Karim Vaes

One of my favorite news sites is CIO.com. I might not be a CIO, but it often covers very insightful articles about high level concepts.

The article I read today was named “Insecure Software’s Real Cost: Software and Cement” and written by David Rice. It was an excerpt from his book “Geekonomics: The Real Cost of Insecure Software”.
(ISBN-10: 0-321-47789-8 / ISBN-13: 978-0-321-47789-7).

Honesty forces me to say that I’m a sucker for morale tales, and I have to say that it was a while ago since I read a story that made such a nice reference to history in regards to modern technology.

Read the rest of this entry »

What’s up in the experimental google labs? Check out the following experiment where your blend the search results to something more appropriate for your search.

This experiment lets you influence your search experience by adding, moving, and removing search results. When you search for the same keywords again, you’ll continue to see those changes. If you later want to revert your changes, you can undo any modifications you’ve made. Note that this is an experimental feature and may be available for only a few weeks.

So how does it work?
Read the rest of this entry »

Greenpeace has released it’s 6th edition of “Greener electronics Ranking”.

This Guide ranks leading mobile phone, game console, TV and PC manufacturers on their global policies and practice on eliminating harmful chemicals and on taking responsibility for their products once they are discarded by consumers. Companies are ranked on information that is publicly available and clarifications and communications with the companies.

Check it out here.

The rankings

• 7.7 Sony Ericsson
• 7.7 Samsung
• 7.3 Sony
• 7.3 Dell
• 7.3 Lenovo
• 7.0 Toshiba
• 7.0 LG
• 7.0 Fujitsu-Siemens
• 6.7 Nokia
• 6.7 HP
• 6.0 Apple
• 5.7 Acer
• 5.0 Panasonic
• 5.0 Motorola
• 4.7 Sharp
• 2.7 Microsoft
• 2.0 Philips
• 0.0 Nintendo

Check out the full version here.

The SANS Top 2007 is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious government agencies in the UK, US, and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; the Internet Storm Center, and many other user organizations.

For the lazier amongst us, here’s a quick overview of the key points:

• Operating systems have fewer vulnerabilities that can lead to massive Internet worms.
• There has been a significant growth in the number of client-side vulnerabilities, including vulnerabilities in browsers, in office software, in media players and in other desktop applications.
• Users who are allowed by their employers to browse the Internet have become a source of major security risk for their organizations.
• Web application vulnerabilities in open-source as well as custom-built applications account for almost half the total number of vulnerabilities being discovered in the past year.
• The default configurations for many operating systems and services continue to be weak and continue to include default passwords. As a result, many systems have been compromised via dictionary and brute-force password guessing attacks in 2007!
• Attackers are finding more creative ways to obtain sensitive data from organizations. Therefore, it is now critical to check the nature of any data leaving an organization’s boundary.

The operating systems are more secure, yet the focus of malware is upon the clientside. The attackers have become more creative. Thinking about fast flux, the storm botnet, etc… Where the configurations aren’t that creative as the default configurations still provide “easy access” to the -outsiders-. Technology hasn’t been sleeping, your home has become wordly, but keep your security trend likewise. Don’t forgot that usb keys, (stolen) laptops, blackberries, … and so on, also contains sensible corporate data.

Don’t simply blame the vendor (f.e. Microsoft), but also blame yourself for not keeping up the pace!

ENISA released its latest position paper on “botnets”, you can read it here.

The motivation behind setting up a botnet has changed in the last few years; the people behind this threat are no longer teenagers playing games, but experienced criminals involved in online fraud and illegal activities. Why are such people interested in controlling so many computers?

• Distributed Denial of Service attacks (DDoS)
• Online fraud
• Further stealth attacks
• Spam
• Malicious code distribution
• Click Fraud
• New business models

Source: Security4All (BennyK)