Hackers are increasingly giving up hacking, why? Because its become boring, there is no glits and glam in ethical or malicious hacking anymore. http://international-hacker-n3td3v.blogspot.com/2007/07/hackers-are-giving-up-hacking.html
I always knew this computer security thing was just a fad. ;-)
Urs
A selection of files is now available to researchers interested in evaluating cyber-attack detection methods, or in studying data from real life attacks.
The attack trace files can be downloaded from a website created as a spin-off of the LOBSTER pilot project, which has been monitoring Internet traffic across Europe since October 2004.
LOBSTER has captured more than 40,000 Internet attacks using 36 passive monitoring sensors deployed in nine different countries. It was a step towards an advanced European infrastructure that will improve our understanding of the Internet and help solve performance and security problems.
http://www.terena.org/news/fullstory.php?news_id=2138
This movie shows how easily you can be a victim of a hacker if you have not taken care of the proper IT security measures. An educational animated film about Botnets and the effect Bots, Virus and Worms can have on one's and other's computer.
http://www.waarschuwingsdienst.nl/render.html?cid=106
Fun! ;-)
New, easy to use antiforensic tools make all data suspect, threatening to render computer investigations cost-prohibitive and legally irrelevant.http://whitehatsec.com/home/resources/trade/07tradenews/062607CSO.html
See also: http://ws.hackaholic.org/slides/AntiForensics-CodeBreakers2006-Translation-To-English.pdfAnti Forensics: making computer forensics hard.
Peter Brundrett, the Product Manager behind the integrity levels work in Windows Vista has written some very detailed whitepapers:
http://msdn2.microsoft.com/en-us/library/bb625964.aspx
Microsoft now has its own security threat and research portal: We launched officially version 1 of the new Malware Protection Center Portal. The portal -- which Microsoft has been testing since April -- contains threat data, security research resources including an encyclopedia of threats, and downloadable signature updates for its antivirus and anti-spyware products. It also lets visitors submit potentially infected files so Microsoft can analyze the samples and provide feedback.
http://www.microsoft.com/security/portal/
And no, we do not sell or buy vulnerabilities! ;-)
At the Black Hat conference next month, Hoffman and fellow researcher John Terrill will demonstrate their wily, next-generation Web worm in a session entitled "The Little Hybrid Web Worm that Could." Their new worm mutates to evade signature detection -- it can even use vulnerability information from sites like Secunia to infect other servers and browsers.
http://www.darkreading.com/document.asp?doc_id=128355&WT.svl=news1_5
A group of security professionals launched this week what they hope will become the eBay of security research. The Swiss-registered company, WSLabi, boasts that its online portal will allow researchers to sell vulnerabilities they have discovered to software companies and other interested parties through an open market.
What exactly describes a business? Well, you probably need a market, which means the existence of buyers and sellers. It's not very difficult to find reasons that there are sellers, but what is the motivation for buyers? If you read the justifications of these vulnerability (re-)sellers, it's about selling these informations to governments, security researchers, etc.But as we know, that the real big money currently is made by botnets, who could be interested most in buying relatively cheap entries into millions of PCs? If you can rent your bots for a couple of thousand dollars a week, would that price for the vulnerability not immediately vanish?
Or is this a completely wrong approach to he topic? Do those activities improve security? Do they help someone, if not the bad guys?
See also Rogers Blog entry to this topic:http://blogs.technet.com/rhalbheer/archive/2007/07/06/vulnerability-auction.aspx
What do you think of this kind of "business"? Perhaps we as Microsoft have a distorted view to this?Or is it as it is? Do we have to live with those kind of businesses, as they are not illegal (are they)?
As Second Life creators at LindenLab stated on SL homepage: "there are as many opportunities for innovation and profit in Second Life as in the Real World. Unfortunately, for any virtual or real occasion to make money, there is a criminal looking for the method to take advantage of it by all means.
http://www.zone-h.org/content/view/14781/31/
Does this mean that we need a "Third Life" to escape the woes and trials of Second Life? ;-)
In many cases, mass-mailing malware is now inefficient due to better protection mechanism and the noise it generates as it traverses the Internet. Sure, targeted e-mail attacks will continue. But compromised Web pages are now rapidly emerging as the replacement vehicle of choice for mass malware distribution.
http://news.zdnet.com/2100-1009_22-6193899.html