Nuclear weapons aren't necessary...
Friend pointed me to the cartoon, about why countries in the world (in this case, China) no longer need nuclear weapons. Awesome!
Friend pointed me to the cartoon, about why countries in the world (in this case, China) no longer need nuclear weapons. Awesome!
Reading some of the details in Panda Labs' Annual Report for 2009 and came across these statistics...the math is pretty crazy...
Panda says that they have 40 million variants of malware in their database, collected over 20 years of business.
They indicate that they are collecting 55,000 variants a day.
If you do the math, that means that in the past 365 days, they collected 20 million variants.
So in one year, they collected as many variants of malware, as they have collected in the entire span of their business.
Neato. Somebody has been busy.
chalmer
Was skimming through some interesting reports by Panda Labs. One report (pdf) covers some basic information on banking malware (i.e. malware designed to gather your personal information associated with online banking). The Appendix is particularly interesting. They cover some details on the Zeus Trojan kit. None of the details are new, nor is the combination of them new - still - I found it fun. And available for the low, low price of only $700. For example:
The Trojan runs on the affected user's computer and can carry out the following actions:
- Socket and Proxy server.
- Auto update.
- Using the polymorphic encrypter to generate different copies of itself.
- Capturing certificates.
- Changing local DNS.
- Removing cookies to get the user to re-enter the passwords.
- Capturing screenshots of the affected computers.
- Receiving remote control commands.
- Adding additional fields to a website and monitor the data sent.
- Stealing passwords stored in several programs (Protected Storage data…) and pop3 and ftp passwords, regardless of the port.
Labels: banking, malware, Panda Labs, trojan
Bruce Schneier has a great piece on fear and logic and the nuclear industry.
The best part is the comments. In the comments, you can really see some of the interplay between fears based on facts and logical reasoning and fear based on raw emotions.
It is interesting to see how some commenters compare the risks to other things that we accept as "normal" or "reasonable" VS those commenters who try to support their comments with gut feeling and fear-mongering.
Awesome!
Labels: fear, information security, nuclear
Offensive Security is hosting a series of tutorials related to using the Metasploit framework.
I haven't had the chance to take a look yet...but they sound promising.
These are being released in support of the Hackers for Charity project that Johnny Long is associated with...from the tutorial homepage:
"This free information security training is brought to you in a community effort to promote awareness and raise funds for underprivileged children in East Africa. Through a heart-warming effort by several security professionals, we are proud to present the most complete and in-depth open course about the Metasploit Framework."chalmer
Labels: hacking
Good article on Wired.com about the results of an analysis of passwords used by Hotmail users...
Out of about 10,000 passwords that were studied, the most common was:
123456
Some of the others showed signs of cultural bias, that reveal potential geolocational evidence...i.e. the large number of Spanish names.
chalmer
Labels: password
One of my students made a very interesting comment the other day...about wanting to engage in battle against the dark side.
So what does it mean to engage in battle against the dark side? There are very direct and flamboyants ways to do so. Presuming you work for the government, you may have these exciting jobs:
Labels: hackers, national security
Recently read an article on Multiple Independent Levels of Security (MILS) which used an acronym whose concepts I was familiar with, but that I had not heard before: NEAT. It stands for:
The following linked article from ComputerWorld UK has some interesting quotes about the growth of Windows operating systems in running a number of supercomputers. Apparently Windows has increased their market share by 400%, while in the same period, Linux only increased its market share by only 51%. This sounds pretty impressive, until you take the time to look at the numbers behind the numbers.
Read the article to see what I mean!
One of the principles I share with my students is to try to look at things with a critical eye. This is a great example of how numbers can be misleading.
chalmer
Labels: critical thinking