Video Screencast Help
Security Response
Showing posts in English
Ron Bowes | 25 May 2007 07:00:00 GMT | 0 comments

The Internet is home to billions of computers, all of which performthe jobs they have been programmed to do. Each of these computers has ahard drive and RAM. It’s a rare case that either is completely full. Abillion computers, each with a couple spare megabytes, works out to afew terabytes in a very conservative estimate.

There are several ways that this space can be harnessed to varyingdegrees, depending on what the ultimate goal of an attacker is. A tinybit of RAM on a large number of computers can be used to store secretdata that an attacker wants to hide, while a lot of information can bestored on some servers at the risk of being found and removed.Harnessing this space is often referred to as "parasitic storage."

One parasitic storage technique, called "juggling," can be used forextremely sensitive or illegal information. The goal for the attackeris to ensure that the complete body of information is never on theircomputer all at once, but that part of it is...

Stuart Smith | 24 May 2007 07:00:00 GMT | 0 comments

As with my last blog, the topic this time is behavioral detection, and the various trade-offs involved. We already covered some of the issues in the use of virtual environments for the detection of threats, and this time we’ll cover some of the issues involved in classifying behavior and mitigating damage.

Whatever your approach is to generating and tracking behavior, you need the ability to classify it. There are challenges to tracking behavior, but once you have a profile of behavior, determining what is malicious is a harder problem. Some security products solve this by handing off the problem to the user. Most don’t. The real problem in profiling is that the definition of what is malicious has changed over time. Is tracking your activity as you surf a web page malicious? If you say yes, what about the wonderful “suggest” features that use historical data? Is any program that downloads silently with no GUI malicious? What about Windows Update or Live Update? Something...

Stuart Smith | 23 May 2007 07:00:00 GMT | 0 comments

The amount of new malware in the wild is growing quickly. While this is not a new observation, I have seen some claims that behavioral detection may be the answer to this ever-increasing amount of malware. Unlike more traditional types of detection that look at static attributes inherent in a piece of software, such as unique data, code, etc., behavioral detection involves running a possible threat, tracking its behavior with various monitors, and then using the information gathered to determine if it is malicious. As more behavioral detection products emerge, one article asked “Is Desktop Antivirus Dead?” [1]. Hardly, but it is worth a look at why the question even comes up.

Behavioral detection holds out the promise of more zero-day detections, and it reduces the number of updates you need to make to your antivirus software. Note that you cannot safely eliminate updates, since the definition of malicious behavior changes over time. The history of malware, from viruses and...

Ron Bowes | 22 May 2007 07:00:00 GMT | 0 comments

A few months ago, I moved out of my home town in search of greenerpastures. In doing so, I called every company I could think of whomight have my previous address. And that was a lot of calling - thesedays, it seems like changing a home address is as difficult as changingan email address!

After I arrived, I bought a lot of stuff online. I purchasedeverything from books and movies to show tickets from major onlineretailers. I made every transaction with my credit card, and everythingwas shipped to my new address. I didn't have any problems - at first -all I needed was my credit card information and everything was shippedwhere I asked it to be shipped.

Recently, however, I purchased a new hard drive from a localcomputer store. Since it's on the far side of the city, I opted to haveit shipped rather than pick it up. This morning, I received an emailsaying that they wouldn't accept the order because my shipping addressdidn't match the address on my credit card. So I...

Ron Bowes | 22 May 2007 07:00:00 GMT | 0 comments

A few months ago, I moved out of my home town in search of greenerpastures. In doing so, I called every company I could think of whomight have my previous address. And that was a lot of calling - thesedays, it seems like changing a home address is as difficult as changingan email address!

After I arrived, I bought a lot of stuff online. I purchasedeverything from books and movies to show tickets from major onlineretailers. I made every transaction with my credit card, and everythingwas shipped to my new address. I didn't have any problems - at first -all I needed was my credit card information and everything was shippedwhere I asked it to be shipped.

Recently, however, I purchased a new hard drive from a localcomputer store. Since it's on the far side of the city, I opted to haveit shipped rather than pick it up. This morning, I received an emailsaying that they wouldn't accept the order because my shipping addressdidn't match the address on my credit card. So I...

Yazan Gable | 21 May 2007 07:00:00 GMT | 0 comments

Skimming is quite the threat to your credit card security. But everyday some of your personal information is leaked out to potentiallymalicious people without the help of skimmers. This personalinformation may be used to aid in identity theft attacks. Where doesthis information come from, and how is it leaking? Every bit ofpersonal information that we give out is stored in a databasesomewhere.

Have you ever been asked for your zip or postal code when shoppingat your favorite retail store? Have you ever registered as a regularshopper at your favorite Webstore? I know I have, and it’s little bitsof information like that, often asked for on a whim, stored in a widerange of databases, which could add up to identity theft. Not onlythat, but many of these organizations store bank and credit cardinformation, names, birth dates, and even drivers license numbers aswell.

All of the information collected about us is stored in databases.Hundreds of potentially insecure databases...

Elia Florio | 18 May 2007 07:00:00 GMT | 0 comments

“Whenever I post my computer putssomething on the end of my post that I didn't type. Just look, it'sthat link and the text know will appear when I post this.P.S.Look,Super sreensaver! :)) …”

I wanted to start this blog by quoting a post picked up from one ofthe many forums contaminated by Mespam to show exactly what infectedusers experience without having a clue of what’s going on with theircomputer. If your friends are complaining that your e-mails, blog postsand chat sessions show a suspicious URL linking to photos, jokes orscreensavers that you hadn’t sent them, you’re probably another victimof this Trojan.

Trojan.Mespam was originally spotted in February and we described herethe new spreading technique, which uses an LSP component to attach textand malicious links to the outgoing HTTP traffic. In the Web 2.0...

Ron Bowes | 18 May 2007 07:00:00 GMT | 0 comments

These days, awareness about identity theftis increasing. More and more people understand that they aren'tsupposed to give out personal information unless they know who they'retalking to. But no matter how much you protect yourself, you still haveto rely on others to do the same. That leads to an important question:who knows who I am?

My first thought is my family. If somebody called my mom and askedquestions about me, would she answer? What about my dad, or mygrandparents? While I may know enough to protect my own personalinformation, they may not be aware. This is even more likely if theperson digging up information pretends to be a friend or employer, orif my family thinks that I'm somehow threatened ("We need your son'ssocial security number immediately, or he's going to lose his job").

Speaking of employers, how many job applications have you filledout? And how many required your social security number? Personally, Ican think of a dozen employers in a wide...

Zulfikar Ramzan | 17 May 2007 07:00:00 GMT | 0 comments

A while back, I blogged about the role of two-factor authentication tokens in protecting against phishing scams.Since then, the issue has come up again, and has recently has attractedmore attention, so I thought I’d spend some time here revisiting it.

First, let’s recall what two-factor authentication means. There arethree mechanisms we can use to prove to someone else that we are who wesay we are:
(1) something we have - a driver’s license, access card, or key
(2) something we are - a biometric like a fingerprint
(3) something we know - a password, or other common information aboutourselves (like a social security number, mailing address, or ourmother’s maiden name.)

Two-factor authentication simply refers to the idea ofauthenticating yourself using two of the above. Note that having twodifferent passwords is not...

Paul Mangan | 16 May 2007 07:00:00 GMT | 0 comments

The use of self-propagating programs for legitimate purposes is one of those ideas that just refuses to die.

In the 1978, researchers at Xerox Palo Alto Research Center (PARC)created worms that performed tasks that included system monitoring andwake up calls. However, in one case, the Xerox PARC ‘good’ worms thatwere supposed to run on a small set of machines, instead replicateduncontrollably across the network and started crashing machines.Fortunately, the Xerox PARC researchers had an independent terminationmechanism in the worm that enabled them to kill all copies of the wormon the network. Unfortunately, they still had 100 dead machines.

Since then, others have proposed using ‘good’ worms for purposessuch as compressing all files on a network, battling against ‘evil’worms, patching vulnerabilities, and looking for ways around Internetcensorship systems.

Unfortunately, people occasionally put these theories into practice.

Recently, we added...