August 30, 2006 | Comments: (0)
And people wonder why I'm so pessimistic...
I trust in the kindness of strangers and, of course, the maliciousness of other individuals that I don't know.
Okay, so I'm not that pessimistic, but I am a realist. That's why it bums me out when I hear that that when potential disaster strikes people are out there willing to make a buck off of it, even it means defrauding a few people. A prime example is the recent rampant purchasing of anything pertaining to the domain name Ernesto, which, for those of you who have been hiding under a rock, is the name of the latest hurricane (now tropical storm) brewing off the coast of Florida.
Most of these purchases lead to domain parking or cybersquatting, where the purchaser bets that someone will pay him or her big money to get the domain name for legitimate purposes. Others use the sites for outright fraud, while a few use the sites for legitimate purposes.
Dealing with the aftermath of defrauded individuals is an unfortunate part of being in the computer security arena. This kind of domain abuse is just another manifestation of people making a buck at someone else's expense. Unfortunately, and at least for right now, we all have to live with the outcome.
Update: I've seen a few emails moving around today regarding the original story by Robert McMillan that I reference in this post. The issue being that several of the individuals who purchased many of the domains regarding the now tropical storm Ernesto state that their intent is to publish news about the storm, and if they benefit from the selling of Ernesto domains then they plan to use those funds for good and the betterment of all involved.
You can take a look at the original reference for this story on the SANS site by Johannes Ullrich which has been updated to reflect some of this information.
Now, selling goods for an inflated price during a disaster is considered 'gouging', and in many cases is against the law. That's all I'll say on that matter.
I will attest that many of these domain purchasers may not be scamming or defrauding anyone or doing anything considered illegal. But, that being said, I don't believe that potentially capitalizing on the misery of others is a good way to make money.
Posted by Victor R. Garza on August 30, 2006 03:15 AM
August 29, 2006 | Comments: (0)
It's all about the response time
As I make my way back to Silicon Valley late this evening from the Naval Postgraduate School in Monterey, I'm thinking about response times.
Okay, maybe I'm hopped up on a little too many chicken McNuggets and that extra large Diet Coke, but it seems to me that those semi's I keep passing have it out for me. As I pass the garlic capitol of the world I make sure that I'm not overdriving my headlights, which has caused so many problems for other drivers. But I do wonder if I would be ready in time if a discarded muffler appeared from underneath the car in front of me, or if a length of chain (which seems all too common for this stretch of highway) were to make it's way under my tires.
Maybe it's the driving beat courtesy of Paul Oakenfold coming from my MP3 player, but my nerves seem tense and my responses sharp, even for this late hour. I'm thinking about response time and wonder if we can be ready for events that catch us off guard.
One year after Hurricane Katrina I'm thinking about large, or small, catastrophic events that catch us off balance. Whether that event has to do with a power supply on a distribution switch, or water flooding into a data center from a torrential downpour - are we ready? While we can't ever be ready for everything, we can at least mitigate the risk.
What task are you putting off that would exacerbate an already bad situation if it were to happen? Are you putting off or can't find the time for router and switch configuration backups? Sweeping patch management under the rug? Anti-Virus definitions a little too out of date? Having wiring or fluctuating power issues? Are you going around with easily guessable passwords? Or worse yet, a single common password for multiple critical network devices?
What are you putting off right now?
Why don't you take ten minutes today and at least start to deal with the problem or issue that you've been avoiding. If something were to go south, dealing with that issue now could be the difference between only a bad, but manageable, problem versus a catastrophe.
Taking are of that neglected problem now will enhance your response time should something bad happen in the next few hours. Like I said before, it's all about response time.
Or maybe it's just the barbecue dipping sauce talking.
Posted by Victor R. Garza on August 29, 2006 12:02 AM
August 28, 2006 | Comments: (0)
Ah yes, the old SMS phishing attack. Wait, did I say old? It's really only been around for a few years and I had been under the impression that the big wireless carriers had whack a moled this Spam vector into oblivion, but it looks like they weren't too savvy with that old padded mallet.
Lucky mobile phone users have been receiving SMS messages with text like: "We're confirming you've signed up for our dating service. You will be charged $2/day unless you cancel your order: www.smishinglink.com."
McAfee Avert Labs is dubbing this type of cell phone message "SMiShing” (phishing via SMS). McAfee is also saying that SMiShing is yet another indicator that cell phones and mobile devices are becoming increasingly used by malicious individuals to perpetrate malware, viruses and scams.
Check out McAfee's blog for more on this issue.
Posted by Victor R. Garza on August 28, 2006 06:11 PM
August 15, 2006 | Comments: (0)
Is comedy a better delivery system for security education?
Last month's security gaff by AOL is now being made fun of by Comedy Central's Stephen Colbert. I guess that any kind of computer security education for users is better than none, especially humor, which seems to stick better than some dryer forms of security presentation.
At least that's what I hear from all those people taking Comedy Traffic School.
Posted by Victor R. Garza on August 15, 2006 09:59 PM
August 02, 2006 | Comments: (0)
Black Hat Briefings begins with 10 years under its belt
I made it through the NSA IEM certification and have fully immersed myself in the goings on here at Black Hat.
There have been several interesting presentations today including Ofir Arkin's 'Bypassing Network Control Systems' and Kevin Mandia's 'The State of Incidence Response'.
If you'd like to take a look at the NAC presentation, download it here. You can pretty much follow along with the slides without any commentary as they're very verbose.
While I don't have Mandia's presentation I did hear that the presentation I missed, 'Hacking VoIP Exposed' by David Endler and Mark Collier was an interesting one. Their site is the companion to the book that's due out in December. Check out the tools section, it looks pretty interesting.
Posted by Victor R. Garza on August 2, 2006 04:14 PM
| ZERO DAY PODCAST |
| Listen to the latest podcast: |
MP3
•
•
•
Archive
•
![[VoiceIndigo Mobilize - Listen to podcasts on your mobile phone]](http://www.voiceindigo.com/ht/images/mobilize_logo_sm.gif){kind=logo}
|
TOP STORIES
Agile mgmnt for small teamsWhy developers avoid Vista
CBS to buy CNET Networks
Icahn's letter to Roy Bostock
Yahoo opens up Search Monkey
AT&T limits iPhone purchases
Silverlight gets put on Linux
IBM boosts BlackBerry access
Intel to develop PC with Alibaba
Cybercriminals can rent a botnet
ADDITIONAL RESOURCES
- Virtualization: A Step by Step Approach to Success
- Dialing up Agility with Business Transformation
- 5 Things You Need to Know About Storage Virtualization
- Is your smaller organization ready for High Availability?
- Is system maintenance doing more harm than good?
- Virtual Test Lab Automation: Manage development infrastructure
