It is also learnt that the worm is very simple and its behaviours are similar to malware programs back in the early days of computer malware. Well, everybody thought the same thing when Conficker was released last year and to-date we are yet to be sure exactly what the worm is capable of doing. Some sources claim that it looks like the Conficker worm (and its variants) are waiting for some sort of instructions to act. Sounds like a sci-fi thriller movie to me.

Back to the iPhone story, Sophos wrote that the worm can only infect jailbroken iPhones that are installed with SSH and other phones are not affected.

The moral of the case study:

1. NEVER click an URL from a link sent to you. Always type out the URL on your browser.
2. Banks WILL NEVER send emails to its customers for account maintenance.

 Have a great weekend! Cheers!

A cool work put together by the people from Conficker Working Group. Bear in mind that this test will not work if you are using a proxy server on your network.

There is no one-size-fit-all scenario when it comes to IT security compliance. In another words, you can’t just adopt the same standard that your friend’s organization is using just because it fits and works well for his/her organization. Can risk assessment be the answer? Even so risk assessments are normally conducted based on a standard you have chosen and after the gap assessment has been accomplished.

This is definitely quite a tough question but I am sure there may be some studies conducted by certain experts which can be used to ascertain the best fitting security model or standard for a organization.

Swedish authorities have few leads in their investigation of a massive denial-of-service attack on Thursday that downed about 40 websites belonging to police and media outlets. The attacks flooded media IT development firm Adeprimo with some 400,000 requests per second, compared with the 800 requests that are typical.

Read more.

From what I gather from Afghanistan and also many parts of the world, people want the CIRT to guarantee security. They want the CIRT to be accountable in the event of security breach. Does this make any sense? It is like blaming the police because you got mugged.

A CIRT can be regarded as a fire department; i.e. they respond to incidents. They can’t be held accoutable should there be a security incident within its constituencies (you can’t blame the fire department for fire incidents). However, a CIRT can participate in conferences and forums  and even lawmaking exercises to improve baseline security standards and produce best practices. Most of the CIRTs in the world provide reactive services but with the current advancement in the taxanomy of attacks, CIRTs should also start providing proactive services to prevent attacks. They should be in the forefront to identify attacks and disseminate the threat information to the right people at the right time for the right actions to be taken.

The three prong strategy aims to target botnet and malware creators, so-called bullet-proof hosting providers that offer hosting services to cybercrooks, and digital currency exchanges. Digital currency exchanges such as WebMoney and Liberty Reserve are central to the operation of the black economy, according to Andy Auld, head of intelligence at SOCA’s e-crime department.

[...]

The RBN – described as a purpose-built criminal ISP – allegedly paid off local police, judges and government officials in St Petersburg. There were strong indications RBN had the local police, local judiciary and local government in St Petersburg in its pocket. Our investigation hit significant hurdles.

Sounds like a Hollywood movie? Well, we are definitely witnessing the proliferation of cybercrime. I applaud the effort being put together by the likes of FBI and SOCA but this is not good enough. More governments and relevant agencies of the world should come together to combat this and eliminate the safe haven for the cybercriminals.

I am yet to read about any security concerns on this new initiative but my concern is on phishing attacks. If you are targeted by a phishing attack with a URL which you can’t understand the risk of falling victim is higher. More often people just click the links sent to them via emails even if the URLs are in latin.

The total number of flaws disclosed and patched by the software maker so far this year stands at around 160, more than the 155 or so that Microsoft reported for all of 2008.

…

The increase in the number of flaws being discovered comes at a time when attackers are getting much faster at exploiting them. A survey by security vendor Qualys earlier this year showed that 80% of vulnerability exploits are available within 10 days of the vulnerability’s disclosure. Nearly 50% of the vulnerabilities patched by Microsoft in its security updates for April this year already had known exploits by the time the patches were available.

Now, we all know that Vista was supposed to solve most of the security issues that have been bugging Microsoft’s previous applications but the current number of reported vulnerabilities has surplused the number for the entire 2008. How is this possible? Why are there so many vulnerabilities? Why is there lack of quality assurance when it comes to software coding?

Windows 7 was launched on 22nd October 2009 and I wonder if we are in for another “catch me if you can” game with the software giant. We have definitely learned from the past (I suppose) that MS can never produce a secure software, but why are we still going for the products? I think when it comes to using a software, user-friendliness and features take the front seat and security takes the back seat. People are more willing to pay for the features rather than security.

On a separate issue altogether, I have been a big admirer of Mac OS ever since I started using it like 2 years back because of its robustness and the speed that I can get it up to work. In the last 2 years, I think I have only rebooted my MacBook 3 times and I never had a problem of opening the Macbook lid and start working on it in less than 5 seconds. In contrast to a Vista machine which I have which needs about 30 seconds (if I am lucky) to 60 seconds to get the login screen. Most of the time, after typing in the password the notebook will just hang for about a minute before I can start using it. Anyway, let us wait and see what Windows 7 holds for us .

Well this is another situation where the legal system of a country is not ready to cater for cases related to digital evidences. I am just surprised that the police did not force the guy to decrypt the files. What if the guy was really spying on the flatmates and got tipped-off that the police was going to pay him a visit and disconnected his gadgets. I really think that the police should have forced the suspect to decrypt the files.

It is as if the police arrived at a house suspected to produce drugs and did not enter it because the house owner locked the doors.