She Loves Me, She Loves Me Not

I'm in love, with myself at the first place, and while Saint Valentine's meant to reboot a relationship so to speak, every day should be a Saint Valentine's day in a relationship. Do you trip on love? Malware authors always do around the 14th of February.

Quote of the day - No promises, no demands, love is a battlefield -- or drug like addiction? Via Tech_Space.

Emerging DDoS Attack Trends

In a previous post I emphasized on the long-term trend of how DoS attacks have the potential to cause as much damage as a full-scale DDoS attack, and increase their chance of not getting detected while require less resources. Looks like Prolexic Technologies are thinking in the same direction and warning that :

"IT security bosses will have to be increasingly vigilant in 2007 as criminals exploit new ways of ensuring distributed denial of service (DDOS) attacks cause the maximum damage and circumvent filtering technology, according to DDOS protection specialist Prolexic.While there will continue to be large-scale consumption-based attacks this year, attackers have learned that smaller, customised attacks tailored to web servers' application logic can have similar effects but require smaller botnets to generate, according to Prolexic president Keith Laslop."The requests will bring your CPU usage up to 100 percent by doing things like registering as a new customer" he said. "There is a slow frequency of requests so it will not trigger third-party [detection] technology, and intrusion-detection systems are not designed to notice these attacks."

Attacks like these while not conducted by malicious parties, are already happening at Britain's Prime Minister web site, though these should have been anticipated earlier.

As always, assessing risk as if you are a part of a red team provides the best security for your network. Think malicious attackers. If they're able to fingerprint the software running on your boxes and get under the skin of your web applications, a surgical and specifically crafted DoS attack would not only require less resources compared to a DDoS one, but would also make it a little bit harded for incident forensic investigator to react in a timely manner. So while you're preparing for a constant Gbytes stream, attackers will shift tactics.

Here's more info on the recent -- totally futile -- attempt to attack the root domain servers.

Gender Based Censorship in the News Media

Great perspective. The author Dr. Agnes Callamard even got the data to prove it. Limiting the freedom of expression for the sake of securing political or economic investments - so realistic. When it comes to gender based censorship, things have greatly changed during the last decade if you keep an eye on Fortune's Most Powerful Women stats. Sexism is so old-fashioned, and diversity among top management has been taking place for a while, moreover, professional oriented women next to the family oriented ones are increasing -- my type -- but then again if all men are alike, and all women too, look for the exceptions. And by the way, since when does age became a benchmark for a quality point of view or a criteria for knowledge, stereotypes keep you -- the baby boomers -- blindly protected, now aren't they? Trouble is, some evolve faster then you'll ever do, because you are your own benchmark in times when opinionated self-starters make an impact on a daily basis. Success is a state of mind, gender doesn't matter and never did :

"In particular, the results of the GMMP 2005 show and ARTICLE 19’s own work confirms that censorship can be the handmaiden of gender-based power, discrimination and inequality and further, that this type of censorship may be exercised via and by the media. This gender-based censorship is comprised of dynamics that are both systematic and selective in nature, explicit and implicit by expression, intentional and unintentional in outcome and both deliberate and thoughtless in impact. It expresses itself in many shapes, colours, and voices. But ultimately, like all other forms of censorship, it alters reality, dis-empowers, controls, renders invisible, and silences."

I'm still sticking to my point that if girls/women didn't hate each other so much, or let's say be less jealous of one another they could rule the world -- they do rule the world as a matter of fact, but compared to posers media whoring on a daily basis, I'm convinced they're the true puppet masters behind the curtains, now aren't they? Just a thought.

Forensic Examination of Terrorists' Hard Drives

During the last year I presented my point of view on the topic in numerous posts, in order to debunk the common misunderstanding of Cyberterrorism as an offensive concept. And while real-time cyber intelligence can save lifes, a historical forensic examination like the this one may act as a case study to further model the behaviour of a terrorists before they strike. Here's a list worth looking up at Archive.org, courtesy of the now deceased Madrid bomber Jamal Ahmidan :

"The below is a list of web sites found to have been visited by Ahmidan or accomplices. The list is not inclusive, but merely represents those sites in the indictment the names of which the author recognized based on close to five years of routine monitoring of jihadist activity online. Quite a few of these sites were likely to have been "under surveillance" during the time when Ahmidan and/or his associates accessed them. Had their IP addresses been reported to Spanish authorities at the time these sites were accessed, and had the authorities in Spain then followed up on such reports, it is entirely reasonable to expect that the Madrid bombing of 11 March 2004 could have been prevented."

Cyberterrorism is so not overhyped, it's just a concept discussed from the wrong angle and that's the myth of terrorists using electronic means for killing people. A terrorists' training camp is considered a military target since it provides them the playground to develop their abilities. Sooner or later, it will feel the heat and dissapear from the face of the Earth, they know it, but don't care mainly because they've already produced and are distributing Spetsnaz type of video training sessions. So abusing information or the information medium itself is much more powerful from their perspective then destroying their means for communication, spread propaganda, and obviously recruit. Real-time open source intelligence and accurate risk assessment of specific situations to prioritize the upcoming threat given the growing Jihadist web, is what should get more attention compared to data retention and data mining.

Meanwhile, in the real world, events across the globe are sometimes reaching the parody stage. Know your enemy, and don't underestimate his motivation.

Overachieving Technology Companies

Great dataset by Forbes - The 25 Fastest-Growing Tech Companies :

"Our selection process: We require at least $25 million in sales, 10% annual sales growth for five consecutive years, profitability over the past 12 months and 10% estimated annual profit growth for the next three to five years. We exclude firms with significant legal problems or other open-ended liabilities and also consider accounting and corporate governance scores from Audit Integrity of Los Angeles in making our final cuts."

Growth has many dimensions, and with any market's cyclical pattern it's important to assess the potential for sustainable long-term growth based on easy to influence market factors, as the balance of power in the tech market can sometimes change very quickly. Being a pioneer doesn't always count as the best alternative, and it's the companies able to differentiate among fads and emerging trends, the ones worth assessing. Diversification in market sectors with higher liquidity such as anti virus and perimeter defense, or making a long-term investment, that is positioning yourself as the default destination for a need that's only emerging for the time being remain rather popular -- and predictable -- strategic business moves. Leadership, vision, and courage matter, but money when it comes to innovation doesn't. Let's discuss several companies worth mentioning whatsoever :

_Google
Don't say cheese, say Google. The company's continuing to please market analysts with steady profits, whose stock ratings bring more investors' cash into the GoogleMachine and with the re-emerging -- this time more mature -- online advertising market bidding for keywords in a world of searching will remain profitable, the question every wonders is - until when? The naysayers, or the ones who couldn't obtain any Google shares constantly talk about several buzz words - decline in online advertising, click fraud, and index poisoning. And despite the fact that Yahoo's web properties may be attracting more traffic than Google's, Google's KISS principle and their vision to set quality search results and up-to-date index of the Web as a core competency in times when the Web is growing faster than ever before, is an incentive for advertisers and users to both trust, and do business with the company. Google may not have a market capitalization as high as Microsoft, but the flow of soft dollars, Google's shares as a fringe benefit and a bargain are winning more respect, attracting quality HR, and if that's not enought, disrupting and making the world a much more transparent place to live in. Now that sounds much better than a company that's always been earning over 50% of its revenues from its oldest products -- that's boring profitability.

_Salesforce.com
The on demand concept in action. Need processing power? Outsource. Need a large snapshot of the Web? Outsource. The very idea of outsourcing a task to someone's that's specializing in the area is a more cost effective way then you'll ever do, is major driving force. Besides all, why create a new CRM system or even advertising system, when there're standardized and already developed and ready to use ones? Salesforce.com is a true case study signalling the trend, and with the company empowering developers to contribute concepts, it's a win-win-win situation for everyone involved. Read more here.

_WebEx Communications
Some Internet services are often taken for granted, and they should be, but the companies that provide these commoditized benefits such as video conferencing, are always in the position to generate steady cash flow. Take WebEx Communications. Video conferencing was supposed to revolutionize the way people communicate and do business. Have you seen a decline in 1st class business travel, or has your company kindly asked you to start video conferencing with potential customers in order to cut costs? Now, who'll do business with a salesforce whose elevator pitch cannot be verified in the elevator in a face-2-face meeting anyway? Trust me, not the type of people you'll feel proud and secure to do business with. It's all about the targeted audience and who'll benefit most from the service in a specific time, and in a specific market cycle. Seems like WebEx are either good at sensing the market, or it's the very nature of the service and the level of brand awareness they've achieved when it comes to online video conferencing.

_Websense
Web filtering was a rather hot market segment couple of years ago when there was much more transparency in the dark corners of the Web. An URL containing information corporate users didn't really needed to be more productive was easy to spot, and the static nature of the Web compared to today's dynamically changing malicious sites was making it easy for the vendor to filter out the bad sites. Real-time evaluation, or sandboxing a site came into play, Web 2.0 "wisdom of crowds" SiteAdvisor started getting acceptance, Scandoo is slowly gaining ground, vendors such as ScanSafe diversifying already. So how is Websense still able to generate such revenue flows? The secret is in their sales force able to not only acquire new customers, but to most importantly retain their major ones, and of course diversification in market sectors such as data theft prevention. And like companies such as Google, Amazon and Ebay, Database as the "Intel Inside" is a major differentiator and can close a lot of deals.

To sum up - don't disrupt in irrelevance.

Receiving Everyone's Financial Statements

Bank institutions around the world - stay tuned for wannabe identity thieves requesting their statements while hoping you'll forward them everyone else's ones, in between. Smells like an over performing intern to me :

"An Aberdeen woman who asked for her bank statement was sent details of 75,000 other customers. Stephanie McLaughlan, 22, was sent the financial details by Halifax Bank of Scotland (HBOS). She received five packages each containing 500 sheets of 30 customers' names, sort codes and account details. HBOS apologised and said it was carrying out an investigation. The Information Commissioner's Office (ICO) said it would probe the "negligence."

Obviously, you can too play the U.S Department of Treasury requesting financial information from the SWIFT, but in this case - unintentionally.