An interesting 0-Day Comparing Anti-Virus Solutions

An interesting 0-Day Comparing Anti-Virus Solutions

Posted on

Comparing Anti-Virus Solutions is something many organizations will (should) do to ensure their security choices sill work. While researching DrWeb’s work on the Flashback.K malware, I stumbled on this chart (see below). It uses data from Shadowserver.org (http://www.shadowserver.org/wiki/pmwiki.php/Stats/VirusDailyStats) to compare malware packages. Interesting POV that is worth watching over time to see if it is Read More

U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs) is now posted

U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs) is now posted

Posted on

The FCC’s Communications Security, Reliability and Interoperability Council’s (CSRIC) has now posted the U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs). This voluntary code of conduct is a milestone for the industry – placing new expectations on the eco-system required to safe guard our telecommunications system. The core of the code is Read More

DNSChanger - New tool to clean up the infection

DNSChanger – New tool to clean up the infection

Posted on

DNS Changer (see http://www.dcwg.org/) has been a “thick” piece of malware to remediate. At the start of the take down we have ~600K violated computers. Today we’re at ~400K computers. Not an impressive clean-up record. Why? The operational security community has no effective tools that an average user can use to start cleaning up their Read More

Private-to-Private Collaboration with Public Participation

Private-to-Private Collaboration with Public Participation

Posted on

The Cybersecurity Act of 2012 has now been posted. The dialog of representative government as started with enlightenment on what is important to a different interest. Coincidentally, this act is directly applicable to the principle of aggressive private-to-private collaboration with public participation. The act ‘could’ significantly help our cyber-security capabilities OR it could dramatically hurt Read More

2012 - A year of Cyber-Security Optimism

2012 – A year of Cyber-Security Optimism

Posted on

2012 can be a year of Cyber-Security Optimism. The wave of annual cyber-security predictions of doom is coming to a close. Every year security experts would talk about how malware infections are spreading, botnets are going to cause catastrophic damage, the evil “Chinese peril” are stealing everything online, and the next Cyber “Perl Harbor” is Read More

New Intelligence Squared debate - The CyberWar threat has been Grossly Exaggerated

New Intelligence Squared debate – The CyberWar threat has been Grossly Exaggerated

Posted on

Has the Cyber-War threat has been Grossly Exaggerated? Thanks to Intelligence Squared (I2) and Neustar for first – bring I2 outside of New York and second for setting up an Oxford-style debate to address the “market saturation” of the cyber-warfare threat. I’ve been a strong critic of the overhype, exaggeration, and fiction expounded by “individuals” Read More

Conficker - the "Fortunate 500"

Conficker – the “Fortunate 500”

Posted on

Conficker has been a dual edge sword to the industry. On one hand, it a nasty “weapons grade” hijacking malware with nefarious consequences – ranging from a platform for crime to a threat  Global Telecom’s, SCADA, and other critical infrastructure.  On the other hand, it is an example of what cyber-civic society can do when Read More