Wednesday, April 08, 2009

Mixed links

Via certifiedbug.com: Spybot Search & Destroy competitors are trying to force its removal – what this article doesn’t talk about is that Spybot S&D is basically a hobbyist tool with very low efficiency. It made a name for itself back in the days, when the malware problem was much smaller, but these days all respectable Anti-Malware solutions include an anti-spyware module (including the free-for-personal use ones like AVG), so you don’t need a separate program for it. A further proof of Spybot’s “hobbyist” status is the sub-optimal method it uses to block domains (essentially putting them in the “restricted zone” for IE – which can cause performance problems for IE8 and is mostly ineffective if you are using other browsers).

On the Errata Security blog we have more details about the recent Core IP FBI raid. It is sad (frightening?) that because of one suspected customer they felt that they have to take all those servers. I guess that “international” infrastructure, like EC2, with datacenters in different jurisdictions. Probably criminals will also catch one and make the work of law enforcement harder...

Via the hexale blog: The Java Virtual Machine As Shellcode – ok, a nice technological demo, but why not just build on top of metasploit? A 4.5MB agent? Really?

From the F-Secure blog: Understanding the Spreading Patterns of Mobile Phone Viruses [PDF]. Mostly pretty pictures and a fairly obvious conclusion: Bluetooth malware spread slower than MMS malware.

From the Google Tech Talks (there are some very cool gems there!): The Value of Informed Choice in Protecting Consumers, a Product, and a Company – an inspiring presentation. We need more business leaders like this. Favorite quote: "When you put it in the hand of marketing people, you are in deep trouble."

It seems that the Google App Engine will start supporting Java soon.

An other AV false positive issue: AntiVir, Tor Browser Bundle, and trojan Dropper.Gen false positive. Fortunately Avira has a functional interface for reporting false positives, and, according to the reply, it will resolved with the next signature update.

I too saw yesterday the post from SANS about PHP interpreting .php.bak files for example. The Computer Defense blog raises some issues: it seems that this is not true in all the cases, although it is true in many of them. Here are some relevant links / quotes from the Apache documentation:

  • AddType Directive: “Filenames may have multiple extensions and the extension argument will be compared against each of them.”
  • Files with Multiple Extensions: “If you would prefer only the last dot-separated part of the filename to be mapped to a particular piece of meta-data, then do not use the Add* directives. For example, if you wish to have the file foo.html.cgi processed as a CGI script, but not the file bar.cgi.html, then instead of using AddHandler cgi-script .cgi, use...” (see the documentation for the example)

Via the terminal23.net blog:

According to the Department's [the quote is about the USA DoD] own analysis, nearly 70% of the network traffic leaving the Department through a single one of its Internet gateways during the month of January 2008 was bound for known hostile countries and the Department lacked the capability to even determine what the traffic was.

It seems that as companies / organizations grow, they loose their ability to secure data exponentially.

No comments:

Post a Comment