The insecurity paradox
2011-08-29
The formula here attempts to explain a paradox in security analysis:
If it is true that security is only as strong as its weakest link, why are not those who use insecur...
mer >>
mer >>
Proaktiv IT-sikkerhet
Sikkerhetssenter
Les de siste sikkerhetsoppdateringer fra våre eksperter
Sikkerhetstemaer
Nyeste artikler - Trends & predictions
An approach to an organization's risk factors (part 3)
In this third and final part of our article series about risk factors, we will examine Human attack factors and Physical factors.
An approach to an organization's risk factors (part 2)
The previous article discussed different procedures and systems that could be invoked in order to mitigate risk. In subsequent parts we will examine areas at risk, starting with Electronic factors.
An approach to an organization's risk factors (part 1)
The aim of this type of initial risk analysis is to identify potentially vulnerable points that may be exploited if they are not sufficiently secured.
Denial of Service attacks against secure web sites
The special feature that THC-SSL-DOS offers, is that a DoS attack against a secure web server can be performed from one computer or just a few computers.
Malicious images (codes)
The ease involved in creating QR codes that links to web pages implies that this will be a popular way to facilitate the propagation of malware for mobile devices.
BEAST (Browser Exploit Against SSL/TLS)
A successful attack is not particularly easy to carry out, as it depends on several prerequisites.
The importance of typing correctly
Computers do what they are told. This may result in consequences that are funny as well as dangerous.
May we use your social network account, please
You should exercise extreme caution if you are allowing access to your social network account from any application.
Secure browsing turns insecure (again)
It seems obvious that the current certificate security model needs to be replaced by something that is less vulnerable for attacks from dedicated persons, organizations or governments.
Circumventing malware detection
Malware authors continue to pursue delivery mechanisms that can confuse different malware detection systems.
Restricting access to net resources for "good reasons"
The target should be the illegal act itself, rather than the communication mediums that may be used in planning undesired activities.
Combating fake antimalware
Coordinated efforts between experts/authorities against cybercriminals seem like the most efficient method for combating cybercriminals. Different experts and authorities are then able to focus on the part of the criminal chain that corresponds to their ability and expertise.
Diversification of attack vectors
Computer systems are becoming increasingly sophisticated and complex with components that are individually computerized. This increases the attack surface for cybercriminals, and represents a challenge for users and the security industry.
Mobile (in)security
The steps that private users and organizations can take to protect themselves, are quite similar in character to protection of traditional computers.
Targeted attacks: More "Bang for the Buck"
Since the cybercriminals seem to shift from randomly directed mass attacks to more focused attacks, the total volume of spam will decrease.
Plug mouse into the computer - be compromised
It is almost impossible to protect completely against a targeted cyberattack against an organization.
The profitable Pay-per-Install ecosystem
We shall in this article focus on the PPI ecosystem and how this is used for malware distribution.
Secure tokens turn insecure
Even organizations, which presumably are more security conscious than most, have vulnerabilities that may be exploited by an attacker who has sufficient resources and determination at her disposal.
The old dogs are still in learning mode
The web site (usually an infected site) that displays the message checks the browser visiting the site, and displays a warning message similar to the browser's real warning.
Default privacy - what is the problem?
A default restrictive approach to public sharing of personal information will result in less information shared.
Dangerous images
Recent weeks have shown that images are used as a malware spreading technique; particularly images that appear after performing a Google image search.
Cybercriminals focus on new targets
Users of the operating system Mac OS X have so far been quite safe from malware infections compared to those who have chosen Windows as the operating system platform.
Microsoft's Coordinated Vulnerability Disclosure policy
As one of the largest companies in the software industry, Microsoft's policy will influence the way vulnerabilities are handled.
No access to your data unless...
Blocked access to important information - particularly if adequate backup routines are not in place - may be disastrous for the person who becomes the victim of ransomware.
The PlayStation 3 controversy - Anonymous enters the scene (UPDATED 2011-04-12)
Anonymous characterizes itself as a hive and a nest. One potential issue with such free structures is the potential for different actions that may conflict with each other.
Free music with an unwanted tune
Whenever malware authors find new vehicles to spread their malware, the probability for success increases immensely.
Spam botnet Rustock beheaded
Bots and botnets comprise one of the biggest threats to the Internet and its users. However, recent news report of a success story: beheading the spam botnet Rustock.
Shamelessly exploiting disasters
In previous security articles, we discussed the fact that cybercriminals use big events to spread malware. Not surprisingly - nevertheless disgusting - the recent events in Japan have inspired shameless exploitations by cybercriminals.
Collective defense against Internet threats
The RSA Conferences are among the most important annual security conferences. This year's US conference was held in San Francisco 14 - 18 February.
Digital Dumpster Diving
Dumpster diving is known as examining trash to find interesting items that have been discarded. This security article's title refers to examining digital trash, which for certain purposes may turn out to be useful.
Malware targeting the finance sector's customers
In our security article last week, we discussed cybercriminals who targeted financial institutions in an indirect way. However, the major bulk of malware aimed at the finance sector puts the finance sector's customers at peril. One obvious reason is that the average end user's system presumably is less secure than the systems used by the financial sector.
Indirect targeting of financial institutions
During the last weekend, The Wall Street Journal published information that intruders had penetrated computer systems controlled by the company that runs the U.S. Nasdaq Stock Market. Nasdaq handles around 19% if all stock trading in the U.S. The trading system itself should not have been compromised.
Personalized web advertisements - good or bad?
Advertisements (ads) on the web have become part of a multi-billion industry. These days it is almost impossible to read news on the web without being overwhelmed by a plethora of ads for everything from cars to diapers. However, it is presumably not optimal to display the car ads to children. Nor are most teenagers particularly interested in diapers.
The next war will NOT be a pure cyberwar
A new report, “Reducing Systemic Cybersecurity Risk”, has received quite a lot of attention. The report is part of the Organisation for Economic Co-operation and Development (OECD) Project on “Future Global Shocks”, and addresses the question: "How far could cyber-related hazards be as devastating as events like large-scale pandemics and the 2007-10 banking crisis?"
Email spam - an old-fashioned technique?
Several organizations, which monitor the email spam situation around the world, have reported that the amount of spam decined significantly during the end of 2010. This led to some speculation regarding whether email spam as a technique was being abandoned, and newer ways of tricking users were upcoming and preferred.
PlayStation 3 security fully compromised
Sony's PlayStation 3 (PS3) has been viewed as one of the most secure gaming devices. Applications and games from other sources than Sony could not be installed and run on PS3, and a firmware update early in 2010 disallowed using other operating systems than the one set up by Sony. All this is now changed.
The year 2010 in a data security retrospective
December is the month to look back on the year that is coming to an end. We will attempt to sum up the situation seen from a security company's point of view. The most significant data security incidents to mention from the year are the sophisticated malware Stuxnet and incidents in the wake of WikiLeaks publication of U.S. embassy cables late November.
Holiday - relax, have fun, meet family and friends... and be vigilant
Major events, happenings and in general all kind of things that create much notice, also leave in their wake a stream of malicious software.
The ultimate surfing challenge: Avoiding web sites with malicious content
Some years ago it was an established "fact" that a computer could not be infected by malicious software by visiting a web page. But technology evolves quickly and some facts may change when new technology emerges. These days web pages are perhaps the most used propagation vector for malware.
Malicous cold calls with high success probability
According to a posting 15 November on the blog belonging to the UK based organization Get Safe Online, one in four UK web users have been targeted by so-called cold calls.
Communication consolidation or security nightmare
In recent months there have been lots of rumors about the upcoming email system closely integrated with Facebook. More detaileds about this have recently been disclosed by Facebook, and we will examine some aspects of the new offerings.
Privacy and security in Social networks - part III
This is the third article in a series about privacy and security in social networks.
Privacy and security in Social networks - part II
This is the second article in a series about privacy and security in social networks.
Privacy and security in Social networks - part I
This is the first article in a series, which will focus on security and privacy issues involved in participating in social networks.
Safe crime
We have previously advocated the view that endpoint security is just one of several tools needed to accomplish secure environments. This article will examine one particular threat against the Internet community and discuss how it may be overcome.
Hey, your computer is infected!
In a press release 25 October the Dutch High Tech Crime Team (THTC) of the National Crime Squad announced a successful takedown of a major botnet. 143 malicious computer servers were taken down from the internet resulting from collaboration with a Dutch hosting provider, the Dutch Forensic Institute (NFI), the internet security company Fox IT and GOVCERT.NL and the Dutch computer emergency response team.
Are security products losing the battle?
The product testing organization NSS Labs has recently published its test report for the 3rd quarter 2010 - test results for 11 antimalware products for consumers. The most interesting finding from this report is that the security products' performance have deteriorated compared to last year. In this security article we shall examine the implications of this.
Your computer has been quarantined and cannot access the Internet
A message similar to the one in this article's title may seem like a nightmare for most of us, as we have become increasingly dependent - some even addicted - to using resources available on the Internet for necessary as well as trivial tasks.
A new generation of malware
Computer software evolves, and popular interpretation is to introduce new generations whenever fundamental changes arrive. If one looks at malware in the same manner, one may also classify different types into various generations.
DDoS war
Last week in our article "Ways to use botnets", we discussed among other issues, botnets for hire. One example we mentioned in our article was the company Aiplex Software, which was hired to try stop illegal distribution of copyrighted material.
Ways to use botnets
This article will not go in depth with regard to how the different botnets function technically. We shall rather examine some of the ways botnets may be used, study one successful method used for fighting this threat, and finally discuss the idea of botnets used for benign purposes.
Number of vulnerabilities on the rise
In August IBM Security X-Force published its Mid-Year Trend and Risk Report. The X-Force reports are always interesting reading, and this latest addition maintains the high standards. Lots of topics are discussed in the report. In our security article, we shall however focus on one particular finding.
Mandatory electronic identification card with RFID chip
Introduction Last week it was announced that the Dutch company NXP was selected to produce the new identification (ID) card for Germany. Starting from the beginning of ...
A plethora of malware for mobile phones to be expected soon (?)
In later years dangerous malicious software for mobile phones and other handheld devices has been predicted and expected by several analysts. Norman, however has traditionally been among those more reluctant in predicting that the explosion of if malicious software for mobile devices is imminent. In retrospective it seems safe to say that our view has proven correct (so far).
Malware infections by telephone
An interesting news item has appeared in several UK-based media lately. Several end users have received phone calls from someone who present themselves as security personnel. The caller informs that the computer is infected by malware and offers to help. Varying social engineering techniques are used to persuade the recipient to allow the use of remote access software in order to "fix the problem".
Første halvår 2010 - oversikt over sikkerhetshendelser
Vi vil i denne rapporten om sikkerhetshendelser i første halvår 2010, gå gjennom en del forskjellige saker og trender. Vi vil fokusere på dem Norman ser som mest betydningsfulle i de siste seks måneder.
Håndtering av problemet med Cyberkriminalitet
For noen dager siden publiserte det australske Representantenes hus, komite for kommunikasjon, sin rapport om nettkriminalitet og sikkerhet. Dette dokumentet har den ambisiøse tittelen "Hackere, svindlere og botnet: Håndtering av problemet med Cyberkriminalitet", og er en imponerende, nesten 300 siders lesning med statistikk, eksempler, og selvfølgelig forslag til hvordan man kan løse problemet med nettkriminalitet.
Utlevere informasjon om sårbarheter? Ja/Nei/Når?
Forrige uke offentliggjorde en forsker fra Google, Tavis Ormandy, informasjon om og utnyttelselsekode for en ny sårbarhet i Microsofts kundestøttesenter.
Upcoming? The age of the cyborgs
We should have been expecting it - some did. Late May this year a researcher in the U.K. claims to be the first person in the world infected by a computer virus.
A cunning new phishing technique - Tabnabbing
Over the years new ingenious words for security issues have come up. We have seen the neologisms pharming, vishing, clickjacking and slurping, just to mention some. This week a new one was born - tabnabbing. Which turns out to be more scary than most.
Systems prime for exploitation?
We have now looked into our crystal ball and believe that we see new types of systems, which in the near future will rapidly climb on attackers' ladder of priorities.
The pros and cons of using Facebook as THE device for communication and work
Lately some interesting news regarding Facebook and Facebook users have emerged on the Internet. We will use this as the basis for a general discussion about Facebook and some of the issues involved in using / depending on Facebook.
Reflections on the PDF vulnerability
Earlier this month we wrote about a vulnerability in the PDF specification that could be utilized to run malicious programs embedded in a PDF file. Proof-of-concept code was published, and it was expected that real-life malware that used this technique might appear soon.
Effective social engineering scares
Malicious programs do increasingly rely on social engineering techniques to be able to propagate and successfully execute. Gone are the days when a tempting file name in an email sufficed. In this security article we shall examine variants of one of the more successful social engineering schemes.
Subscription to malware testing
The title may imply that this article is about subscription services for email checking, like Norman Online Protection. Rather not! This time we shall examine yet another way that criminal activity imitates legitimate business.
Domain name registrants - who? where?
Domain names are a crucial part of the Internet's infrastructure. However, as we have shown in previous security articles, registration of special domain names may be used as an attack vector for spreading malware.
New devices vulnerable for Internet based attacks, OR: The future is here
In our regular security articles, we have several times pointed out that security vulnerabilities and exploits are not restricted to "traditional" computers. We have predicted that several of the devices that our daily lives are filled with, may be exploited in the (near) future.
Cyber crime imitates legitimate business
We have earlier discussed the fact that cyber criminals are getting increasingly sophisticated in their attempts to succeed in obtaining illegitimate gain. We will now look into an example of how illegitimate businesses imitate legitimate.
The Internet Crime Complaint Center's report for 2009
The Internet Crime Complaint Center's (IC3) report for 2009 has just been published, and is interesting reading. Not the least when comparing the actual submitted complaints to what is focused upon in the media.
Oppsummering av 2009 - spådommer for det kommende året
Desember er måneden for å se tilbake på året som nærmer seg slutt, og vi vil forsøke å oppsummere situasjonen sett fra et sikkerhetsselskaps perspektiv. Den mest betydningsfulle observasjonen hva gjelder aktivitetene til ondsinnet programvare (malware), er at forskjellige typer sosiale nettverk ble et hovedmål for forfatterne av ondsinnet programvare.
Holidays - preferred season for children and ...criminals
Major events, happenings and in general all kind of things that create much notice, also leave in their wake a stream of malicious software.
Social networks - a criminal's best friend or her enemy?
Introduction Various aspects, which have to do with social networks like Facebook, Twitter, LinkedIn and MySpace, have been discussed in different security articles this year. This time we ...
Plug-ins to applications - a ripened target for malware
In several security articles we have discussed the fact that new media and communication devices are successful vehicles for malware propagation. This time we will examine a type of application, which has not been focused upon - (presumably) neither by the malware authors yet, nor by commentators.
Malicious identity production
Identity theft is a term, which has become familiar during the latest years. More exotic - until recently - has been identity production with malicious intent. A new version of Koobface does exactly that - automatically.
The Internet infected by Swine flu
This security article's title is perhaps slightly more "popular" than the article's contents may meet. Only slightly though. As we shall see, serious organizations consider the swine flu to affect the Internet severely.
Web advertisements - a significant spreading vector for malware
Website advertising is an expanding industry. Several of the websites, which we visit each and every day - for leisure or as part of our work - have advertisements as a major part of their owner's income. Suffice to mention online newspapers and other magazines, search engines, information resources of other kinds and more. Unfortunately website advertising is also a substantial spreading vector for malicious software.
Developing malware using the open source approach
Open source development is an approach to the design, development, and distribution of software, offering practical accessibility to the software’s source code. The open source approach claims to have several benefits and advantages compared to a more closed approach to source development.
Dedicated servers as parts of a botnet
In the security article this week we will discuss using a particular type of computers - dedicated servers - as part of a botnet.
Software most susceptible to successful attacks
A new report about security risks was published this week. This report - "The Top Cyber Security Risks" - is a joint effort from the security organizations TippingPoint, Qualys, and SANS. In this week's security article we shall discuss one particular issue in the report - patching software.
Malware in applications - a special problem
Recently Norman's senior virus analyst Snorre Fagerland wrote about the malware W32/Induc.A in our security blog. This is a virus which infects the programming language Delphi. The result is that applications that are created with an infected Delphi environment are infected themselves. This has interesting implications as we shall see.
Attack on major social network sites to stop ONE person
Last week the media was flooded by information about an attack on social networking sites like Twitter, LiveJournal and Facebook, allegedly with the intent to stop one Georgian blogger.
The first part of 2009 as seen through secure glasses
The time has arrived when it is useful to look back on the first half of this year, and attempt to sum up the situation seen from Norman as a security company's point of view.
Easy URLs - a good or bad system
The short URL functionality obviously has its merits. However, there are shortcomings and security issues that make the system in itself less secure than desired.
Your PC as an Internet server with a few clicks
Software to set up any computer as an Internet resource has been freely available for a long time. However, the threshold to do so has been so high that not everyone has felt that this can be accomplished without some special skills. This situation may now change with a new initiative.
Unlimited supply of money...
This security article's title may look like the intro to a fairytale told to by a criminal to her child. However, a family of malicious software (malware) that has appeared this year seems to make this fairytale come true for some…
The Internet's challenges recognized at highest level
Security organizations of different types have notified about perils involved for individuals as well as corporations, and the public sector in using the Internet. Unfortunately these warnings have often not been recognized with the sincerity they deserve. President Obama's speech is therefore a welcomed acknowledgement from the highest political level.
The death of a killer application?
The first Internet killer application is by many considered to be email. Unfortunately email as a secure and reliable communication method has recently been threatened by ... email!
Domain name registration - a malware spreading vector
Another use of web servers has been on the rise as malware spreaders. This approach exploits popular terms to trick users to visit web sites that are by intent malicious.
Do birds speak the truth?
The social network Twitter has become extremely popular in quite a short time. This time we will discuss this technological phenomenon from a sociological perspective, and use the most talked-about incident these days as a kind of case study - the swine flu.
HELLO! My house is ready for burglars
"My house is ready for burglars", is not what you would typically shout in public or write as an advertisement in the local newspaper. Nevertheless this is exactly what lots and lots of computer users do on a regular basis, without reflecting upon what they really do.
GhostNet - a real espionage network
This week started with significant media attention about a report, which showed that several computers owned by governments and international organizations were compromized. This includes several embassies world-wide and a NATO computer.
Hot stuff: Exploitable routers - a flash of the whole iceberg
A new type of malicious software has recently been getting some media attention. The most interesting part of this is the fact that the malware's targets are not traditional computers. Rather does this malware attack different types of devices, namely routers and modems.
Information about "most popular" threats - ATLAS
ATLAS views computer attacks from a global perspective and helps users predict future network attacks. It does this by analyzing data gathered from a variety of sensors.
Pros and cons of using "the cloud" as a partner
"The cloud" is one of the new magic words used to describe new and fancy technology. Briefly the idea is that resources outside the organization's (or person's) own premises are used for computing. The use of resources outside the organization itself has some obvious advantages. However, it also has disadvantages - some of which are less obvious.
A security issue? Oops - not!
Security organizations are in constant battle with malware authors, trying to protect end users from being infected by "bad stuff". As we shall see in this week's security article, some undesirable side effects unfortunately occur from time to time.
DOS events
The title of this week's security information does not refer to the celebration of an anniversary for the legacy PC operating system DOS. It is another of those neologisms that pop up continuously.
Mobile phone threats - hype or (finally) truth?
So far there has been no really dangerous malicious software targeting mobile phones. The New Year 2009 started with a new, interesting threat to mobile phones, which may change this picture.
Summing up 2008 and predictions for 2009
In this security article we will focus on the security trends that could be observed during 2008, and will also briefly try to look into the crystal ball to see what can be expected in 2009.
Christmas time - a season to enjoy AND fear
Major events, happenings and in general all kind of things that create much notice, also leave in their wake a stream of malicious software.
Internet gaming - new opportunities for the (shady) visionary
The use of money involved in online gaming has traditionally been only as an entrance fee to buy the game itself (if it is not free). This no longer holds true.
Fighting malware on two ends
Recently we have seen that some of the major players on "the dark side" of the Internet community have been removed from the Internet. Malicious activity dropped instantly - and by an amazingly significant quantity.
Security patches - an additional security issue
There are some issues with security patches that in fact may render certain users more vulnerable. This apparent contradiction will be examined in this article.
Rapport fra The Internet Crime Complaint Center for 2007
Rapporten om Internettsvindel for 2007 fra USAs klagesenter for Internettkriminalitet ble publisert denne måneden og er ,som vanlig, interessant lesning.
Ondsinnet programvare – en terrorists våte drøm?
Eksperter – selvutnevnte og noen andre – hevder ofte at ondsinnet programvare er det perfekte verktøy for terroristgrupper. Denne sikkerhetsartikkelen vil forsøke å analysere denne påstanden.
Ondsinnet programvare, 25 år! Gratulerer?
Sammenlignet med det relativt uskyldige plottet vi så i de tidlige årene, utviklet ondsinnet programvare seg til en aktivitet for datanerder, som skapte store problemer for personer og organisasjoner, og videre til en industri dominert av kriminelle.
Rapport fra The Internet Crime Complaint Center for 2006
Rapporten om Internettsvindel for 2006 fra USAs klagesenter for Internettkriminalitet er akkurat blitt publisert og er interessant lesning.
Økt antall sikkerhetsbrister gir store kostnader for organiasjoner
Antall sikkerhetsbrudd og hendelser øker drastisk og en fersk undersøkelse viser at nærmere 9 av 10 organisasjoner har opplevd sikkerhetshendelser i løpet av 2005.
The 2006 Security Event Overview (III)
The main security events during 3rd quarter 2006.
A changed approach from the authors of malware defines new challenges for protection software
During the latest couple of years we have seen a significant shift in malicious software. This enforces new requirements to software that is supposed to protect against malware.
Big Brother FINNER deg!
Vår artikkel fra i fjor - Big Brother is HEARING you slutter med: "For now, happy VoIP, but... Be careful, you never know who will be listening in!"
Finansinstitusjoner mer eksponert for hackerangrep og svindelforsøk
Større finansorganisasjoner blir i økende grad utsatt for hackerangrep, ondsinnet kode og svindelforsøk. I følge en fersk undersøkelse har antall organisasjoner som har blitt usatt for angrep økt med 78 % i løpet av det siste året.
”VISHING” – ny teknologi gir nytt liv til gammel kriminalitet
“Vishing" er en kombinasjon av de to begrepene "Voice over IP" and "Phishing", og er akkurat det: Utnyttelse av den økende bruken av IP-telefon for å lure noen til å avsløre personlig informasjon, med den hensikt å begå svindel.
Sikkerhetshendelser 2006 – oversikt (II)
De viktigste sikkerhetshendelsene i løpet av 2. kvartal 2006.
Se opp for ransomware (krav om løsepenger) !
Hackere som krypterer filene dine og krever penger for å dekryptere dem igjen er et økende problem innen IT-kriminalitet.
Zombier og målrettede angrep – en overkommelig utfordring?
En av de mest aktuelle og raskest voksende trusler mot IT-sikkerhet i dag er fremveksten av zombiemaskiner og såkalte robotnettverk (bottnettverk). Ikke bare spres nettverkene raskt, de er også i stand til å gjøre stor skade som lett kan føre til høye kostnader.
Your pet can be infected by a computer virus!
Researchers of the University of Amsterdam in The Netherlands have succeeded to successfully infect a RFID-chip (Radio Frequency Identification Device) with a computer virus.
Redusert tillit og økt fare – Hva vil skje med fremtidens ehandel?
Ehandel og transaksjoner på Internett har vært en normal del av moderne menneskers liv i noen år nå. Men samtidig som mengden av transaksjoner gjort over nettet øker, øker også antall sikkerhetstrusler og svindelforsøk.
Phishere endrer målgruppe
Phishere, også kalt identitetstyver, er tradisjonelt kjent for å angripe større finansielle institusjoner, men den senere tid har de begynt å endre metoder og målgrupper. I dag slår phisherne til mot alle former for organisasjoner.
The Internet in the future – increased distrust among users?
The Internet is no longer a limited source of information or communication. Without the Internet you will have severe problems conducting several every-day tasks in today’s western society.
Virksomheters og privatpersoners bekymringer ved bruk av Internett
Det er en mengde sikkerhetsproblemer som er aktuelle dersom man bruker Internett som medium for forretningsvirksomheten til en virksomhet. Sikkerhetsproblematikk er også aktuelt i forbindelse med beskyttelse mot misbruk av enkeltpersoners personlige informasjon. Denne artikkelen vil drøfte en del slike aspekter.
Spam – fra uskyldig lek til organisert kriminalitet
Trussel er kanskje ikke det første du tenker på når du hører om spam.
Proof of concept worm for handheld devices
The first worm that spreads through handheld devices, like mobile phones, is observed. This is a "proof of concept" program without malicious code.
"You ain't seen nothing yet" - or - The Warhol worm and worse
It is hardly controversial to claim that the end of February and beginning of March 2004 was the worst period ever regarding the sheer number of new mailicious programs threatening the Internet community. New variants of Bagle, MyDoom and Netsky were spread daily - sometimes even more than once per day.
An analysis of Sobig.F and its ability to harm Internet users around the world
In September 2003 Internet users and organizations experienced the most severe attack on the Internet infrastructure since the "Morris worm" in November 1988. The outbreak of W32/Sobig.F caused major problems because of the huge amount of emails flooding the infrastructure.
Macrovirus steals your private PGP key
Security Information Week 8, 1999Several viruses have recently been created which utilize Internet protocols and applications in their behaviour.One such familiy is the W97M/Caligula viruses ...
1 January 2000 - a special date for virus attacks?
Security Information Week 37, 1999 Introduction There has been some speculation in the media about lots of new viruses with payload 1 January 2000. Apparently this has ...
Several new virus techniques have surfaced in 1999
Security Information Week 49, 1999 As this year (and the millennium) approaches its end, time has come to look back on what we have experienced in ...
The major security risk: Users
Security Information Week 9, 1999The IT department in an organization often uses vast resources to be updated on security risks associated with hardware and software ...
Trends in the creation and propagation of malicious programs
Security Information Week 25, 1999 This year we have seen three instances of malicious programs which caused severe damage all over the world: ...
Exploiting security issues in known applications - a new trend in malicious programs?
Security Information Week 32, 2003
The dilemmas of publishing information about vulnerabilities in software
Security Information Week 40, 2002IntroductionOne of the ongoing discussions regarding security is about informing the public about new security risks. The two extremes are on ...
Privacy after 11 September 2001?
Has a person's ability to protect his private life from intrusion of any kind been diminished during the years that has passed since 11 September 2001?
2002 - a quiet year with respect to malicious programs, or not?
Security Information Week 34, 2002 In August this year some news items appeared, which claimed that the year so far had been a quiet one for ...
3rd Quarter 2001 - a (long) nightmare for the security community and Internet users
Security Information Week 41, 2001 Introduction If the computer security community looks back upon the third quarter this year, this is probably not with happiness and joy. ...
April this year - the month of severe incidents from malicious programs?
Security Information Week 14, 2001 Introduction It is often claimed that security companies, security consultants and the antivirus vendors, are too eager to warn about different kinds ...
Trends in malicious programs
Security Information Week 6, 2001 Since computer viruses appeared for the first time the middle of the 80s, there has been a rapid development of these ...
The so-called HTML viruses
Security Information Week 1, 1999 The computer magazines as well as other papers have recently published articles about a "new" kind of viruses - the so-called ...
The ten most critical Internet security threats
Security Information Week 26, 2000SANS Institute's web site is one of the most useful resources to visit/use for those interested in computer security issues.One of ...
Y2K - predictions and experiences
Security Information Week 1, 2000 It seems appropriate to use the Security Information for the first week in the new year to look back on what ...
What to learn from visits by Melissa and her siblings
In April 1999 a lot of people and organizations were paid a visit by the computer virus Melissa. This virus propagated so quickly and extensively that many compared it to the legendary "Morris worm."
Nyeste blogg-innlegg [EN]
The 10 most insecure passcodes
2011-06-16
Earlier this week I read an extremely interesting and impressing blog item by Daniel Amitay: Most Common iPhone Passcodes.
Amitay has analyzed more than 200 000 passcodes used in an app with a similar...
mer >>
mer >>
Purchasing and downloading outdated software
2011-05-23
Last week in the "JoshMeister On Security" blog, the topic was about Apple's Mac App Store, and the fact that software available from this store may not be the latest version.
The blog's aut...
mer >>
mer >>