Catching up with last week's Travel Without Moving shot, this one isn't intelligence of military related, but a marvelous engineering achievement, Erasmus Bridge -- perhaps the perfect moment to demonstrate my amateur photographer skills while tripping around. I will definitely share more shots from cons and life, the way I experience it, anytime now. And meanwhile, you can take a peek at the latest addition to the Eyeball Series, the North Korean Missile Launch Furor -- catching up with a conventional weaponry doctrine is anything else but a milestone.
Google Earth and Google Maps continue making the headlines as a "threat" to national security, where the key points remain the balancing of satellite reconnaissance capabilities between developed and developing nations, the freshness of the data, and it's quality. Sensitive locations can indeed be spotted, and then again, so what? And, with the launch of Geoportail.fr the French government aims at achieving transparency, rather than overhyping this common sense "insecurity".
Sunday, June 25, 2006
Travel Without Moving - Erasmus Bridge
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Saturday, June 24, 2006
No Other Place Like 127.0.0.1
Sincere apologies for the sudden disappearance, but thanks for the interest even though I haven't been active for the last week due to quality offline activities. No other place like 127.0.0.1, and the smell of an untouched by human hand, Cold War era postage stamps glue on my high value collections -- I do own several "stamp anomalies".
Collecting postage stamps is a challenging hobby for a teenager to have, mostly because of his usually low income, and this rather expensive hobby.The solution in my case back then, was bargaining while reselling ancient coins and purchasing postage stamps through the margins.While every collection has its story on how I acquired it, perhaps the most important thing I realized back then was that, if you don't respect something, sooner or later you're going to lose it to someone with a better attitude towards it.
Posting will resume shortly, a lot has happened for a week, and the only thing I pretend I'm not good at is wasting my time. As a matter of fact, I've got some very nice comments out of a presentation held at the University of Dresden, Germany, regarding my Future trends of malware research.
Collecting postage stamps is a challenging hobby for a teenager to have, mostly because of his usually low income, and this rather expensive hobby.The solution in my case back then, was bargaining while reselling ancient coins and purchasing postage stamps through the margins.While every collection has its story on how I acquired it, perhaps the most important thing I realized back then was that, if you don't respect something, sooner or later you're going to lose it to someone with a better attitude towards it.
Posting will resume shortly, a lot has happened for a week, and the only thing I pretend I'm not good at is wasting my time. As a matter of fact, I've got some very nice comments out of a presentation held at the University of Dresden, Germany, regarding my Future trends of malware research.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Tuesday, June 13, 2006
Web Application Email Harvesting Worm
This is a rare example of a web application vulnerability worm, targeting one of the most popular free email providers by harvesting emails within their 1GB mailboxes, and of course propagating further.
"Yahoo! on Monday has repaired a vulnerability in its email service that allowed a worm to harvest email addresses from a user accounts and further spread itself. The JS/Yamanner worm automatically executes when a user opens the message in the Yahoo Mail service. It uses JavaScript to exploit a flaw that until today was unpatched. Yahoo later on Monday fixed the vulnerability. "We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo! Mail customers, and requires no additional action on the part of the user," Yahoo! spokeswoman Kelley Podboy said in an emailed statement."
Web application worms have the potential to dominate the malware threatscape given the amount of traffic their platforms receive, my point is that even within a tiny timeframe like this, one could achieve speed and efficiency like we've only seen in single-packet worms.
In a previous post related to the "Current State of Web Application Worms", you can also find more comments and resources on the topic. Rather defensive, the content spoofing exploiting the trust between the parties that I mentioned is nothing compared to the automated harvesting in this case. As there's naturally active research done in Bluetooth honeypots, IM honeypots, ICQ honeypots, Google Hacking honeypots, it's about time to start seeding your spam trap emails within free email providers or social networking providers.
The stakes are too high not to be exploited in one way or another, I hope we'll some day get surprised by a top web property coming up with a fixed vulnerability on their own. Realizing the importance of their emerging position as attack vector for malware authors is yet another issue to keep in mind. And the best part about web services is their push patching approach, you're always running the latest version, so relaying on end users is totally out of the question.
Find out more details on the worm, and comments as well.
UPDATE: Rather active month when it comes web application malware events, another Data-Theft Worm Targets Google's Orkut.
"Yahoo! on Monday has repaired a vulnerability in its email service that allowed a worm to harvest email addresses from a user accounts and further spread itself. The JS/Yamanner worm automatically executes when a user opens the message in the Yahoo Mail service. It uses JavaScript to exploit a flaw that until today was unpatched. Yahoo later on Monday fixed the vulnerability. "We have taken steps to resolve the issue and protect our users from further attacks of this worm. The solution has been automatically distributed to all Yahoo! Mail customers, and requires no additional action on the part of the user," Yahoo! spokeswoman Kelley Podboy said in an emailed statement."
Web application worms have the potential to dominate the malware threatscape given the amount of traffic their platforms receive, my point is that even within a tiny timeframe like this, one could achieve speed and efficiency like we've only seen in single-packet worms.
In a previous post related to the "Current State of Web Application Worms", you can also find more comments and resources on the topic. Rather defensive, the content spoofing exploiting the trust between the parties that I mentioned is nothing compared to the automated harvesting in this case. As there's naturally active research done in Bluetooth honeypots, IM honeypots, ICQ honeypots, Google Hacking honeypots, it's about time to start seeding your spam trap emails within free email providers or social networking providers.
The stakes are too high not to be exploited in one way or another, I hope we'll some day get surprised by a top web property coming up with a fixed vulnerability on their own. Realizing the importance of their emerging position as attack vector for malware authors is yet another issue to keep in mind. And the best part about web services is their push patching approach, you're always running the latest version, so relaying on end users is totally out of the question.
Find out more details on the worm, and comments as well.
UPDATE: Rather active month when it comes web application malware events, another Data-Theft Worm Targets Google's Orkut.
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Consolidation, or Startups Popping out Like Mushrooms?
If technology is the enabler, and the hot commodity these days, spammers will definitely twist the concept of targeted marketing, while taking advantage of them. Last week I've mentioned the concepts of VoIP, WiFi and Cell phone spam that are slowly starting to take place.
Gartner recently expressed a (pricey) opinion on the upcoming consolidation of spam vendors, while I feel they totally ignored the technological revolution of spamming to come -- IPSec is also said to be dead by 2008..
"The current glut of anti-spam vendors is about to end, analysts at Gartner said Wednesday. But enterprises shouldn’t stay on the sidelines until the shakeout is over. By the end of the year, Gartner predicted, the current roster of about 40 vendors in the enterprise anti-spam filtering market will shrink to fewer than 10. As consolidation accelerates and as anti-spam technology continues to rapidly change, most of today’s vendors will be "left by the wayside," said Maurene Caplan Grey, a research director with Gartner, and one of two analysts who authored a recently-released report on the state of the anti-spam market."
The consequence of cheap hardware, HR on demand, angel investors falling from the sky on daily basis, and acquiring vendor licensed IP, would result in start ups popping up like mushrooms to cover the newly developed market segments, and some will stick it long enough not to get acquired given they realize they poses a core competency.
Sensor networks, spam traps, bayesian filters, all are holding the front, while we've getting used to "an acceptable level of spam", not the lack of it. What's emerging for the time being is the next logical stage, that's localized spam on native languages, and believe it or not, its gets through the filters, and impacts productivity, the major problem posed by spam.
SiteAdvisor -- I feel I'm almost acting as an evangelist of the idea -- recently responded to Scandoo's concept, by wisely starting to take advantage of their growing database, and provide the feature in email clients while protecting against phishing attacks. End users wouldn't consider insecure search by default in order to change their googling habits, they trust Google more than they would trust an extension, and they'd rather have to worry about Google abusing their click stream, compared to anything else. Anti-Phishing toolbars are a buzz, and it's nice to see the way they're orbiting around it.
Be a mushroom, don't look for an umbrella from day one!
Gartner recently expressed a (pricey) opinion on the upcoming consolidation of spam vendors, while I feel they totally ignored the technological revolution of spamming to come -- IPSec is also said to be dead by 2008..
"The current glut of anti-spam vendors is about to end, analysts at Gartner said Wednesday. But enterprises shouldn’t stay on the sidelines until the shakeout is over. By the end of the year, Gartner predicted, the current roster of about 40 vendors in the enterprise anti-spam filtering market will shrink to fewer than 10. As consolidation accelerates and as anti-spam technology continues to rapidly change, most of today’s vendors will be "left by the wayside," said Maurene Caplan Grey, a research director with Gartner, and one of two analysts who authored a recently-released report on the state of the anti-spam market."
The consequence of cheap hardware, HR on demand, angel investors falling from the sky on daily basis, and acquiring vendor licensed IP, would result in start ups popping up like mushrooms to cover the newly developed market segments, and some will stick it long enough not to get acquired given they realize they poses a core competency.
Sensor networks, spam traps, bayesian filters, all are holding the front, while we've getting used to "an acceptable level of spam", not the lack of it. What's emerging for the time being is the next logical stage, that's localized spam on native languages, and believe it or not, its gets through the filters, and impacts productivity, the major problem posed by spam.
SiteAdvisor -- I feel I'm almost acting as an evangelist of the idea -- recently responded to Scandoo's concept, by wisely starting to take advantage of their growing database, and provide the feature in email clients while protecting against phishing attacks. End users wouldn't consider insecure search by default in order to change their googling habits, they trust Google more than they would trust an extension, and they'd rather have to worry about Google abusing their click stream, compared to anything else. Anti-Phishing toolbars are a buzz, and it's nice to see the way they're orbiting around it.
Be a mushroom, don't look for an umbrella from day one!
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Comments (Atom)