Rodney Campbell's Blog

The Evolution of Self-Defense Technologies in Malware

This article explores how malware has developed self-defense techniques and how these techniques have evolved as it has become more difficult for viruses to survive. It also provides an overview of the current situation.

Inside OS X Security

Once you get past all the yelling and emotion, Mac OS X is a pretty secure operating system, at least as secure as any other operating system in its class. Mac users are exactly as vulnerable to phishing and social engineering attacks as any other platform.

MPAA Sets Up Fake Site to Catch Pirates

MediaDefender Inc has launched a website called “MiiVi” dedicated to busting those who both like to download copyrighted content as well as those who already have. The site is apparently the latest ploy in the ongoing battle against illegal file-sharing and literally takes the game to new heights. It offers WHOLE DOWNLOADS of movies as well as the ability to download and install a “miraculous” new program that offers “fast and easy downloading all in one great site”. There’s just one problem: the site’s registered to MediaDefender Inc. and after it’s installed, it searches your computer for other copyrighted files and reports back.

Is It OK that Google Owns Us?

Google’s continuously raked over the coals regarding the massive amounts of PII (personally identifiable information) it collects, what it does with it, how long it retains that data and what the company might do with it if its merger with DoubleClick goes ahead.

Senior execs targeted in ‘precision’ malware attacks

On 26 June, net security services firm MessageLabs intercepted more than 500 individual email attacks targeted against individuals in senior management positions.

Spammers Duke It Out In Online Turf War

Just as thugs and drug dealers jealously guard their street corners with destructive turf wars, online spammers and other shadowy characters have been known to attack one another for control over virtual real estate. This week, security experts spotted a nasty tussle brewing between criminals who operate two of the largest networks of hijacked computers used to blast out spam.

Vista is Watching You

Are you using Windows Vista? Then you might as well know that the licensed operating system installed on your machine is harvesting a healthy volume of information for Microsoft. In this context, a program such as the Windows Genuine Advantage is the last of your concerns. In fact, in excess of 20 Windows Vista features and services are hard at work collecting and transmitting your personal data to the Redmond company.

Integrity of hardware-based computer security is challenged

Withdrawn Black Hat paper hints at flaws in TPM security architecture.

The Evolution of Security (pdf)

What can nature tell us about how best to manage our risks?

Security Analogies Wiki

Dedicated to compiling good analogies used when explaining (computer) security matters.

Data Seepage – How to Give Attackers a Roadmap to Your Network

Robert Graham and David Maynor, the CEO and CTO of Errata Security. In this video they talk about how the days of widespread internet attacks are long gone. What’s more popular now are more directed or targeted attacks using a variety of different methods. This is where data seepage comes in. Unbeknownst to a lot of mobile professional’s laptops, PDAs, even cell phones can be literally bleeding information about a company’s internal network.

Piracy More Serious Than Bank Robbery?

Ars Technica covers NBC/Universal general counsel Rick Cotton who suggests that society wastes entirely too much money policing crimes like burglary, fraud, and bank-robbing, when it should be doing something about piracy instead.

Judge Orders TorrentSpy to Turn Over RAM!!

In an impressive example of the gap of understanding between legal officials and technology, U.S. Magistrate Judge Jacqueline Chooljian found that a computer server’s RAM, or random-access memory, is a tangible document that can be stored and must be turned over in a lawsuit.

Border Gateway Protocol Security (pdf)

Why DRM won’t ever work

A request for a DRM system is a sign that the customer is in denial, and isn’t dealing rationally with reality.

Why DoS and DDoS attacks are the plague of the Internet

DoS and DDoS attacks are not a new threat—they’ve been terrorizing the Internet for years. But after all these years, we’re still no closer to learning how to deal with this problem.

Germany outlaws ‘hacking tools’: An impossible ban for sysadmins?

A recent update to the German criminal code has outlawed so called “hacking tools.” This move has raised angry responses from security experts worldwide who have branded it as “ill considered and counterproductive.”

Little-known AV packages outdo those of Symantec, McAfee, Microsoft

Andreas Clementi, who runs the web site av-comparatives.org, has released his latest report that looks at how well antivirus programs do against threats that have not yet been identified and included in standard AV signatures.

Guidelines on Securing Public Web Servers (pdf)

An inside look at a targeted attack

It appears that more than one year after the initial attacks, the hostname is still successfully resolving.

Zero-day sales not fair — to researchers

Two years ago, Charles Miller found a remotely exploitable flaw in a common component of the Linux operating system, and as many enterprising vulnerability researchers are doing today, he decided to sell the information.

10 Anti-Phishing Firefox Extensions

One popular way to combat phishing attacks is to maintain a list of known phishing sites and to check web sites against the list. This hack highlights 10 anti-phishing Firefox extensions that can be used to mitigate the risk of being a victim of a phishing attack.