Monthly Archives: March 2009

Conficker madness – good or bad?

Posted on by
1

Just like BBC’s botnet debacle which fueled a vivid discussion amongst security circles, debating if the exposure is good (i.e., raising awareness to the threat) or bad (i.e., not really ethical, everyone knew about the ability to rent a botnet), CBS’s 60 minutes had a 15 minute spot focusing on Conficker. Check it out here:

On one hand, getting more awareness out there is great – not a lot of people realize how real the threat is, and how organized is the business of managing that threat (favorite quotes – it’s like a business, and uses advertising to promote itself). On the other hand, getting all rattled up towards April 1st might not be effective and may cause an uncalled for panic (and yes, a rush to buy or upgrade security software, which is probably why a certain vendor is highlighted on the CBS piece…).

Bottom line – keep cool, make sure you surf securely, and don’t click on every possible link you are presented with (think first, count to ten, and then click).

Social aspects of web security – the March edition

Posted on by
Reply

It’s that time of the year again… March madness is engulfing us with news and pre-season activities, and everyone is out and about to see what we would be seeing in the coming months. Just as we have portrayed before, eCrime is a social animal just as well, and is not going to let the action go by without having a chance to have a go at the crowd.

As usual – it’s the same technique all over again – using SEO (Search Engine Optimization) to grab high ranking in search results and leading users clicking on the related links to a variety of malicious content. We have see similar techniques used during the US presidential election season covered quite elaborately in the past, and don’t be surprised to see more of the same hitting the next seasonal event as long as it can attract enough “eyeballs” on search engines.

The great AV vs. AV debacle starts again?

Posted on by
Reply

It’s been a while since security vendors clashed on technology and made “bold” statements referring to the competition. Maybe is the recession, and in an attempt to grab some attention (and bolster sales), come statements such as “Heuristics are dead” (with a response from Sunbelt), and a direct jab at a competitor from Damballa.

My positions on these are clear – signatures are pretty much the past, but still have their place as a “last mile” solution that can speed up scanning for known threats. Heuristics are the natural evolution of signatures in the binary world, and the main focus should be on dynamic real-time scanning of web content which is the actual attack vector that eventually (when and if successful) brings in the binaries that the signatures/heuristics need to scan.

Not to side with anyone particular on this matter, this kind of communication is usually not that helpful for people looking to get a security solution. I would opt for the more educational “this is what the threat looks like, this is what you would usually get from other vendors, and this is our edge which makes us better”. This approach may open another Pandora’s box – the “independent” testing labs, but that’s another issue to be dealt with (how independent is the test, what is the test focused on, test material and samples, configuration, who sets the guidelines, etc…).

Nevertheless, I hope that we’ll see some more informative and research oriented (or at least research based) statements that we could all benefit from the next time someone rolls out a new technology.

It’s a browser! It’s an Operating System! It’s… brOSer?!

Posted on by
Reply

After looking into the security issues and requirements that Microsoft has been working on in terms of the future browser, and based on our earlier predictions on the matter, comes an interesting interview with Google’s Chrome Javascript head Lars Bak. Specifically check out the 3rd page of the article which discusses the ever increasing ambiguity between the browser and the OS.

“The web is becoming an integral part of the computer and the basic distinction between the OS and the browser doesn’t matter very much any more.”

Great stuff and definitely something to watch for from Google as well (competition is wonderful isn’t it?).