Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / Recently Commented

US Number One Country Hosting Malware in 2008, According to a New Security Report

The latest security report from Sophos suggests that more malware is hosted on U.S. websites and more spam is relayed from American computers, than any other country. As evidence of this, when an American Internet company, McColo Corp., accused of collaborating with spammers and hackers, was taken offline last month, there was a staggering 75% drop in global spam volume. more»

Policy Review: Botnets are eWMD, electronic Weapons of Mass Destruction

The latest issue of Policy Review from the Hoover Institution, a public policy research center -- focused on advanced study of politics, economics, and political economy -- has an essay titled eWMDs – electronic weapons of mass destruction. The Policiy Review readers are warned that botnets should be considered a serious security problem and that "cyber attacks present a grave new security vulnerability for all nations and must be urgently addressed." more»

Cybercriminals Profiting from Global Recession and Distracted Governments

McAfee, Inc. today announced findings from its annual cybersecurity study in which experts warned that the recession is proving a hotbed for fraudulent activity as cybercriminals capitalize on a climate of consumer fear and anxiety. The economic downturn is diverting political attention worldwide and cybersecurity is not enough of a priority around the globe for real headway to be made against the perpetrators of online crime. Experts warned that unless significant resources are committed to international efforts to fight malicious cyberactivity, there is a risk that cybercrime will impact consumer confidence, further hindering the speed of global recovery. more»

Obama Urged to Appoint Cybersecurity Chief in White House

A committee of cybersecurity experts today released a 96-page report detailing recommendations for the next administration on how to combat the growing number of criminal attacks aimed at government networks. Creating a National Office for Cybersecurity within the White House is chief among the report's recommendations. A top cybersecurity official would help coordinate a national strategy among agencies, and would also work with the private sector to boost defenses against hackers, according to the report. more»

Yet Another Web Malware Exploitation Kit in the Wild

With business-minded malicious attackers embracing basic marketing practices like branding, it is becoming increasingly harder, if not pointless to keep track of all XYZ-Packs currently in circulation. How come? Due to their open source nature allowing modifications, claiming copyright over the modified and re-branded kit, the source code of core web malware exploitation kits continue representing the foundation source code for each and every newly released kit. more»

Cybercrime and "Remote Search"

According to news reports, part of the EU's cybercrime strategy is "remote search" of suspects' computers. I'm not 100% certain what that means, but likely guesses are alarming. The most obvious interpretation is also the most alarming: that some police officer will have the right and the ability to peruse people's computers from his or her desktop. How, precisely, is this to be done? Will Microsoft and Apple – and Ubuntu and Red Hat and all the BSDs and everyone else who ships systems – have to build back doors into all operating systems? more»

Hackers Penetrated Pentagon Computer Systems, Called Most Severe on US Military Network

Computer hackers suspected of working from Russia successfully penetrated Pentagon computer systems in one of the most severe cyber attacks on US military networks, according to reports. The electronic attack was so serious that Admiral Mike Mullen, the chairman of the joint chief of staff, briefed President George W Bush and Robert Gates, the defense secretary. "This one was significant, this one got our attention," said an official, speaking anonymously. more»

Localizing Cybercrime

It's where you advertise your services, and how you position yourself that speak for your intentions, of course, "between the lines". There's a common misunderstanding that in order for a malware campaigner or scammer to launch a localized attack, they need to speak the local language. This misconception is largely based on the fact that a huge number of people remain unaware on how core strategic business practices have been in operation across the cybercrime underground for the last couple of years. more»

World Bank Removes CIO Following Recent Cyberattacks

According to recent reports, The World Bank has effectively removed a vice president who served as its chief information officer while struggling to deal with a series of embarrassing cyberattacks. The World Bank Group's network, which had been raided repeatedly by outsiders for more than a year, is one of the largest repositories of sensitive data about the economies of every nation. Servers in the institution's highly restricted Treasury unit were deeply penetrated with spy software, and the invaders also had full access to the rest of the bank's network for nearly a month in June and July, sources say. At least six major breaches have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month. more»

Criminals Regain Control of Srizbi Botnet, Spam Volume Rising

Experts are that the spam volumes may spike significantly over the next few days now that one of the world's largest networks of compromised computers used for blasting out junk email has been brought back to life, reports Brian Krebs of the Washington Post. "The Srizbi botnet, a collection of more than half a million hacked PCs that were responsible for relaying approximately 40 percent of all spam sent worldwide, was knocked offline two weeks ago due to pressure from the computer security community." more»

Feds Urged to Deploy DNSSEC and Signing of the Root Zone

Security experts and leading vendors are urging the U.S. federal government for the rapid adoption of DNSSEC and signing of the root zone. In recent weeks, the National Telecommunications and Information Administration (NTIA) has received 30-plus comments in favor of securing DNS root zone data. These comments are from the Internet Architecture Board (IAB) and the Internet Society as well as ISPs and domain name operators such as PayPal, Akamai Technologies, NeuStar, Comcast and Afilias. more»

High-Profile Botnet Shutdowns Giving Rise to Virtual Malware Next Year, Experts Predict

Virus writers are likely to unleash increasingly sophisticated strains of malware next year in an attempt to bounce back from some high-profile botnet shutdowns in 2008, according to new predictions from managed security provider MessageLabs. The company predicted that hackers will launch new attacks in which malware will exist as a virtualisation layer running directly on the hardware and undiscoverable by the operating system. more»

US Concerned Over Chinese Cyber Espionage

China is actively conducting cyber espionage as a warfare strategy and has targeted U.S. government and commercial computers, according to a new report from the U.S.-China Economic and Security Review Commission. "China's current cyber operations capability is so advanced, it can engage in forms of cyber warfare so sophisticated that the United States may be unable to counteract or even detect the efforts," according to the annual report recently delivered to Congress. more»

Cybercrime, Underground Economy Booming, Stolen Credit Card Data Main Driver

Credit card information is the most advertised category of goods and services on the underground economy accounting for 31 percent of the total, according to recent data found by security experts. In a report released today by Symantec, stolen credit card numbers are reported to sell for as little as $0.10 to $25 per card with the average advertised stolen credit card limit at more than $4,000. According to calculations, the potential worth of all credit cards advertised during the reporting period was $5.3 billion. more»

IETF Debates DNS Security: Fix It or Push for DNSSEC

The Internet engineering community is grappling with what to do about a serious flaw in the DNS discovered this summer, and the ongoing debate brings to mind a famous quotation from Voltaire: "The perfect is the enemy of the good." At issue is whether the group should use its resources to encourage DNS registries, ISPs and enterprises to upgrade to the ultimate DNS security solution known as DNSSEC; or whether it should tweak the DNS protocols to address the so-called 'Kaminsky bug' as an interim step. The issue is being debated at a meeting of the IETF, the Internet's leading standards body, being held here this week. more»