Archive for September, 2006

January – June 2006: Spam Report

September 30, 2006
By

Conclusions The volume of spam remains high, at 75%-78% of total mail traffic. An unexpected rise in spam hit the Internet in mid-summer. June closed with 82.2% of all mail traffic being spam. The most frequent types of spam were: computer fraud, pharmaceuticals (mainly Viagra and similar medications) and educational services. A new type of fraudulent spam...
Read more »

Tags:
Posted in Computer security Systems | No Comments »

Professors Boneh and Mitchell received a Horizon Award from Computerworld Magazine

September 29, 2006
By

Dan Boneh, associate professor of computer science and electrical engineering, and John Mitchell , the Mary and Gordon Crary Family Professor in the School of Engineering, have recevied a Horizon Award from Computerworld magazine for developing Password Hash, a browser plug-in that fights philshing. Typing “@@” at the beginning of a...
Read more »

Tags:
Posted in Computer security Systems | No Comments »

Criteria for accepting a risk

September 28, 2006
By Computer security

We have difficulty in deciding when to ACCEPT a risk. Accepting risk has to be a business decision. Here are the steps: 0. Understand the nature of your business in order to determine the acceptable level of risk. An example is if you are an online merchant selling widgets, leakage of customer credit  card information is unacceptable. 1. Quantify the...
Read more »

Tags:
Posted in Computer security Systems | No Comments »

Broken Windows Theory

September 25, 2006
By Computer security

Broken Windows  is an interesting theory put forth by  James Q. Wilson and George L. Kelling. “Consider a building with a few broken windows. If the windows are not repaired, the tendency is for vandals to break a few more windows. Eventually, they may even break into the building, and if it's unoccupied, perhaps become squatters...
Read more »

Tags:
Posted in Computer security Systems | No Comments »

Speaking of Security Podcast #32

September 25, 2006
By

Click here to listen/download (10:46). Enterprise Data Protection. Matt and Paul speak with Rick Welch, vice president, Data Security, RSA, The Security Division of EMC, and Terry Kurzynski, CEO, Remington Associates, Ltd., about how companies can protect their data effectively as security breaches, internal and external threats, and regulatory guidelines influence the policies and...
Read more »

Tags:
Posted in Computer security Systems | No Comments »

Zero-day de-mystified

September 24, 2006
By Computer security

Zero-day is a viral term. Zero-day vulnerability is an unknown vulnerability i.e. vulnerability that vendors and customers are not aware of on the day it is made public. Let us play two scenarios. 1. As a software vendor what zero-day means to you. 2. As a software customer what zero day means to you. 1. As a...
Read more »

Tags:
Posted in Computer security Systems | No Comments »

ZERT patch

September 24, 2006
By Computer security

I think you have noticed that the site was down for a while. My web hoster again played the same trick: shut down the site with no notice. I’m leaving them. While I was busy with all this stuff, the ZERT group has created a patch for the VML vulnerability. These guys did a really...
Read more »

Tags:
Posted in Computer security Systems | No Comments »

Evolution of Internet users?

September 21, 2006
By Computer security

There is an interesting thought provoking post by Alan Shimel about the state of security. The Internet has evolved over the years. Internet which was originally  intended to be a document sharing tool has evolved to be a full blown ecommerce engine. If you wonder why Internet is not yet secure – you have to remember that the...
Read more »

Tags:
Posted in Computer security Systems | No Comments »

God Does Not Play Dice

September 21, 2006
By

“True randomness must be based on the inherent unpredictability of our universe. Mr. Haahr’s iPod engraving is a rebuttal to Albert Einstein’s famous objection to quantum mechanics: ‘God does not play dice.’ In fact, subatomic particles often act as if governed by a roll of dice. The decay of a radioactive nucleus, and the...
Read more »

Tags:
Posted in Computer security Systems | No Comments »

What is EMC up to?

September 20, 2006
By Computer security

It is pretty interesting news: EMC acquires Network Intelligence. Network Intelligence is a SIM (Security Information Management) company. Earlier EMC acquired RSA. There was this buzz-phrase “Information  Lifecycle Management” that was touted by EMC earlier. Does buying RSA/NI Et. Al. provide them a framework to add another adjective “secure” to Information Lifecycle Management? Will “Secure Information Lifecycle...
Read more »

Tags:
Posted in Computer security Systems | No Comments »

Sprint Sells Security Service for SmartPhones

September 20, 2006
By Computer security

With all the concern about data being lost on laptops, and “vulnerabilities” in blackberries, Sprint is jumping into the action. They are offering a managed security service for SmartPhones (you know, like that Treo 700 your boss carries). Sprint Mobile Security enforces password polices using personal identification numbers and other user-specific credentials for...
Read more »

Tags:
Posted in Wireless network security | No Comments »

Tracking Bots using Google Analytics

September 20, 2006
By

Google Analytics is the best free web stsattics software out there. They recently opened registration to anyone, and even the bad guys seem to have noticed: Everyday we see different things that the miscreants develop to make their job easier. Today I was checking the 288th variant of Opanki. The really interesting thing...
Read more »

Tags:
Posted in Computer threats | No Comments »

follow twitter

 

September 2006
M T W T F S S
« Aug   Oct »
 123
45678910
11121314151617
18192021222324
252627282930