Rodney Campbell's Blog

New approaches to malware detection coming into view

The traditional signature-based method to detect viruses and other malware is increasingly seen as an insufficient defense given the rapid pace at which attackers are churning out virus and spyware variants. All of which raises the question: What’s next?

Security Scanners Consumers test (pdf)

We have decided to compare the most popular security scanners. Here we present users opinions on eight most frequently use products.

Let’s Get Fuzzing

When systems get as complex as Windows, the only way to keep up with the security flaws is with aggressive fuzz testing.

Schneier questions need for security industry

We shouldn’t have to come and find a company to secure our e-mail. E-mail should already be secure.

103 Free Security Apps for Mac, Windows and Linux

To keep your computer safe (and save some cash while doing it) we’ve assembled a list of 103 free security apps for Mac, Windows and Linux. By the end of the article you should have enough resources to secure even the most naïve system, for free!

SMTP Authentication Update

It’s about 2 and a half years since the standards bodies threw up their hands and left SMTP authentication to the industry. Implementation progress has been slow but positive. And there have been some surprises.

Optical link hacking unsheathed

Techniques for extracting data flowing over fibre optic links are evolving to make the technique easier to apply (pdf).

0wning Vista from the boot

Rootkit that is able to load from Windows Vista boot-sectors.

Web threats to surpass e-mail pests

By next year, Internet users can expect more cyberattacks to originate from the Web than via e-mail, security firm Trend Micro predicts.

Russinovich Says, Expect Vista Malware

Despite all the anti-malware roadblocks built into Windows Vista, a senior Microsoft official is lowering the security expectations.

State Department got mail _ and hackers

A break-in targeting State Department computers worldwide last summer occurred after a department employee in Asia opened a mysterious e-mail that quietly allowed hackers inside the U.S. government’s network.

Staff use of social media is an unseen threat, says security firm

Over one third of businesses do not monitor their employees’ internet use, according to a survey carried out by an information security firm.

Attackers improve on JavaScript trickery

As JavaScript becomes an increasingly key component of online attacks, attackers are investing more energy in obfuscation and other techniques to make defenders’ attempts at reverse engineering more difficult, a security researcher told attendees at the annual CanSecWest conference on Wednesday.

How Security Companies Sucker Us With Lemons

With so many mediocre security products on the market, and the difficulty of coming up with a strong quality signal, vendors don’t have strong incentives to invest in developing good products. And the vendors that do tend to die a quiet and lonely death.

New AACS cracks cannot be revoked, says hacker

Folks at the Doom9 forums sent word that they have found yet another way around the copy protection for high definition discs… They cannot revoke this hack.

E-mail warning for employers

A new ruling which said a college had breached a woman’s privacy by secretly monitoring her e-mails, means employers cannot spy on staff.

Vista For Forensic Investigators

SecurityFocus has a two-part article offering a high-level look at changes in Windows Vista that a computer forensic investigator needs to know about. Part 1 covers the different versions of Vista available and Vista’s built-in encryption, backup, and system protection features. Part 2 continues with a look at typical user activities such as Web browser and email usage.

No end in sight to hacking of ‘WoW’ accounts

For months, hackers–most likely in China and Russia, according to security watchers–have been surreptitiously installing keylogging software on WoW players’ Windows computers, hijacking their accounts and selling off their often valuable in-game assets.

Announcing: Bruce Schneier’s Second Annual Movie-Plot Threat Contest

The first Movie-Plot Threat Contest asked you to invent a horrific and completely ridiculous, but plausible, terrorist plot. All the entrants were worth reading, but Tom Grant won with his idea to crash an explosive-filled plane into the Grand Coulee Dam.

Keep your kids safe online

The Web can help kids learn, communicate, and socialize, but it also exposes them to risks.

Developers warned to secure AJAX design

Most frameworks for deploying interactive functionality use JavaScript in a way that could lead to their applications leaking user data.

Can stuck torrents beat pirates?

Online filesharing of movies and music has the Hollywood hotshots hopping mad, but they are fighting back with the help of anti-piracy firms.

Microsoft to wait and see on Vista activation hacks

There are two methods that seem to work, and the software giant is monitoring both to see if they pose any substantial threat to the company’s business model.

Botnets by Email

Mark Russinovich examines some interesting email.