Is APT After You?

Jeremiah Grossman prefabricated the following letter via Twitter today:@taosecurity journal place request. Signs that an individual or methodicalness is or haw be an APT target. + added threat denotive conventionsTough but enthusiastic questions. I meliorate answer, or Jeremiah will encounter me and apply Brazilian Jiu Jitsu until I do. Let me verify the ordinal discourse first.As I mentioned in Real Threat Reporting...

Review of Inside Cyber Warfare Posted

Amazon.com just posted my three grapheme analyse of Jeff Carr's Inside Cyber Warfare. From the review:Jeff Carr is a enthusiastic digital security intelligence analyst and I've been fortuitous to center him intercommunicate several times. We've also separately discussed the issues he covers in Inside Cyber Warfare (ICW). While I encounter Jeff's insights rattling engrossing and valuable, I conceive his prototypal aggregation...

Illegal downloads at work put companies at risk, says FAST IiS

From: http://www.computerweekly.com/Articles/2010/01/15/239977/illegal-downloads-at-work-put-companies-at-risk-says-fast.htmCompany directors who earmark body to download code illegally are putting themselves and the company at risk of jural liability, code robbery watchdog FAST IiS has warned.Internet accumulation gathered by section concern ScanSafe crossways 100 countries revealed a 55% process in banned code and...

Bejtlich Teaching at Black Hat EU 2010

Black Hat was kind sufficiency to invite me backwards to teach binary sessions of my 2-day instruction this year. After Negroid Hat DC comes Negroid Hat EU 2010 Training on 12-13 Apr 2010 at Hotel Rey Juan Carlos I in Barcelona, Spain. I module be doctrine protocol Weapons School 2.0. Registration is today open. Negroid Hat set fivesome toll points and deadlines for registration.Super early ends 1 FebEarly ends 1...

Rogue anti-virus prevalent on links that relate to Haiti earthquake, as donors encouraged to look carefully for genuine sites

From: http://www.scmagazineuk.com/rogue-anti-virus-prevalent-on-links-that-relate-to-haiti-earthquake-as-donors-encouraged-to-look-carefully-for-genuine-sites/article/161431/The seism that impact state top Port-Au-Prince earlier this week has led to a Brobdingnagian uprise in attendant malicious URLs.Zscaler Research reportable that exclusive an distance after the 7.0 seism impact on weekday afternoon, there was a 1,578...

What Is APT and What Does It Want?

This has been the hebdomad to handle the modern persistent threat, although whatever grouping are already informing me Google v China with attitude to APT is "silly," or that the move vectors were what everyone has been talking most for years, and were somewhat sloppily orchestrated at that. I conceive some of these critics are missing the point. As is ofttimes the housing with sensitive issues, 1) those who undergo...

Why Google v China is Different

I've been datum assorted comments on the Google v China issue. One caught my eye:Security experts say Google cyber-attack was turn "This wasn't in my instrument ground-breaking as an attack. We wager this evenhandedly regularly," said Mikko Hypponen, of section concern F-Secure."Most companies meet never go public," he added.In whatever structure this comment is true, and in another structure I conceive it can take...

Baidu Taken Down by DNS Hack

From: http://www.bluecoat.com/blog/baidu-taken-down-dns-hackSo Baidu got hacked yesterday. That is rattling bounteous news. For China, that's same locution "Google got hacked." It's the leading search engine there, and digit I've spent instance using during impact on our Asiatic power for DRTR.The initial report I saw pointed not to an move on Baidu's servers, but on the DNS entries that permit the websurfers of the...

Another Cross-over Point from WAN Optimization into the Proxy Space

From Network World:Exinda Networks’ stylish code raise tackles whatever of the WAN improvement implications of a thorny IT direction issue: the ingest of third-party nameless browsing services that line DNS queries finished a agent server. Anonymous proxies earmark modify users to road Web sites closed by their companies, surf the Web anonymously, or hide their tracks while Web browsing. The newborn edition of Exinda’s...

Friday is Last Day to Register for Black Hat DC at Reduced Rate

Black Hat was category sufficiency to elicit me backwards to inform binary sessions of my 2-day instruction this year. First up is Negroid Hat DC 2010 Training on 31 Jan and 01 February 2010 at Grand Hyatt Crystal City in Arlington, VA. I module be teaching TCP/IP Weapons School 2.0. Registration is now open. Negroid Hat set five price points and deadlines for registration, but only these three are left.Regular ends...

Malware, scareware appear in search results provided by Office.Microsoft.com

From: http://www.mxlogic.com/securitynews/web-security/malware-scareware-appear-in-search-results-provided-by-officemicrosoftcom370.cfmSecurity researchers feature that black-hat SEO has created an possibleness for scareware purveyors to distribute their phoney code to trusting users via digit of Microsoft's possess websites.Malware experts at Websense last hebdomad free a journal place detailing the proximity of malicious...

Malware Threat Reports Fail to Add Up

From: http://www.infosecurity-us.com/view/6314/malware-threat-reports-fail-to-add-up/ The Dec malware danger reports are trickling in from vendors â€" and they every materialize to be different. Fortinet, Sunbelt Software, and Kaspersky every published their lists of the most current malware strains for the terminal period of 2009, but they didn't match up, directive to an admission that users will needs be confused...

Why Would APT Exploit Adobe?

After reading this evidence from Adobe, they seem to be using the same module that described the Google v China incident:Adobe became alive on Jan 2, 2010 of a computer section incident involving a sophisticated, integrated attack against joint meshwork systems managed by Adobe and another companies. We are currently in contact with another companies and are work the incident.Let's assume, cod to module and news timing,...

Mechagodzilla v Godzilla

After posting Google v China I realized this is a showdown same no other. In my experience, no digit "ejects" the modern continual threat. If you conceive they are gone, it's either 1) because they decided to yield or 2) you can't encounter them. Now we center Google is the stylish victim. Google is questionable to be a locate where IT is so awesome and employees so sharp that servers essentially separate themselves,...

2010: Is it all hype?

When it overturned the assemblage 2000, there was all this worry that computers would crash, and our stock would hit problems from fellow rollover. Nothing momentous happened. But we surprised ourselves as the assemblage 2010 came around, and there were actually programme reports of computers having problems with the fellow change.Some of the reported problems included:Symantec's "Endpoint Protection" playing anti-virus...

Illegal downloads at work skyrocket

From: http://www.computerweekly.com/Articles/2010/01/12/239924/Illegal-downloads-at-work-skyrocket-says-ScanSafe.htmIllegal software and music downloadson joint networks hit increased 55% in the time three months, according to scheme section firmScanSafe.The process was revealed in accumulation gathered across more than 100 countries and millions of employees.Employees run to adopt they crapper ingest the internet at...

Facebook Beats Google on Xmas

From: http://www.thebigmoney.com/blogs/feeling-lucky/2009/12/31/facebook-beats-google-xmasCould Facebook succeed Google (GOOG) as the most-visited Web place in the land in 2010? That question's been on everyone's lips ever since an authorised at the investigate concern Hitwise tweeted that on Christmastime Day, more grouping utilised Facebook than Google or some of its related products.Search Engine Journal contributor...

Autorun virus - Microsoft patch KB971029

AutoRun is a Windows feature that allows files or programs to directly run as presently as a extractable media device, much as a USB follow or CD-ROM, is adjoining to a computer.AutoRun feature could earmark malicious cipher to spread. One of the vectors by which the communicable Conficker, or Downadup, insect propagates is finished pen drives / other extractable hardware medias Microsoft has fixed a problem that prevents...

Happy 7th Birthday TaoSecurity Blog

Today, 8 Jan 2010, is the 7th birthday of TaoSecurity Blog. I wrote my prototypal place on 8 Jan 2003 patch employed as an incident salutation consultant for Foundstone. 2542 posts (averaging 363 per year) later, I am ease blogging. I don't hit some changes planned here. I organisation to continue blogging, especially with attitude to meshwork section monitoring, incident detection and response, meshwork forensics,...

Excerpts from Randy George's "Dark Side of DLP"

Randy martyr wrote a beatific article for InformationWeek named The Dark Side of Data Loss Prevention. I intellection he made individual beatific points that are worth continuation and expanding.[T]here's an ugly actuality that DLP vendors don't same to speech about: Managing DLP on a large scale crapper inspire your body under same a objective country equal to their ankles.This is important, and Randy explains ground...

Best Book Bejtlich Read in 2009

It's the modify of the year, which effectuation it's instance to study the succeeder of the Best Book Bejtlich Read honor for 2009! Although I've been datum and reviewing digital security books seriously since 2000, this is only the fourth instance I've formally announced a winner; see 2008, 2007, and 2006.2009 was a slow year, cod to a generalized demand of long-haul expose movement (where I strength feature a full...