While researching DrWeb’s work on the Flashback.K malware, I stumbled on this chart (see below). It uses data from Shadowserver.org (http://www.shadowserver.org/wiki/pmwiki.php/Stats/VirusDailyStats) to compare malware packages. Interesting POV that is worth watching over time to see if it is of value.
The FCC’s Communications Security, Reliability and Interoperability Council’s (CSRIC) has now posted the U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs) . This voluntary code of conduct is a milestone for the industry – placing new expectations on the eco-system required to safe guard our telecommunications system. The core of the code Read More
DNS Changer (see http://www.dcwg.org/) has been a “thick” piece of malware to remediate. At the start of the take down we have ~600K violated computers. Today we’re at ~400K computers. Not an impressive clean-up record. Why? The operational security community has no effective tools that an average user can use to start cleaning up their Read More
The Cybersecurity Act of 2012 has now been posted. The dialog of representative government as started with enlightenment on what is important to a different interest. Coincidentally, this act is directly applicable to the principle of aggressive private-to-private collaboration with public participation. The act ‘could’ significantly help our cyber-security capabilities OR it could dramatically hurt Read More
The wave of annual cyber-security predictions of doom are coming to a close. Every year security experts would talk about how malware infections are spreading, botnets are going to cause catastrophic damage, the evil “Chinese peril” are stealing everything on-line, and the next Cyber “Perl Harbor” is just around the corner. Many people just ignore Read More
“Keeping to your message, repeat it many many time, and ignore the criticism” are key principles of success in Washington DC policy work. It does not matter if the message is true, based on facts, or have any empirical data to support your assertion. The point is the “message” is a tool to support the Read More
Thanks to Intelligence Squared (I2) and Neustar for first – bring I2 outside of New York and second for setting up a Oxford style debate to address the “market saturation” of the cyber-warfare threat. I’ve been a strong critic of the over hype, exaggeration, and fiction expounded by “individuals” who call themselves “experts” stirring up Read More
Conficker has been a dual edge sword to the industry. On one hand, it a nasty “weapons grade” hijacking malware with nefarious consequences – ranging from a platform for crime to a threat Global Telecom’s, SCADA, and other critical infrastructure. On the other hand, it is an example of what cyber-civic society can do when Read More
At NANOG 47, I gave an update to the NSP-SEC Top 10 Security Techniques. This tutorial has the video posted on the NANOG archives. I’ve posted the slides here for those who have not viewed or downloaded them. Slides 1 – 127 Slides 128 – Finish Questions, suggestions, and views are welcomed.
We need to expect more out the press, policy makers, and the pontificating “Cyber-warfare Experts” producing stacks of reports about the “Cyber-security threat.” Graham Messick, the CBS producer of this 60 minutes episode on “Cyberwar: Sabotaging the System,” did not do his due diligence as a reporter. A standard tool for building balance in a Read More