An interesting notion moving through the halls of Congress threatens to change the notions of liability, and introduce more than a few slippery slopes in the world of information security. Stop Online Piracy Act (SOPA) in the house and Protect IP Act (PIPA) in the Senate are the latest government response to the well known [...]
14
Oct
ZeuS goes P2P
Watching the evolution of Malware is a lot like watching Darwinian evolution in fast motion. ZeuS, the pinnacle of malware distro’s, has taken a necessary evolutionary step to increase it’s ability to procreate (to continue the Darwinian reference.) While the initial vectors haven’t changed, there is a new method to continue and upgrade the bot. [...]
07
Oct
So a hacker and a lawyer walk into a bar…
There is no punch-line. The fact is that information security has evolved from protecting against the hacker to protecting against the hacker and then the pack of attorney’s that follow in his wake. I know, it’s not a revelation and certainly not a new development. The price we pay for living in a society of [...]
03
Oct
It’s what you choose to make it
Security theater is a phrase that gets tossed around a lot these days. Whether the topic is the TSA, PCI or receipt checks at the local wholesale club, there’s a general feeling that security has become about check boxes and feeling secure rather than genuinely securing something. The lethargy isn’t limited to just the security [...]
25
Aug
Apache advisory released
It appears that a flaw in the Apache code, first discovered in 2007, has resurfaced with proof of concept code. The vulnerability exploits the way Apache handles multiple overlapping ranges. There is currently an attack tool floating around in the wild that allows a malicious user to significantly affect the servers CPU and memory usage. [...]