January's Security Streams

It's been quite a busy month, still I've managed to keep my blog up to date with over 30 posts during January, here they are with short summaries. Thanks for the comments folks!I often get the question, how many people is my blog attracting, the answer is quantity doesn't matter, but the quality of the visits, still, for January there were 7,562 unique visits and over 13,000 pageloads. I'm

Read More

Was the WMF vulnerability purchased for $4000?!

Going through Kaspersky's latest summary of Malware - Evolution, October - December 2005, I came across a research finding that would definitely go under the news radar, as always, and while The Hackers seem to be more elite than the folks that actually found the vulnerability I think the issue itself deserves more attention related to the future development of a market for 0day

Read More

How we all get 0wn3d by Nature at the bottom line?

I just came across a clip courtesy of NASA that can be described as a beautiful devastation, still it reminds me of how insecure we are at the bottom line. And no, I don't see how you will distribute a signature for this, or can you? :)Technorati tags :katrina, security

Read More

Twisted Reality

I looked up the definition of Evil today, and I found it, I tried to play a Google War and came across 256 million occurrences of it, still there's a hope for all of us I guess. On the 17th of January I blogged on how China turned into the biggest black spot on the Internet's map, to find out that I even have activists commenting in my blog :)Google has agreed to "remove certain sensitive

Read More

Skype to control botnets?!

I just read an article from CNET on how "Skype could provide botnet controls", with which I totally disagree. Skype and VoIP communications can actually provide botner herders with the opportunity to communicate, compared to acting as a platform for malicious attacks. And old fashioned DDoS attacks the way we know them work damn well as a concept. Years ago, quite some :) linux boxes worming was

Read More

Personal Data Security Breaches - 2000/2005

Another invaluable CRS report that I came across to, including detailed samples of all the data security breaches in between 2000 and 2005(excluding the ones not reported or still undergoing of course), covering :- The accident- Data publicized- Who was affected- Number of affected- Type of data compromised- Source of the infoHere are some cases worth mentioning as well :1. Indiana University -

Read More

The Feds, Google, MSN's reaction, and how you got "bigbrothered"?

There's still a lot of buzz going on, concerning which search engine provided what type of data to law enforcement officials, and the echo effect of this event resulted in waves of angry end users, that among feeling "bigbrothered", now have yet another reason to switch back to Google, simple. MSN's silent reaction to this is the worst thing they could do given how actively they're trying to

Read More

Visualization, Intelligence and the Starlight project

Today, I came across a stunning collection of complex networks visualizations, that reminded of how we must first learn to visualize and than go deeper into VR. Until, I first visited this project, the Atlas of Cyberspace was perhaps my favourite visualization resource, rather outdated, still has a lot to show. Visualization is important for today's greatly developed knowledge networks, data

Read More

Homebrew Hacking, bring your Nintendo DS!

Yesterday, Engadget reported about a "WiFi sniffer" that turns your Nintendo DS, into a wardriving tool and while it lacks certain features, it can still prove "handy", even fuel further security concerns over this steadily developing trend of homebrew hacking experiments. Removable media is a problem, but would gaming devices turn into a security threat as well? They can sure result in more

Read More

Still worry about your search history and BigBrother?

The Patriot Search, recently started "helping" any government by making your search activity "public". Its search syntax terrorist:true *keyword*, and terrorist:false *keyword*, gives everyone the opportunity to be honest :) Why did the idea start at the first place? Because "only 4 out of 5 search engines allowed the government to see "private" user data". Though, a distinction between private

Read More

Cyberterrorism - recent developments

I've once blogged about why you shouldn't stereotype when it comes to Cyberterrorism, and going through the most recent and well researched report on"Terrorism Capabilities for Cyberattack : Overview and Policy Issues"I came across great similarities to what I posted. I think cyberterrorism shouldn't be just perceived as shutting down a stock exchange, or slowing it down, the irony here is that

Read More

2006 = 1984?

I recently came across great, and very informative slides on current, and future trends of surveillance technologies that simply stick to the point, as any good slides so to say. "From Target Market to Total Surveillance" is courtesy of the The Special Interest Group for Military Applications (SIGMil) at the University of Illinois, and is among the many talks and quality projects they have

Read More

Why relying on virus signatures simply doesn't work anymore?

As a fan of VirusTotal and Norman's Sandbox being always handy when making analyses or conclusions, and me looking for metrics and data to base my judgements on, besides experience, I feel their "Failures in Detection" of VT deserve more attention then they it's actually getting. With over 14, 000 files submitted on a weekly basis, where most of them are supposedly 0day malicious software, it's

Read More

FBI's 2005 Computer Crime Survey - what's to consider?

Yesterday, the FBI has released their Annual 2005 Computer Crime Survey, and while I bet many other comments will also follow, I have decided to comment on it the way I've been commenting on the U.S 2004’s "Annual Report to Congress on Foreign Economic Collection and Industrial Espionage" in previous posts. This one is compiled based on the 24, 000 participating organizations from 430 cities

Read More

China - the biggest black spot on the Internet’s map

Chinese Internet users have the potential to outpace the number of the U.S Internet population, yet, the majority of them still remain behind the most sophisticated online censorship systems in the world, the Great Chinese Firewall. I am definitely not buying into the idea of trying to take control of all the information coming in and going out of a country for the sake of my well being, as any

Read More

What are botnet herds up to?

Johannes B. Ullrich, with whom I had a chat once, did a great post providing us with real-life botnet herds "know how" or the lack of such. And while I agree that these are newbies, they are exploiting another growing trend. The vertical markers Johannes mentions are the result of abusing the affiliate networks themselves. Though, how can an affiliate network distinguish traffic coming from

Read More

Anonymity or Privacy on the Internet?

Last week, Bruce Schneier wrote a great comment on Anonymity, how it won’t kill the Internet, and that it has to do with accountability mostly.Logically, if identification is impossible, then there cannot be adequate accountability. Though, alternative methods based on the collective trust exist, and are as anonymous, as necessary. Spoofed identities, perhaps even hijacked ones should also be

Read More

To report, or not to report?

Computerworld is running a story that, “Three more U.S states add laws on data breaches”, but what would be the consequences of this action? Less security breaches? I doubt so. Realistic metrics and reactions whenever an actual breach occurs, as well as its future prevention measures? Now that’s something I think.Such legislations have a huge impact, both, on the industry, the public opinion, and

Read More

Future Trends of Malware

Great news, that I greatly anticipated, my "Malware - Future Trends" research got Slashdotted. The strange thing is how my actual post and numerous others from different respected sites weren’t approved. I guess I would have to live with that, given the huge number of hits and new subscribers to my feed I have received for the last couple of days :))Someone once said, that it’s all about to

Read More

Insecure Irony

What’s the worst thing that could happen to BigBrother and any of its puppets? – Have their confidential info exposed due to the neglegence of a commercial organization, one that is used for gathering the majority of intelligence data these days. Now, that’s an insecure irony. It is a public secret that any government is gathering enormous information on its citizens through commercial

Read More

Security threats to consider when doing E-Banking

E-banking, and mobile commerce are inevitable part of our daily lifes, and would continue to get more popular. The bad thing is, that it's not just us, the end users benefiting from this fact, but also, the malicious attackers exploiting our naivety and lack of awareness on the threats to watch for. Candid Wuuest did an outstanding research on the insecurities of E-banking, and excellect job in

Read More

The hidden internet economy

How much does phishing, spam and spyware for instance cost on businesses? Should we measure in cash, or hardly quantified long-term affects such as reputation damage, loss of confidence in the business, or the percentage of people that would think twice before doing any E-shopping at all?These days, I believe that there’s a huge number of individuals with purchasing power that tend to avoid

Read More

The never-ending "cookie debate"

On the 6th of January, CNET reported that the web sites of 23 U.S senators use persistent cookies (usually expiring around 2035), and several days earlier, Google-Watch.org found out the same for NSA's web site. As a matter of fact, Google, the world's most popular search engine with millions of searches in over 100 languages, also uses cookies that expire in 2035. But how does this all matter to

Read More

Why we cannot measure the real cost of cybercrime?

At the end of 2005, a rather contradictive statement was made, namely, that the costs of cybercrime have surpassed those of drug smuggling? And while I feel it has been made in order to highlight the threatsposed by today's cyber insecurities, I find it a bit of an unrealistic one.Mainly because of :- the lack of centralized database and approach to keep track of, and measure the costs of cyber

Read More

Would we ever witness the end of plain text communications?

Last week, a report released by the research firm In-Sat estimated that revenues for IP VPNs will double between 2004 and 2009 to $658 million.Estimates should also be questined, though the trend is very relevant these days. VPNs as a concept are the natural shift from avoiding plaintext data exchange over the insecure by default Internet. Yet, secure communication channel doesn't mean actual

Read More

Watch out your wallets!

The irony of today's, obviously not working loan system, has left a 22 years old Chicago student in debt of $412,000. A very scary event, that I feel could have been prevented if the loss was reported, and the bank giving the loans was somehow aware of the social status of the "borrower" :)In case you are interested in knowing more about identity theft, go through the following :ID Theft : When

Read More

Malware - future trends

I'm very excited to let you know that, I have finally managed to release my "Malware - future trends" publication. Basically, it will provide you with an overview of the current trends, the driving factors behind the scenethe scene, and some of the trends to come, from my point of view.As factors contributing to the rise and success of malware I have pointed out :- Documentation and howto's

Read More

How to secure the Internet

I recently wondered, are there any existing government practices towards securing the entire Internet?So I went though the U.S National Strategy to Security Cyberspace, to find out what is the U.S up to given it stillmaintains "control" of the Internet. What is the Internet's biggest weakness? No, it's not a sophisticated term, its a common word called design.A fact that is often neglected as the

Read More

Security quotes : a FSB (successor to the KGB) analyst on Google Earth

"Lt. Gen. Leonid Sazhin, an analyst for the Federal Security Service, the Russian security agency that succeeded the K.G.B., was quoted by Itar-Tass as saying: "Terrorists don't need to reconnoiter their target. Now an American company is working for them." A great quote, and I find it totally true. The point is, not to look for high-resolution imagery, but to harness the power of OSINT, improve

Read More

Keep your friends close, your intelligence buddies closer!

Too much power always leads you to the dark side!Cryptome has yesterday featured a excerpt from "State of the War : The Secret History of the CIA and the Bush Administration" shredding more light on what the NSA used to be before 9/11 and how things changed at a later stage. In case you really want to find out more about the entire history of the NSA, go though "The Quest for Cryptologic

Read More

What's the potential of the IM security market? Symantec thinks big

Yesterday, Symantec, one of the world's leading security, and of course, storage providers aquired IMlogic, a leading provide of Instant Messaging security solutions. How sound is this move anyway? Doesn't Symantec already have the necessary experience in this field?IMlogic has never been a build-to-flip company. Dating back to 2002, it has managed to secure important customers, Fortune 1000

Read More

Happy New Year folks!!

Dear friends and visitors,Happy New Year and sincere apologies for the lack of updates on my blog recently. It's not that I have somehow stopped brainstorming on how to put my knowledge into neat posts, rather, I didn't have the time that I wanted to provide an in-depth overview of they key topics I had in mind :-)I wish you all the best in 2006, thank for your feedback on my ideas, and keep

Read More