| Although they are often well-hidden, botnets represent a significant online threat. Most users are unaware that their computers are being compromised to forward transmissions of sensitive data. This article defines a botnet and explores some of the purposes for setting up a botnet. It then takes a look at some botnet detection techniques and anti-botnet solutions. What is a Botnet?
A botnet (from “robot network”) refers to a group of computers that run an application that is controlled and manipulated by the source or owner only. While the term “botnet” generally refers to computers, or software agents, running malicious software (malware; robot [...] The recently unveiled flaw in SSH reiterates the idea that, no matter how good the technology, it will eventually fail from a whole host of threats. In this case, the implementation flaw occurred in a software product that had been previously “proven secure”. Real world implementations are more complex than security models, and other mitigations must be in place when a design does finally [...] Last week, Adobe confirmed the vulnerability of most of it’s Acrobat product line, including Reader, Standard and Professional on all operating systems and every nearly every released version from 3-9. The ubiquitous nature of the PDF format, deployed footprint of Acrobat and the nature of the exploit create a catastrophic set of circumstances. Looking carefully may reveal related hidden problems lurking in your infrastructure. These problems are not unique to this specific software, and the lessons learned should carry over to handling of private and mission-critical [...] Credit card payment processor Heartland Payment Systems announced this week that hundreds of millions of credit card transactions were stolen last year. This latest hack far eclipsed the 45 Million TJX Companies records lost from 2004-2007. The stolen data includes names, credit/debit card numbers and expiration [...] Hewlett Packard confirmed Wednesday Securina’s disclosure that vulnerabilities exist within every version of HP OpenView Network Node Manager prior to 7.51. With the wide deployment of OpenView and controlled assets typically at critical infrastructure points, this constitutes a high profile risk for most corporations. If you need a way into the heart of a corporations back office, finding one of these services would definitely [...] Max Butler wasn’t happy simply stealing private data such as credit card and social security numbers, running up credit cards and selling the merchandise on eBay. He wanted the trading markets where this information was bought and [...] It took over a decade, but two German researchers found an application for a flaw in the MD5 hash widely used throughout the Internet for [...] As the differentiators between new products trend to zero, two topics (counterfeiting/open source hardware) point to the real value hidden within businesses. Coaxing this gem into use will ultimately determine which companies thrive and which will wither into [...] Not sure if anyone will be out there, but please check out the Hackers on Planet Earth conference site. My talk is Saturday at 2:00PM in the Engressia room. Hopefully I’ll have a link to a paper on the topic by then. The presentation synopsis follows: Pseudonymization Methodologies: Personal Liberty vs. the Greater Good
Think of four facts that can separate you from the rest of the general populous: name, address, date of birth, or Social Security Number perhaps. They are all likely what’s currently referred to as Personally Identifiable Information (PII). In the data privacy realm, PII disclosure is the [...] Have you ever visited archive.org or used their Way Back machine? It’s a catalog of the Internet, and in my opinion one of the most ambitious projects undertaken. The privacy and persistence of the Internet, as evidenced by the Way Back Machine will have long term effects on the way legislation and the judicial system treat [...] | |
