If you run Safari on your Mac or Firefox on your Fedora box, you are not necessarily immune to attacks. ZDNet reviews recent attacks on platforms other than Windows/IE - and concludes that their frequency is likely to attack.
As you adopt new technology, stop and think about the possible security
pros and cons. Just because someone hasn’t written a devastating worm
to hit the Mac OS platform doesn’t mean it won’t happen. Same with your
Nokia smart phone. Proceed with caution. If we’ve been successful in
frustrating crackers by having antivirus and firewall solutions on our
desktops, I think there’s a chance we’ll also prevail in these other
areas as well.
[Via ZDNet -]
I am not sure of the methodology to reach to this number, but it is certainly good for raising awareness of the problem. There are too many infected PCs out there that pump spam and other cyber-junk onto the Internet.
HoneyNet Project estimates 1 mln Internet-connected computers are used
as zombies to send spam, distribute viruses, launch denial-of-service
attacks, manipulate click-through advertising and online games. Largest
network comprised of 50,000 computers.
[Via IT Facts -]
If someone told you that a large portion of spam and DDoS attacks come from the UK, don’t blame it on the British mafia (although they may be involved) but on the ordinary British Internet user.
Between July and December 2004, Symantec tracked the number of
computers that have been compromised by malicious software. More than a
quarter (25.2 percent) of all compromised computers it discovered were
based in the UK, with the US following closely behind with 24.6
percent, and China in third with 7.8 percent. Symantec says this is
because many high-speed Internet users don’t have sufficiently robust
[Via ZDNet UK, UK -]
The Internet Storm Center is concerned that online
criminals are ‘poisoning’ the domain name system and redirecting Web
users to malicious sites. ZDNet reports on how pharmers (not to be confused with farmers, which are good and healthy to people and economy) use DNS poisoning to install spyware on users’ computers. This is a slight variation of our previous reports of pharming where DNS poisoning is used to serve a different web page and "phish" for user’s username and password.
ZDNet is reporting on new use of DNS poisoning - to trick users into installing spyware which can then track their activity without raising suspicion. This attack is more troublesome than phishing via DNS poisoning because the DNS poisoning attack lasts usually as long as the DNS server’s cache duration is set to. But by sneaking a spyware software during this window, hackers are able to obtain much more information than a pure DNS poison/phish attack.
ZDNet has a good article dissecting the latest Internet Security Threat Report and Symantec’s key findings.
Also, among the most interesting trends:
[Via ZDNet UK, UK -]
Although worms haven’t made the major headlines recently, every other company has been infected by a worm during the past 12 months.
About 47 percent of all respondents had a worm infect a company network
in the past year, the Mazu [Mazu Networks and the Enterprise Strategy Group] survey found. 12.5 percent of those
businesses had more than 25 percent of their network compromised during
While worms haven’t disappeared, maybe companies’ investment in security training and products have resulted in less company-wide outbreaks that cripple major portions of a network, such as the Blaster worm. At the same time, home PC users, who do not have an IT department to force to upgrade or patch their operating system, who do not have the latest antivirus installed, and connect to their broadband connection without a firewall are much likely to be infected. And what is the worst - they may not even realize it. Many users do not realize that the quickly blinking light on their DSL modem when there is no activity on their machine may actually mean that they are sending megabytes of spam, for example.
[Via ZDNet UK, UK -]
The tech community is buzzing today after IBM’s announcement that they have developed a framework of detecting unwanted emails and slowing down the originating computers, and not necessary the originating email which is usually fake.
After identifying a certain machine as an established source of spam,
the software, dubbed FairUCE, bounces back any messages sent by the
device in question with the intent of slowing that computer down and
retarding its ability to produce more unwanted e-mail.
According to IBN’s tech specification suggests that the new tool called FairUCE would use network identification tools to identify whether the message is legitimate by matching email information and the originating email. The system would be able to track originatinig IP addresses and upon determination that message is or might be spam it would redirect messages back to the source thus slowing it down.
Because a large part of the spam comes from "zombie" PCs of ordinary Internet users connected to a broadband Internet network, it is possible that IBM may create some enemies in the large ISPs whose broadband would suffer as result of the system bouncing messages to the "zombie" PCs. In addition, it is unclear what type of matching the system would do, but it is possible that spammers craft the messages fraudulently in a way that provides a match for the FairUCE system.
There is a great discussion on Slashdot on this with useful and some not-so-useful technical analysis.
PC Magazine reports on the continuing war against phishing. Too sad that the war at this point is waged by the ‘good guys’ only by educating customers - thus using a "shield" and without having a sword.
Consumer education efforts have begun to show results, but 3 to 5 percent of recipients still fall for phishing scams.
Three to five percent success rate of a phish attack is enormous. If a phisher is able to target 10,000 users, the net result would be 300-500 unique personal information entries. Each one of these can later be used to send further spam/phish attacks and the overall impact of this "low" number grows exponentially.
[Via PC Magazine -]
Seeking to combat rampant identity theft, U.S. lawmakers said Tuesday
they may clamp new restrictions on companies that amass and sell social
security numbers and other personal information.
But lawmakers said during the House Energy and Commerce Committee
hearing that data brokers should not be allowed to sell Social Security
numbers without permission from the individuals involved.
Good idea, although even if data brokers are not allowed to sell social security numbers, they and their partners would still need to be able to uniquely identify records. Imagine what mess it would be when different data brokers, credit bureaus, etc. exchange information without an unique identified - there will be many duplicate records for the same person, information will not be updated quickly or at all.
[Via USA Today -]
How easy is to name your wireless hotspot something sounding awfully similar to a real WiFi provider, deploy near a popular coffee shop and "listen" to wireless users’ traffic? Not so hard. And PC World describes how "man in the middle" attacks are not very hard to do, and how many users have few ways to determine whether they are connected to a legitimate hotspot or a fake one. Among their recommendations,
Check Your Wi-Fi Settings:
Many laptops are set to constantly search and log on to the nearest
hotspot. While this option might seem convenient, it does not allow you
to monitor which hotspots you are logging on to and determine if they
are legitimate. Turning off this option will prevent your computer from
logging on to a hotspot without your knowledge.
Pay Attention to Dialog Boxes:
Pop-up warnings are there for a reason–to protect you. If you are
lucky enough to have not clicked the "never show this again" option,
make sure you read these warnings carefully before agreeing to send
Use One of Your Credit Cards on the Web Only:
Open a credit card account that is used solely for the purposes of
shopping on the Web. Ideally, you should be able to access account
records online so you don’t have to wait for monthly statements to
monitor any activity. "Be prepared to close that account on short
notice if it’s been compromised," says Schiller.
Conduct Private Business in Private:
"Maybe you don’t need to move money around or check your bank
statements when you are connected to a public hotspot that you’re not
really familiar with," says Schiller. If you restrict your public
surfing to Web pages you don’t mind a stranger reading along with you,
there is little an evil twin attacker can do to harm you.
There may be some legal help on the way - the proposed Spy Act has a provision which makes illegal interception of wireless information, but by the time this proposed bill is signed into law and law enforcement learns how to prosecute crimes under it, there may be a lot of stolen credit cards, passwords, or even identifies by fake hotspot operators.
[Via PC World -]