By jacqui@arstechnica.com (Jacqui Cheng) on security
The Federal Trade Commission has settled a case involving two scareware scammers. The settlement will relieve the two defendants of having to fork over almost $1.9 million as part of a judgment made against them, but will still require them to forfeit $116,697 in assets to the FTC.
The two defendants, James Reno and ByteHosting Internet Services, LLC, were based out of Cincinnati when they began their "massive deceptive advertising scheme." The two supposedly conned over a million customers into buying computer security software (such as WinFixer, WinAntivirus, DriveCleaner, XP Antivirus, and more) that ended up falsely claiming that they had found viruses, spyware, and porn on people's machines. The software would then ask for money in order to rid the computers of these fake viruses.
By emil.protalinski@arstechnica.com (Emil Protalinski) on Microsoft Security Essentials
This morning, on the Microsoft Security Essentials (MSE) homepage, a message appeared explaining that the limited beta program has already filled up: "Alert! Thank you for your interest in joining the Microsoft Security Essentials Beta. We are not accepting additional participants at this time. Please check back at later a date for possible additional availability." The MSE beta was released yesterday at around 8am, and less than 24 hours later the English version of the beta was full (MSE was also made available in Brazilian Portuguese). When Ars asked for details, a Microsoft spokesperson explained how quickly the cap was reached:
By Seth Rosenblatt
The public beta for Microsoft Security Essentials, the free replacement for Live OneCare, is now closed, but that doesn't mean you've missed your chance to see what it's like.
In ...
Originally posted at The Download Blog
By Elinor Mills
The content-filtering software the Chinese government wants installed on all PCs sold in that country beginning next week was poorly developed and puts users at risk of having their computers compromised, a security expert who examined the code said on Thursday.
The Chinese government is requiring that all PCs include ...
By Elinor Mills
Finally, there's a tool that can help prevent people from clicking on URLs that appear to come from friends on Twitter and other social media sites but which lead to sites hosting malware.
Web security firm Finjan began offering this week a free browser plug-in dubbed SecureTwitter that warns ...
By Tom Espiner
The U.K. government plans to form a cybersecurity agency, with functions including cyberattack capability.
The Office of Cyber Security (OCS), dedicated to protecting Britain's IT infrastructure, will be created with a model proposed--and in part practiced by--the U.S. The U.K. government said Thursday that the OCS ...
By Tom Espiner
An exploit for a flaw in censorware mandated by the Chinese government has been made publicly available for download on the Internet.
The buffer overflow flaw exists in the latest, patched version of Green Dam, 3.17, according to security researcher "Trancer," who claims authorship of the attack code.
"I ...
By Elinor Mills
Updated June 25 at 9:00 a.m. PDTwith Trend Micro saying the Trojan is harmful to Macs and PCs.
Venture capitalist Guy Kawasaki got more than he bargained for from an automated feed he set up on his Twitter account. ...
By Ina Fried
A day after making a beta of its free security program available, Microsoft has said it already has the number of testers it needs and has halted new downloads.
(Credit: CNET)
Well, that didn't take long.
A day after making available a free beta of its Microsoft Security Essentials ...
Originally posted at Beyond Binary
By Elinor Mills
...
By Rik Ferguson on web
A quick warning note. I am starting to see URLs being shortened with one service, and then shortened again with a second service in order to overcome URL previewing solutions. In fact, if you came here as a result of my tweet about this blog entry, you came through three URL shorteners. Here’s an innocuous example that [...]
By Rik Ferguson on government
Let me get this out of the way first, this blog always represents my own opinion, and not Trend Micro’s official view. Yesterday I made a posting about the release of the UK government’s National and Cyber Security Strategy documents. I spent some time talking to the press and broadcast media and one of the recurring [...]
By Rik Ferguson on government
UPDATE: The strategy update has been published, at first glance, it appears to hit several of the points I mentioned below. I will publish my thoughts on the content later this afternoon. I did note though, from a BBC report “Officials said it would require input from those who had their own expertise in hackers. “We need [...]
By Rik Ferguson on web
UPDATE (25th June): Guy Kawasaki has stated that his Twitter account was not compromised, the malicious tweet came from a feed that Guy’s account is subscribed to automatically post. The feed comes from NowPublic, a user generated news feed. According to the Wall Street Journal “Michael Tippett, co-founder of NowPublic, responds, pointing out that Mr. [...]
By Darknet on wireless security livecd
You may remember back in February the BETA of BackTrack 4 was released for download, the team have made many changes and have now released BackTrack 4 Pre Release. For those that don’t know BackTrack is the top rated linux live distribution focused on penetration testing. With no installation whatsoever, the analysis platform is started directly [...]
A guide to locating sensitive data in databases -- and finding a strategy to protect it
Booming underground markets make spam even easier and more lucrative than before, researcher says
FTC issues final order censuring CVS Caremark for mishandling customer data
In Virus and Spyware
Spammers are taking advantage of reports on the deaths of celebrities Michael Jackson and Farrah Fawcett to infect users with malware.
In Virus and Spyware
Researchers contend that China is currently accounting for as much as 70 percent of the world's unsolicited e-mail.
In Vulnerability Research
Applications whitelisting vendors maintain that the current malware environment and demand for tools to address the shortcomings of traditional AV are speeding their push to market.
In Trojan attacks
Attackers hijacked the Twitter account of venture capitalist and ex-Apple evangelist Guy Kawasaki in a bid to lure users to a site hosting a Trojan. The catch -- the malware affects both Windows PCs and Apple Mac computers.
The British government is establishing a new Office of Cyber Security, as part of a broader strategy dedicated to protecting Britain's information technology infrastructure.
The man expected to head the new military cyber command says military cybersecurity efforts require broader-based training and improved support mechanisms for the military services, while also preserving civil liberties.
Homeland Security Secretary Janet Napolitano has backed proposed legislation that would repeal part of the Real ID Act.
The size and importance of DOD’s military operations have caused some observers to wonder about how big an effect the Cyber Command might have outside its own domain.
The House endorsed a spending increase on DHS' largest biometrics program in the fiscal 2010 spending bill it has passed.
The director of NSA will lead the U.S. Cyber Command, which will be a subunit of the U.S. Strategic Command and will reach initial operating capacity in October.
Rod Beckstrom, former director of the U.S. National Cybersecurity Center, faces demands to make the US organization into an international body.
The average PC user has a dozen unpatched applications installed.
Initiative aims to unify offense and defense in cyberspace under U.S. military command and enable responses "in Internet time rather than bureaucratic time."
Initiative aims to unify offense and defense in cyberspace under U.S. military command and enable responses "in Internet time rather than bureaucratic time."
Chinese authorities claim that putting Green Dam censorware on all new PCs sold in the country is necessary to limit young people's exposure to "harmful information."
By Paula Greve on Web and Internet Safety
The announcement of Michael Jackson’s death has caused immediate effects on the Web 2.0 world. The impact ranged from the interruption on Facebook of coverage of Farrah Fawcett’s death to a surge experienced by Twitter. The Web 2.0 world is definitely abuzz with traffic regarding his passing. Within hours the percentage of “long-tail” URL traffic associated with [...]
By Guilherme Venere on Web and Internet Safety
With the current news about the deaths of Farrah Fawcett and Michael Jackson, it’s a good idea to remind our readers to beware of blackhat attempts to distribute malware to anyone looking for news. Every time a disaster happens or news about some celebrity reaches the media, malware writers try to take advantage of it. [...]
An overwhelming majority of Web sites promoted through spam are hosted in China at service providers that many times choose to ignore complaints and allow illegal activity, according to research from the University of Alabama.
Within hours of the death of Michael Jackson's death, spam capitalizing on his demise hit inboxes, a security firm said today as it warned that more was in the offing.
If you happen to see a too-good-to-be-true offer to watch the latest Harry Potter movie online for free, watch out.
A bill in the U.S. Senate that would allow President Barack Obama to shut down parts of the Internet during a cybersecurity crisis will likely be rewritten and needs input from private businesses, said a congressional staff member associated with the legislation.
Not all botnets are organized in the same way. That's the conclusion of a report from Damballa which seeks to categorize the dominate structures. It attempts to explain why certain types of blocking and filtering will work against some botnets, and not for others.
Less than 24 hours after Michael Jackson's death, fraudsters are exploiting public interest with their attempts to spread spam and malware. Security researchers say they've observed hundreds of cases of malicious messages masquerading as information about Jackson's death. Some of them, they say, popped up within minutes of the news.
The U.S. Federal Trade Commission has suspended the majority of a judgment levied against two defendants accused of selling bogus security software to up to a million consumers.
Hackers are using Michael Jackson's death to try and trick people into disclosing personal details, says Sophos.
Intelligence agents and computer experts are to step up operations against a growing online threat from "criminals, terrorists and hostile states", as part of the government's updated national security strategy.
Three days after ceasing operations, owners of the Clear airport security screening service acknowledged that their database of sensitive customer information may end up in someone else's hands, but only if it goes to a similar provider, authorized by the U.S. Transportation Security Administration.
Facebook has updated its Publisher tools to give users more control over who gets to see their posts on the social network.
Infosys Technologies' co-chairman, Nandan Nilekani, has quit his post to take up a position with the Indian federal government, with the rank of a cabinet minister.
The biggest question on everyone's minds with regard to Microsoft Security Essentials is how well it can detect and remove malware. The early returns are in, and Microsoft Security Essentials performed well overall in initial malware detection testing provided to PC World by AV-test.org.
The heads of seven business organizations sent PCI Security Standards Council General Manager Bob Russo a cry for help earlier this month, saying the recession is making it "increasingly difficult" for merchants to meet the requirements of the Payment Card Industry's Data Security Standard (PCI DSS).
Guy Kawasaki -- a Silicon Valley venture capitalist who was partially responsible for marketing the Macintosh in 1984 -- has almost 140,000 Twitter followers. Many of those followers likely thought it was strange that Kawasaki was suddenly into shilling porn, when a link purporting to host a pornographic video of "Gossip Girl" star Leighton Meester appeared on June 23. Anyone who downloaded the video discovered a virus that ravaged both PCs and Macs.
National Grid has signed £207 million worth of deals with Cable & Wireless for a new data network.
A third of social networkers have at least three pieces of information visible on their profiles that could make them vulnerable to ID theft, says Webroot.
As German banks layer more security into their online banking procedures, security vendor Gemalto has launched a device it says makes completing transactions easier.
Windows is installing "surprise updates" against the wishes of some users, who have expressly set up the operating system not to deploy patches without permission, researchers charged today.
TJX Companies has agreed to pay for investigations by 41 states into a massive data breach that gave hackers access to data stored on as many as 94 million payment cards used by TJX customers.
Reader Jim Bradley seeks a way to securely wipe the data from his hard drive. He writes:
A team of journalists investigating the global electronic waste business has unearthed a security problem too. In a Ghana market, they bought a computer hard drive containing sensitive documents belonging to U.S. government contractor Northrop Grumman.
To the average IT security practitioner, the idea of disabling antivirus on new machines might seem blasphemous. After all, weren't we all told in IT Security 101 that everyone needs AV to keep the malware and data thieves at bay?
Cloud computing may offer a new form of data defense by bringing into play the maneuverability of data to secure it from attacks while the source of the attack can be pinpointed and neutralized, a blogger suggests.
Information security officers and managers are constantly looking for ways to encourage colleagues to comply with security policies. The paper "Social Psychology and INFOSEC: Psycho-Social Factors in the Implementation of Information Security Policy" summarizes a number of principles from social psychology that can help practitioners in our work.
Microsoft today released a limited beta version of Microsoft Security Essentials, a free antivirus application for users of Windows XP, Vista, or 7. The new app, which will replace Windows Live OneCare, aims to cover the basic security needs of home users, and its easy-to-use interface appears to be taking the right approach to the task.
Former Apple Macintosh evangelist Guy Kawasaki [cq] posts Twitter messages about a lot of different thing, but the message he put up on Tuesday afternoon was really out of character.
Imagine having to explain an e-mail message that asks your friends for money--a message sent from your Webmail account. (Webmail refers to any e-mail service you use via a Web browser rather than through an e-mail client.) That's exactly what's happening: Scammers are breaking into such accounts and, from those addresses, sending e-mail messages to the victims' entire contact list. The messages often tout a Web site (such as an e-commerce site), or even ask for money directly.
A company that collected detailed personal information including biometric data on 260,000 individuals as part of a registered air traveler program it operated has abruptly gone out of business, leaving many customers wondering about the safety and privacy of their personal data.
Defense Secretary Robert Gates today approved the creation of a unified U.S. Cyber Command to oversee the protection of military networks against cyber threats.
Adobe Systems has released a patch for its Shockwave Player to fix a critical vulnerability, the company wrote on its security blog on Tuesday.
Related Searches
Police forces across the UK are to collaborate to create regional cybercrime squads.
Microsoft's new free antivirus product - Microsoft Security Essentials - is now available in beta, but not if you live in the UK.
Related Searches
A new product from Phoenix Technologies, called Freeze, lets you use BlackBerry or iPhone Bluetooth to tell a PC that you're leaving the area and want it to lock up. When you return, Phoenix Freeze can also automatically unlock the machine so it's ready for you. However, it only works on Windows PCs, doesn't support 64-bit platforms, disables all other Bluetooth peripherals and seems to be a bit buggy for an official release.
If the feds Clear it
Defunct American airport security lane service Clear said on Friday it may sell its sensitive customer data to a similar provider if it's authorized to do so by the US government.…
Monster breach exposes Amazon and BBC to compromise
Security researchers have found a treasure chest of FTP passwords, some from high profile sites, on an open cybercrime server.…
Provocative pick
Internet oversight agency ICANN has hired former US cybersecurity chief Rod Beckstrom as its next boss.…
Who's bad?
Updated Miscreants have wasted no time exploiting the shock death of Michael Jackson to run email harvesting and banking Trojan campaigns.…
Dell making a 'mockery' of system in New Orleans brouhaha
A Louisiana judge found Dell in contempt of court Thursday after berating the eponymous computer vendor for making a "mockery" of the system though haphazard retrieval of evidence for a lawsuit that alleges corruption in the city of New Orleans' crime-camera program.…
Northrop Grumman and Pentagon data dumped
Dumped hard drives with US defense data have turned up for open sale in a West African market.…
Green Dam under attack
The US adminstration is pushing China to review its controversial policy of mandating the installation of specific content filtering software on new PCs.…
Come in MD5, your time is up
An SSL security guru is urging incentives to promote website certificate upgrade in response to problems with a widely-used digital-signature algorithm.…
Playing the great game online
UK cyber security spooks will soon have the ability to undertake proactive missions online rather than just playing defense, under the revamped National Security Strategy published today.…
As Secunia releases browser patching tool
Google has pushed out a new version of its browser that protects against a critical vulnerability as well as fixing some stability snags.…
Less than a day later
Redmond has cut off access to its Microsoft Security Essentials beta, less than a day after offering the free security app to John Q. Public on a first-come, first-served basis.…
Security Essentials does what it says on the tin
Microsoft's limited but free-of-extra-charge anti-malware scanner has performed creditably in early tests.…
Priority is net 'defense'. As in Department of Defense
The long wrangle among the US military about who gets to be in charge of cyber warfare and who gets all the resulting pork appears to have been settled. Questions remain, however, regarding the level of America's readiness to take offensive military cyber action against enemies presumably overseas.…
We've got ourselves a security hole, Rubber Duck
Developers unwilling to wait for the Mojo SDK for Palm's Pre, or to be bound by its restrictions, have discovered that unsigned applications can be installed using a specially-formatted e-mail rather than any mucking about with unlocking the handset.…
We're the eSweeney son, and we ain't had any dinner
British police chiefs are drawing up plans to set up regional "cybercrime" squads along the lines of existing teams tasked to handle anti-terror operations.…
Categories: Case Studies,Malicious Code
Paper Added: June 25, 2009
This week, I received a request to search for a range of destination addresses that cannot easily do ...(more)...
It has been recently announced that the Common Criteria Evaluation and Criteria Scheme (CCEVS) will ...(more)...
Our third presentation is by all of the Internet Storm Center Handlers that were present (at the tim ...(more)...
As we anticipated in our yesterday's diary, spammers are starting to exploit attention-grabbing head ...(more)...
Malware authors employ numerous and creative techniques to protect their executables from reverse-en ...(more)...
With the reported death of Farrah Fawcett and Michael Jackson today, it is likely only a matter of h ...(more)...
We have received some reports (thanks Drew) of scanning for keyhandler.js which is part of PHPMyAdmi ...(more)...
Our second presentation is by one of our Handlers by the name of John Bambenek. You may recogn ...(more)...
Recently at SANSFIRE 2009, there were a lot of talks given by our Internet Storm Center Handlers.&nb ...(more)...
An observant reader reports that he is seeing a very noticeable increase in TCP scanning for port 48 ...(more)...
As a follow-up to our earlier diary about phpMyAdmin scanning, there is at least 2 exploits posted i ...(more)...
Several readers pointed out that Adobe released a security update for the Shockwave Player today whi ...(more)...
Five people have pleaded guilty to charges related to a spam scheme that artificially inflated the price of Chinese penny stocks.......
Canadian journalism students bought a hard drive for US $40 at a market in Ghana, only to discover that it contained unencrypted information about contracts between military contractor Northrop Grumman and the Pentagon.......
People attending the Conference in Cyber Warfare in Tallinn, Estonia discussed the merits and drawbacks of conducting proactive cyber attacks.......
The Payment Card Industry Security Standards Council (PCI SSC) is seeking "detailed and actionable feedback" from member organizations on versions 1.......
Customers of the suddenly-defunct Verified Identity Pass (VIP) registered air travel service Clear have expressed concern about the security of the data they provided to the company.......
Adobe has released an update for a critical flaw in its Shockwave Player.......
Cornell University in Ithaca, NY has notified approximately 45,000 current and former staff members, students and their dependents that a stolen laptop computer contains their unencrypted, personally identifiable information.......
An exploit for a buffer overflow in the controversial Green Dam Youth Escort filtering software has been released in the wild.......
TJX, parent company of TJ Maxx and Marshalls, has agreed to a US $9.......
Smile ruefully in recognition at this list of security maxims, including "The Ignorance is Bliss Maxim: The confidence that people have in security is inversely proportional to how much they know about it.......
US Defense Secretary Robert Gates has given the official go-ahead to the creation of a unified military cyber command dedicated to managing Pentagon cyber warfare and network defense efforts.......
According to the recently released National Security Strategy, the UK government plans to establish a new cyber security agency called the Office of Cyber Security (OCS) that will manage the government's cyber security program and act as a hub for information sharing between the public and private sectors.......
Microsoft has halted downloads of its free Microsoft Security Essentials beta software.......
Police in Tokyo have arrested Hideaki Kubo, a former Mitsubishi UFJ Securities Co.......
By Brian Sears
Security pros should address social engineering attacks with end users, helping them identify the tactic and possibly have an impact on botnet viability.
By Robert Westervelt
The company agrees to pay legal expenses related to investigations conducted by 41 Attorneys Generals and establish a data security fund for states.
Application whitelisting is being talked up by everyone from pure-play vendors like CoreTrace to larger security vendors like McAfee and Symantec. But while many say a hybrid blacklist/whitelist approach is needed, CoreTrace is positioning itself as an alternative to blacklist-based anti-virus.
- There has been plenty of talk in the past year or so among anti-virus vendors about the usefulness of application whitelisting. But when it comes to the question as to whether or not the technology can replace anti-virus, the subject gets a bit stickier. Whitelisting allows a list of approved file...
A beta version of Facebook's publisher gives users more control over who can see their content. The move is meant to improve security and privacy on the social networking site.
- Facebook is testing out granular privacy controls for its users that will allow them to exercise more control over who sees published content. Just recently, Facebook made a beta version of its publisher available to some of its users that allows them to configure the settings for who can view ...
A researcher at IBM reports having developed a fully homomorphic encryption scheme that allows data to be manipulated without being exposed. Researcher Craig Gentry's discovery could prove to be important in securing cloud computing environments and fighting encrypted spam.
- An IBM researcher has uncovered a way to analyze data while it is still encrypted, in what could be a boon for both spam-filtering applications and cloud computing environments. The challenge of manipulating data without exposing it has bugged cryptographers for decades. But in a breakthrough, ...
NEWS ANALYSIS: How much does enterprise security really matter? Since most employees aren't being educated, it might not matter enough to businesses. For many companies, using software such as Microsoft Security Essentials makes more sense since employee computers are protected and IT departments can save time and money by not having to train employees about security.
- Quite a few security issues have impacted the business world over the past few months. The Conficker worm was considered a possibly damaging issue. The Nine Ball outbreak looked like it had the potential of unleashing some serious damage on the enterprise after it compromised 40,000 legitimate Web...
Cisco plans to integrate DLP technology from EMC's RSA security division into some of its IronPort e-mail security appliances by the fall. The integration is the result of a partnership between RSA and Cisco that was announced last year at the RSA security conference.
- EMC s RSA security division is bringing its data loss prevention technology to bear in the e-mail security space through integration with Ciscos IronPort appliances. By the fall, the DLP (data loss prevention) technology from RSA will be built into the Cisco IronPort C-Series applian...
U.S. Secretary of Defense Robert Gates has ordered the creation of a new command to unify efforts at the Pentagon to secure military networks. Plans for the Cyber Command come a month after President Obama declared cyber-security a national security priority in a speech.
- U.S. Secretary of Defense Robert Gates has ordered the creation of a Cyber Command to help secure the U.S. military's computer networks, according to reports. In a memo, Gates said he will recommend President Barack Obama put the director of the National Security Agency in charge of the com...
In U.S. Government
Former Department of Homeland Security cyber chief Rod A. Beckstrom has been tapped to be the new president of the Internet Corporation for Assigned Names and Numbers (ICANN), the California based non-profit, which oversees the Internet's address system. Most recently, Beckstrom was director of the National Cyber Security Center -- an organization created to coordinate security efforts across the intelligence community. Beckstrom resigned that post in March, citing a lack of funding and authority. Beckstrom joins ICANN as the Internet governance body faces some of the most complex and contentious proposed changes to the Internet's addressing system in the organization's entire 11-year history. For example: -- The United States is under considerable pressure to give up control over ICANN and turn it over to international supervision and management. ICANN currently operates under a Joint Project Agreement with the U.S. government, but that agreement is due to expire at the end
In New Patches
Adobe Systems Inc. on Tuesday issued a software update to fix a critical security flaw in its Shockwave Player, a commonly installed Web browser plug-in. According to Adobe, a malicious or hacked site could use the security hole to install malicious software if the visitor merely browses the site with a vulnerable version of the media player software. The flaw exists in Shockwave Player (also known as Macromedia Shockwave Player) version 11.5.0.596 and earlier. To find out whether Shockwave is installed and which version may be on your PC, visit this site. In a posting to its security blog, Adobe said it is not aware of any exploits in the wild for this vulnerability. Adobe recommends Shockwave Player users on Windows uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart and install Shockwave version 11.5.0.600, available here. Readers should be aware that by default this patch will also try
In Safety Tips
Microsoft on Tuesday released a beta version of its new free anti-virus offering, Microsoft Security Essentials (a.k.a "Morro"). My review, in short: the program is a fast, easy to use and unobtrusive new addition to the stable of free anti-virus options available today. MSE is basically the next generation of Microsoft's Windows Live Onecare anti-virus and anti-spyware service, but without all of the extras, such as a firewall, data backup solution or PC performance tuning (Microsoft announced in Nov. 2008 that it would stop selling Onecare through its retail channels at the end of June 2009). The toughest part was getting the program installed. MSE can run on Windows XP, Vista or Windows 7 (both 32-bit and 64-bit versions), but it failed to install on an XP Pro system I tried to use as my initial test machine -- leaving me with nothing more than a failure message and cryptic
Adobe re-patches Shockwave player
Pentagon signs off on Cyber Command
By Richard Bejtlich
In today's SANS ISC journal, the story IP Address Range Search with libpcap wonders how to accomplish the following:
...how to find SYN packets directed to natted addresses where an attempt was made to connect or scan a service natted to an internal resource. I used this filter for addresses located in the range 192.168.25.6 to 192.168.25.35.
The proposed answer is this:
tcpdump -nr file '((ip[16:2] = 0xc0a8 and ip[18] = 0x19 and ip[19] > 0x06)\
and (ip[16:2] = 0xc0a8 and ip[18] = 0x19 and ip[19]
I am sure it's clear to everyone what that means!
Given my low success rate in getting comments posted to the SANS ISC blog, I figured I would reply here.
Last fall I wrote
Using Wireshark and Tshark display filters for troubleshooting. Wireshark display filters make writing such complex Berkeley Packet Filter syntax a thing of the past.
Using Wireshark display filters, a mere mortal could write the following:
tshark -nr file 'tcp.flags.syn and (ip.dst > 192.168.25.6 and ip.dst
Note that if you want to be inclusive, change the > to >= and the
To show that my filter works, I ran the filter against a file with traffic on my own 192.168.2.0/24 network, so I altered the last two octets to match my own traffic.
$ tshark -nr test.pcap 'tcp.flags.syn and (ip.dst > 192.168.2.103 and ip.dst
137 2009-06-28 16:21:44.195504 74.125.115.100 -> 192.168.2.104 HTTP Continuation or non-HTTP traffic
You have plenty of other options, such as ip.src and ip.addr.
Which one do you think is faster to write and easier to understand?
Richard Bejtlich is teaching new classes in
Las Vegas in 2009.
Regular Las Vegas registration ends 1 July.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
By Richard Bejtlich
Yesterday I mentioned a speech by my CEO, Jeff Immelt. Charlie Rose also interviewed Mr Immelt last week. In both scenarios Mr Immelt talked about preserving long-term competitiveness. Two of his themes were funding research and development and ensuring the native capability to perform technical tasks.
By Richard Bejtlich
Earlier this month I wondered How much to spend on digital security. I'd like to put that question in a different light by imagining what a black hat could do with a $1 million budget.
The ideas in this post are rough approximations. They certainly aren't a black hat business plan. I don't recommend anyone follow through on this, although I am sure there are shops our there who do this work already.
By Richard Bejtlich
After my last post, some of you are probably thinking that it's easy to be a critic, but what would I suggest instead? The answer is simple to name but difficult to implement.
By Richard Bejtlich
I read Anton Chuvakin's post MUST READ: Best Chapter From “Beautiful Security” Downloadable! with some interest. He linked to a post by Mark Curphey pointing out that Mark's chapter from O'Reilly's new book Beautiful Security was available free for download in .pdf format. O'Reilly had been kind enough to send me a copy of the book, so I decided to read Mark's chapter today.
I found the following excerpts interesting.
By Richard Bejtlich
Today is an historic day for our profession, and for my American readers, our country. As reported in The Washington Post and by several of you, today Secretary Gates ordered the creation of U.S. Cyber Command, a subordinate unified command under U.S. Strategic Command. The NSA Director will be dual-hatted as DIRNSA and CYBERCOM Commander, with Title 10 authority, and will be promoted to a four-star position. Initial Operational Capability for CYBERCOM is October 2009 with Full Operational Capability planned for October 2010. Prior to CYBERCOM achieving FOC, the Joint Task Force - Global Network Operations (JTF-GNO) and the Joint Task Force - Network Warfare (JTF-NW) will be "disestablished."
As one of my friends said: "Step one to your Cyber Service -- what will the uniforms look like?"
Richard Bejtlich is teaching new classes in
Las Vegas in 2009.
Regular Las Vegas registration ends 1 July.
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
In politics
AFP - Less than two weeks before President Barack Obama's visit to Moscow, the United States and Russia cannot agree how to counter the growing threat of cyberwar attacks that could wreak havoc on computer systems and the Internet, according to The New York Times.
In technology
PC World - Less than 24 hours after Michael Jackson's death, fraudsters are exploiting public interest with their attempts to spread spam and malware. Security researchers say they've observed hundreds of cases of malicious messages masquerading as information about Jackson's death. Some of them, they say, popped up within minutes of the news.
In technology
PC World - If you happen to see a too-good-to-be-true offer to watch the latest Harry Potter movie online for free, watch out.
In technology
PC Magazine - The Federal Trade Commission has reached a $1.9 million settlement with two defendants who allegedly operated a deceptive advertising scheme to dupe consumers into buying computer security products.
In technology
PC World - CIOs think of Symantec as a company that buys its way into new markets. Over the past decade the Cupertino, California, vendor has snatched up about 30 companies as it's evolved from an antivirus and tools seller to an aspiring enterprise infrastructure vendor.
In technology
PC World - People often turn to me for advice regarding what anti-virus package to get. Usually I recommend McAfee or AVG, but Security Essentials will be my go-to anti-malware package once it's released from beta. For small-business and home users, the price, performance, and ease-of-use of MSE can't be beat.
In technology
PC World - Guy Kawasaki -- a Silicon Valley venture capitalist who was partially responsible for marketing the Macintosh in 1984 -- has almost 140,000 Twitter followers.
In technology
AP - Britain is hiring former computer hackers to join a new security unit aimed at protecting cyberspace from foreign spies, thieves and terrorists, the country's terrorism minister said.
In technology
PC Magazine - When it comes to computer security, you usually want as much as you can get. But that doesn't mean you want that protection to affect everything else you do on your PC. With that in mind, Panda Security has devised its 2010 lineup of security packages.
In technology
Reuters - Britain warned on Thursday of a growing risk to military and business secrets from computer spies and pledged to toughen cyber security to protect the 50 billion pounds ($82 billion) spent a year online in its economy.
In technology
PC World - The biggest question on everyone's minds with regard to Microsoft Security Essentials is how well it can detect and remove malware. The early returns are in, and Microsoft Security Essentials performed well overall in initial malware detection testing provided to PC World by AV-test.org.
In us
AP - Hackers defaced the home page of the Oregon University System, posting a caustic message telling President Barack Obama to mind his own business and stop talking about the disputed Iranian election.
In Cisco Security Advisory
In Cisco Security Advisory
Social networks are ripe for identity theft, with personal information easily up for grabs, security firm warns.
The retail chain has reached a $9.75 million settlement with 41 states that helped untangle a major security leak.
Not all botnets are organized in the same way. Understanding botnet design helps fight them more effectively.
Analysis: As part of the evaluation process for any enterprise business solution, a risk analysis should be conducted beforehand.
Analysis: Thanks to Pretty Good Privacy encryption creator Phil Zimmermann for software that undermines suppression -- and for keeping me out of jail.
Plus: A new password-stealing Trojan to guard against.
The FTC has suspended the majority of a fine levied against two defendants accused of selling bogus security software to up to a million consumers.
Microsoft Security Essentials may be the right tool for smaller businesses.
I've received several phishing e-mails that look surprisingly authentic and professional.
To the average IT security practitioner, the idea of disabling antivirus on new machines might seem blasphemous.
A link on Guy Kawasaki's Twitter page purported to direct his followers to a porn video, but really, it was a virus attack.
Early test results show that Microsoft Security Essentials holds its own in malware detection and cleanup.
Reader Jim Bradley seeks a way to securely wipe the data from his hard drive. He writes:
EU took a step toward creating a pan-European IT system for security and surveillance Wednesday.
Adobe Systems released a patch on Tuesday for its Shockwave Player to fix a critical vulnerability.
Posts
