Category Archives: bloginfosec.com

Recent Essay on Re-Taking the CISSP

I recently retook and passed the CISSP again. I wrote an essay on it over at bloginfosec.com.

Kneber: InfoSec PR Wars

Yesterday the Wall Street Journal broke the story of a major botnet that has infected over 2,500 companies. That day I also received an email from a major anti-virus vendor that claimed the trojan used to create the botnet is well known and easily detectable. They sent it to me in the hopes that I would write their counter argument on bloginfosec.com.

I couldn’t help but think that it was one company battling against another through PR. One seeks to publicize their name, the other seeks to claim it’s over-hyped (and hence get their name out there).

Here’s a sanitized version of the email:

There has been some recent high profile coverage of an online threat being referred to as “Kneber.” Some news coverage [company name removed] has observed has put forth that this is a new type of malware, which is simply not the case.

Kneber, in reality, is not a new threat at all, but is simply a pseudonym for the infamous and well-known Zeus Trojan. The name Kneber simply refers to a particular group, or herd, of zombie computers, a.k.a. bots, being controlled by one owner. The actual Trojan itself is the same Trojan.Zbot, which also goes by the name Zeus, which has been being observed, analyzed and protected against for some time now.

Since Zeus/Zbot toolkits are widely available on the underground economy, it is not uncommon for attackers to create new strings, such as Kneber, of the overall Zeus botnet.

Though it is true that this Kneber string of the overall Zeus botnet is fairly large, it does not involve any new malicious threats. Thus, computer users with up-to -date security software should already be protected from this threat. (emphasis mine)

H1N1 InfoSec Article

My H1N1/infosec article received good reviews from colleagues. Check it out here.

Cloud Computing Article Published on bloginfosec.com

Check out my response to Newsweek’s Daniel Lyons on cloud computing. Be sure to read the second page where most of the commentary happens!

Also, subscribe to my newsletter! Cheers.

Google, China, Newsweek and InfoSec

The January 25, 2010 issue of Newsweek had the following quote that supports the thesis that the Google/China attack is not an isolated attack but a refection of a mindset as I mentioned in my bloginfosec essay.

At the same time, China has been busily developing the world’s most elaborate apparatus devoted to cyber-spying and cyberattacks. Chinese hacking has ramped up over the past few years, directed not only at human-rights organizations, but, importantly, at foreign businesses and governments. Many, if not most, such attacks originate from China; former National Security Agency director William Studeman has called them the “biggest single problem” facing the U.S. national-security establishment. (link here)

I’ve seen hacking attempts from China since mid-2001 so this really isn’t anything new. What’s important to understand is that it’s State sponsored and considered acceptable in Chinese culture. If you’re conducting business in China you’re information security criteria should most likely be more strict than in the US.

[PS – Sign-up for my newsletter, punk!]

Cloud Computing and H1N1

I finished two articles today for bloginfosec.com. The first will be published tomorrow (6AM EST) on cloud computing and can be found here (again tomorrow!!!). The second will be published the day after tomorrow. It’s on H1N1 and it’s relevance to infosec. It will be found here. I have one more article to go!

Two New Columns and WordPress Bugs

I writing two new columns for bloginfosec.com. Hopefully I can get some more work done on the this weekend. They should be published on the next consecutive Mondays.

I was updating my profile and found that the HTML target tags were being automatically removed! Grrrr…