I’ve just finished reading a great little note from Brian Krebs on the Washington Post that enabled me to “out” (don’t worry, I won’t) an incident that some of us in the security industry have been following in the last few days. One of “ours” has been hijacked on Tweeter, and the impersonator who hijacked [...]
Posts under ‘Aladdin’
Credit cards on a clearance sale and your internet security
You may have already gotten yourself familiar with how eCrime works from our past research and field presence, but here is one more great example of this fascinating business: This article at the Washington Post covers the drop in prices of stolen credit cards. It talks about how a surge of “fresh merchandise” has hit [...]
Fighting eCrime? We are not there yet!
I was just reviewing the latest FBI report from the Internet Crime Complaint Center (IC3) here (PDF), and although I’m sure that a lot of security vendors out there are going to jump on the “33% increase in internet fraud last year” statements, looking into the actual numbers, it’s important to realize how “off” they [...]
Are you Conficker-proof? Do you really need to be?
What a great way to sum up my last couple of posts – the Conficker media frenzy, and social aspects of web attacks. You can’t come up with these things anymore… Seems (for now) that the only real thing that came out of the Conficker issue is the fact that INFECTED machines started to look [...]
Conficker madness – good or bad?
Just like BBC’s botnet debacle which fueled a vivid discussion amongst security circles, debating if the exposure is good (i.e., raising awareness to the threat) or bad (i.e., not really ethical, everyone knew about the ability to rent a botnet), CBS’s 60 minutes had a 15 minute spot focusing on Conficker. Check it out here: [...]
Social aspects of web security – the March edition
It’s that time of the year again… March madness is engulfing us with news and pre-season activities, and everyone is out and about to see what we would be seeing in the coming months. Just as we have portrayed before, eCrime is a social animal just as well, and is not going to let the [...]
The great AV vs. AV debacle starts again?
It’s been a while since security vendors clashed on technology and made “bold” statements referring to the competition. Maybe is the recession, and in an attempt to grab some attention (and bolster sales), come statements such as “Heuristics are dead” (with a response from Sunbelt), and a direct jab at a competitor from Damballa. My [...]
It’s a browser! It’s an Operating System! It’s… brOSer?!
After looking into the security issues and requirements that Microsoft has been working on in terms of the future browser, and based on our earlier predictions on the matter, comes an interesting interview with Google’s Chrome Javascript head Lars Bak. Specifically check out the 3rd page of the article which discusses the ever increasing ambiguity [...]
More on the browser OS – from Microsoft Research
After talking about how your next operating system is not going to be related to Windows or Mac or Linux (hint – you are reading this post using it… more details on our Annual report and predictions paper), I came across this research from Microsoft (direct to the PDF here) that talks about how to [...]
If Gears was a problem then how about running Gmail offline on Air?
So, yesterday I wrote about the new (and much expected) vulnerabilities in Google’s Gears technology. The issue is clear – Gears is picking up speed and traction as Google’s applications start to use it (i.e. Gmail, Docs, etc…) and its security model is being scrutinized. And then I stumbled across GeeMail. It’s basically offline Gmail [...]