Twitter feed"The Equifax breach scope reminds me of a Naked Gun joke: "There's a 99/100 chance I'm in the clear but there's only… https://t.co/P5i162lFge"yesterday"A little cyber breach humor (from The New Yorker magazine). https://t.co/QaEQQbnL8d"yesterday"Probably more interesting than the breach itself.... https://t.co/Aj6GBR65Og"3 days ago"I try not to post too many breaches these days but this one is particularly egregious. https://t.co/GO43YxSeKb"3 days ago"Ty @DC_BHV attendees 4 awesome reviews @defcon. No vendor names, no vulns discl. Only Q&A slide, back story, & rec 2 isolate & DiD all PACS."42 days ago"Neat video on a physical security safe hack. Safe gap vuln reminds me of same vuln in Masterlock dial/combo locks: https://t.co/EdSjiFPAKd"48 days ago"Here's a debate: very busy NYC Starbucks protected it's bathroom w/12345. Is keypad pwd length & "complexity" OK given resource & attackers?"49 days ago"Not the best password.... https://t.co/jAIMK3GjUN"52 days ago"Looking forward to speaking at DefCon this year in the BioHacking Village on some vulnerable healthcare software. https://t.co/B7CyvOBikP"53 days ago"Looking forward to moderating a panel at this @owaspnyc event. Hope to see you there: https://t.co/auqeD30mfT https://t.co/7aP0J6aMw0"88 days ago
Category Archives: bloginfosec.com
Yesterday the Wall Street Journal broke the story of a major botnet that has infected over 2,500 companies. That day I also received an email from a major anti-virus vendor that claimed the trojan used to create the botnet is well known and easily detectable. They sent it to me in the hopes that I would write their counter argument on bloginfosec.com.
I couldn’t help but think that it was one company battling against another through PR. One seeks to publicize their name, the other seeks to claim it’s over-hyped (and hence get their name out there).
Here’s a sanitized version of the email:
There has been some recent high profile coverage of an online threat being referred to as “Kneber.” Some news coverage [company name removed] has observed has put forth that this is a new type of malware, which is simply not the case.
Kneber, in reality, is not a new threat at all, but is simply a pseudonym for the infamous and well-known Zeus Trojan. The name Kneber simply refers to a particular group, or herd, of zombie computers, a.k.a. bots, being controlled by one owner. The actual Trojan itself is the same Trojan.Zbot, which also goes by the name Zeus, which has been being observed, analyzed and protected against for some time now.
Since Zeus/Zbot toolkits are widely available on the underground economy, it is not uncommon for attackers to create new strings, such as Kneber, of the overall Zeus botnet.
Though it is true that this Kneber string of the overall Zeus botnet is fairly large, it does not involve any new malicious threats. Thus, computer users with up-to -date security software should already be protected from this threat. (emphasis mine)
Also, subscribe to my newsletter! Cheers.
The January 25, 2010 issue of Newsweek had the following quote that supports the thesis that the Google/China attack is not an isolated attack but a refection of a mindset as I mentioned in my bloginfosec essay.
At the same time, China has been busily developing the world’s most elaborate apparatus devoted to cyber-spying and cyberattacks. Chinese hacking has ramped up over the past few years, directed not only at human-rights organizations, but, importantly, at foreign businesses and governments. Many, if not most, such attacks originate from China; former National Security Agency director William Studeman has called them the “biggest single problem” facing the U.S. national-security establishment. (link here)
I’ve seen hacking attempts from China since mid-2001 so this really isn’t anything new. What’s important to understand is that it’s State sponsored and considered acceptable in Chinese culture. If you’re conducting business in China you’re information security criteria should most likely be more strict than in the US.
[PS – Sign-up for my newsletter, punk!]
I finished two articles today for bloginfosec.com. The first will be published tomorrow (6AM EST) on cloud computing and can be found here (again tomorrow!!!). The second will be published the day after tomorrow. It’s on H1N1 and it’s relevance to infosec. It will be found here. I have one more article to go!
I writing two new columns for bloginfosec.com. Hopefully I can get some more work done on the this weekend. They should be published on the next consecutive Mondays.
I was updating my profile and found that the HTML target tags were being automatically removed! Grrrr…