« April 2011 | Main | June 2011 »

May 2011

Friday, 27 May 2011

It happens every time I write about hacking

Every time I write an article that mentions hacking, I invariably get a comment reminding me that organizations hire former (convicted) hackers to test the security of their web sites. I always respond, "Seriously, you trust someone who's committed a criminal act to fully disclose everything he's discovered about your web site?"

Trust is the single most important attribute for anyone practicing security. In responding to a comment today, I added the following:

I'm not a fan of hiring folks who have proven themselves to be untrustworthy. Trust is something you earn. I have no reason to trust or recommend individuals who've "hacked" into systems or networks, any more than I would trust or recommend individuals who've hurt children to babysit your kids.

I don't find criminal or grey-area activities glamorous. I'm uncomfortable around folks who've gained notoriety in this manner. I don't trust people who are frivolous or dismissive of the principle of "do no harm". The last thing I want is someone who's clever at installing rootkits working on the code that runs in my firewall. I'd forever wake up at night wondering what the backdoor will do.

Mightyohm

Photo by mightohm

Harsh? Perhaps. But this is one part of cyberspace where my thinking is very black or white.

Posted at 11:24 AM in All matters security | | Comments (0) | TrackBack (0)

Thursday, 19 May 2011

Top 10 Advanced Persistent Threats

At some point, the notion of an Advanced Persistent Threat devolved from meaningful and credible to the latest, greatest, meaningless term. The label is now applied to all sorts of attacks that are neither advanced nor persistent.

I make such an intensely cynical claim because attacks used by APT intruders are not very different from attacks used by cybercriminals and notoriety seekers before them. The main differentiators are motive, perseverance, sponsorship and resources.

We're dealing with a different kind of intruder, but the threats exist because we’ve failed to remove exploits APT intruder’s share and use in common with other criminals. Instead of treating APTs as new and different, we should be whittling away at the tools miscreants with motives ranging from notoriety to financial gain to cyberterrorism use every day.

I’ve compiled a Top Ten list of threats that we should consider to be advanced and persistent. Read Part I of my article May 19 and Part II May 20 at Enterprise Efficiency to learn more.

Posted at 12:55 PM | | Comments (0) | TrackBack (0)

Next »
Find me on Mastodon and Facebook

Spotlight Posts

  • FTC's proposed Trade Regulation Rule on Impersonation of Government and Businesses is important for #infosec
    M3AAWG comments on the FTC's proposed rule Trade Regulation Rule on Impersonation of Government and Businesses is available. I was one of the contributors to the comment. In the comment, M3AAWG "suggests additional regulatory solutions and best practices to complement the goals of this rule, such as clarifying the scope of the rule to include the use of domain names in impersonation schemes and the use of technologies that enable impersonation" and the important role that Whois plays in investigating impersonation and fraud. Several reports that my Interisle colleagues and I published are cited in the comment, along with the...
  • Cybercrime Information Center reports sharp increases in phishing attacks, unique domains reported in August-October 2022 time period
    A recent ebb in domain names reported for phishing created some euphoria in the domain industry. With phishing activity, as with tides, ebbs are invariably followed by flows. In their August- October 2022 Quarterly Phishing Activity, the Cybercrime Information Center observed a 40% increase in phishing attacks and a nearly 20% increase in unique domain names reported for phishing.
  • Cybercrime Information Center's YouTube Channel
    My colleagues and I at Interisle have created a YouTube channel to complement the quarterly reporting and studies of cybercrime we host at the Cybercrime Information Center. Our goal is to share, in a few minutes, the findings and insights from our research in a format that's easily accessible and shareable, informative, and entertaining. The inaugural videos provide 2-5 minute summaries of our annual Phishing and Malware Landscape studies. We'll continue to produce videos of our annual studies. If you like what you see, leave us a comment.
  • Malware Landscape 2022: unabated malware growth, continued exploitation of IoT devices
    My colleagues at Interisle and I have published a study, Malware Landscape 2022: A Study of the Scope and Distribution of Malware. The study, which analyzed 2.5 million records of distinct malware events from May 2021 to April 2022 collected by the Cybercrime Information Center, explains what malware was most prevalent, where malware was served from, and what resources criminals used to pursue their attacks.
  • New TLDs are coming #Dangerclose.
    A Domain Name Wire post, Time to pay attention to the next round of new TLDs, begins with an ominous: They’re coming. Eventually. While not as dramatic or enduring as Arnold Schwarzenegger's "I'll be back", the reporter cites policy activity at ICANN as evidence that new TLDs are coming. Eventually. In a September 2019 post, and in response to the ICANN memorandum, Readiness to Support Future Rounds of New gTLDs, I asked, Has enough been done to study and rectify the concentration of security threats in the new TLD space? In that post, I quoted correspondence from ICANN's security advisory...

Search

My Photo

Categories