Archive for the 'default' Category
Articles
May 24th, 2007Part 1: Security Absurdity The Complete, Unquestionable, And Total Failure of Information Security.
http://www.securityabsurdity.com/failure.php
Follow up: Community Comments & Feedback to Security Absurdity
http://www.securityabsurdity.com/comments.php
Part Two: Coming Soon.
Attackers Evade Detection Using New Method
March 2nd, 2007Further exposing the weaknesses of signature-based detection, cybercriminals have developed a new method to hide malicious code to evade detection.
Called dynamic code obfuscation, the method alters virus code using a different set of functions, parameter names and encryption keys for each user! For example, if two people visit a malicious Web site at the same [...]
Internet Root Servers Attacked
February 6th, 2007In a very significant attack, cybercriminals launched a large Denial of Service attack against the internet’s 13 root servers, and briefly disabled 3 of them, including one that handles the US Defense Department network.
This is not the first time the 13 root servers have been targeted. In October 2002, a hour-long ping-flooding DDoS attack [...]
NYTimes: Attack of the Zombie Computers Is Growing Threat
January 8th, 2007The New York Times has an article discussing the difficulty security researchers face in combatting botnets, and how botnets are threatening the safety of the internet.
Some highlights from the article:
* What is new is the vastly escalating scale of the problem — and the precision with which some of the programs can scan computers for [...]
2006: “The Year of Computing Dangerously”
December 28th, 2006The Washington Post has an article calling 2006 the “year of computing dangerously.”
Here are some excerpts from the article:
* “Computer security experts say 2006 saw an unprecedented spike in junk e-mail and sophisticated online attacks from increasingly organized cyber crooks. These attacks were made possible, in part, by a huge increase in the number of [...]
Community Comments & Feedback to Security Absurdity Article
November 22nd, 2006Six months ago I wrote Part One of my Security Absurdity article. The article was written to spark off dialogue, discussion and debate on the significant security challenges we face. Thankfully the article received quite a bit of attention and generated discussion on various sites, blogs and forums.
I want to highlight some of the comments [...]
Is the anti-virus industry improving or just getting worse?
October 17th, 2006A analysis by Eugene Kaspersky, Head of Russian Kapersky Lab Virus Research, reveals some disturbing problems that are inherent in the antivirus industry. The greatest problem with antivirus software is that the majority of products available are unable even to guarantee up to 90% protection to users. According to Kapersky, many antivirus companies are unable [...]
A Patch-Friendly Boot Mode?
September 10th, 2006In my Security Absurdity article, I mentioned the window of exposure which occurs when new, unpatched computers connect to the internet for the first time before they have a chance to download required patches.
In 2003 I mentioned the idea of a Patch-Friendly Boot Mode in the Patch Management mailing list as a possible solution to [...]
2006 Stupid Security Competition
August 28th, 2006Privacy International has announced their 2006 Stupid Security Contest.
The Stupid Security Competition aim to highlight the absurdities of the security industry. Privacy International’s director, Simon Davies, said his group had taken the initiative because of “innumerable” security initiatives around the world that had absolutely no genuine security benefit. The awards were first staged in 2003 [...]
A Computer Is Always Vulnerable, Even When Turned Off
August 28th, 2006The SANS Internet Storm Center’s tip of the day says that a computer can not be compromised while turned off.
There are services that can still run when the computer is turned off. For example, Intel’s new Active Management Technology (AMT) which will be built into future processors, allow remote management capabilities even when the computer [...]