaching" but emphasizing on "teaching", a little bit of investigative research, full-disclosure, and constructive key

Read More

A comparison of US and European Privacy Practices

A new study on "US and European Corporate Privacy Practices" was released two days ago, and as I constantly monitor the topic knowing EU's stricter information sharing and privacy violations laws comparing to the U.S, thought you might find this useful. To sum up the findings :"European companies are much more likely to have privacy practices that restrict or limit the sharing of customer or

Read More

DIY Marketing Culture

Problem - big name advertising agencies, and self forgotten copywriters easily turn into an obstacle for a newly born startup, the way marketing researchers can easily base your entire service/product development efforts on a single survey's results. Generating content, thinking content is the king, trying to sense and understand your customers' needs or where the market is heading to for the

Read More

In between the lines of personal and sensitive information

In a previous post, "Give it back!" I mentioned the ongoing re-classification of declassified information and featured some publicly known sources for information on government secrecy. Today I came across to a news item relating to the topic in another way, "States Removing Personal Data from Official Web Sites", more from the article :"At least six states use redaction software, which digitally

Read More

Wild Wild Underground

Where's the real underground these days, behind the shadows of the ShadowCrew, the revenge of the now, for-profit script kiddies, or in the slowly shaping real Mafia's online ambitions? Moreover, is all this activity going on behind the Dark Web, or the WWW itself? Go through this fresh overview, emphasizing on today's script kiddies, 0days as a commodity, malware and DDoS on demand on the WWW

Read More

25 ways to distinguish yourself -- and be happy?

Totally out of the security world, yet very relevant inspirational tips for all readers feeling down, or looking for more sources of self-esteem. I've always believed that among the most important key factors for leadership is the ability to know yourself, and to understand the time dimensions of failure -- it's just a temporary event whenever it happens to occur. I also often debate on the pros

Read More

Why's that radar screen not blinking over there?

Two days ago, the Russian News & Information Agency - Novosti, reported on how "Russian bombers flew undetected across Arctic" more from the article :"Russian military planes flew undetected through the U.S. zone of the Arctic Ocean to Canada during recent military exercises, a senior Air Force commander said Saturday. The commander of the country's long-range strategic bombers, Lieutenant

Read More

The anti virus industry's panacea - a virus recovery button

Just when I thought I've seen everything when it comes to malware, I was wrong as a PC vendor is trying to desperately position itself as one offering a feeling of security with the idea to strip its product and lower the customer price. The other day I came across to a fancy ad featuring Lenovo's ThinkVantage Virus Recovery Button, and promoting its usefulness even when there's no AV solution in

Read More

Digital forensics - efficient data acquisition devices

Digital forensics have always been a hot market segment, whereas the need for a reliable network based forensics model given main Internet's insecurities such as source address spoofing and the lack of commonly accepted security events reporting practices is constantly growing as well. Information acqusition, analysis and interpretation in the most reliable and efficient way is often among the

Read More

Spotting valuable investments in the information security market

Back in January I mentioned the possible acqusition of SiteAdvisor in my "Look who's gonna cash for evaluating the maliciousness of the Web?" post and it seems McAfee have realized the potential of this social-networking powered concept on a wide scale, and recently acquired SiteAdvisor -- this was meant to happen one way or another and with risk of being over-enthusiastic I feel I successfully

Read More

Would somebody please buy this Titan 1 ICBM Missile Base?

I feel that no matter how much you try to bypass the intermediary, it would continue to remain the place for anything auction - 0day vulnerabilities, Enigma encryption machines, and now a Titan 1 ICBM Missile Base, is for sale at Ebay for the N time. Bari Hotchkiss listed the characteristics of the underground fortress as :- Hardened buildings built to withstand One megaton nuclear blast within

Read More

Fighting Internet's email junk through licensing

Just came across this story at Slashdot, interesting approach :"China has introduced regulations that make it illegal to run an email server without a licence. The new rules, which came into force two weeks ago, mean that most companies running their own email servers in China are now breaking the law. The new email licensing clause is just a small part of a new anti-spam law formulated by

Read More

Distributed cracking of a utopian mystery code

If you have missed the opportunity to buy yourself a portable Enigma encryption machine, or didn't know you could devote some of your CPU power while trying to crack unbroken Nazi Enigma ciphers, now is the time to consider another distributed computing cracking initiative I just came across to - "Assault on the Thirteenth Labour", part of the utopian Perplex City alternate reality game. More on

Read More

On the Insecurities of the Internet

Among the most popular stereotypes related to Cyberterrorism, is that of terrorists shutting down the Internet, or to put it in another way, denying access to the desperse and decentralized Internet infrastructure by attacking the Internet's root servers the way it happened back in 2002 -- knowing Slashdot's IP in such a situation will come as a handy nerd's habit for sure. Outages like these

Read More

Catching up on how to lawfully intercept in the digital era

In one of my previous posts "A top level espionage case in Greece" I blogged about two cases of unlawful interception -- good old espionage practices in modern environment. What's also worth mentioning is the rush for lawful interception in the post 9/11 world, that is free spirits get detained for singing or being nerds, activities you can hardly datamine at the bottom line, and then again, so

Read More

"IM me" a strike order

In my previous post "What's the potential of the IM security market? Symantec thinks big" I commented on various IM market security trends, namely Symantec's acquisition of IMLogic. It's also worth mentioning how a market leader security vendor was able to quickly capitalize on the growing IM market, and turn the acquisition into a valuable solution on the giant's portfolio of solutions. What's

Read More

Heading in the opposite direction

Just one day before April 1st 2006 I came across this article :"German retail banker Postbank will begin using electronic signatures on e-mails to its customers to help protect them from phishing attacks."Catching up with the phishers seems to be a very worrisome future strategy. Electronic Signatures by themselves are rarely checked by anyone, and many more attack vectors are making the idea of

Read More

Securing political investments through censorship

I try to extensively blog on various privacy and Internet censorship related issues affecting different parts of the world, or provide comments on the big picture they way I see it.Spending millions -- 6 million euro here, and I guess you also wouldn't let someone spread the word whether the cover is fancy enough for a vote or not -- on political campaigns to directly or indirectly influence the

Read More

Insider fined $870

Insiders still remain an unresolved issue, where the biggest trade-off is the loss of productivity and trust in the organizational culture. According to the Sydney Morning Herald :"A court in Guangzhou, capital of the southern Chinese province of Guangdong, has upheld a lower court's guilty verdict against Yan Yifan for selling stolen passwords and virtual goods related to the online game "Da

Read More

The "threat" by Google Earth has just vanished in the air

Or has it actually? In one of my previous posts "Security quotes : a FSB (successor to the KGB) analyst on Google Earth" I mentioned the usefulness of Google Earth by the general public, and the possibility to assist terrorists. The most popular argument on how useless the publicly available satellite imagery is that it doesn't provide a high-resolution images, and recent data as well -- that's

Read More

Wanna get yourself a portable Enigma encryption machine?

Hurry up, you still have 5 hours to participate in the sale at Ebay as the BetaNews reported "eBay has long been a purveyor of the unusual and the unique, but it's not often an authentic piece of tech history captures as much attention as the Enigma 3 portable cipher machine that has racked up bids of almost 16,000 euros. The Enigma device was used extensively by Nazi Germany during World War II.

Read More

March's Security Streams

A quick summary of March's Security Streams ( January, February ). It was an unbelievably busy month, and while I'm multitasking and diversifying on a daily basis, I'm certain you've enjoyed this month's streams, thanks for all the feedback you've been sending, it's a small world if you just let yourself realize it!1. "DVD of the (past) weekend" The Lawnmower man -- God made him simple, Science

Read More

Visualization in the Security and New Media world

Information visualization seems to be a growing trend in today's knowledge driven, and information-overloaded society. The following represents a URL tree graph of the Security Mind Streams blog -- looks resourceful! Want to freely graph your site/blog? Take advantage of Texone's tree, just make sure you don't forget to press the ESC key at a certain point.In my first post related to "

Read More

Are cyber criminals or bureaucrats the industry's top performer?

Last week, I came across a great article at Forbes.com, "Fighting Hackers, Viruses, Bureaucracy", an excerpt :"Cyber security largely ends up in the backseat," says Kurtz, who prior to lobbying did stints in the State Department, the National Security Council and as an adviser to President George W. Bush on matters relating to computer security. "Our job is to shine a bright light on it, to help

Read More

DVD of the Weekend - War Games

Hi folks, as it's been a while since I last posted a quality post, I feel it's about time I catch up with some recent events. What I'm currently working on, is gathering a very knowledgaable bunch of dudes in order to open up a discussion on the emerging market for 0day vulnerabilities, and I'm very happy about the guys that have already showed interest in what I plan to do -- more on that around

Read More

Privacy issues related to mobile and wireless Internet access

I just came across a research worth checking out by all the wardrivers and mobile/wireless Internet users out there. While it's written in 2004, "Privacy, Control and Internet Mobility", provides relevant info on an important topic - what kind of information is leaking and how can this be reduced. The abstract describes it as :"This position paper explores privacy issues created by mo-bile and

Read More

The Practical Complexities of Adware Advertising

A report released by the The Center for Democracy and Technology yesterday, "How Advertising Dollars Encourage Nuisance and Harmful Adware and What Can be Done to Reverse the Trend", outlines the practical complexities of Adware Advertising. It gives a great overview of the parties involved, discusses a case study "CDT egages the advertisers", as well as outlines a possible solution, namely

Read More

Is a Space Warfare arms race really coming?

In one of my previous posts "Who needs nuclear weapons anymore?" I was emphasizing on another, much more assymentric, still dangerous alternative, EMP weapons. I came across to a recent Boston.com article titled "Pentagon eyeing weapons in space" that's gives a relevant overview of the current state of the U.S's ambitions, an excerpt :"The Pentagon is asking Congress for hundreds of millions of

Read More

"Successful" communication

You know Dilbert, don't you? I find this cartoon a very good representation of what is going on in the emerging market for software vulnerabilities, and of course, its OTC trade practices -- total miscommunication and different needs and opinions. While different opinions and needs provoke quality discussion and I understand the point that everyone is witnessing that something huge is happening,

Read More

Getting paid for getting hacked

In the middle of February, Time Magazine ran a great article on Cyberinsurance or "Shock Absorbers", and I feel this future trend deserves a couple of comments, from the article :"As companies grow more dependent on the Internet to conduct business, they have been driving the growing demand for cyber insurance. Written premiums have climbed from $100 million in 2003 to $200 million in 2005,

Read More

Old physical security threats still working

In "The Complete Windows Trojans Paper" that I released back in 2003 (you can also update yourself with some recent malware trends!) I briefly mentioned on the following possibility as far as physical security and malware was concerned :"Another way of infecting while having physical access is the Auto-Starting CD function. You've probably noticed that when you place a CD in your CDROM, it

Read More

Security vs Privacy or what's left from it

My latest privacy related posts had to do with "The Future of Privacy = don't over-empower the watchers!" and "Data mining, terrorism and security" in respect to the the still active TIA and the hopes for the effectiveness out of data mining. While these are important topics I feel every decent citizen living in the 21st century should be aware of -- many still "think conspiracies" than

Read More

DVD of the Weekend - The Immortals

The Lawnmower Man : Beyond Cyberspace was among the several other classic techno thrillers I was watching and mostly remembering pleasant times from the past. I actually got in touch with SFAM from the CyberpunkReview.com, and intend to contribute with another point of view to his initiative I highly recommend you to keep an eye on.This weekend, I want to recommend you one of the best European

Read More

Where's my 0day, please?

A site I was recently monitoring disappeared these days, so I feel it's about time I blog on this case. I have been talking about the emerging market for software vulnerabilities for quite some time, and it's quite a success to come across that the concept has been happening right there in front of us. Check out the screenshots. The International Exploits Shop I came across to looks like this :It

Read More

The Future of Privacy = don't over-empower the watchers!

I blog a lot about privacy, anonymity and censorship, mainly because I feel not just concerned, but obliged to build awareness on the big picture the way I see it. Moreover, I find these interrelated and excluding any of these would result in missing the big picture, at least from my point of view. Some posts I did, worth mentioning are : "Anonymity or Privacy on the Internet?", "China - the

Read More

5 things Microsoft can do to secure the Internet, and why it wouldn't?

In my previous post on Internet security, I was just scratching the surface of "How to secure the Internet", and emphasized that plain text communications, insecure by design, and our inability to measure the costs of cybercrime, are among the things to keep in mind.Now, If I were asked about monocultures, "ship it now, patch it later" attitudes or slow reactive approaches, I would quickly ask is

Read More

Data mining, terrorism and security

I've been actively building awareness on what used to feel like an unpopular belief only - Cyberterrorism, and also covered some recent events related to Cyberterrorism in some of my previous posts.Last week, The NYTimes wrote about "Taking Spying to Higher Level, Agencies Look for More Ways to Mine Data", and I feel that avoiding the mainstream media for the sake of keeping it objective is quite

Read More

Anti Phishing toolbars - can you trust them?

A lot of recent phishing events occured, and what should be mentioned is their constant ambitions towards increasing the number of trust points between end users and the mirror version of the original site. The use of SSL and the ease of obtaining a valid certificate for to-be fraudelent domain is a faily simple practice. Phishing is so much more than this, and it even has to do with buying 0day

Read More

February's Security Streams

It's about time I summarize all my February's Security Streams, you can of course go through my January's Security Streams as well, in case you're interested in what was inspiring me to blog during January. The truth is - you, the 4,477 unique and 580 unique visitors returning during the entire February, and as this blog is melting down due to its audience and content, thanks for your time! As a

Read More

DVD of the (past) weekend

Hi folks, as I've been down for a couple of days, I'm actively updating my blog, so watch out for some quality posts later on and apologies for the downtime. Thanks for the interest and the questions received whatsoever!So, after the "Lone Gunmen", and "The Outer Limits - Sex And Science Fiction Collection" it was about time we go beyond cyberspace with the second part of the "Lawnmower man" a

Read More

Get the chance to crack unbroken Nazi Enigma ciphers

Nice initiative I just came across to. From the "M4 Message Breaking Project" :The M4 Project is an effort to break 3 original Enigma messages with the help of distributed computing. The signals were intercepted in the North Atlantic in 1942 and are believed to be unbroken. Ralph Erskine has presented the intercepts in a letter to the journal Cryptologia. The signals were presumably enciphered

Read More

DVD of the Weekend - The Outer Limits - Sex And Science Fiction Collection

"A sextet of sci-fi tales opens with Alyssa Milano as a woman whose "close encounter" leaves her with an insatiable lust in "Caught in the Act"; the sole survivor of a nuclear holocaust gets some computer-generated companionship in "Bits of Love," with Natasha Henstridge; Sofia Shinas is "Valerie 13," a robot whose emotions become all-too-human; a man who's lived his life onboard a mysterious

Read More

One bite only, at least so far!

Apple's OS X has always been positioned as a juicy target even though it's market share is almost non-existent compared to Microsoft's domination. And while converting iPod customers into MAC users hasn't shown any progress so far and I doubt it would, malware authors are as always actively experimenting or diversifying the threatscape. One question remains unclear, why would someone want to own

Read More

Give it back!

According to a recent article "Secret program reclassifies documents" :"Researcher Matthew Aid has discovered a secret reclassification program that has moved thousands of declassified pages out of the National Archives and Records Administration's facility in Maryland. Some groups, such as George Washington University's Nation Security Archive, are fighting to end the program, arguing that the

Read More

Master of the Infected Puppets

In some of my previous posts, "What are botnet herds up to?", "Skype to control Botnets", "The War against Botnets and DDoS attacks", and "Recent Malware Developments", I was actively providing resources and updating my blog readers (thanks for the tips and the info sharing, I mean it!) related to one of the most relevant threats to the Internet ( more trends and bureaucracy ) - Botnets.I

Read More

Chinese Internet Censorship efforts and the outbreak

In some of my January's Security Streams, I did some extensive blogging expressing my point of view on the current Internet censorship activities, and tried to emphasize on the country whose Internet population is about to outpace the U.S one - China. In my posts "China - the biggest black spot on the Internet’s map", "2006 = 1984?", "Twisted Reality", you can quickly update yourself on some of

Read More

How to win 10,000 bucks until the end of March?

I feel that, in response to the recent event of how the WMF vulnerability got purchased/sold for $4000 (an interesting timeframe as well), iDefense are actively working on strengthening their market positioning - that is the maintain their pioneering position as a perhaps the first company to start paying vulnerability researchers for their discoveries. The company recently offered $10,000 for

Read More

DVD of the weekend - The Lone Gunmen

The Lone Gunmen on two double-sided discs, pure classic! In one of my chats with Roman Polesek, from Hakin9, he was wise enough to state the you cannot be a prophet in your own industry, simple, but powerful statement you should take into consideration.Initiatives such as The Lone Gunmen, the X-files, and The Outer Limits have already proven useful, given someone listens! For instance :"In a

Read More

Smoking emails

I just came across this, "Morgan Stanley offers $15M fine for e-mail violations" - from the article :"US investment bank Morgan Stanley will offer a settlement to the Securities and Exchange Commission (SEC), agreeing in principle to pay a $15 million fine for failing to preserve e-mail messages. The e-mail messages could have provided useful evidence in several cases brought against the company.

Read More

The end of passwords - for sure, but when?

My first blog post "How to create better passwords - why bother?!" back in December, 2005, tried to briefly summarize my thoughts and comments I've been making on the most commonly accepted way of identifying yourself - passwords.Bill Gates did a commentary on the issue, note where, at the RSA Conference, perhaps the company that's most actively building awareness on the potential/need for

Read More

A timeframe on the purchased/sold WMF vulnerability

The WMF vulnerability and how it got purchased/sold for $4000 was a major event during January, at least for me as for quite some time the industry was in the twilight zone by not going through a recently released report. But does this fact matters next to figuring out how to safeguard the security of your network/PC given the time it took the vendor to first, realize that it's real, than to

Read More

Detecting intruders and where to look for

CERT, just released their "Windows Intruder Detection Checklist" from the article :"This document outlines suggested steps for determining whether your Windows system has been compromised. System administrators can use this information to look for several types of break-ins. We also encourage you to review all sections of this document and modify your systems to address potential weaknesses."I

Read More

Look who's gonna cash for evaluating the maliciousness of the Web?

Two days ago, SecurityFocus ran an article "Startup tries to spin a safer Web" introducing SiteAdvisor :"A group of graduates from the Massachusetts Institute of Technology (MIT) aim to change that by crawling the Web with hundreds, and soon thousands, of virtual computers that detect which Web sites attempt to download software to a visitor's computer and whether giving out an e-mail address

Read More

Recent Malware developments

In some of my February's streams :) "The War against botnets and DDoS attacks" and "CME - 24 aka Nyxem, and who's infected?" I covered some of the recent events related to malware trends in the first months of 2006. This is perhaps the perfect time to say a big thanks to everyone who's been expressing ideas, remarks and thoughts on my malware research. While conducting the reseach itself I

Read More

Who needs nuclear weapons anymore?

Excluding Iran and the potential of its nuclear program(no country that bans music should have such a power!), perhaps I should rephrase - who can actually use them nowadays, are they just a statement of power, does flexibility and beneath the radar concepts matter? I feel they do. I just came across a news article from January on a new EMP warhead test, and while there have been speculations/or

Read More

The War against botnets and DDoS attacks

In one of my previous posts talking about botnet herders I pointed out how experiments tend to dominate, and while botnets protection is still a buzz word, major security vendors are actively working on product line extensions. DDoS attacks are the result of successful botnet, and so are the root of the problem besides the distributed concept. Techworld is reporting that McAfee is launching a "

Read More

A top level espionage case in Greece

Starting shortly after the Olympic games in 2004 and up to March 2005, the mobile phones of : Prime Minister Costas Caramanlis, minister of foreign affairs, defense, public order and justice, top military officials, a number of journalists, and human rights activists (hmm?) have been tapped by an unknown party though the installation of "spy software" (that's too open topic) , mind you,

Read More

Security Awareness Posters

Security is all about awareness at the bottom line. The better you understand it, the higher your chance of "survival", and hopefully progress! Enjoy the following collections of witty and amusing security awareness posters : 1, 2, 3 (you may also be interested in going through my talk on security policies and awareness with K Rudolph from Native Intelligence as well), 4, 5, 6, 7, 8. Technorati

Read More

Hacktivism tensions

It was about time the freedom of the press and the democratic nature of joking with politicians takes its hit. But why with spiritual leaders? The contradictive Muhammad cartoons sparkled a lot of anger, and with the recent tentions in France all we needed was a hacktivism activity from angry muslims. Remember how the China vs U.S cyberwar was sparkled due to the death of a Chinese pilot crashing

Read More

The current state of IP spoofing

A week ago, I came across a great and distributed initiative to map the distribution of spoofable clients and networks - the ANA Spoofer Project, whose modest sample of 1100 clients, 500 networks and 450 ASes can still be used to make informed judgements on the overall state of IP Spoofing. I once posted some thoughts on "How to secure the Internet" where I was basically trying to emphasize on

Read More

What search engines know, or may find out about us?

Today, CNET's staff did an outstanding job of finding out what major search companies retain about their users. AOL, Google, Microsoft and Yahoo! respond on very well researched questions!Whatever you do, just don't sacrifice innovation and trust in the current services for misjudged requests at the first place from my point of view. At the bottom line, differentiate your Private Searches Versus

Read More

CME - 24 aka Nyxem, and who's infected?

Today, the F-Secure's team released a neat world map with the Nyxem.E infections. As you can see the U.S and Europe have been most successfully targeted, but I wonder would it be the same given the author started localizing the subject/body messages found within the worm to other languages? Who seeks to cause damage instead of controlling information and network assets these days? A pissed off

Read More

Suri Pluma - a satellite image processing tool and visualizer

I just came across a great satellite image processing software and decided to share it with my blog readers. Perhaps that's a good moment to spread the word about my RSS compatible feed, so consider syndicating it. To sum up :"Suri Pluma is a satellite image processing tool and visualizer. It can open the most common image formats without importing to an internal format and minimizing the memory

Read More

January's Security Streams

It's been quite a busy month, still I've managed to keep my blog up to date with over 30 posts during January, here they are with short summaries. Thanks for the comments folks!I often get the question, how many people is my blog attracting, the answer is quantity doesn't matter, but the quality of the visits, still, for January there were 7,562 unique visits and over 13,000 pageloads. I'm

Read More

Was the WMF vulnerability purchased for $4000?!

Going through Kaspersky's latest summary of Malware - Evolution, October - December 2005, I came across a research finding that would definitely go under the news radar, as always, and while The Hackers seem to be more elite than the folks that actually found the vulnerability I think the issue itself deserves more attention related to the future development of a market for 0day

Read More

How we all get 0wn3d by Nature at the bottom line?

I just came across a clip courtesy of NASA that can be described as a beautiful devastation, still it reminds me of how insecure we are at the bottom line. And no, I don't see how you will distribute a signature for this, or can you? :)Technorati tags :katrina, security

Read More

Twisted Reality

I looked up the definition of Evil today, and I found it, I tried to play a Google War and came across 256 million occurrences of it, still there's a hope for all of us I guess. On the 17th of January I blogged on how China turned into the biggest black spot on the Internet's map, to find out that I even have activists commenting in my blog :)Google has agreed to "remove certain sensitive

Read More

Skype to control botnets?!

I just read an article from CNET on how "Skype could provide botnet controls", with which I totally disagree. Skype and VoIP communications can actually provide botner herders with the opportunity to communicate, compared to acting as a platform for malicious attacks. And old fashioned DDoS attacks the way we know them work damn well as a concept. Years ago, quite some :) linux boxes worming was

Read More

Personal Data Security Breaches - 2000/2005

Another invaluable CRS report that I came across to, including detailed samples of all the data security breaches in between 2000 and 2005(excluding the ones not reported or still undergoing of course), covering :- The accident- Data publicized- Who was affected- Number of affected- Type of data compromised- Source of the infoHere are some cases worth mentioning as well :1. Indiana University -

Read More

The Feds, Google, MSN's reaction, and how you got "bigbrothered"?

There's still a lot of buzz going on, concerning which search engine provided what type of data to law enforcement officials, and the echo effect of this event resulted in waves of angry end users, that among feeling "bigbrothered", now have yet another reason to switch back to Google, simple. MSN's silent reaction to this is the worst thing they could do given how actively they're trying to

Read More

Visualization, Intelligence and the Starlight project

Today, I came across a stunning collection of complex networks visualizations, that reminded of how we must first learn to visualize and than go deeper into VR. Until, I first visited this project, the Atlas of Cyberspace was perhaps my favourite visualization resource, rather outdated, still has a lot to show. Visualization is important for today's greatly developed knowledge networks, data

Read More

Homebrew Hacking, bring your Nintendo DS!

Yesterday, Engadget reported about a "WiFi sniffer" that turns your Nintendo DS, into a wardriving tool and while it lacks certain features, it can still prove "handy", even fuel further security concerns over this steadily developing trend of homebrew hacking experiments. Removable media is a problem, but would gaming devices turn into a security threat as well? They can sure result in more

Read More

Still worry about your search history and BigBrother?

The Patriot Search, recently started "helping" any government by making your search activity "public". Its search syntax terrorist:true *keyword*, and terrorist:false *keyword*, gives everyone the opportunity to be honest :) Why did the idea start at the first place? Because "only 4 out of 5 search engines allowed the government to see "private" user data". Though, a distinction between private

Read More

Cyberterrorism - recent developments

I've once blogged about why you shouldn't stereotype when it comes to Cyberterrorism, and going through the most recent and well researched report on"Terrorism Capabilities for Cyberattack : Overview and Policy Issues"I came across great similarities to what I posted. I think cyberterrorism shouldn't be just perceived as shutting down a stock exchange, or slowing it down, the irony here is that

Read More

2006 = 1984?

I recently came across great, and very informative slides on current, and future trends of surveillance technologies that simply stick to the point, as any good slides so to say. "From Target Market to Total Surveillance" is courtesy of the The Special Interest Group for Military Applications (SIGMil) at the University of Illinois, and is among the many talks and quality projects they have

Read More

Why relying on virus signatures simply doesn't work anymore?

As a fan of VirusTotal and Norman's Sandbox being always handy when making analyses or conclusions, and me looking for metrics and data to base my judgements on, besides experience, I feel their "Failures in Detection" of VT deserve more attention then they it's actually getting. With over 14, 000 files submitted on a weekly basis, where most of them are supposedly 0day malicious software, it's

Read More

FBI's 2005 Computer Crime Survey - what's to consider?

Yesterday, the FBI has released their Annual 2005 Computer Crime Survey, and while I bet many other comments will also follow, I have decided to comment on it the way I've been commenting on the U.S 2004’s "Annual Report to Congress on Foreign Economic Collection and Industrial Espionage" in previous posts. This one is compiled based on the 24, 000 participating organizations from 430 cities

Read More

China - the biggest black spot on the Internet’s map

Chinese Internet users have the potential to outpace the number of the U.S Internet population, yet, the majority of them still remain behind the most sophisticated online censorship systems in the world, the Great Chinese Firewall. I am definitely not buying into the idea of trying to take control of all the information coming in and going out of a country for the sake of my well being, as any

Read More

What are botnet herds up to?

Johannes B. Ullrich, with whom I had a chat once, did a great post providing us with real-life botnet herds "know how" or the lack of such. And while I agree that these are newbies, they are exploiting another growing trend. The vertical markers Johannes mentions are the result of abusing the affiliate networks themselves. Though, how can an affiliate network distinguish traffic coming from

Read More

Anonymity or Privacy on the Internet?

Last week, Bruce Schneier wrote a great comment on Anonymity, how it won’t kill the Internet, and that it has to do with accountability mostly.Logically, if identification is impossible, then there cannot be adequate accountability. Though, alternative methods based on the collective trust exist, and are as anonymous, as necessary. Spoofed identities, perhaps even hijacked ones should also be

Read More

To report, or not to report?

Computerworld is running a story that, “Three more U.S states add laws on data breaches”, but what would be the consequences of this action? Less security breaches? I doubt so. Realistic metrics and reactions whenever an actual breach occurs, as well as its future prevention measures? Now that’s something I think.Such legislations have a huge impact, both, on the industry, the public opinion, and

Read More

Future Trends of Malware

Great news, that I greatly anticipated, my "Malware - Future Trends" research got Slashdotted. The strange thing is how my actual post and numerous others from different respected sites weren’t approved. I guess I would have to live with that, given the huge number of hits and new subscribers to my feed I have received for the last couple of days :))Someone once said, that it’s all about to

Read More

Insecure Irony

What’s the worst thing that could happen to BigBrother and any of its puppets? – Have their confidential info exposed due to the neglegence of a commercial organization, one that is used for gathering the majority of intelligence data these days. Now, that’s an insecure irony. It is a public secret that any government is gathering enormous information on its citizens through commercial

Read More

Security threats to consider when doing E-Banking

E-banking, and mobile commerce are inevitable part of our daily lifes, and would continue to get more popular. The bad thing is, that it's not just us, the end users benefiting from this fact, but also, the malicious attackers exploiting our naivety and lack of awareness on the threats to watch for. Candid Wuuest did an outstanding research on the insecurities of E-banking, and excellect job in

Read More

The hidden internet economy

How much does phishing, spam and spyware for instance cost on businesses? Should we measure in cash, or hardly quantified long-term affects such as reputation damage, loss of confidence in the business, or the percentage of people that would think twice before doing any E-shopping at all?These days, I believe that there’s a huge number of individuals with purchasing power that tend to avoid

Read More

The never-ending "cookie debate"

On the 6th of January, CNET reported that the web sites of 23 U.S senators use persistent cookies (usually expiring around 2035), and several days earlier, Google-Watch.org found out the same for NSA's web site. As a matter of fact, Google, the world's most popular search engine with millions of searches in over 100 languages, also uses cookies that expire in 2035. But how does this all matter to

Read More

Why we cannot measure the real cost of cybercrime?

At the end of 2005, a rather contradictive statement was made, namely, that the costs of cybercrime have surpassed those of drug smuggling? And while I feel it has been made in order to highlight the threatsposed by today's cyber insecurities, I find it a bit of an unrealistic one.Mainly because of :- the lack of centralized database and approach to keep track of, and measure the costs of cyber

Read More

Would we ever witness the end of plain text communications?

Last week, a report released by the research firm In-Sat estimated that revenues for IP VPNs will double between 2004 and 2009 to $658 million.Estimates should also be questined, though the trend is very relevant these days. VPNs as a concept are the natural shift from avoiding plaintext data exchange over the insecure by default Internet. Yet, secure communication channel doesn't mean actual

Read More

Watch out your wallets!

The irony of today's, obviously not working loan system, has left a 22 years old Chicago student in debt of $412,000. A very scary event, that I feel could have been prevented if the loss was reported, and the bank giving the loans was somehow aware of the social status of the "borrower" :)In case you are interested in knowing more about identity theft, go through the following :ID Theft : When

Read More

Malware - future trends

I'm very excited to let you know that, I have finally managed to release my "Malware - future trends" publication. Basically, it will provide you with an overview of the current trends, the driving factors behind the scenethe scene, and some of the trends to come, from my point of view.As factors contributing to the rise and success of malware I have pointed out :- Documentation and howto's

Read More

How to secure the Internet

I recently wondered, are there any existing government practices towards securing the entire Internet?So I went though the U.S National Strategy to Security Cyberspace, to find out what is the U.S up to given it stillmaintains "control" of the Internet. What is the Internet's biggest weakness? No, it's not a sophisticated term, its a common word called design.A fact that is often neglected as the

Read More

Security quotes : a FSB (successor to the KGB) analyst on Google Earth

"Lt. Gen. Leonid Sazhin, an analyst for the Federal Security Service, the Russian security agency that succeeded the K.G.B., was quoted by Itar-Tass as saying: "Terrorists don't need to reconnoiter their target. Now an American company is working for them." A great quote, and I find it totally true. The point is, not to look for high-resolution imagery, but to harness the power of OSINT, improve

Read More

Keep your friends close, your intelligence buddies closer!

Too much power always leads you to the dark side!Cryptome has yesterday featured a excerpt from "State of the War : The Secret History of the CIA and the Bush Administration" shredding more light on what the NSA used to be before 9/11 and how things changed at a later stage. In case you really want to find out more about the entire history of the NSA, go though "The Quest for Cryptologic

Read More

What's the potential of the IM security market? Symantec thinks big

Yesterday, Symantec, one of the world's leading security, and of course, storage providers aquired IMlogic, a leading provide of Instant Messaging security solutions. How sound is this move anyway? Doesn't Symantec already have the necessary experience in this field?IMlogic has never been a build-to-flip company. Dating back to 2002, it has managed to secure important customers, Fortune 1000

Read More

Happy New Year folks!!

Dear friends and visitors,Happy New Year and sincere apologies for the lack of updates on my blog recently. It's not that I have somehow stopped brainstorming on how to put my knowledge into neat posts, rather, I didn't have the time that I wanted to provide an in-depth overview of they key topics I had in mind :-)I wish you all the best in 2006, thank for your feedback on my ideas, and keep

Read More