So, how have today's enterprising bot-herders, making millions of dollars from their criminal empires, responded to the single points of failure? Two words: fast flux.
Read here for more info
Wednesday, January 23, 2008
Enterprise security in 2008: Malware trends suggest new twists on old tricks
Years ago, attackers would often have one or two really important machines that were the centerpiece of their criminal money-making schemes. The bad guys, thus, often faced one or more single points of failure in their criminal infrastructures. A phisher's imposter Web site could be taken out. A spammer's mail server could be added to a blacklist. And for bot-herders, an IRC server, historically used by many botnets to distribute commands to all of the bot-infected hosts, could be shut down.
Word of the Day : Spear phishing
Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. As with the e-mail messages used in regular phishing expeditions, spear phishing messages appear to come from a trusted source. Phishing messages usually appear to come from a large and well-known company or Web site with a broad membership base, such as eBay or PayPal. In the case of spear phishing, however, the apparent source of the e-mail is likely to be an individual within the recipient's own company and generally someone in a position of authority.
According to an article in the New York Times, spear phishing attempts are not typically initiated by "random hackers" but are more likely to be conducted by "sophisticated groups out for financial gain, trade secrets or military information."
Here's one version of a spear phishing attack: The perpetrator finds a Web site for a targeted organization that supplies contact information for employees and other relevant data about the company. Using available details to make the message seem authentic, the perpetrator drafts an e-mail appearing to come from an individual who might reasonably request confidential information, such as a network administrator. Typically, a spear phisher requests user names and passwords or asks recipients to click on a link that will result in the user downloading spyware or other malicious programming. The message employs social engineering (fraudulent, non-technical) tactics to convince the recipient. If a single employee falls for the spear phisher's ploy, the attacker can masquerade as that individual and gain access to sensitive data.
Most people have learned to be suspicious of unexpected requests for confidential information and will not divulge personal data in response to e-mail messages or click on links in messages unless they are positive about the source. The relative success of spear phishing relies upon the details used: The apparent source is a known and trusted individual, information within the messsage supports its validity, and the request seems to have a logical basis.
At West Point in 2004, teacher and National Security Agency expert Aaron Ferguson sent out a message to 500 cadets asking them to click a link to verify grades. Ferguson's message appeared to come from a Colonel Robert Melville of West Point. Over 80% of recipients clicked the link in the message. In response, they received a notification that they'd been duped and warning that their behavior could have resulted in downloads of spyware, Trojan horses, and/or other malware.
IBM's Global Security Index research found that, in 2005, intercepted spear-phishing attempts rose from 56 intercepted attempts in January to over 600,000 in June.
Friday, January 11, 2008
Word of the Day: Data Analytics
Data analytics (DA) is the science of examining raw data with the purpose of drawing conclusions about that information. Data analytics is used in many industries to allow companies and organization to make better business decisions and in the sciences to verify or disprove existing models or theories. Data analytics is distinguished from data mining by the scope, purpose and focus of the analysis. Data miners sort through huge data sets using sophisticated software to identify undiscovered patterns and establish hidden relationships. Data analytics focuses on inference, the process of deriving a conclusion based solely on what is already known by the researcher.
The science is generally divided into exploratory data analysis (EDA), where new features in the data are discovered, and confirmatory data analysis (CDA), where existing hypotheses are proven true or false. Qualitative data analysis (QDA) is used in the social sciences to draw conclusions from non-numerical data like words, photographs or video. In information technology, the term has a special meaning in the context of IT audits, when the controls for an organization's information systems, operations and processes are examined. Data analysis is used to determine whether the systems in place effectively protect data, operate efficiently and succeed in accomplishing an organization's overall goals.
The term "analytics" has been used by many business intelligence (BI) software vendors as a buzzword to describe quite different functions. Data analytics is used to describe everything from online analytical processing (OLAP) to CRM analytics in call centers. Banks and credit cards companies, for instance, analyze withdrawal and spending patterns to prevent fraud or identity theft. Ecommerce companies examine Web site traffic or navigation patterns to determine which customers are more or less likely to buy a product or service based upon prior purchases or viewing trends.
Tuesday, January 8, 2008
Word of the Day: Keyhole Markup Language (KML)
Keyhole Markup Language (KML) is an XML-based markup language designed to annotate and overlay visualizations on various two-dimensional, Web-based online maps or three-dimensional Earth browsers (such as Google Earth). In fact, KML was initially developed for use with Google Earth; because that project was originally named Keyhole, as was the company that undertook this work, the related markup language followed suit. When Google acquired Keyhole in 2004, that project came with it and eventually became Google Earth. The "keyhole" moniker is a reference to the original KH military reconnaissance satellites first launched in the mid-1970s that took the very first "eye-in-the-sky" photographs so commonly viewed within Google Earth and other geobrowsers.
Monday, January 7, 2008
Word of the Day: Energy Star
Energy Star is a government-backed labeling program that helps people and organizations save money and reduce greenhouse gas emissions by identifying factories, office equipment, home appliances and electronics that have superior energy efficiency. In recent years, Energy Star ratings have been extended to some new homes, commercial and industrial facilities. Energy Star originated in 1992 as a joint program of the U.S. Environmental Protection Agency (EPAM) and the U.S. Department of Energy (DoE). In 2007, the European Union adapted Energy Star, including related standards, for all of its members. Australia and New Zealand has already adopted the program. As a result, the Energy Star symbol has become the international symbol for energy efficiency.
Any building or product that has received an Energy Star rating carries a blue logo, pictured above. Energy Star is a voluntary labeling system, though most manufacturers find it commercially desirable to display the logo if their products qualify. The standards themselves, however, are set by governmental agencies. Energy Star labels, for instance, are only awarded to homes that have been independently verified to be at least 15% more efficient than the standard mandated by the relevant state or local energy codes in a given area.
Computers were one of the first devices to be rated by Energy Star. In general, computer energy consumption can be reduced in two ways: by using components that require less power or by using power management software to modulate the energy consumption of these components. Energy Star ratings are available for desktop computers, laptops, workstations and gaming consoles. PDAs, smartphones, blade servers, thin clients and large servers are not, as of the end of 2007, rated by Energy Star. For any PC shipped through enterprise channels to receive an Energy Star rating, however, it must specifically:
- ship with an automatic sleep mode set to activate in 15 minutes
- automatically disable Wake on LAN (WOL) enabled from sleep mode while on AC power
- maintain network connectivity while in sleep mode
- depending on its classification, require between 65 and 95 watts of power
In 2007, a new specification for desktop computers was introduced. Version 4.0 mandates higher standards than the previous iteration, requiring 80% or greater power supply efficiency to gain an Energy Star approved stamp. This 80% efficiency standard is the subject of advocacy efforts by 80 PLUS, an electric utility-funded incentive program that encourages the integration of energy-efficient power supplies into desktop computers and servers. According to their Web site, "the 80 PLUS performance specification requires power supplies in computers and servers to be 80% or greater energy efficient at 20%, 50% and 100% of rated load with a true power factor of 0.9 or greater. This makes an 80 PLUS certified power supply substantially more efficient than typical power supplies."
Energy Star provides online assessment tools that allow businesses and consumers to rate the efficiency of homes and industrial facilities. Energy Star ratings have become an important component of buying decisions for both consumers and businesses. More efficient buildings, appliances and hardware mean significant savings over time on heating or power costs.
The EPA estimates that if every U.S. household and business replaced old computers with new Energy Star-qualified models, more than $1.8 billion in energy costs would be saved over the next five years, avoiding greenhouse gas emissions equivalent to more than those produced by 2.7 million cars. Similarly, Energy Star-qualified florescent bulbs consume up to 75% less energy than standard incandescent bulbs to provide the same amount of light, and last up to 10 times longer.
Word of the Day: refurbish
Refurbish, in everyday language, is "to renew or to restore to a new condition and/or appearance". In the computer world, refurbished equipment is not necessarily defective in any way; it may just be "old" (a relative term in the world of computers). When hardware is refurbished, the components are examined and non-working parts are replaced.
Companies that lease computers may use refurbishing as a means of dealing with units that are returning from long-term leases; after the computers are refurbished, they may be sold at a reduced price or donated to charity - either of which is good for business. Corporations may buy refurbished computers and hardware for a number of reasons. Refurbished hardware costs less than new hardware, which makes it possible for small businesses to make the move to computerized operations for the first time or for businesses with limited means to buy higher quality computers for less money. Another reason for a corporation to buy refurbished equipment is to maintain corporate standards by ensuring that all employees have the same equipment, even when the model being used is not being sold any longer.
There are additional reasons for choosing refurbished hardware if a company is already computerized. For example, there may be a corporate plan to use desktop computers for three years before upgrading to newer ones. In the latter part of the three-year period, equipment purchases may be needed for new staff or to replace a component that no longer works. Since the corporation intends to replace all desktop computers in the near future, the purchasing department may not want to pay full price for any new equipment at the end of this three-year period. Refurbished computers provide a cost-effective alternative.
Wednesday, January 2, 2008
Word of the Day: 404
404 is a frequently-seen status code that tells a Web user that a requested page is "Not found." 404 and other status codes are part of the Web's Hypertext Transfer Protocol (HTTP), written in 1992 by the Web's inventor, Tim Berners-Lee. He took many of the status codes from the earlier Internet protocol for transferring files, the File Transfer Protocol (FTP.)
Also see Internet errors.
What to Do If You Get a 404
If the site no longer exists, there's nothing you can do. However, it only takes one mistyped character to result in a 404. See whether the ".htm" should be an ".html" or vice versa. If you're linking from a Web site, you can do a "View source" to make sure it wasn't miscoded. Whether or not it is, you may want to send a note to the Webmaster so that the link can be fixed for the next users.
How to Handle 404s If You Have a Web Site
Here are some things you can do:
- Use a Web site analysis tool such as Web Trends or Weblog to identify links that result in 404s, then fix the links.
- If you change the Uniform Resource Locator (URL) for a page on your site, retain the old URL as a redirect file, putting a message on it and inserting a META element with a REFRESH to change to the new URL in a specified number of seconds.
Subscribe to:
Posts (Atom)