Delicious Information Warfare - Friday 16th

Here are some articles and blog posts worth reading plus the related comments. Previous summaries as well.

Islamic Terrorism from Clearguidance.com to Islamicnetwork.com -- very interesting reading regarding Daniel Joseph Maldonado, and a visionary quote "It takes a community to make a terrorist and it only take a handful of people to build and maintain such communities."

Former DuPont senior scientist pleads to corporate espionage -- fresh case of corporate espionage. As always I find it a totally biased opinion with companies falling in love with their trade secrets, even coming up with numbers as high as $400M

Information warfare, psyops, and the power of myth -- decent article on the topics in today's world of war on ideologies

Glitches plague NSA's effort to track terrorists online -- Tracking terrorists online courtesy of the NSA's Turbulence program is a another $500M failure to understand the dynamics of cyberterrorism. Thankfully, there're third-party organization the NSA is definitely listening to and obtaining its intelligence giving the lack of ethnical diversity in the U.S intelligence community, one that is crucial nowadays. The cuttest quote of the day "Inside the agency, Turbulence's sensitive activities are sequestered behind passwords known to few."

Panda Software Releases Malware Radar, the First Automated Malware Audit Service -- not necessarily the first as pretty much all vendors offer online malware scan, but it's a product line extension based on recent licensing deals of Panda with other vendors

Another Malware protection engine becomes Malware enabler engine -- when the security solution ends up the security problem itself

Hackers target the home front -- great example of targeted email attacks, makes you wonder two things - what's the chance the attacks aren't really systematic but basically rather regular malware infection attempts, or the emails of top management or anyone @bank.com have been available to attackers wanting to take advantage of the insecurities of their home PCs

Turkish hacker strikes Down Under -- Why shared hosting is unserious from a security point of view

'Storm' Worm Touches Down on IM -- Storm Worm piece of malware switching vectors, interesting, but a fact demonstrating the novice experience of the malware author, as if it were an experienced one, the feature would have been build in the very first releases compared to mass mailings only

Top 10 Disrupters of 2006 -- catchy slide show and here's the full story

Microsoft's Patches -- Zero day Wednesday took place as well

Russia's Ivanov slams U.S. missile shield plans in Europe -- the proposed U.S missile shield in Eastern Europe would give Russia the excuse to do something naughty like this

Cyber officials: Chinese hackers attack 'anything and everything' -- Chinese script kiddies generating noise so that the advanced and government backed espionage attempts remain to be sorted through the noise - predictable pattern

Cuban Information Minister Blasts US Digital Espionage -- Cuba to the U.S - Stop using OSINT and data aggregation techniques against us, as you see, we don't know how to Google

The Next Big Ad Medium: Podcasts -- unless measurability improves it's all shooting into the dark for advertisers, and ad budget allocation dream come true for publishers

How to Stalk Your Family -- start by self-regulation, everyone?

Text of Email to all Yahoos -- Yahoo's CFO to all Yahoos, now if an average Yahoo is able to understand the corporate talk I'll bring the beer

China's Submarine Fleet Continues Low Patrol Rate -- outstanding analysis

Google Agrees to Buy Adscape -- Google's getting into the emerging in-game advertising market. Would a gaming company find that the lack of ads in its game can turn into a competitive advantage in the long-term?

Yahoo co-founder Jerry Yang to donate $75 million to Stanford -- never forget who you are and where you came from. Jerry Yang is donating $75M to Stanford University which as a matter of fact is largely financed by ex-disruptors, and yes tuition fees. They even hold quite some Google shares

CIA's secret prisons -- full coverage

Terrorism and Encryption

Jihadist themed encryption tool -- using "infidel" algorithms :

"The program`s `portability` as an application (not requiring installation on a personal computer) will become an increasingly desirable feature, especially considering the high use of Internet cafe worldwide by pro-terrorist Islamic extremists,' said iDefense Middle East analyst Andretta Summerville. 'Mujahedin Secrets,' which can be downloaded for free, offers 'the five best encryption algorithms, with symmetrical encryption keys (256 bit), asymmetrical encryption keys (2048 bit) and data compression,' according to a translation of a Global Islamic Media Front`s announcement about the software on Jan. 1, provided by Middle East Media Research Institute."

I've previously covered in-depth the topic of steganography and terrorism, and provided an example while assessing the threat -- and hype -- level of the Technical Mujahid. Terrorists have this problem with the infidels, pretty much everything they use starting from the Internet and their cellphone, even software running on a computer is "Made in InfidelLand". So I presume someone's not really comfortable with even encrypting their data with a U.S made PGP software, so re-branding and adding a Jihadist theme seems to be the solution at least when PSYOPS count. More info on the topic.

The Electronic Frontier Foundation in Europe

Couldn't get any better :

"The Electronic Frontier Foundation (EFF) opened a new office in Brussels today to work with various institutions of the European Union (EU) on innovation and digital rights, acting as a watchdog for the public interest in intellectual property and civil liberties policy initiatives that impact the European digital environment. The new EFF Europe office, made possible by the generous support of the Open Society Institute and Mr. Mark Shuttleworth of the Shuttleworth Foundation, will allow EFF to have an increased focus on the development of EU law. EFF also plans to expand its efforts in European digital activism and looks forward to working with many groups and organizations to fight effectively for consumers' and technologists' interests."

Finally EDRI got some serious back-up on the frontlines.

RFID Tracking Miniaturization

First it was RFID tracking ink, now with the introduction of the new generation Hitachi mu-chips, miniaturization proves for yet another time it has huge privacy implications :

"On February 13, Hitachi unveiled a tiny, new “powder” type RFID chip measuring 0.05 x 0.05 mm — the smallest yet — which they aim to begin marketing in 2 to 3 years. By relying on semiconductor miniaturization technology and using electron beams to write data on the chip substrates, Hitachi was able to create RFID chips 64 times smaller than their currently available 0.4 x 0.4 mm mu-chips. Like mu-chips, which have been used as an anti-counterfeit measure in admission tickets, the new chips have a 128-bit ROM for storing a unique 38-digit ID number."

I will spare you the acronym as I'm sure you know which intelligence agency is sitting on the world's largest budget, but just a wake up call that all technologies that are just getting commercialized or a first mention in the mainstream media have already been developed, even abondoned for more advanced alternatives by this agency years ago -- despite the fact that Hitachi is a Japanese company it's an U.S agency I'm talking about. OSI are definitely remembering the old school days now. Picture courtesy of Hitachi comparing the chip's size next to a grain of rice.

UPDATE: Slashdot picked up the story.

Censorship in China - An Open Letter

An open letter to Google's Founders regarding the censorship of search results in China :

"During the National Day holiday week in 2002, when Google.com was blocked in China for the first time, Chinese Google users made an online protest spontaneously. They appealed to free the purer search engine wave by wave. Its seemed its also the first time grassroots power was demonstrated in China on Internet. You can imagine how eager they are to have a complete Internet instead of a shrunken one. At last, people won, Google backed. However, after 4 years, we started to question whether we should continue to support Google. Many users here were disappointed when they found Google.cn filtered many keywords. The compromise remarks by you in Davos made us more frustrated. Seems you are adopting self-censorship which hurts those loyal users a lot which also devalue your motto of "non-evil"."

Issues to keep in mind:
- Yahoo and Microsoft are doing it too in order to continue their business operations in China
- Google is alerting the searcher that the results are filtered because the ghost of Mao is alive and kicking and said so
- Google's losing market share in China's search market next to Sina.com due to censorship concerns, while local users are forgetting that Sina.com too is censoring the results, even worse, not even crawling as deep as Google is in respect to the quality of search results
- U.S Congressman Chris Smith has the issue on his agenda
- Technology companies are seeking government assistance on how to stop the ongoing censorship themselves
- The complete list of censored search results is worth going through
- Google's and Yahoo's shareholders are fighting back
- The Great Firewall is cracking from within with banned journalists now running the largest blogging network in China

She Loves Me, She Loves Me Not

I'm in love, with myself at the first place, and while Saint Valentine's meant to reboot a relationship so to speak, every day should be a Saint Valentine's day in a relationship. Do you trip on love? Malware authors always do around the 14th of February.

Quote of the day - No promises, no demands, love is a battlefield -- or drug like addiction? Via Tech_Space.

Emerging DDoS Attack Trends

In a previous post I emphasized on the long-term trend of how DoS attacks have the potential to cause as much damage as a full-scale DDoS attack, and increase their chance of not getting detected while require less resources. Looks like Prolexic Technologies are thinking in the same direction and warning that :

"IT security bosses will have to be increasingly vigilant in 2007 as criminals exploit new ways of ensuring distributed denial of service (DDOS) attacks cause the maximum damage and circumvent filtering technology, according to DDOS protection specialist Prolexic.While there will continue to be large-scale consumption-based attacks this year, attackers have learned that smaller, customised attacks tailored to web servers' application logic can have similar effects but require smaller botnets to generate, according to Prolexic president Keith Laslop."The requests will bring your CPU usage up to 100 percent by doing things like registering as a new customer" he said. "There is a slow frequency of requests so it will not trigger third-party [detection] technology, and intrusion-detection systems are not designed to notice these attacks."

Attacks like these while not conducted by malicious parties, are already happening at Britain's Prime Minister web site, though these should have been anticipated earlier.

As always, assessing risk as if you are a part of a red team provides the best security for your network. Think malicious attackers. If they're able to fingerprint the software running on your boxes and get under the skin of your web applications, a surgical and specifically crafted DoS attack would not only require less resources compared to a DDoS one, but would also make it a little bit harded for incident forensic investigator to react in a timely manner. So while you're preparing for a constant Gbytes stream, attackers will shift tactics.

Here's more info on the recent -- totally futile -- attempt to attack the root domain servers.

Gender Based Censorship in the News Media

Great perspective. The author Dr. Agnes Callamard even got the data to prove it. Limiting the freedom of expression for the sake of securing political or economic investments - so realistic. When it comes to gender based censorship, things have greatly changed during the last decade if you keep an eye on Fortune's Most Powerful Women stats. Sexism is so old-fashioned, and diversity among top management has been taking place for a while, moreover, professional oriented women next to the family oriented ones are increasing -- my type -- but then again if all men are alike, and all women too, look for the exceptions. And by the way, since when does age became a benchmark for a quality point of view or a criteria for knowledge, stereotypes keep you -- the baby boomers -- blindly protected, now aren't they? Trouble is, some evolve faster then you'll ever do, because you are your own benchmark in times when opinionated self-starters make an impact on a daily basis. Success is a state of mind, gender doesn't matter and never did :

"In particular, the results of the GMMP 2005 show and ARTICLE 19’s own work confirms that censorship can be the handmaiden of gender-based power, discrimination and inequality and further, that this type of censorship may be exercised via and by the media. This gender-based censorship is comprised of dynamics that are both systematic and selective in nature, explicit and implicit by expression, intentional and unintentional in outcome and both deliberate and thoughtless in impact. It expresses itself in many shapes, colours, and voices. But ultimately, like all other forms of censorship, it alters reality, dis-empowers, controls, renders invisible, and silences."

I'm still sticking to my point that if girls/women didn't hate each other so much, or let's say be less jealous of one another they could rule the world -- they do rule the world as a matter of fact, but compared to posers media whoring on a daily basis, I'm convinced they're the true puppet masters behind the curtains, now aren't they? Just a thought.

Forensic Examination of Terrorists' Hard Drives

During the last year I presented my point of view on the topic in numerous posts, in order to debunk the common misunderstanding of Cyberterrorism as an offensive concept. And while real-time cyber intelligence can save lifes, a historical forensic examination like the this one may act as a case study to further model the behaviour of a terrorists before they strike. Here's a list worth looking up at Archive.org, courtesy of the now deceased Madrid bomber Jamal Ahmidan :

"The below is a list of web sites found to have been visited by Ahmidan or accomplices. The list is not inclusive, but merely represents those sites in the indictment the names of which the author recognized based on close to five years of routine monitoring of jihadist activity online. Quite a few of these sites were likely to have been "under surveillance" during the time when Ahmidan and/or his associates accessed them. Had their IP addresses been reported to Spanish authorities at the time these sites were accessed, and had the authorities in Spain then followed up on such reports, it is entirely reasonable to expect that the Madrid bombing of 11 March 2004 could have been prevented."

Cyberterrorism is so not overhyped, it's just a concept discussed from the wrong angle and that's the myth of terrorists using electronic means for killing people. A terrorists' training camp is considered a military target since it provides them the playground to develop their abilities. Sooner or later, it will feel the heat and dissapear from the face of the Earth, they know it, but don't care mainly because they've already produced and are distributing Spetsnaz type of video training sessions. So abusing information or the information medium itself is much more powerful from their perspective then destroying their means for communication, spread propaganda, and obviously recruit. Real-time open source intelligence and accurate risk assessment of specific situations to prioritize the upcoming threat given the growing Jihadist web, is what should get more attention compared to data retention and data mining.

Meanwhile, in the real world, events across the globe are sometimes reaching the parody stage. Know your enemy, and don't underestimate his motivation.

Overachieving Technology Companies

Great dataset by Forbes - The 25 Fastest-Growing Tech Companies :

"Our selection process: We require at least $25 million in sales, 10% annual sales growth for five consecutive years, profitability over the past 12 months and 10% estimated annual profit growth for the next three to five years. We exclude firms with significant legal problems or other open-ended liabilities and also consider accounting and corporate governance scores from Audit Integrity of Los Angeles in making our final cuts."

Growth has many dimensions, and with any market's cyclical pattern it's important to assess the potential for sustainable long-term growth based on easy to influence market factors, as the balance of power in the tech market can sometimes change very quickly. Being a pioneer doesn't always count as the best alternative, and it's the companies able to differentiate among fads and emerging trends, the ones worth assessing. Diversification in market sectors with higher liquidity such as anti virus and perimeter defense, or making a long-term investment, that is positioning yourself as the default destination for a need that's only emerging for the time being remain rather popular -- and predictable -- strategic business moves. Leadership, vision, and courage matter, but money when it comes to innovation doesn't. Let's discuss several companies worth mentioning whatsoever :

_Google
Don't say cheese, say Google. The company's continuing to please market analysts with steady profits, whose stock ratings bring more investors' cash into the GoogleMachine and with the re-emerging -- this time more mature -- online advertising market bidding for keywords in a world of searching will remain profitable, the question every wonders is - until when? The naysayers, or the ones who couldn't obtain any Google shares constantly talk about several buzz words - decline in online advertising, click fraud, and index poisoning. And despite the fact that Yahoo's web properties may be attracting more traffic than Google's, Google's KISS principle and their vision to set quality search results and up-to-date index of the Web as a core competency in times when the Web is growing faster than ever before, is an incentive for advertisers and users to both trust, and do business with the company. Google may not have a market capitalization as high as Microsoft, but the flow of soft dollars, Google's shares as a fringe benefit and a bargain are winning more respect, attracting quality HR, and if that's not enought, disrupting and making the world a much more transparent place to live in. Now that sounds much better than a company that's always been earning over 50% of its revenues from its oldest products -- that's boring profitability.

_Salesforce.com
The on demand concept in action. Need processing power? Outsource. Need a large snapshot of the Web? Outsource. The very idea of outsourcing a task to someone's that's specializing in the area is a more cost effective way then you'll ever do, is major driving force. Besides all, why create a new CRM system or even advertising system, when there're standardized and already developed and ready to use ones? Salesforce.com is a true case study signalling the trend, and with the company empowering developers to contribute concepts, it's a win-win-win situation for everyone involved. Read more here.

_WebEx Communications
Some Internet services are often taken for granted, and they should be, but the companies that provide these commoditized benefits such as video conferencing, are always in the position to generate steady cash flow. Take WebEx Communications. Video conferencing was supposed to revolutionize the way people communicate and do business. Have you seen a decline in 1st class business travel, or has your company kindly asked you to start video conferencing with potential customers in order to cut costs? Now, who'll do business with a salesforce whose elevator pitch cannot be verified in the elevator in a face-2-face meeting anyway? Trust me, not the type of people you'll feel proud and secure to do business with. It's all about the targeted audience and who'll benefit most from the service in a specific time, and in a specific market cycle. Seems like WebEx are either good at sensing the market, or it's the very nature of the service and the level of brand awareness they've achieved when it comes to online video conferencing.

_Websense
Web filtering was a rather hot market segment couple of years ago when there was much more transparency in the dark corners of the Web. An URL containing information corporate users didn't really needed to be more productive was easy to spot, and the static nature of the Web compared to today's dynamically changing malicious sites was making it easy for the vendor to filter out the bad sites. Real-time evaluation, or sandboxing a site came into play, Web 2.0 "wisdom of crowds" SiteAdvisor started getting acceptance, Scandoo is slowly gaining ground, vendors such as ScanSafe diversifying already. So how is Websense still able to generate such revenue flows? The secret is in their sales force able to not only acquire new customers, but to most importantly retain their major ones, and of course diversification in market sectors such as data theft prevention. And like companies such as Google, Amazon and Ebay, Database as the "Intel Inside" is a major differentiator and can close a lot of deals.

To sum up - don't disrupt in irrelevance.

Receiving Everyone's Financial Statements

Bank institutions around the world - stay tuned for wannabe identity thieves requesting their statements while hoping you'll forward them everyone else's ones, in between. Smells like an over performing intern to me :

"An Aberdeen woman who asked for her bank statement was sent details of 75,000 other customers. Stephanie McLaughlan, 22, was sent the financial details by Halifax Bank of Scotland (HBOS). She received five packages each containing 500 sheets of 30 customers' names, sort codes and account details. HBOS apologised and said it was carrying out an investigation. The Information Commissioner's Office (ICO) said it would probe the "negligence."

Obviously, you can too play the U.S Department of Treasury requesting financial information from the SWIFT, but in this case - unintentionally.

Automated Detection for Patterns of Insecurities

While there're lots of pros and cons to consider when it comes to automated source code scanning, Fortify's pricey automated source code analysis tool has the potential to prevent the most common vulnerabilities while the software's still in the development phrase. Recently, they've added 34 new categories of vulnerabilities to their product :

"Thanks to this effort, Fortify Software continues to lead the industry by identifying over 150 categories of vulnerabilities in software.
The updated Secure Coding Rulepacks include: * Increased breadth: 34 new distinct vulnerability categories. * Enhanced support for .NET: 24 new vulnerability categories and coverage for five new third-party libraries, including the Microsoft Enterprise Library. * Expanded JSP support: Coverage for popular tag libraries, including JSTL and Apache Struts, for enhanced protection from cross-site scripting and SQL injection attacks. * Detection of persistent Cross-Site Scripting vulnerabilities: Fortify SCA now detects one of the most common and difficult to identify forms of cross-site scripting, which occurs when malicious data from an attacker is stored in a database and later included in dynamic content sent to a victim."

But how come small to middle size application vendors aren't really considering the use of such automated scanning tools? Overempowerment and trust in their developers' abilities? Not at all. The problem is the lack of incentives for them to do so, but what they're missing is a flow of soft dollars -- a PR boost -- if they were to communicate the efforts undertaken to ship their products audited, and hopefully, products free of brain-damaging bugs.

In respect to the relatively immature market segment for software auditing, Fortify is perfectly positioned to even start fuzzing applications for their customers enjoying their almost pioneer advantage. Or even better, perhaps their customers should consider the concept for themselves. All rest is the endless full disclosure debate, researchers pushing for accountability, and vendors -- legally -- thinking they're on war with them, fighting back however they can. You may also find a related post on how prevalence of XSS vulnerabilities by Michael Sutton informative, and the following posts worth the read as well.

The bottom line question - Can Source Code Auditing Software Identify Common Vulnerabilities? It sure can, but never let a scanner do a developer's job or forward secure coding practices to a third-party.

Interactivity by Default

Proud to be operating in a Web 2.0 world, I'm continuing to integrate features to make the reading of this blog more interactive, less time consuming, and much more easy to navigate. After del.icio.us and TalkR, here comes Snap :

"Snap Preview Anywhere enables anyone visiting your site to get a glimpse of what other sites you're linking to, without having to leave your site. By rolling over any link, the user gets a visual preview of the site without having to go there, thus eliminating wasted "trips" to linked sites."

Enjoy!

Attack of the Biting UAVs

Remotely controlled unmanned aerial vehicles have been shifting usability from defensive(reconnaissance) to offensive(weapons payload) for the last several years. Working prototypes in the shadows of secrecy reaching yet another long-range flight milestone are setting up the foundations for a different kind of warfare. And while the concept has the potential of saving lifes, and of course taking some while protecting the pilot, it will take several more years before fleets of drones are fully capable of integrating their benefits in the NCW field.
Here's an in-depth article on the evolution of UAVs to UCAVS :

"Robotic air vehicles are beginning to replace some of the Air Force’s manned combat aircraft. Soon, they will be handling a major share of the service’s strike mission. The first steps in this transition already have been taken in the field of fighter-class aircraft. Classified projects now in development seem sure to cut into the manned medium and heavy bomber roles, as well. The Predator MQ-1 is leading this transition. A familiar feature of Air Force combat operations for more than a dozen years, the spindly Predator has evolved dramatically. It is no longer simply a loitering “eye in the sky” but rather a versatile weapon system capable of destroying a couple of ground targets on its own or in collaboration with other aircraft. It is in great demand, and the Air Force is acquiring Predators as fast as it can absorb them. Now in early production is a souped-up version of the Predator, the MQ-9 Reaper. Its combat payload—missiles and bombs carried on underwing hardpoints—roughly equals that of an F-16 fighter. In the Reaper, the Air Force has found a craft that truly combines the powers of a potent strike fighter with the capabilities of a reconnaissance drone."

You may also be curious on why the U.S Department of Agriculture is interested in buying some the way I am -- perhaps a sci-fi insects invasion. What would the next logical evolution of UCAVs be? That's UCAVs capable of electronic warfare attacks, and with their flight durability and flexibility of operation, the idea will receive more acceptance as the technology matures. There's also something else to keep in mind, and that's the interest and active research of various terrorist organizations in UAVs. And while they wouldn't sacrifice $7M for a drone, even be able to get hold of one -- unless Iran supplies -- cheap alternatives such as the Spy X plane are already taken into consideration, at least for reconnaissance purposes. Yes they're cheap, and yes they're easy to jam, you can even hear them coming, but the trend is worth mentioning.

The TalkRization of My Blog

The service is quite intuitive for a free one, and I must say I never actually got the time to run a podcast on my one, so TalkR seems like the perfect choice for those of you -- including me -- who want to listen to my blog posts. Here's the TalkR feed URL for you to syndicate, and several samples :

- Social Engineering and Malware
- The Life of a Security Threat
- Russia's Lawful Interception of Internet Communications
- Foreign Intelligence Services and U.S Technology Espionage
- Technical Analysis of the Skype Trojan
- Old Media VS New Media

By the way, when was the last time you met a girl who speaks stuff like this?

Old Media VS New Media

The never ending war of corporate interests between the old and the new media, seems to be re-emerging on a weekly basis. Obviously, newspapers don't really like Google picking up their content and making money without giving them any commissions -- they don't even have to -- and with more shortsighted local newspaper unions asking Google and Yahoo! to stop doing so, I'm so looking forward for the moment in the near future when we'll be discussing their will to get crawled again. You fear what you don't understand, and the old media doesn't like the way it got re-intermediated, thus losing its overhyped content generation exclusiveness. In a Web 2.0 world, everyone generates content, which later on gets mixed, re-mixed, syndicated and aggregated, what if newspapers really tried to adapt instead of denying the future? And isn't it ironic that the newspapers that want to be removed from any search engine's index, are later on using these search engines while investigating for their stories?

Here's a lengthy comment I recently made on the old media vs the new one.

PR Storm

Great to see that Mike Rothman and Bill Brenner know how to read between the lines. Here's a related point of view on the Storm Worm - Why do users still receive attachments they are not supposed to click on?

Meanwhile, Eric Lubow (Guardian Digital, Linuxsecurity.com) have recently joined the security blogosphere and I'll be keeping an eye on his blog for sure -- hope it's mutual. Two more rather fresh blogs worth reading are ITsecurity.com's one -- how's it going Kev -- and Panda Software's blog. And with PandaLabs now blogging, the number of anti virus vendors without a blog, namely still living in the press release world is getting smaller. I remember the last time I was responsible for writing press releases for a vendor I'd rather not associate myself with, and how Web 1.0 the whole practice was. If you really want to evolve from branding to communicating value, hire a blogger that's anticipating corporate citizenship given he's commissioned, and reboot your PR channels.

Clustering Phishing Attacks

Clustering a phishing attack to get an in-depth and complete view on the inner workings of a major phishing outbreak or a specific campaign only - that's just among the many other applications of the InternetPerils. Backed up with neat visualization features, taking a layered approach, thus, make it easier for analysts do their jobs faster, its capabilities are already scoring points in the information security industry :

"InternetPerils has discovered that those phishing servers cluster, and infest ISPs at the same locations for weeks or months. Here's an example of a phishing cluster in Germany, ever-changing yet persistent for four months, according to path data collected and processed by InternetPerils, using phishing server addresses from the Anti-Phishing Working Group (APWG) repository. The above animation demonstrates a persistent phishing cluster detected and analyzed by InternetPerils using server addresses from 20 dumps of the APWG repository, the earliest shown 17 May and the latest 20 September. This phishing cluster continues to persist after the dates depicted, and InternetPerils continues to track it."

Here are seven other interesting anti-phishing projects, and a hint to the ISPs who really want to know what their customers are (unknowingly) up to.

Visual Thesaurus on Security

In case you haven't heard of the Thinkmap Visual Thesaurus, it's an "interactive dictionary and thesaurus which creates word maps that blossom with meanings and branch to related words. Its innovative display encourages exploration and learning. You'll understand language in a powerful new way." With its current database size and outstanding usability build into the interface, it has a lot of potential for growth, and I'm sure you'll find out the same if you play with it for a little while.

Testing Anti Virus Software Against Packed Malware

Very interesting idea as packed malware is something rather common these days, and as we've seen the recent use of commercial packers in the "skype trojan" malware authors are definitely aware of the concept. What the authors did was to pack the following malware using 21 different packers/software protectors - Backdoor.Win32.BO_Installer, Email-Worm.Win32.Bagle, Email-Worm.Win32.Menger, Email-Worm.Win32.Naked, Email-Worm.Win32.Swen, Worm.Win32.AimVen, Trojan-PSW.Win32.Avisa, Trojan-Clicker.Win32.Getfound, and scan them with various anti virus software to measure which ones excel at detecting packed malware. What some vendors are best at detecting others doesn't have a clue about, but the more data to back up your personal experience, the better for your decision-making.