Monthly Archives: January 2009

Gear up – predictions for 2009 has begun to materialize

Posted on by
Reply

How about answering email messages when you are not online? Easy, right? But, if you are using a webmail account that used to be a problem; so was reading unopened messages or older messages in your inbox. Well, not anymore, Gmail Goes Offline!

The AIRC annual threat report with the 2009 predictions could not have been published in a better timing. As you may have noted, one of our predictions focused on the anticipated broader use of the browser as an “operating system” – which means that more and more functionality that used to belong to your Windows/Linux/Mac is now handled by the browser. From a security standpoint that means more focus on vulnerabilities related to the browser and the applications run on it, and less on the OS itself.

Google’s Gears was namely one of the technologies I named that should be followed as it basically enables a broader and easier use of web applications – even when you are offline. This means that you can still edit documents, and now read and write emails when your Laptop/Notebook/Netbook is offline (on the train, choppy WiFi signal, no 3G coverage, etc…). It works out of the box if you are using Chrome, and just needs Gears to be installed if you are not. The installation is much like Microsoft’s Silverlight and Adobe’s Air which are also mentioned on our report.

Have fun, and keep an eye out for what could possibly be one of the first web borne attacks that could occur offline? :-)

What’s been on people’s minds lately?

Posted on by
Reply

As we have been predicting (and following during 2008), the criminal’s mind is very much attuned to public mind. The current issues that everyone (well, at least a lot of us) has been dealing with are the current economical situation, and what president Obama is going to do about it. Without fail, eCriminals have been worried about the same issues, and in their latest “marketing” efforts have made sure that relevant internet sites will cater for themselves as well. Reports by Websense and Sophos show how both the official Barack Obama website, and a couple of popular job sites have been compromised in an attempt to capitalize on the volume of traffic that has been hitting these sites.

As usual, no much surprise here (read more details about the “almanac” of web security here), still, be careful out there – even on sites which you supposedly trust. Common sense usually trumps the irresistible urge to click and approve everything shown to you when trying to get to some content.

Supreme court, freedom of speech and internet filtering

Posted on by
Reply

It was bound to happen. It didn’t work in Third World countries, attempts to do it in Western civilization failed one by one, and now it is proven again that you can’t really prohibit people by law from viewing certain content on the internet. What I’m talking about is this: The Supreme Court rejected child anti-porn law that was going on for more than 10 years. Basically, the interesting tidbits from this piece of news is that filtering can only be applied on businesses , where a company has control over what it is allowing people to view, and certain educational facilities (although that is proving to be more difficult as the article suggests). Don’t even think about enforcing service provider mandated filtering!

Another thing to note is how the rules and legislation are facing the harsh reality that technology changes over time, and laws really can’t catch up. Until we’ll see more cooperation happening on the cross-border legislative front (from law enforcement working more closely with each other, to more synchronized legislation across countries), the difficulty of defining jurisdiction and borders over the internet is not going to go away. In a hope that 2009 will make some headway on these issues, since we have seen that 2008 proved to be heaven for eCrime because of these difficulties (see our annual threat report for more info).

Conficker continues its rounds. Hits 9 million mark

Posted on by
Reply

It is funny how security works, isn’t it? When you think you got rid of the old-school (aka “stupid”) threats, reality hits you right back. Confiker/Downadup is a simple worm;  it exploits a Microsoft Windows vulnerability, that can only be utilized over a local network as it uses the SMB protocol, and uses an initial infection vector of running an “autorun” on removable media (usually USB drives).

Why is it so annoying? Well, getting to 9 million infected machines (as per external reports) is pretty impressive for such a classic infection vector (considering that there is no communication attack vector at all – no internet needed, no email attachment…). I thought that these infections were mostly in large companies that fail to properly patch their systems. Reality check again; as I’m speaking in a security sales summit, and working with the local hotel Business Center, I hand over my USB stick for them to print a PDF, and get it back with… you guessed it. Confiker.

Funny at first, but sad when you realize the amount of non-technical debugger-less users that plug the thing back in and have autorun immediately infect their system.

Social networking strikes again

Posted on by
Reply

A lot of write-ups have been covering this, so here are a few from InformationWeek, Dancho, SCMagazine and McAfee.

Besides saying the ever satisfying “told you so”, nothing much to add here. More bogus profiles enticing users to connect to them, look at the content, and catch the same old nastiness – only packaged in another format. Just remember that social networks, just like in real life, can be a great playground for eCriminals – this is just the tip of the iceberg. What would have happened if you were to see the profile of a person you actually know on LinkedIn (or any other network for that matter), and click on a link from it that is actually malicious? That would be much more effective, and not that far-fetched wouldn’t it?