If you’re looking for a way to safely check URLs for bad content, Lenny Zeltser had a great list of free online tools for you.
Tag Archives: malware
Creating and Selling Zero-day Exploits
Bruce Schneier has written about and compiled some great info and links regarding the market for creating and selling zero-day exploits in his Crypto-Gram newsletter.
Here’s some highlights:
Filed under Security
Internal Attacker Detected: Part 1
A while back when I worked in IT security, an internal attacker popped up on our radar…
I answered the phone and heard a tech from the anti-malware team say, “I think we have a problem, Mack. Got some time to come down and see what I found?”
Filed under Case Files, Security, Security Scout
How Bot Net Trends are Changing
Bot net trends are changing, according to an Information Week article. Tim Wilson notes the following:
- Overall, bot net activity is picking up after a late 2010 lull.
- Large bot nets will be aggressive in capturing more computers for their kingdom. Bot nets will attempt to steal seats from their competition, patching the computers they take over so to defend themselves against other thieves.
- Social networks are becoming the command points for bot nets.
- Similar to the SETI programs where you can donate some of your computer’s processing capacity to search for alien intelligence, some bot nets are becoming opt-in so that you can participate in politically-based bot net activity.
- Small botnets are becoming used more effectively, as they are harder to detect.
Read all about it at Botnets Coming Roaring Back in New Year.
Filed under Security
Shipley on Security Spend
Greg Shipley, founder of Neohapsis, wrote an article in Information Week magazine, this time about how ineffective most of the money spent on security defenses is against the attacks we’re facing. It’s not a short article, but as I’ve said before, Shipley is always worth reading. Here’s what I found most interesting in the article:
- “Deficiencies, even in our security technologies, are an unfortunate fact of life,” says Shipley.
Filed under Security
How to Avoid Friendly Infections
I love to “steal” content and blog post ideas from others (usually AuditMonkey), but this time, I slim-fingered from Mister Reiner (check out his computer security and hacking blog at misterreiner.wordpress.com).
All I really stole were the ideas inspired by a comment that I left on his post entitled, Your friends and relatives can go home and jack up their own computer. Reiner wrote that allowing others on your computer might result in an infected PC if your friends and relatives do stupid things like surf porn or open email attachments. To avoid these issues, he suggested you do the following:
Great Security Cheatsheets (Free)
Lenny Zeltser not only created some great security cheatsheets, he compiled a list of some good reference guides developed by others.
Why should you trust his FREE cheatsheets? Lenny leads a security consulting practice, teaches malware analysis, explores security topics at conferences and in articles, and volunteers as an incident handler at the Internet Storm Center.
So whether you want to learn more about specific security practices or just have a quick reference, you’ll want these cheatsheets.
ECards and Email Privacy
Most security-savvy users are aware of the problems with electronic greeting cards, which may contain malicious software. Like almost all emails that I receive with a subject containing “FW:” (forward), I delete all greeting cards (eCards) that I receive, even those from Mom.
If you’re like me, you warn your friends and family about the dangers of emailed greeting cards (they just aren’t worth the risk). But what about the other issue with greeting cards?
Filed under Security
If Called, Don’t Answer
No, I’m not suggesting that you don’t answer your phone. Just be careful what you do or say when you are called or contacted.
What am I talking about? A principle I refer to as the CONTACT principle, which will keep your private information private:
Filed under Security, Security Scope
ITauditSecurity 