http://www.secureworks.com/research/blog Information security analysis and commentary from the research team at SecureWorks. http://www.secureworks.com/research/blog/index.php/2009/6/30/zango-decision-offers-legal-safeguards-to-the-security-community One of the provisions of the Communications Decency Act (Section 230 of the US Code) established a safe harbor for ISPs so that they couldn't be held liable for the speech of their users. If you take umbrage at something someone said on the Internet, your remedy is to sue the speaker, not their ISP or telephone company. http://www.secureworks.com/research/blog/index.php/2009/6/30/zango-decision-offers-legal-safeguards-to-the-security-community http://www.secureworks.com/research/blog/index.php/2009/6/3/sha-1-collision-attacks-now-252 Eurocrypt 2009 was recently held from April 26-30 in Cologne, Germany. Sponsored by the International Association for Cryptologic Research (IACR), the website states that "It is devoted to all aspects of cryptology." This year's Eurocrypt rump session was held on April 28, which featured a talk entitled "Automatic Differential Path Searching for SHA-1". http://www.secureworks.com/research/blog/index.php/2009/6/3/sha-1-collision-attacks-now-252 http://www.secureworks.com/research/blog/index.php/2009/5/20/on-the-new-cybersecurity-bill On April 1, 2009, while the rest of the cybersecurity world was largely focused on the Conficker worm, Senators John (Jay) Rockefeller and Olympia Snowe introduced the Cybersecurity Act of 2009. Since the hype over Conficker has died down now, I've had a chance to review the text of this somewhat controversial bill and add my two cents to the discussion. http://www.secureworks.com/research/blog/index.php/2009/5/20/on-the-new-cybersecurity-bill http://www.secureworks.com/research/blog/index.php/2009/5/12/following-the-trojan-trail In this post I will go over the latest botnet making the headlines. The "Finjan botnet" appears to be large and strikes fear into many. As an average computer user, should you be afraid of the botnet, or should you be scared of being compromised by a Trojan? How bad can one piece of malware be? http://www.secureworks.com/research/blog/index.php/2009/5/12/following-the-trojan-trail http://www.secureworks.com/research/blog/index.php/2009/4/17/speaking-at-rsa The 2009 RSA conference kicks off next week in San Francisco. It looks like a busy week for me - I'll be presenting first on Tuesday, April 21st at the SecureWorks booth on the showfloor at 1:00 PM PDT. This will be a "Conficker Q&A" session. I'll be answering questions with the knowledge I've gained from reverse-engineering Conficker and also from my participation in the Conficker Working Group. http://www.secureworks.com/research/blog/index.php/2009/4/17/speaking-at-rsa http://www.secureworks.com/research/blog/index.php/2009/4/14/confickerc-worm-activity-detected Previously, the April 1st "activation date" of the Conficker.C worm was hyped as a doomsday. As Joe Stewart explains in the previous post, an update to the worm used a new algorithm to generate 50,000 domain names which could potentially be used as update or command and control servers. http://www.secureworks.com/research/blog/index.php/2009/4/14/confickerc-worm-activity-detected http://www.secureworks.com/research/blog/index.php/2009/3/27/conficker-april-fools-hype Don't panic. If you're reading this, you're probably not infected with Conficker.C. If you were already infected, you wouldn't be able to access any page on secureworks.com, due to the worm author's apparent dislike for the removal instructions we posted for earlier Conficker variants. http://www.secureworks.com/research/blog/index.php/2009/3/27/conficker-april-fools-hype http://www.secureworks.com/research/blog/index.php/2009/3/12/clever-hack-or-carders-at-work Earlier this week, reports began to circulate in the media about Chinese hackers selling $200 USD iTunes gift cards online for 17.90 RMB (about $2.60 USD). It was explained that these hackers were able to acheive the remarkable feat of cracking Apple's algorithm for generating the gift voucher codes, and were thus able to generate as many cards as they liked, all of which would be redeemable in the iTunes store. http://www.secureworks.com/research/blog/index.php/2009/3/12/clever-hack-or-carders-at-work http://www.secureworks.com/research/blog/index.php/2009/3/10/analysis-of-cve-2009-0658-adobe-reader-0day Bow here again. It has been a while since we posted a binary analysis on our blog, so I figured we would post one for a vuln that has been getting a lot of hoopla the past few weeks :) http://www.secureworks.com/research/blog/index.php/2009/3/10/analysis-of-cve-2009-0658-adobe-reader-0day http://www.secureworks.com/research/blog/index.php/2009/3/5/tornado-malware-kit In this post, we will be taking a look at the Tornado Malware kit. Tornado is a Russian web-attack kit used by hackers to compromise as many machines as possible. "Out of the box," it comes with 14 exploits, although users have space to add more, thanks to a modular design (handy!). http://www.secureworks.com/research/blog/index.php/2009/3/5/tornado-malware-kit