During a recent illness I was doing some research into rendition and the Fourth Amendment evidentiary issues which may come up more often with an increased focus on prosecution of offshore cybercriminals. The challenge: how to recover both digital evidence for Stateside trial and the actual [foreign] cybercriminal with a less than cooperative home country.
At least it’s easier to understand than the prompt from Facebook asking me to accept and open my connections which I saw a few weeks back. To manage your privacy on Facebook, you will need to navigate through 50 settings with more than 170 options. I’m starting to seriously consider switching to the next best
David Harley sent me a link to an article about a scam I wasn’t familiar with. I wouldn’t really call it a scam, it is more a diversionary and blocking tactic after a victim’s account has been compromised, but it may be an indicator of an attack. According to Wired (http://www.wired.com/threatlevel/2010/05/telephony-dos), what happens is that
Our colleagues in ESET Latin America have just blogged about an interesting botnet creation tool: the original blog is at http://blogs.eset-la.com/laboratorio/2010/05/14/botnet-a-traves-twitter/, by Jorge Mieres and Sebastián Bortnik, Security Analysts. (Mistakes in interpretation are, as usual, down to me!) In the last years we have seen many security incidents driven by botnets and exploiting the technologies
I was dismayed at a recent article on a web site that calls itself the Airline News Resource. A young student, Mr. Toms Purgailis, from Latvia wrote an article about the future of IFE (In Flight Entertainment) in which he advocates the passengers on the airplanes using iPads and laptops and just sharing their movie
While I was at the EICAR conference earlier this week, I also co-presented (along with Pierre-Marc Bureau and Andrew Lee) a paper on “Security, Perception and Worms in the Apple”… so along with the new paper, I’ve made available again the paper on Macs and malware that I presented at Virus Bulletin in 1997.
The methodology and categories used in performance testing of anti-malware products and their impact on the computer remains a contentious area. While there’s plenty of information, some of it actually useful, on detection testing, there is very little on performance testing. Yet, while the issues are different, sound performance testing is at least as challenging, in its own way, as detection testing. Performance testing based on assumptions that ‘one size [or methodology] fits all’, or that reflects an incomplete understanding of the technicalities of performance evaluation, can be as misleading as a badly-implemented detection test.
While the jury’s still out about whether the intent of the past month’s mass webserver breaches are fully criminal, Dancho reports new developments which also link Koobface activity into this command and control structure:
Yet another mass sites compromise is currently taking place, this time targeting DreamHost customers, courtesy of the same gang behind the U.S Treasury/GoDaddy/NetworkSolutions mass compromise campaigns.
In response to David Harley’s Blog about the much overhyped “Khobe” attack, RJ asked the following question: If someone were to download software they thought was genuine (freeware of some sort) and it had this code embedded into it, could the system be compromised? For Example, I download a free PDF convertor that I think
While I've been at the iAWACS and EICAR conferences with somewhat erratic connectivity, it seems that Matousec have discovered The End of Antivirus As We Know It. Actually, a lot of people have been doing that this week, but that's a topic for a later blog. Fortunately, while I was trying to get a connection
This week there have been several major malware injection campaigns against WordPress blogs and other php-based content management systems. This malware injection battle began last week with Network Solutions and GoDaddy. Recently researcher Dancho Danchev has found evidence linking two US Treasury sites into the malware injection campaign: What's particularly interesting about this campaign is
Adobe's Product Security Incident Response Team (PSIRT) reports that malicious emails are circulating claiming to be Adobe security updates, many of them signed by "James Kitchin" of "Adobe Risk Management", or a similar (presumably mythical) team. Adobe says that the messages include links to download instructions for a security update that addresses "CVE-2010-0193 Denial of Service
[Update: according to Neil Rubenking, FB chat is now working again and it's no longer possible to view friend requests or chat activity for other users.] I've just blogged yet again about Facebook and privacy: I don't usually publish the same content on different blog sites, but this is a recurrent hot topic in the ThreatBlog,
I've just blogged at a site that specializes in chainletter-related spam and scams about a 419-type spam that masquerades as an email from the non-existent Frank Adam at the Civil Aviation Authority.,It's aimed at people whose air travel was disrupted by the Icelandic volcano, specifically those who found themselves stranded somewhere on mainland Europe. However, I thought
As you can see from this photo from the Infosecurity Europe show, my sessions down at the gym are really starting to pay off. :) As I mentioned previously, the update process on the monthly ThreatSense Report continues, and the April report is now available here. While the usual look at the top ten security
…but not in a good sense. Clearly there's a lot of confusion about the detail of Facebook's latest changes, as suggested by MSNBC at http://www.msnbc.msn.com/id/36877160/ns/technology_and_science-tech_and_gadgets/, though it's clear enough that they don't amount to a victory for common sense and user privacy. But what do you do about it? Well, here's a good start. Social Media
Some of us are currently busily preparing for the AMTSO workshop in Helsinki on the 24th and 25th May 2010, just before the CARO workshop on 26th and 27th May (for which registration closes on 12th May). Before the Helsinki events, though, the EICAR conference in Paris includes some interesting testing-related material before and during the main conference.
Got a kick out of this Verizon Business Risk Intelligence post: “Problem-makers and Solution-makers should no more have the same label as terrorists and engineers. Sure, they both interact with explosives in their daily business but they put their skills to vastly different uses. Is there a reason we must continue to label people by