blog articles under the 'General' category

On Wednesday, March 21, 2012, Dell SecureWorks, CrowdStrike, Kaspersky, and the Honeynet Project initiated efforts to disrupt the operations of the Waledac/Kelihos (aka Hlux) botnet. This botnet generally sends spam email, harvests email addresses and credentials, and steals Bitcoin wallets. This post comments on that threat analysis and provides an update on the aftermath.

Carrier IQ, Inc. has received more public attention in the past 60 days than it has in the previous five years that the company has existed. The software, Carrier IQ (CIQ), is analytics software designed to improve the end user experience by providing information such as dropped calls, service coverage and software crashes to wireless providers. Recent legal action by Carrier IQ, Inc. met with reactive action by the Electronic Frontier Foundation (EFF) and has caused a recent media frenzy around privacy and disclosure issues surrounding the software.

On April 11, 2011, the Dell SecureWorks Counter Threat Unit (CTU) posted a blog entry titled 'Certificate Authorities for SSL/TLS: Crypto's weak link', which discussed some of the strains of the current Certificate Authority (CA) system for validating web site identity. The backdrop to this blog entry was the breach of Comodo and their resulting issuance of untrustworthy, but valid, certificates. In recent weeks, another CA breach has hit the news and drawn much attention...

Recently, the PCI-SSC released an Information Supplement providing guidance for compliance with the DSS in virtualized and cloud environments. Great news for anyone with virtualization within their cardholder data environment (CHDE), or who has been considering it.

On March 18, 2011, we blogged about a breach at RSA regarding the disclosure of unspecified sensitive materials related to SecurID. At the time, little information was made available as to the extent of the breach, the exact information that was compromised, or how it would affect RSA's customers.

Earlier today, Imperva publicly announced a vulnerability in their flagship SecureSphere WAF (Web Application Firewall). This issue was discovered by Sean Talbot of Dell SecureWorks and disclosed in a coordinated fashion with Imperva. We thank Imperva for their timely confirmation of our findings and the rapid deployment of patches to address the issue. Affected users are advised to patch their systems as soon as feasible. Details of the vulnerability and information regarding patches are available in our SWRX-2011-001 advisory and also in Imperva's announcement.

Between April 17 and April 19, 2011, Sony became aware that the PlayStation Network (PSN) and Qriocity user account information was compromised in conjunction with a breach into Sony’s network. These services allow users to play games with others on the Internet, make in-game purchases and stream music and movies to Sony devices. On Wednesday, April 20, PlayStation Network and Qriocity services were disabled to investigate the incident. Most alarming is the database of customer information exposed to the unknown attacker.

Securely deleting data is a requirement of most regulatory requirements. But many organizations struggle with just how to do this in a way that is both secure and compliant.

In the past couple of months, the Freakonomics blog asked why there has been such a downturn in the familiar Viagra and Nigerian prince Spam. The author attributed this to the cost of spamming not being worth the rates of return anymore.

On Februray 16th, 2009 there was a Border Gateway Protocol (BGP) anomaly which caused connectivity issues for some portions of the Internet. Arbor Networks andRenesys both provided good write-ups of the event. The basic problem was thatSuproNET, a local Czech ISP, announced a BGP route with an extremely longAutonomous System (AS) path.