We’re Not in the Business of Understanding our User

A few years ago I wrote about sometimes your product is useful to people in ways you didn’t know—and that you’d be smart to recognise that and capitalize on itn (What Your Product Does You Might Not Know About, 2007). One of the examples I cited was ZoneAlarm, a very popular firewall that was bought …

Continue reading ‘We’re Not in the Business of Understanding our User’ »

Phishy Facebook Emails

Facebook phishes are getting better. Compare this one: and this: Notice how the key bit, supposedly defining that it’s a legit email, is successfully and convincingly faked: The only difference that stands out is the domain: facebookembody.com. Although Google classified it as spam they didn’t warn that it would go to a website that contains …

Continue reading ‘Phishy Facebook Emails’ »

DigiNotar Breach Notes

Some folk have asked me for more details about the DigiNotar breach after my brief appearance on Al Jazeera this morning. So here are the notes I prepared for the segment. Links at the bottom. Background web security certificates are digital IDs issued by companies entrusted with making sure they are given to the right …

Continue reading ‘DigiNotar Breach Notes’ »

Real Phone Hacking

Interesting glimpse into the real world of phone hacking–not the amateurish stuff we’ve been absored by in the UK–by Sharmine Narwani: In Lebanon, The Plot Thickens « Mideast Shuffle. First off, there’s the indictment just released by the Special Tribunal for Lebanon which, in the words of Narwani, appears to be built on a simple premise: …

Continue reading ‘Real Phone Hacking’ »

Southeast Asia’s Viral Infection

Southeast Asia is fast developing a reputation as the most dangerous place on the Internet. It’s not a reputation the region can afford to have. By one count Thailand has risen to be the country with the most number of malware infections, by one account, and by another to be the second, all in the …

Continue reading ‘Southeast Asia’s Viral Infection’ »

The Battery DDOS: Tip of An Iceberg

An interesting story brewing about the FBI investigating a DDOS (Distributed Denial of Service) attack on websites selling batteries. But the reporting does not go far enough: In fact, a little research reveals this is part of a much bigger assault on a range of industries. As a starting point, look at Elinor Mills of …

Continue reading ‘The Battery DDOS: Tip of An Iceberg’ »

Did Prolexic Fend Off Anonymous’s Sony Attacks?

Prolexic, a company that defends clients against Distributed Denial of Service (DDoS) attacks, says it has successfully combatted the “Largest Packet-Per-Second DDoS Attack Ever Documented in Asia”: “Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) mitigation services, today announced it successfully mitigated another major DDoS attack of unprecedented size in terms of packet-per-second …

Continue reading ‘Did Prolexic Fend Off Anonymous’s Sony Attacks?’ »

Libya’s Stuxnet?

A group of security professionals who have good credentials and strong links to the U.S. government have outlined a Stuxnet-type attack on Libyan infrastructure, according to a document released this week. But is the group outlining risks to regional stability, or is it advocating a cyber attack on Muammar Gadhafi? The document, Project Cyber Dawn …

Continue reading ‘Libya’s Stuxnet?’ »

The Gmail Phish: Why Publicize, and Why Now?

This Google Gmail phishing case has gotten quite a bit of attention, so I thought I’d throw in my two cents’ worth. (These are notes I collated for a segment I did for Al Jazeera earlier today. I didn’t do a particularly good job of getting these points across, and some of the stuff came …

Continue reading ‘The Gmail Phish: Why Publicize, and Why Now?’ »