Microsoft's Forefront Ad Campaign

The introduction of Microsoft's Forefront security solutions is already backed up by a huge ad campaign that can be seen on the majority of tech-news portals. The campaign is however lacking a consistent vision to communicate the benefits and main differentiation points -- if any -- of the product, and is barely informing that it exists in a not so creative way :

There's nothing in Forefront that really makes it notably better or worse than any other solutions that are already in the marketplace. However, the Microsoft name may be sufficient for it to steal market share, and a better integration with other Microsoft solutions…is likely to be a bit of a differentiator,” said Quin. Faced with increasing competition from Microsoft, Symantec Corp. questioned Microsoft's ability to effectively protect enterprise customers.

Trying to be witty too much while fighting ninjas and aliens often results in your ad campaign "clowning" in the eyes of a prospective customer. Security is indeed a cosmic phenomenon for Microsoft, an unexplained pseudo-randomly generated event that's continuing to be researched and analyzed for generations to come. Can they achieve desirable results? Will penetration pricing help? And will the ad agency that got commisioned with the ad campaign come up with a bit of a more creative psychological imagination the next time?

A pure example of an acquisition-to-solution strategy compared to AOLs licensing of a reputable AV vendor's technology, in order for them to enter the market segment as well.

Jihadists' Anonymous Internet Surfing Preferences

Jihadists are logically not just interested in encryption and steganography but also, in ways to anonymize their web surfing activities as much as possible. A wannabe jihadist whose tips and recommendations have gained him a lot of reputation around the forums I follow, recently came up with an in-depth article on recommended and reviewed IP cloaking services with direct download links in between. It makes stats like these questionable to a certain extend as I've already pointed out. Among the IP cloaking tools reviewed are :
- Steganos Internet Anonym Pro
- Hide IP Platinum 3.1
- Proxy Switcher Pro
- Invisible Browsing v5.0.52

TOR is, of course, mentioned as well but at the bottom of the article citing performance issues compared to commercial solutions. IP decloaking is not even considered as a concept.

Counter Espionage Tips from the Cold War

There's nothing old-fashioned in short films like these representing possible techniques used by intelligence services while recruiting - "Cold War counter-spy instructional film created to convince government officials traveling with top secret info to watch their backs. Watch hapless G-men get seduced and setup for blackmail by treacherous Soviet she-spies"



And despite that today's perception of sexy she-spies has evolved proportionally with the technological advances in espionage, some of the tips are still emphasizing on the basics.

A Client Application for "Secure" E-banking?

This is perhaps the second product concept myopia right after the lie detection software for text comminations I come across to recently. Remember a previous post heading in the opposite direction, where a bank was trying to rebuild confidence in the most abused phishing medium - the email - to keep in touch with its customers? Here's another company that's betting on a third-party client application to solve the problem of secure E-banking totally falling victim in the secure channel communication myopia one that I think has nothing to do with reality when it comes to the success of phishing :

"Here’s how Armored Online works: A company, such as a financial institution or online retailer, offers a downloadable client to customers through its website. That client then gives the customer’s computer a secure channel with which to communicate and transact with the company. Its Java-based browser is locked down, meaning it won’t accept any plug-ins, like cookies used by criminals. What’s more, the client can only “talk” to the server at the bank or online store. “It’s like iTunes for banks,” Mr. Sowerby said."

The attack of the disabled cookies? Not really, so be realistic. Coming up with a third-party application as the cornerstone of E-banking security directly conflicts with E-banking's biggest benefit - flexibility due to the compatibility with the most popular browsers. So you'd rather focus on the current situation - Brandjacking instead of re-inventing the SSL wheel -- as a matter of fact the Gozi trojan and the Nuclear Grabber are quite comfortable with SSL as they bypass it entirely. Even worse, a trojanized copy of the program will emerge given it receives any acceptance at all. And if banks start embracing it -- don't -- we can easily start talking about DRM enabled E-banking where, both, banks and customers will turn into virtual hostages to a third-party application trying to reboot the market for anti-phishing services, totally forgetting the problem is not in the lack of unencrypted transactions as no one is sniffing the credentials, but pushing fake sites instead of letting customers pull the sites for themselves.

Don't disrupt in irrelevance.

A Malware Loader For Sale

Continuing the Shots from the Malicious Wild West series and the yet another malware tool in the wild posts, here’s a recently advertised malware loader. Polymorphism, built in packing functions and the ability to set an interval for loading yet another executable at a URL or a URL redirector, DIY firewalls unloading techniques, pretty much anything ugly is in place -- as usual. The loader's source code is currently available for $150, undetected bots go for $15 per piece. Malware on demand in principle, or malicious economies of scale?

MySpace's Sex Offenders Problem

MySpace, being one of the most popular social networking sites is always under fire on its efforts to combat known child offenders registering and using its database to find what they're looking for. The problem isn’t MySpace as a faciliator for such type of communications but the vast amounts of personal information -- future contact points -- kids publish about themselves online, not knowing that on the Internet anyone can be a dog and most importantly, parents loosing the emotional connection with their kids and making it easier for someone to break the ice and establish trust.

Several months ago, funded by nothing more but his common sense Kevin Poulsen gathered name data from the U.S public child offenders registry and found positive results with people -- thankfully -- stupid enough to use their real names. And while they wouldn't do it again the next time instead of making it easier to aggregate the data, a CAPTCHA to limit such automatic activities was implemented. Don't blame MySpace blame bureaucracy. Meanwhile, here's an article on U.S authorities demanding that MySpace provide data on identified and removed known child offenders -- they agreed :

"MySpace agreed Monday to provide the information to all states after some members of the group filed subpoenas or took other legal actions to demand it. The company said last week such efforts were required under the federal Electronic Communications Privacy Act before it could legally release the data."Different states are going about it different ways," said Noelle Talley, spokeswoman for Cooper, who filed a "civil investigative demand" for the information. Connecticut Attorney General Richard Blumenthal used a subpoena that "compels this information right away - within hours, not weeks, without delay - because it is vital to protecting children," he said."

If protecting children is vital, remove the CAPTCHA so everyone knowing how to aggregate and tweak the data will come up with far more sophisticated stats than the ones currently available. Actual results too. Next time it would become harder to track them, so don’t count on measures like these instead, ensure naughty conversations aren’t taking place at all. Makes me wonder one thing - should you be filtering known child offenders on the Internet perhaps a futile attempt given the pseudo-personalities they could establish, or at the ISP level and put them under surveillance right from the very beginning? Of course child offenders should not have unmonitored access to the Internet so rethink the basics.

Related posts:
Registered Sex Offenders on MySpace
IMSafer Now MySpace Compatible