Rodney Campbell's Blog

Audio For ‘Privacy Is Dead’ Talk Now Online

The Steve Rambam talk at HOPE Number Six was disrupted by his arrest minutes before he was scheduled to go on stage – HOPE Number Six finally came to an end with a three hour talk at the Stevens Institute in Hoboken, New Jersey that focused on just how much information on each of us is readily accessible to virtually anyone. Steve also revealed all of the information he was able to find on a volunteer "victim" and answered all sorts of questions from the standing room only audience, including what really happened back in July.

Could Hollywood hack your PC?

Congress is about to consider an entertainment industry proposal that would authorize copyright holders to disable PCs used for illicit file trading.

New Google Service Will Manipulate Caller-ID

Google has made available a new "Click-to-Call" service that will automatically connect users to business phone listings found via Google search results. Of concern is that Google says that it will manipulate the caller-ID on the calls made to the user-provided number, to match that of the business being called – thus allowing potential for abuse.

PCI cards the next haven for rootkits? [pdf]

An interesting article about a paper published on the possibility of hiding a rootkit in different PCI cards and have the rootkit survive a reboot or cleansing of the hard disk. It seems though that the author of the article doesn’t think this would be abused.

A New Vulnerability In RSA Cryptography

Branch Prediction Analysis is a recent attack vector against RSA public-key cryptography on personal computers that relies on timing measurements.

Cracked it!

Three million Britons have been issued with the new hi-tech passport… So why did Steve Boggan and a friendly computer expert find it so easy to break the security codes?

Honeypot Mirroring .edu domains under .eu / Active Threat

What is appears, for the moment, is that this machine is running a honeypot to capture passwords for people who typo .edu as .eu

Malware goes to the movies

Online attackers have started to experiment with embedding malicious code or links to such code in different video formats.

Deconstructing a Pump-and-Dump Spam Botnet

Shows the inner working of a massive botnet that is responsible for the recent surge of ‘pump and dump’ spam. It’s a detailed picture of how these sleazy operations work and why they’re so hard to shut down. Sobering numbers: 70,000 infected machines capable of pumping out a billion messages a day, virtually all of them for penis enlargement and stock scams. Excellent graphics, too, including one chart that shows that Windows XP Service Pack 2 is hosting nearly half the attacked machines.

IronPort stops 98% of image spam

IronPort has announced significant progress in the war against image spam.

Microsoft Security Bulletin Summary for November, 2006

Virtualization and security

It’s a pity that discussions on the subject of security vulnerabilities associated with virtual servers tend to focus on Windows: If a virtual machine is running as a guest on a Windows host, an exploit on the guest VM can climb up to the Windows host, and then all hell can break loose. There’s more to securing virtual servers than not running VMs as guests of a Windows host.

SANS – Human error top security worry

Targeted attacks focus on humans, and they often work… even after hours of computer security instruction, 90% of freshmen cadets still clicked on the link.

Kevin Mitnick’s Security Advice

Protecting yourself is very challenging in the hostile environment of the internet. Imagine a global environment where an unscrupulous person from the other side of the planet can probe your computer for weaknesses, and exploit them to gain access to your most sensitive secrets. Here’s my Top 10 list of steps you should take to protect your information and your computing resources from the bad boys and girls of cyberspace.

Symantec delivers Mac OS X security report [pdf]

Security vendor Symantec has issued a detailed report on current Apple Mac OS X threats, covering a wide range of security issues that affect the platform today.

SpamThru Statistics

Working with the anti-spam group SpamHaus and the ISP, we were able to receive access to files from the SpamThru control server. We have analyzed the files, and in this report we will look at some of the statistics and interesting finds.

The A to Z of security

Got the Love Bug? Scared of spyware? Read all about what’s keeping techies awake at night…

Microsoft unleashes improved Firefox

The open source community is in a state of shock this morning at the news that Microsoft has released a version (or here) of popular browser Firefox. Download it here, but, check the minimum requirements first :).

Meet the world’s most prolific spammers

Rogues’ gallery Spamhaus has published a revised list of the world’s 10 worst spammers. According to the anti-spam organisation, 200 professional spam gangs are responsible for 80 per of the high volume of junk mail pumped onto the internet every day.

Report – Firefox 2.0 Trumps IE7 In Phish-Fighting

Firefox blocked 243 phishing sites that IE7 overlooked, while IE7 blocked 117 sites that Firefox did not.

Password-cracking contest results

Are long, noncomplex passwords harder to crack than short, complex passwords? These results lean toward yes.

Policy and Compliance in The Workplace

Compliance. Regulation. Security. These are the reasons why organisations write policies. But how can you be sure that staff have read, understood, and agreed to policy? And how can you demonstrate policy compliance to auditors and regulators? Posting policies on the intranet, or relying on emails or staff handbooks leaves policies ignored, and impossible to track.