Just one day before April 1st 2006 I came across this article :
"German retail banker Postbank will begin using electronic signatures on e-mails to its customers to help protect them from phishing attacks."
Catching up with the phishers seems to be a very worrisome future strategy. Electronic Signatures by themselves are rarely checked by anyone, and many more attack vectors are making the idea of this totally irrelevant. Moreover, a great research "Why phishing works" was recently released and it basically outlines basic facts such as how end users doesn't pay attention to security checks, if there's a definition of such given the attack vectors phishers have started using recently. In some of my previous posts "Security threats to consider when doing E-Banking", and "Anti Phishing toolbars - can you trust them?" I mentioned many other problems related to this bigger than it seems problem, what you should also keep an eye on is the good old ATM scam I hope you are aware of.
Postbank is often targeted by phishers, still, the best protection is the level of security awareness stated in here :
"Phishing attacks have led 80% of Germans to distrust banking related e-mails, according to TNS Infratest." Moreover, "Postbank's electronic signature service isn't possible with web-based e-mail services provided by local Internet service providers such as GMX GmbH and Freenet.de AG, according to Ebert. One exception is Web.de"
Thankfully, but that's when you are going in exactly the opposite direction than your customers are, while trying to estalibish reputable bank2customer relationship over email. Listen your customers first, and follow the trends, and do not try to use the most popular dissemination vector as a future communication one.
Something else in respect to recent phishing statistics is the key summary points of the recently released, AntiPhishingGroup's Report for January, 2006 report :
• Number of unique phishing reports received in January: 17,877
• Number of unique phishing sites received in January: 9715
• Number of brands hijacked by phishing campaigns in January: 101
• Number of brands comprising the top 80% of phishing campaigns in January: 6
• Country hosting the most phishing websites in January: United States
• Contain some form of target name in URL: 45 %
• No hostname just IP address: 30 %
• Percentage of sites not using port 80: 8 %
• Average time online for site: 5.0 days
• Longest time online for site: 31 days
I feel there's a lot more to expect than trying to re-establish the communication over a broken channel, as far as E-banking is concerned.
More resources you might be interested in taking a look at are :
Vulnerability of First-Generation Digital Certificates and Potential for Phishing Attacks
Netcraft: More than 450 Phishing Attacks Used SSL in 2005
SSL's Credibility as Phishing Defense Is Tested
Rootkit Pharming
The future of Phishing
Something is Phishy here...
Phishing Site Using Valid SSL Certificates
Thoughts on Using SSL/TLS Certificates as the Solution to Phishing
Technotati tags:
Security, Phishing, Scam, Banking
Wednesday, April 05, 2006
Heading in the opposite direction
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Securing political investments through censorship
I try to extensively blog on various privacy and Internet censorship related issues affecting different parts of the world, or provide comments on the big picture they way I see it.
Spending millions -- 6 million euro here, and I guess you also wouldn't let someone spread the word whether the cover is fancy enough for a vote or not -- on political campaigns to directly or indirectly influence the outcome of an election, is a common practice these days. Whereas, trying to build a wall around a government's practices is like having a tidal wave of comments smashing it. I recently came across the following article : "
"Singapore has reminded its citizens that web users who post commentary on upcoming elections could face prosecution. Election commentary is tightly controlled under Singaporean law; independent bloggers may comment on the election, but must register their site with the Media Development Authority (MDA)."
I'm so not into politics -- and try not to -- but threatening with prosecution on commentary, registering users, while not first "introducing yourself" as "During the November 2001 elections, Singapore's political parties limited their use of the Internet to posting schedules and candidate backgrounds." isn't the smartest long-term political strategy ever, don't you think?
More resources on the state of censorship in Singapore worth checking out are :
Internet Filtering in Singapore in 2004- 2005: A Country Study
EFF "Censorship - Singapore" Archive
Censorship in Singapore
To Net or Not to Net: Singapore’s Regulation of the Internet
Censorship Review Committee 2002/2003
The Internet and Political Control in Singapore
Technorati tags:
Censorship, Politics
Spending millions -- 6 million euro here, and I guess you also wouldn't let someone spread the word whether the cover is fancy enough for a vote or not -- on political campaigns to directly or indirectly influence the outcome of an election, is a common practice these days. Whereas, trying to build a wall around a government's practices is like having a tidal wave of comments smashing it. I recently came across the following article : "
"Singapore has reminded its citizens that web users who post commentary on upcoming elections could face prosecution. Election commentary is tightly controlled under Singaporean law; independent bloggers may comment on the election, but must register their site with the Media Development Authority (MDA)."
I'm so not into politics -- and try not to -- but threatening with prosecution on commentary, registering users, while not first "introducing yourself" as "During the November 2001 elections, Singapore's political parties limited their use of the Internet to posting schedules and candidate backgrounds." isn't the smartest long-term political strategy ever, don't you think?
More resources on the state of censorship in Singapore worth checking out are :
Internet Filtering in Singapore in 2004- 2005: A Country Study
EFF "Censorship - Singapore" Archive
Censorship in Singapore
To Net or Not to Net: Singapore’s Regulation of the Internet
Censorship Review Committee 2002/2003
The Internet and Political Control in Singapore
Technorati tags:
Censorship, Politics
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Insider fined $870
Insiders still remain an unresolved issue, where the biggest trade-off is the loss of productivity and trust in the organizational culture. According to the Sydney Morning Herald :
"A court in Guangzhou, capital of the southern Chinese province of Guangdong, has upheld a lower court's guilty verdict against Yan Yifan for selling stolen passwords and virtual goods related to the online game "Da Xihua Xiyou.The court upheld a $870 US fine, arguing that victimized players had spent time, energy, and money to obtain the digital items Yan sold. Yan stole the players' information while an employee for NetEase.com, the company behind the game."
So, it's not just 0days, Ebay/PayPal accounts, and spyware market entry positions for sale -- but virtual world goods as well.
While it's not a top espionage case, or one compared to the recent arrest of "two men, identified as Lee and Chang, on charges of industrial espionage for downloading advanced mobile phone designs from employer Samsung for sale to a major telecommunications firm in Kazakhstan", insiders still represent a growing trend that according to the most recent FBI's 2005 Computer Crime Survey, cost businesess $6,856,450.
Then again, failing to adequatly quantify the costs may either fail to assess the situation, or twist the results based on unmateliazed, but expected sales, as according to the company, "Samsung could have suffered losses of $1.3 billion US had the sale been completed." Trust is vital, and so is the confidence in Samsung's business case.
Technorati tags:
Security, Insider, Espionage
"A court in Guangzhou, capital of the southern Chinese province of Guangdong, has upheld a lower court's guilty verdict against Yan Yifan for selling stolen passwords and virtual goods related to the online game "Da Xihua Xiyou.The court upheld a $870 US fine, arguing that victimized players had spent time, energy, and money to obtain the digital items Yan sold. Yan stole the players' information while an employee for NetEase.com, the company behind the game."
So, it's not just 0days, Ebay/PayPal accounts, and spyware market entry positions for sale -- but virtual world goods as well.
While it's not a top espionage case, or one compared to the recent arrest of "two men, identified as Lee and Chang, on charges of industrial espionage for downloading advanced mobile phone designs from employer Samsung for sale to a major telecommunications firm in Kazakhstan", insiders still represent a growing trend that according to the most recent FBI's 2005 Computer Crime Survey, cost businesess $6,856,450.
Then again, failing to adequatly quantify the costs may either fail to assess the situation, or twist the results based on unmateliazed, but expected sales, as according to the company, "Samsung could have suffered losses of $1.3 billion US had the sale been completed." Trust is vital, and so is the confidence in Samsung's business case.
Technorati tags:
Security, Insider, Espionage
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
The "threat" by Google Earth has just vanished in the air
Or has it actually? In one of my previous posts "Security quotes : a FSB (successor to the KGB) analyst on Google Earth" I mentioned the usefulness of Google Earth by the general public, and the possibility to assist terrorists. The most popular argument on how useless the publicly available satellite imagery is that it doesn't provide a high-resolution images, and recent data as well -- that's of course unless you don't request one, but isn't it bothering you that here we have a street-side drive-by POC?
The recently introduced Windows Live Local Street-Side Drive-by (A9's maps have been around for quite a while), is setting a new benchmark for interactive OSINT -- if any as this is also a privacy violation that can be compared with efforts like these if it was in real-time. Having had several conversations with a friend that's way too much into satellite imagery than me, I've realized that starting from the basic fact of targeting a well known or a movie-plot location doesn't really requires satellite imagery. I find that today's sources basically provoke the imagination and the self-confidence -- and hopefully nothing more!
There have been numerous articles on the threat posed by Google Earth, and India seems to be the most concerned country about this for the time being :
"Chief of the Indian Army General J.J. Singh warns that Google Earth could endanger national security by providing high resolution photographs of strategic defense facilities. The software could prove especially useful to countries that do not have their own satellite capabilities. Singh called Google Earth a shared concern for all countries, requiring all countries to cooperate to address the issue. Indian President APJ Abdul Kalam has also expressed concerns over Google Earth and national security."
You can spend hours counting the cars in front of NSA's parking lot through public satellite imagery resources, still you would never get to see what's going on in there, I guess things have greatly changed since the days when tourists sent over the USSR, or exactly the opposite, to the U.S, would try to get hold of as many maps as possible finish the puzzle.
In some of my previous posts on Cyberterrorism, I said that terrorists are not rocket scientists until we make them feel so, and I'm still sticking to this statement, what about you? As a matter of fact, Schneier is inviting everyone to participate in the Movie-Plot Threat contest -- stuff like terrorist EMP warfare, Nuclear truck bombs (the same story from 3 years ago), and other science fiction scenarios worth keeping an eye on.
Terrorism is a profitable paranoia these days, that's constantly fuelling further growth in defense and intelligence spending, as satellite imagery is promoted for the bust of Bin Laden, whereas their infrastructure seems to pretty safe, isn't it? (More photos, 1, 2, 3, 4, 5, 6) I'd rather we have known parties as an adversary, the way it used to be during the Cold War, whose competition sent us in Space, and landed us on the Moon , instead of seeing terrorists everywhere and missing the big opportunity.
Technorati tags:
Security, Terrorism, Cyberterrorism, Privacy, Google Earth, Google Maps, Space, Microsoft Live, New Media
The recently introduced Windows Live Local Street-Side Drive-by (A9's maps have been around for quite a while), is setting a new benchmark for interactive OSINT -- if any as this is also a privacy violation that can be compared with efforts like these if it was in real-time. Having had several conversations with a friend that's way too much into satellite imagery than me, I've realized that starting from the basic fact of targeting a well known or a movie-plot location doesn't really requires satellite imagery. I find that today's sources basically provoke the imagination and the self-confidence -- and hopefully nothing more!
There have been numerous articles on the threat posed by Google Earth, and India seems to be the most concerned country about this for the time being :
"Chief of the Indian Army General J.J. Singh warns that Google Earth could endanger national security by providing high resolution photographs of strategic defense facilities. The software could prove especially useful to countries that do not have their own satellite capabilities. Singh called Google Earth a shared concern for all countries, requiring all countries to cooperate to address the issue. Indian President APJ Abdul Kalam has also expressed concerns over Google Earth and national security."
You can spend hours counting the cars in front of NSA's parking lot through public satellite imagery resources, still you would never get to see what's going on in there, I guess things have greatly changed since the days when tourists sent over the USSR, or exactly the opposite, to the U.S, would try to get hold of as many maps as possible finish the puzzle.
In some of my previous posts on Cyberterrorism, I said that terrorists are not rocket scientists until we make them feel so, and I'm still sticking to this statement, what about you? As a matter of fact, Schneier is inviting everyone to participate in the Movie-Plot Threat contest -- stuff like terrorist EMP warfare, Nuclear truck bombs (the same story from 3 years ago), and other science fiction scenarios worth keeping an eye on.
Terrorism is a profitable paranoia these days, that's constantly fuelling further growth in defense and intelligence spending, as satellite imagery is promoted for the bust of Bin Laden, whereas their infrastructure seems to pretty safe, isn't it? (More photos, 1, 2, 3, 4, 5, 6) I'd rather we have known parties as an adversary, the way it used to be during the Cold War, whose competition sent us in Space, and landed us on the Moon , instead of seeing terrorists everywhere and missing the big opportunity.
Technorati tags:
Security, Terrorism, Cyberterrorism, Privacy, Google Earth, Google Maps, Space, Microsoft Live, New Media
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Monday, April 03, 2006
Wanna get yourself a portable Enigma encryption machine?
Hurry up, you still have 5 hours to participate in the sale at Ebay as the BetaNews reported "eBay has long been a purveyor of the unusual and the unique, but it's not often an authentic piece of tech history captures as much attention as the Enigma 3 portable cipher machine that has racked up bids of almost 16,000 euros. The Enigma device was used extensively by Nazi Germany during World War II."
The Enigma machine was a key success factor for the Germans during WWII, until of course its messages started getting deciphered, it's great someone managed to preserve and resell one. Today's situation is entirely different, namely an average Internet user can easily encrypt data achieving military standards with the use of public tools, where Phil Zimmerman's PGP has been cause troubles for governments across the world since its release.
However, what the majority of end users don't realize is the how the keys lenght and the passphrase's quality means totally nothing when law enforcement is sometimes empowered to use spyware, and that quantum cryptography is also subject to attacks. Client side attacks and social engineering ones don't take into consideration any key lenght -- just naivety. In one of my previous posts "Get the chance to crack unbroken Nazi Enigma ciphers"
I mentioned about the existence of a distributed project to crack unroken nazi ciphers you can freely participate into. Being a total paranoid in respect to my favorite SetiATHome, you should also consider the possibility of a SETI Hacker -- which partly happened in Contact in case you reckon.
Technorati tags :
Cryptography, Encryption, Enigma
The Enigma machine was a key success factor for the Germans during WWII, until of course its messages started getting deciphered, it's great someone managed to preserve and resell one. Today's situation is entirely different, namely an average Internet user can easily encrypt data achieving military standards with the use of public tools, where Phil Zimmerman's PGP has been cause troubles for governments across the world since its release.
However, what the majority of end users don't realize is the how the keys lenght and the passphrase's quality means totally nothing when law enforcement is sometimes empowered to use spyware, and that quantum cryptography is also subject to attacks. Client side attacks and social engineering ones don't take into consideration any key lenght -- just naivety. In one of my previous posts "Get the chance to crack unbroken Nazi Enigma ciphers"
I mentioned about the existence of a distributed project to crack unroken nazi ciphers you can freely participate into. Being a total paranoid in respect to my favorite SetiATHome, you should also consider the possibility of a SETI Hacker -- which partly happened in Contact in case you reckon.
Technorati tags :
Cryptography, Encryption, Enigma
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Friday, March 31, 2006
March's Security Streams
A quick summary of March's Security Streams ( January, February ). It was an unbelievably busy month, and while I'm multitasking and diversifying on a daily basis, I'm certain you've enjoyed this month's streams, thanks for all the feedback you've been sending, it's a small world if you just let yourself realize it!
1. "DVD of the (past) weekend" The Lawnmower man -- God made him simple, Science made him God!
2. "February's Security Streams" a summary of all the posts during February
3. "Anti Phishing toolbars - can you trust them?" Recent phishing trends and the usefulness of anti-phishing toolbars discussed -- at the bottom line the complexity of the relatively simple concepts seems to ruin the whole effect, but wish phishing was that simple!
4. "Data mining, terrorism and security" Commentary on NSA's data mining interests and the still active Total Information Awareness program. Data mining is a very popular trend towards fighting terrorism -- and too ambitious, whereas storage of someone's life in a digital form is getting even cheaper, making sense of it all in a timely fashion still remains the biggest problem
5. "5 things Microsoft can do to secure the Internet, and why it wouldn't?" That's the second most popular post this month, right after "Where's my Oday, please?". Basically, it gives an overview of key points Microsoft can execute in order to secure the insecure by default Internet, and why it wouldn't. The post isn't biased at all, it's just the fact that their QA procedures open up the most easily exploited windows of vulnerability ever -- client side attacks on the IE browser. As a matter of fact, Fortune's latest issue has interviewed Steve Balmer in their QuestionAuthority column -- important fact MS's investors should keep in mind in respect to the future competitiveness of the company is how Balmer's kids are forbidden from using iPods and Google, which is very sad
6. "The Future of Privacy = don't over-empower the watchers!" We sacrifice our privacy, or have it abused on a daily basis in order to function in today's digital society, whereas there's nothing groundbreaking as a future trend besides giving too much power to the Watchers ensuring our "Security vs Privacy or what's left left from it"
7. "Where's my 0day, please?" Introducing the International Exploits Shop and providing relevant comments on the current state of the market for software vulnerabilities -- I wonder are the informediaries already talking/realizing the potential for an 0bay auction model as given the growing number of both sellers and buyers, such a model would sooner or later emerge. If it does not, you will continue comming across or digging for sites offering fresh 0day exploits that have the capacity to keep the media echo for yet another several weeks. CERT is totally out of the question, end users doesn't know what is going on, and everyone is trying to cash for being a vulnerability digger, not a researcher!
8. "DVD of the Weekend - The Immortals" Forget entertainment and enjoy this visionary adaptation of Enki Bilal's Nikopol Trilogy
9. "Security vs Privacy or what's left from it" Sacrifices drive success to a certain extend, whereas Security shouldn't be sacrifices for Privacy, at any cost!
10. "Old physical security threats still working" The old physical security trick of abusing a CD/DVD's autostart feature by installing malware on the PC seems to be fully working even today, which isn't a big suprise at all. Physical security threats have greatly change on the other hand as employers themselves have realized the possibility for insider abuse. And while you might be a little more secure from threats like these, at the end of they day you'll probably have your boss snooping around to find out where's that abnormal P2P traffic coming from :)
11. "Getting paid for getting hacked" Cyber insurance seems very attractive, and it really is, have your company's databases stolen, you'll get premium for it, receive a DDoS extortion letter, get it paid with a smile on the herder's face. Moreover, considering the big picture, I feel you'd rather have a security vendor take care of the consultation process, with the idea that their revenues will be at least spend on R&D security investments compared to an insurance company, or that's how at least I see it
12."Successful" communication" Dilbert rocks my world, my most important point on commercializing vulnerability research is how it's happening in exactly the worst moment ever. The immature concept of reporting vulnerabilities and the economics of the process itself didn't really need money in between. In the eyes of these vendors, which as a matter of fact go through my posts, I am a naysayer, and I'm not. I'm just trying to keep up a constructive discussion, and the results of it will soon be posted in here
13. "Weekend Vibes - Psychedelic/Goa Trance" My music evolution went through Rainbow, Deep Purple, started getting "hard" with Metallica, Off Spring, Guano Apes, to today's mix of alternative, classic rock and psychedelic/goa trance. No matter how your taste changes, don't forget where you've started from
14. "Is a Space Warfare arms race really coming?" Yes, it is and the more awareness is build on this issue, the higher the public discussion and hopefully, transparency of the activities. I find Secrecy a double-edged sword for an intelligence/military agency, as sometimes you just need to hear an average person's opinion on your megalomaniac ambitions. But given you are sincerelly backed up by a couple of billion dollars budget, your purchasing power becomes a bad habit of yours
15. "The Practical Complexities of Adware Advertising" Advertising players simply cannot periodically evaluate the maliciousness of their members as they will lose the scale necessary to keep the revenues growing. The participants on the other hand, are indeed getting ads and paid for displaying them, and of course, questionable content from time to time. Seaching around the IAB's site however, you wouldn't find any info on the idea of spyware/adware in today's booming online advertising market
16."Privacy issues related to mobile and wireless Internet access" Both end users and companies are "going mobile" and thefore the possibilities for privacy violations/physical security location are getting even more relevant
17."DVD of the Weekend - War Games" A little something on the movie and the recent "yet another Microsoft IE 0day" in the wild case
18."Are cyber criminals or bureaucrats the industry's top performer?" Paper tigers have an unprecedented effect on the loss of productivity and a society's progress -- the worst thing is how much they actually enjoy it! A very resourceful post that covers some important issues to keep in mind
19."Visualization in the Security and New Media world" or why a picture is worth a thousand packets?
UPDATE : Here are the unique and returning visitor graphs for the last several months, the outcome? Learn to understand your readers and how to retain them, thank you all for expressing your comments, contacting me, and keeping the discussion going!
Technorati tags :
Security, Information Security
1. "DVD of the (past) weekend" The Lawnmower man -- God made him simple, Science made him God!
2. "February's Security Streams" a summary of all the posts during February
3. "Anti Phishing toolbars - can you trust them?" Recent phishing trends and the usefulness of anti-phishing toolbars discussed -- at the bottom line the complexity of the relatively simple concepts seems to ruin the whole effect, but wish phishing was that simple!
4. "Data mining, terrorism and security" Commentary on NSA's data mining interests and the still active Total Information Awareness program. Data mining is a very popular trend towards fighting terrorism -- and too ambitious, whereas storage of someone's life in a digital form is getting even cheaper, making sense of it all in a timely fashion still remains the biggest problem
5. "5 things Microsoft can do to secure the Internet, and why it wouldn't?" That's the second most popular post this month, right after "Where's my Oday, please?". Basically, it gives an overview of key points Microsoft can execute in order to secure the insecure by default Internet, and why it wouldn't. The post isn't biased at all, it's just the fact that their QA procedures open up the most easily exploited windows of vulnerability ever -- client side attacks on the IE browser. As a matter of fact, Fortune's latest issue has interviewed Steve Balmer in their QuestionAuthority column -- important fact MS's investors should keep in mind in respect to the future competitiveness of the company is how Balmer's kids are forbidden from using iPods and Google, which is very sad
6. "The Future of Privacy = don't over-empower the watchers!" We sacrifice our privacy, or have it abused on a daily basis in order to function in today's digital society, whereas there's nothing groundbreaking as a future trend besides giving too much power to the Watchers ensuring our "Security vs Privacy or what's left left from it"
7. "Where's my 0day, please?" Introducing the International Exploits Shop and providing relevant comments on the current state of the market for software vulnerabilities -- I wonder are the informediaries already talking/realizing the potential for an 0bay auction model as given the growing number of both sellers and buyers, such a model would sooner or later emerge. If it does not, you will continue comming across or digging for sites offering fresh 0day exploits that have the capacity to keep the media echo for yet another several weeks. CERT is totally out of the question, end users doesn't know what is going on, and everyone is trying to cash for being a vulnerability digger, not a researcher!
8. "DVD of the Weekend - The Immortals" Forget entertainment and enjoy this visionary adaptation of Enki Bilal's Nikopol Trilogy
9. "Security vs Privacy or what's left from it" Sacrifices drive success to a certain extend, whereas Security shouldn't be sacrifices for Privacy, at any cost!
10. "Old physical security threats still working" The old physical security trick of abusing a CD/DVD's autostart feature by installing malware on the PC seems to be fully working even today, which isn't a big suprise at all. Physical security threats have greatly change on the other hand as employers themselves have realized the possibility for insider abuse. And while you might be a little more secure from threats like these, at the end of they day you'll probably have your boss snooping around to find out where's that abnormal P2P traffic coming from :)
11. "Getting paid for getting hacked" Cyber insurance seems very attractive, and it really is, have your company's databases stolen, you'll get premium for it, receive a DDoS extortion letter, get it paid with a smile on the herder's face. Moreover, considering the big picture, I feel you'd rather have a security vendor take care of the consultation process, with the idea that their revenues will be at least spend on R&D security investments compared to an insurance company, or that's how at least I see it
12."Successful" communication" Dilbert rocks my world, my most important point on commercializing vulnerability research is how it's happening in exactly the worst moment ever. The immature concept of reporting vulnerabilities and the economics of the process itself didn't really need money in between. In the eyes of these vendors, which as a matter of fact go through my posts, I am a naysayer, and I'm not. I'm just trying to keep up a constructive discussion, and the results of it will soon be posted in here
13. "Weekend Vibes - Psychedelic/Goa Trance" My music evolution went through Rainbow, Deep Purple, started getting "hard" with Metallica, Off Spring, Guano Apes, to today's mix of alternative, classic rock and psychedelic/goa trance. No matter how your taste changes, don't forget where you've started from
14. "Is a Space Warfare arms race really coming?" Yes, it is and the more awareness is build on this issue, the higher the public discussion and hopefully, transparency of the activities. I find Secrecy a double-edged sword for an intelligence/military agency, as sometimes you just need to hear an average person's opinion on your megalomaniac ambitions. But given you are sincerelly backed up by a couple of billion dollars budget, your purchasing power becomes a bad habit of yours
15. "The Practical Complexities of Adware Advertising" Advertising players simply cannot periodically evaluate the maliciousness of their members as they will lose the scale necessary to keep the revenues growing. The participants on the other hand, are indeed getting ads and paid for displaying them, and of course, questionable content from time to time. Seaching around the IAB's site however, you wouldn't find any info on the idea of spyware/adware in today's booming online advertising market
16."Privacy issues related to mobile and wireless Internet access" Both end users and companies are "going mobile" and thefore the possibilities for privacy violations/physical security location are getting even more relevant
17."DVD of the Weekend - War Games" A little something on the movie and the recent "yet another Microsoft IE 0day" in the wild case
18."Are cyber criminals or bureaucrats the industry's top performer?" Paper tigers have an unprecedented effect on the loss of productivity and a society's progress -- the worst thing is how much they actually enjoy it! A very resourceful post that covers some important issues to keep in mind
19."Visualization in the Security and New Media world" or why a picture is worth a thousand packets?
UPDATE : Here are the unique and returning visitor graphs for the last several months, the outcome? Learn to understand your readers and how to retain them, thank you all for expressing your comments, contacting me, and keeping the discussion going!
Technorati tags :
Security, Information Security
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Comments (Atom)