Friday, March 31, 2006

March's Security Streams

A quick summary of March's Security Streams ( January, February ). It was an unbelievably busy month, and while I'm multitasking and diversifying on a daily basis, I'm certain you've enjoyed this month's streams, thanks for all the feedback you've been sending, it's a small world if you just let yourself realize it!



1. "DVD of the (past) weekend" The Lawnmower man -- God made him simple, Science made him God!



2. "February's Security Streams" a summary of all the posts during February



3. "Anti Phishing toolbars - can you trust them?" Recent phishing trends and the usefulness of anti-phishing toolbars discussed -- at the bottom line the complexity of the relatively simple concepts seems to ruin the whole effect, but wish phishing was that simple!



4. "Data mining, terrorism and security" Commentary on NSA's data mining interests and the still active Total Information Awareness program. Data mining is a very popular trend towards fighting terrorism -- and too ambitious, whereas storage of someone's life in a digital form is getting even cheaper, making sense of it all in a timely fashion still remains the biggest problem



5. "5 things Microsoft can do to secure the Internet, and why it wouldn't?" That's the second most popular post this month, right after "Where's my Oday, please?". Basically, it gives an overview of key points Microsoft can execute in order to secure the insecure by default Internet, and why it wouldn't. The post isn't biased at all, it's just the fact that their QA procedures open up the most easily exploited windows of vulnerability ever -- client side attacks on the IE browser. As a matter of fact, Fortune's latest issue has interviewed Steve Balmer in their QuestionAuthority column -- important fact MS's investors should keep in mind in respect to the future competitiveness of the company is how Balmer's kids are forbidden from using iPods and Google, which is very sad



6. "The Future of Privacy = don't over-empower the watchers!" We sacrifice our privacy, or have it abused on a daily basis in order to function in today's digital society, whereas there's nothing groundbreaking as a future trend besides giving too much power to the Watchers ensuring our "Security vs Privacy or what's left left from it"



7. "Where's my 0day, please?" Introducing the International Exploits Shop and providing relevant comments on the current state of the market for software vulnerabilities -- I wonder are the informediaries already talking/realizing the potential for an 0bay auction model as given the growing number of both sellers and buyers, such a model would sooner or later emerge. If it does not, you will continue comming across or digging for sites offering fresh 0day exploits that have the capacity to keep the media echo for yet another several weeks. CERT is totally out of the question, end users doesn't know what is going on, and everyone is trying to cash for being a vulnerability digger, not a researcher!



8. "DVD of the Weekend - The Immortals" Forget entertainment and enjoy this visionary adaptation of Enki Bilal's Nikopol Trilogy



9. "Security vs Privacy or what's left from it" Sacrifices drive success to a certain extend, whereas Security shouldn't be sacrifices for Privacy, at any cost!



10. "Old physical security threats still working" The old physical security trick of abusing a CD/DVD's autostart feature by installing malware on the PC seems to be fully working even today, which isn't a big suprise at all. Physical security threats have greatly change on the other hand as employers themselves have realized the possibility for insider abuse. And while you might be a little more secure from threats like these, at the end of they day you'll probably have your boss snooping around to find out where's that abnormal P2P traffic coming from :)



11. "Getting paid for getting hacked" Cyber insurance seems very attractive, and it really is, have your company's databases stolen, you'll get premium for it, receive a DDoS extortion letter, get it paid with a smile on the herder's face. Moreover, considering the big picture, I feel you'd rather have a security vendor take care of the consultation process, with the idea that their revenues will be at least spend on R&D security investments compared to an insurance company, or that's how at least I see it



12."Successful" communication" Dilbert rocks my world, my most important point on commercializing vulnerability research is how it's happening in exactly the worst moment ever. The immature concept of reporting vulnerabilities and the economics of the process itself didn't really need money in between. In the eyes of these vendors, which as a matter of fact go through my posts, I am a naysayer, and I'm not. I'm just trying to keep up a constructive discussion, and the results of it will soon be posted in here



13. "Weekend Vibes - Psychedelic/Goa Trance" My music evolution went through Rainbow, Deep Purple, started getting "hard" with Metallica, Off Spring, Guano Apes, to today's mix of alternative, classic rock and psychedelic/goa trance. No matter how your taste changes, don't forget where you've started from



14. "Is a Space Warfare arms race really coming?" Yes, it is and the more awareness is build on this issue, the higher the public discussion and hopefully, transparency of the activities. I find Secrecy a double-edged sword for an intelligence/military agency, as sometimes you just need to hear an average person's opinion on your megalomaniac ambitions. But given you are sincerelly backed up by a couple of billion dollars budget, your purchasing power becomes a bad habit of yours



15. "The Practical Complexities of Adware Advertising" Advertising players simply cannot periodically evaluate the maliciousness of their members as they will lose the scale necessary to keep the revenues growing. The participants on the other hand, are indeed getting ads and paid for displaying them, and of course, questionable content from time to time. Seaching around the IAB's site however, you wouldn't find any info on the idea of spyware/adware in today's booming online advertising market



16."Privacy issues related to mobile and wireless Internet access" Both end users and companies are "going mobile" and thefore the possibilities for privacy violations/physical security location are getting even more relevant



17."DVD of the Weekend - War Games" A little something on the movie and the recent "yet another Microsoft IE 0day" in the wild case



18."Are cyber criminals or bureaucrats the industry's top performer?" Paper tigers have an unprecedented effect on the loss of productivity and a society's progress -- the worst thing is how much they actually enjoy it! A very resourceful post that covers some important issues to keep in mind



19."Visualization in the Security and New Media world" or why a picture is worth a thousand packets?



UPDATE : Here are the unique and returning visitor graphs for the last several months, the outcome? Learn to understand your readers and how to retain them, thank you all for expressing your comments, contacting me, and keeping the discussion going!




Technorati tags :
,