Conclusions The volume of spam remains high, at 75%-78% of total mail traffic. An unexpected rise in spam hit the Internet in mid-summer. June closed with 82.2% of all mail traffic being spam. The most frequent types of spam were: computer fraud, pharmaceuticals (mainly Viagra and similar medications) and educational services. A new type of fraudulent spam...
Read more »

Dan Boneh, associate professor of computer science and electrical engineering, and John Mitchell , the Mary and Gordon Crary Family Professor in the School of Engineering, have recevied a Horizon Award from Computerworld magazine for developing Password Hash, a browser plug-in that fights philshing. Typing “@@” at the beginning of a...
Read more »

We have difficulty in deciding when to ACCEPT a risk. Accepting risk has to be a business decision. Here are the steps: 0. Understand the nature of your business in order to determine the acceptable level of risk. An example is if you are an online merchant selling widgets, leakage of customer credit  card information is unacceptable. 1. Quantify the...
Read more »

Broken Windows  is an interesting theory put forth by  James Q. Wilson and George L. Kelling. “Consider a building with a few broken windows. If the windows are not repaired, the tendency is for vandals to break a few more windows. Eventually, they may even break into the building, and if it's unoccupied, perhaps become squatters...
Read more »

Click here to listen/download (10:46). Enterprise Data Protection. Matt and Paul speak with Rick Welch, vice president, Data Security, RSA, The Security Division of EMC, and Terry Kurzynski, CEO, Remington Associates, Ltd., about how companies can protect their data effectively as security breaches, internal and external threats, and regulatory guidelines influence the policies and...
Read more »

Zero-day is a viral term. Zero-day vulnerability is an unknown vulnerability i.e. vulnerability that vendors and customers are not aware of on the day it is made public. Let us play two scenarios. 1. As a software vendor what zero-day means to you. 2. As a software customer what zero day means to you. 1. As a...
Read more »

I think you have noticed that the site was down for a while. My web hoster again played the same trick: shut down the site with no notice. I’m leaving them. While I was busy with all this stuff, the ZERT group has created a patch for the VML vulnerability. These guys did a really...
Read more »

There is an interesting thought provoking post by Alan Shimel about the state of security. The Internet has evolved over the years. Internet which was originally  intended to be a document sharing tool has evolved to be a full blown ecommerce engine. If you wonder why Internet is not yet secure – you have to remember that the...
Read more »

“True randomness must be based on the inherent unpredictability of our universe. Mr. Haahr’s iPod engraving is a rebuttal to Albert Einstein’s famous objection to quantum mechanics: ‘God does not play dice.’ In fact, subatomic particles often act as if governed by a roll of dice. The decay of a radioactive nucleus, and the...
Read more »

It is pretty interesting news: EMC acquires Network Intelligence. Network Intelligence is a SIM (Security Information Management) company. Earlier EMC acquired RSA. There was this buzz-phrase “Information  Lifecycle Management” that was touted by EMC earlier. Does buying RSA/NI Et. Al. provide them a framework to add another adjective “secure” to Information Lifecycle Management? Will “Secure Information Lifecycle...
Read more »

With all the concern about data being lost on laptops, and “vulnerabilities” in blackberries, Sprint is jumping into the action. They are offering a managed security service for SmartPhones (you know, like that Treo 700 your boss carries). Sprint Mobile Security enforces password polices using personal identification numbers and other user-specific credentials for...
Read more »

Google Analytics is the best free web stsattics software out there. They recently opened registration to anyone, and even the bad guys seem to have noticed: Everyday we see different things that the miscreants develop to make their job easier. Today I was checking the 288th variant of Opanki. The really interesting thing...
Read more »