Security Blog

A Bad Day at Pakistan Telecom

kcarlson — 2008-02-25T11:02:37-05:00

Sometimes I think I should have been a network engineer. I love all that "belly of the internet beast" stuff—giant high-speed routers, huge data pipes, and all things close to the backbone of the Internet. But then I remember my grades from my engineering classes, and why I dropped engineering, and switched my major to English. Perhaps the engineer who broke both YouTube and the Pakistani Internet yesterday should have switched his major, too, before it was too late. I mean, I wouldn't want to be that guy right now. Would you want to be the guy who kept Pervez Musharraf from getting to his MySpace page?

Here We Go Again: The "Good Worm" Debate

kcarlson — 2008-02-21T14:56:04-05:00

A new paper by Milan Vojnovic, Varun Gupta, Thomas Karagiannis and Christos Gkantsidis from Microsoft Research examining the best ways of propagating information across a network has resurrected the oft-discredited idea of "good" viruses spreading peace, harmony and security patches across computer networks.

ID Fraud Declines

kcarlson — 2008-02-12T12:55:17-05:00

Last fall, we learned that identity fraud is more of a low-tech than a high-tech crime. Now, there's some new evidence that ID fraud is on the decline overall. A new report suggests that financial losses from identity theft dropped 12% in 2007 to $45 billion, down from $51 billion in 2006.

Should Your IP Address Be Private?

kcarlson — 2008-01-29T14:09:37-05:00

The European Union has just ruled that Spain's Telefonica SA doesn't have to hand over the identities of file sharers on its networks. At least, not simply because the allegedly aggrieved party asks for such information.

GDrive: Is Trust Enough?

kcarlson — 2007-11-27T12:04:42-05:00

So the rumors over Google's online storage ambitions continue to swirl, stirred this time by a report in the Wall Street Journal that cites its sources as "people familiar with the matter." You sort of get the impression that WSJ reporters had to meet their shadowy sources in a darkened Silicon Valley parking garage in order to glean this bit of news.

Firefox Beta Bets on Security

kcarlson — 2007-11-20T10:52:36-05:00

Given that much of the recent growth in the Firefox user base has come at the expense of Microsoft due to security problems with Internet Explorer, I don't find it surprising at all that Mozilla continues to bet on security enhancements as a big selling point for Firefox. The long-anticipated beta of Firefox 3 is now out, and the Firefox developers have kept the security momentum going.

What is Comcast Doing?

kcarlson — 2007-10-25T12:45:28-05:00

So with the recent kerfuffle over Comcast's network management policies, it seems prudent right now to ask just what the heck are they actually doing, and why?

ID Fraud More Low-tech Than You Might Think

kcarlson — 2007-10-23T13:13:02-05:00

I suppose that being immersed in the tech world can lead to seeing things as technological problems, when in fact, they are simply sociological problems. Maybe that's why I was among those who associated the crime of identity theft primarily with computers. In my mind, I think I pictured identity thieves as hackers.

Just Because You're Paranoid Doesn't Mean You Aren't Being Tracked

kcarlson — 2007-10-18T13:02:10-05:00

Oh, the things that show up in my inbox. Apparently, it's easier than ever before to be a stalker. If you want to keep track of someone's whereabouts every second of every day, well, you're in luck. There's an affordable product designed just for you: the Trackstick.

Blu-ray Copy Protection: Punishing the Honest Customer

kcarlson — 2007-10-08T12:30:14-05:00

I absolutely sympathize with legitimate businesses when they lose money to piracy. In my book, it's wrong to steal movies. But it's equally wrong to put the whole burden of preventing piracy on the shoulders of honest customers. Not just wrong, but blindingly stupid as a business decision.

The Bad Guys are Busy

kcarlson — 2007-10-01T16:58:26-05:00

According to the CSI Computer Crime and Security Survey, some interesting changes are afoot in the world of computer crime. First, the damages claimed are growing - the average annual loss claim from computer criminal activity is up to $350,000 from last year's average, which was $168,000. Given the number of high-profile security breaches we've seen in the news over the past year, that doesn't really sound too surprising. But there's more bad news.

Online Game for Recognizing Internet Scams

jerickso — 2007-09-25T09:29:50-05:00

Security experts will go to all sorts of extremes to teach people how to better recognize and avoid email phishing and other Internet scams. And rightly so. Researchers at the Carnegie Mellon Usable Privacy and Security Lab, for instance, have turned to interactive, online games. Anti-Phishing Phil is a fish (that's a pun, right?) that helps users better identify fraudulent Web sites.

Security Report: More Malware, More Trojans

jerickso — 2007-09-17T09:42:08-05:00

IBM's Internet Security Systems (ISS) X-Force research and development has released a report that measures the volume of malware on a year to year basis. Surprise, surprise. Compared to the first half of 2006, the first half of 2007 revealed an increase in the amount of sophistication of malware.

Network Security Books Released by Cisco Press

jerickso — 2007-09-11T10:13:14-05:00

A number of security-related books have recently been released by Cisco Press, including:

Cisco ASA, PIX, and FWSM Firewall Handbook, Second Edition by David Hucaby. Cisco ASA, PIX, and FWSM Firewall Handbook, Second Edition, is a guide for the most commonly implemented features of the Cisco firewall security solutions.
End-to-End Network Security: Defense-in-Depth, by Omar Santos. End-to-End Network Security gives you a comprehensive look at the mechanisms to counter threats to each part of your network.
Cisco NAC Appliance: Enforcing Host Security With Clean Access, by Jamey Heary, Jerry Lin, Chad Sullivan, and Alok Agrawal. This book provides you with information about designing, configuring, deploying, and troubleshooting the Cisco Network Admission Control (NAC) Appliance, formerly known as Cisco Clean Access.
LAN Swith Security: What Hackers Know About Your Switches, by Eric Vyncke, Christopher Paggen. This book explains the vulnerabilities in a network infrastructure related to Ethernet switches.

Symantec Updates Security Packs

jerickso — 2007-08-29T13:14:56-05:00

Symantec has released its Norton Internet Security 2008 and Norton AntiVirus 2008 for Windows XP Service Pack 2 and Windows Vista users. In addition, Norton Internet Security 2008 also features Norton Identity Safe to protect users� identities when they buy, bank, or browse online. Moreover, the company claims to have optimized each product for greater performance, improved technical support, and reduced user interruption.