Tuesday, December 30, 2008

Been a while

Well, it's been a while since I posted so I thought I would take
timeout and update on what's going on. I got my drobo up and running
and quickly realized that life had no meaning if I didn't add a
DroboShare. My wife, being next to Godly as she is, bought me one.
Now I have all of my content networked (NAS) for all of my systems.
Website is up and running on it, however, no good one has really been
published for it yet. I do think they'll take off. All in all, I
quickly filled up 1 TB with multimedia. Now need to add more space.

With the credit crisis, layoffs and future issues coming, I have to
say I'm pretty excited. It's times like these that people start being
inventive with new solutions to problems. Necessity is the mother of
all inventions and we are starting to go into a necessity phase. I'm
really looking forward to some of the changes we'll see in the
"Internet" usage and applications. The transformation to netbooks has
already started and only time will tell if we will be able to get to
the iPhone type form factor for everything.

Of course, any update would be remise without a security context. In
looking back over 08 a lot has happened. We seen the transformation
from standard attack models to strong(er) monetary funded ones.
Migration from electronic to physical compromise of devices for
financial theft, large identify compromises for fraud, governmental
use of zombies for pre-physical invasions. Of course some of these
have been going on prior to this year, yet, they are growing.
Organized ecrime will only get stronger as the global economy
deteriorates. It won't last forever, but I do expect it to be a very
rough couple of years with more intelligent individuals trying to find
ways to make more money with ecrime.

With the economy being what it is and going where it's going, with the
dramatic increase in malware professionalism and organized economies
of scale supporting ecrime. I have to say this is going to be rough.
It's also going to be where we are going to start being a focal point
by corporations and governments alike. I do think that we will see
some large issues over the next five years that will propel InfoSec
into the spotlight. Of course this isn't always a good thing.

Posted by Justin Somaini at 2:13 PM 1 comments Links to this post

Friday, October 17, 2008

Pakistan and Fraud Ring

From the Wall Street Journal http://online.wsj.com/article/SB122366999999723871.html#articleTabs%3Darticle

 

European law-enforcement officials uncovered a highly sophisticated credit-card fraud ring that funnels account data to Pakistan from hundreds of grocery-store card machines across Europe, according to U.S. intelligence officials and other people familiar with the case.

Specialists say the theft technology is the most advanced they have seen, and a person close to British law enforcement said it has affected big retailers including a British unit of Wal-Mart Stores Inc. and Tesco Ltd.

The account data have been used to make repeated bank withdrawals and Internet purchases, such as airline tickets, in several countries including the U.S. Investigators haven't pinpointed the culprits. Early estimates of the losses range of $50 million to $100 million, but the figure could grow, said the person close to British law enforcement.

The scheme uses untraceable devices inserted into credit-card readers that were made in China.

 

Posted by Justin Somaini at 7:16 AM 0 comments Links to this post

Thursday, October 16, 2008

Drobo

K, I just did it. I broke down and got a Drobo. It's on its way to
me as we speak. After doing security for so many years, it's amazing
how we overlook the simplest of things in our lives. I'm guaranteed a
divorce if any of our photos get lost due to a drive failure. This is
secondary, actually, to the countless months and years of ridicule
from friends and coworkers over the fact. I've heard nothing but good
things about it. Starting off with 2TB of space (1.8 actual). We'll
see how long that lasts. With the simple raid configuration and
"flashy non technical lights" ability it has makes it seem like a
simple and easy thing to use. My wife could even us it. We'll see
how that goes.

<www.drobo.com>

Posted by Justin Somaini at 7:59 PM 1 comments Links to this post

Monday, October 6, 2008

TCP Stack DOS - SockStress

Recently Outpost24.com announced a major issue with most, if not all, TCP stacks in which client side settings in TCP packets can result in a DOS.  An MP3 interview that was posted on Oct 1st describes the issue and potentially enough information for anyone knowledgeable in raw socket programming to perform it.  This coupled with the announced impact make this a significant issue.

 

Read Steve Gibson’s Posting:  http://www.grc.com/sn/notes-164.htm

 

 

Posted by Justin Somaini at 3:49 AM 0 comments Links to this post

Friday, October 3, 2008

China, Skype and Monitoring

Scary stuff if it’s true.

 

http://blog.wired.com/27bstroke6/2008/10/chinese-skype-s.html

Posted by Justin Somaini at 8:56 AM 0 comments Links to this post

Symantec Security Education Videos

Thought this was interesting and pass it on.


Posted by Justin Somaini at 8:49 AM 0 comments Links to this post

Tuesday, September 30, 2008

DOJ 2005 Cybercrime Report

A little late, but interesting data regarding the DOJ’s Special Report on Cybercrime survey in 2005. I think this is really interesting based on the assumption that unemployment increases crime and new crime is e-crime. Lots of good data in here.

http://www.ojp.usdoj.gov/bjs/abstract/cb05.htm

Interesting Points:

Respondents: 7,818

Cyber Attack: 74% Outsider

Cyber Theft: 74% Insider

Reported to law enforcement: (Attack: 6%, Theft: 56%) Note: this causes problems for good data for risk management

Posted by Justin Somaini at 7:42 AM 0 comments Links to this post
Subscribe to: Posts (Atom)