 |
Top Security News |
 Security
Of Your Bluetooth Devices
These days, all forms of communication technology face the problem of security
and theft of personal details , and 'bluetooth' is no exception to these concerns,
nor should it be...
Analysis:
Norton Slows Down Windows
ThePCSpy did an analysis of many major Windows programs in order to determine
which one slows down Windows the most...
Zotob
Boys Get to Go Away for Awhile
Sophos reports that Farid Essebar and Achraf Bahloul, who took part in creating
the Zotob worm have been sentenced to jail...
Exploit
Prevention Labs Releases August Exploit...
Findings of the August 2006 Exploit Prevalence survey as reported by Exploit Prevention
Labs were announced today. The company has added "orphaned lure sites"
to the survey this month.
We
Have to Continue Exposing Phishing Attempts
A lot has been written about all known kinds of scams including "Phishing". But criminals keep on throwing their nets and having quite a good take.
Therefore we have to continue exposing the phishing attempts.
IE
7 Team Details RSS Security Precautions
I remember hearing many of the plans that the IE 7 team was working on to make
sure customers remain safe...
Microsoft
Attempts To Keep Vista Security Intact In EU
Another development has occurred in Microsoft's ongoing European legal battle.
Erich Andersen, Vice President and Associate General Counsel for Microsoft Europe,
Middle East and Africa, asked that the company be allowed to release Vista intact;
the European Commission may mandate the removal of some security features.
eBay
Launches Web Smart Guide For Safety
According to a recent survey, a lot of Australians feel the online world is becoming
a safer place to shop - 76 percent, to be exact. A significant portion - 58 percent
- "did not think the industry was doing enough to educate people about security
online," though. eBay is trying to change this perception by launching a
new "online ‘Web Smart' guide."
RSS
Exposes Users to Attack
ZDNet
reports from the Black
Hat conference in Las Vegas that security experts are increasingly concerned
about the potential for malicious attacks perpetrated through web feeds.
RFID
Technology Vulnerable To Malware
RFID tags may become commonplace in the future, but not a lot of people are looking
forward to widespread implementation. There was already concern that these "smart
barcodes" would allow consumers' habits to be more easily tracked, and that the
technology could...
NSA
Eyes Social Networking Sites
It was revealed last month that the National Security Agency has been tracking
the phone calls of millions...
Root
Kit Hunter
I had a strange problem with one of my own RedHat machines the other day. Very
simply, I couldn't su to root, and I couldn't even login at the console as root.
|
|
|
|
09.13.06
Evolution Of The Hacker Threat
 By
Ken Baylor
Internet attacks are increasing in number and complexity. The simplicity of attacks
such as Slammer has given way to more sophisticated attacks.
Those behind Internet attacks have also changed. The cyber-criminal of today is much less likely to be the neighborhood geek recklessly unleashing malware. Instead modern cyber criminals are often motivated by politics or greed.
Since 2003 there has been a rapid increase in spyware and corporate data theft.
Spyware is frequently used in identity theft and may allow access to an individual's
financial accounts. Corporate data theft attempts have focused on stored credit
card information. Since the enactment of California's SB1386, successful thefts
frequently result in public disclosure. This has a double effect; consumers are
warned their information has been stolen and may attempt to limit the damage,
while companies suffer public embarrassment. Companies may receive a drop in stock
valuation following such incidents or go out of business.
Two types of Hacking attacks:
There are many ways to divide the different hacking attacks. For the purposes of this paper we will divide them into (i) Opportunistic and (ii) Targeted
(i) Opportunistic
Opportunistic attacks do not focus on a particular target, rather they are aimed at millions of PCs. In terms of percentage success rates they are not very effective, however in absolute terms, they are very effective. Opportunistic attacks frequently focus on human weaknesses
a) The Nigerian/419 scams focus on greed and typically involve a scenario where the consumer receives an email promising them millions of dollars if they help the scammer transfer money. They usually have the net effect of draining the consumer's bank account and stealing their identity.
b) The ‘romantic scams' often target single girls in foreign countries. These are usually contacted through an online personal ad. After winning their trust the new boyfriend asks them to use their bank accounts to cash cheques and send the proceeds
overseas. A plausible reason is given and this usually happens for a few months. Then the police arrive and inform the girl she has been cashing modified or stolen cheques. The proceeds have disappeared at this point and so has the boyfriend,
c) Jokes and screensavers have historically had great success in forwarding viruses globally.
d) Opportunistic viruses and worms. These target millions of PCs which may are susceptible to direct attack due to suboptimal network deign and host protection. SQL Slammer, Code Red and Nimda fit into this category.
Only amateurs and those in ‘safe' countries (where law enforcement is generally
uncooperative in cyber crime investigations) launch attacks from their own PCs.
With almost 50% of consumer wireless networks in the US unencrypted, Hackers can
easy piggyback onto another's network. In Europe the numbers are lower at approximately
25%. Nonetheless over 50% of those using encryption are using WEP encryption,
which can be broken by experienced hackers in less than two minutes. Until WPA2
with strong passwords becomes commonplace, hackers will often find the easiest
route to the internet is by piggybacking on a home user's wireless network. The
access points they use will have very limited auditing, so if the police ever
show up at the owners door, there will likely be no audit trail to track back
to the hacker.
Continue
Reading the Article
About the Author:
Ken Baylor Ph.D. MBA
CISSP, CISM, OCP, MCDBA, MCSE, SCNA
Director Market Development & Strategic Alliances
McAfee, Inc.
|
