Archive for June, 2007
What can nature tell us about how best to manage our risks?
Dedicated to compiling good analogies used when explaining (computer) security matters.
Robert Graham and David Maynor, the CEO and CTO of Errata Security. In this video they talk about how the days of widespread internet attacks are long gone. What’s more popular now are more directed or targeted attacks using a variety of different methods. This is where data seepage comes in. Unbeknownst to a lot of mobile professional’s laptops, PDAs, even cell phones can be literally bleeding information about a company’s internal network.
Ars Technica covers NBC/Universal general counsel Rick Cotton who suggests that society wastes entirely too much money policing crimes like burglary, fraud, and bank-robbing, when it should be doing something about piracy instead.
In an impressive example of the gap of understanding between legal officials and technology, U.S. Magistrate Judge Jacqueline Chooljian found that a computer server’s RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit.
A request for a DRM system is a sign that the customer is in denial, and isn’t dealing rationally with reality.
DoS and DDoS attacks are not a new threat—they’ve been terrorizing the Internet for years. But after all these years, we’re still no closer to learning how to deal with this problem.
A recent update to the German criminal code has outlawed so called “hacking tools.” This move has raised angry responses from security experts worldwide who have branded it as “ill considered and counterproductive.”
Andreas Clementi, who runs the web site av-comparatives.org, has released his latest report that looks at how well antivirus programs do against threats that have not yet been identified and included in standard AV signatures.
It appears that more than one year after the initial attacks, the hostname is still successfully resolving.
Two years ago, Charles Miller found a remotely exploitable flaw in a common component of the Linux operating system, and as many enterprising vulnerability researchers are doing today, he decided to sell the information.
One popular way to combat phishing attacks is to maintain a list of known phishing sites and to check web sites against the list. This hack highlights 10 anti-phishing Firefox extensions that can be used to mitigate the risk of being a victim of a phishing attack.