Weekend Reading
Virus Gang Warfare Spills Onto The Net
There might be a gang fight raging in your bedroom or study right now. There's no gunfire, no blood, and you won’t smell any smoke. But there is a battle. The fight is over your bandwidth and your PC processing power.
The bot network industry has become so profitable, and hijacked computers so valuable, that rival gangs are now fighting over them. This digital gang warfare is not physically violent, but it certainly is no game. Bot herders steal each other's infected computers, fight off such raids, and often try to knock each other’s computers off-line. They are cutthroat and competitive. They are in it to make a lot of money.... These guys are ruthless to begin with and don’t care who they hurt, as long as they get their dollars.
Take a look HERE.
==================================================================
Week of Vista bugs is a hoax
Month (or weeks/days/...) of bugs: We try to give them as little publicity as possible in order to discourage the behavior and encourage a bit more responsibility than to disclose vulnerability details in a blog.
Now with April 1st just behind us we were ready for a good laugh with people falling for a hoax or two, but once it's April 2nd, you expect people to resume normal behavior.
Take a look HERE.
==================================================================
Free Web hosters profit from phishing sites
Here's a tell-all tale about how free Web hosting providers profit handsomely from phishing sites - even those they eventually shut down - and why this one hoster, in particular, has all but weaned himself off the juice.
Take a look HERE.
==================================================================
Malware & Attacker - Exposed
Smart attackers are always looking for ways to disguise their malware so it can do its dirty work undetected, and JavaScript is becoming a popular tool for slipping malware into the browser.
This increasingly popular form of malware obfuscation can be frustrating to the naked eye. But researcher Jose Nazario, senior software and security engineer for Arbor Networks, says the good news is: For every JavaScript-endcoded payload there's a corresponding decoder to unravel it. Nazario will discuss his research on reverse-engineering JavaScript later this month at the CanSecWest conference.
Take a look HERE.
==================================================================
Web 2.0 Inherently Insecure?
When I first heard a number of claims that AJAX applications were inherently more insecure than standard web applications, I thought that was ridiculous. After all, as long as you don't do anything stupid like do validation of user input only on the client, what would you have to worry about?
Take a look HERE.
There might be a gang fight raging in your bedroom or study right now. There's no gunfire, no blood, and you won’t smell any smoke. But there is a battle. The fight is over your bandwidth and your PC processing power.
The bot network industry has become so profitable, and hijacked computers so valuable, that rival gangs are now fighting over them. This digital gang warfare is not physically violent, but it certainly is no game. Bot herders steal each other's infected computers, fight off such raids, and often try to knock each other’s computers off-line. They are cutthroat and competitive. They are in it to make a lot of money.... These guys are ruthless to begin with and don’t care who they hurt, as long as they get their dollars.
Take a look HERE.
==================================================================
Week of Vista bugs is a hoax
Month (or weeks/days/...) of bugs: We try to give them as little publicity as possible in order to discourage the behavior and encourage a bit more responsibility than to disclose vulnerability details in a blog.
Now with April 1st just behind us we were ready for a good laugh with people falling for a hoax or two, but once it's April 2nd, you expect people to resume normal behavior.
Take a look HERE.
==================================================================
Free Web hosters profit from phishing sites
Here's a tell-all tale about how free Web hosting providers profit handsomely from phishing sites - even those they eventually shut down - and why this one hoster, in particular, has all but weaned himself off the juice.
Take a look HERE.
==================================================================
Malware & Attacker - Exposed
Smart attackers are always looking for ways to disguise their malware so it can do its dirty work undetected, and JavaScript is becoming a popular tool for slipping malware into the browser.
This increasingly popular form of malware obfuscation can be frustrating to the naked eye. But researcher Jose Nazario, senior software and security engineer for Arbor Networks, says the good news is: For every JavaScript-endcoded payload there's a corresponding decoder to unravel it. Nazario will discuss his research on reverse-engineering JavaScript later this month at the CanSecWest conference.
Take a look HERE.
==================================================================
Web 2.0 Inherently Insecure?
When I first heard a number of claims that AJAX applications were inherently more insecure than standard web applications, I thought that was ridiculous. After all, as long as you don't do anything stupid like do validation of user input only on the client, what would you have to worry about?
Take a look HERE.
posted by vanish at 8:29 AM
0 Comments:
Post a Comment
<< Home