Botnets just won't quit. Now these traditionally one or two trick ponies are moving beyond spam and denial of service attacks to spreading SQL Injection attacks.

 
Continue reading Another Day, Another Botnet Story...

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Dan Sullivan | Articles and Analysis | Permalink | Comments (0)

Methods for countering botnets will increasingly exploit techniques used by botnets themselves. One approach is to disrupt command and control communications between bots; this can be effective but can require tampering with already compromised devices. Other methods improve the resiliency of communications in the presence of denial of service attacks but require a more complex communications infrastructure. Both approaches are described and discussed in this podcast.

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Dan Sullivan | Podcast | Permalink | Comments (0)

In the past the military and the space agency NASA have spurred innovation in the public and business sectors with derived benefits from there research - take hand held calculators and the Internet for examples. Now the military is reversing that trend and following patterns started by malware developers.

 
Continue reading Defensive Malware and Ironic Outcomes of Military Research...

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Dan Sullivan | | Permalink | Comments (0)

CheckPoint has released a browser virtualization product to add a layer of security to Internet Explorer and Firefox. By blocking access to the registry and file system, the virtualized browser should prevent some malware from gaining a foot hold on systems. This extends the range of security measures built around virtualization.

 
Continue reading Another Improvement to Browser Security...

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Dan Sullivan | Articles and Analysis | Permalink | Comments (0)

The Essentials Series: Messaging and Web Security - Volume III continues the series' focus on managing IT infrastructure and applications in an increasingly complex security environment. The articles are especially geared towards application developers, database administrators, Web architects, andsystems managers, and focus on emerging threats to enterprise as well as SMB environments.

This latest volume covers topics such as:

 
Continue reading Latest Messaging and Web Security Article Series Available...

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Dan Sullivan | Articles and Analysis | Permalink | Comments (0)

A fundamental problem with any malware detection technique is that you need a trusted platform to run your detection techniques. Advances in rootkit techniques make it more and more difficult to trust a device to be able to detect it's own infection. PC World describes a hardware-based root kit developed by Shawn Embleton and Sherri Sparks of Clear Hat Consulting. There are drawbacks to their technique but the approach demonstrates the limits of self-detection.

 
Continue reading Rootkits Pushing into Hardware...

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Dan Sullivan | Articles and Analysis | Permalink | Comments (0)

The Harvard Business Review isn't afraid to confront conventional business wisdom but when they published an article on the value of online gaming to developing business leadership they raised some eyebrows. What struck me most though, is that I found this article within minutes of finding another article on malware infections in online gaming indicating just how complex the online world is becoming.

 
Continue reading Gaming Has Place in Business but Watch for Security Risks...

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Dan Sullivan | Articles and Analysis | Permalink | Comments (0)

We've just posted another article on security budgeting and getting the most value for your money when it comes to choosing a combination of security measures. Here is an excerpt:

We all want to maximize the benefits of our security resources but it is not obvious how to do that. There is a wide array of risks that businesses must face; the applications we run and the processes that constitute our operations all harbor vulnerabilities. Security vendors provide an array of products that address many of the security threats in the constantly evolving environment of information security. No single set of product or process recommendations will work for every organization and even if, by some twist of fate, they did, the recommendations would have to change soon thereafter - security threats are continuously changing and adapting to the countermeasures we deploy. What we need is a method for choosing the optimal set of security products and processes given the requirements of a particular business at a specific point in time. That is the purpose of this article.

 
Continue reading Where to Spend Your Security Budget Part 2: Evaluating Security Options...

Digg it!

Sphere it!

Del.icio.us

Reddit!

Newsvine

Posted by Dan Sullivan | Articles and Analysis | Permalink | Comments (0)