17. April 2010 · Comments Off on Apache infrastructure breach analysis is a model of forthrightness and a learning experience · Categories: Breaches · Tags:

Last week, the Apache infrastructure team disclosed a breach to their issue tracking software where an XSS exploit led to root access which led to compromised passwords. What makes it interesting is the level of detail they provided about the breach, which security policies worked, which did not work, and what they are changing to reduce the risk of another such breach. No attempt at security by obscurity here. McAfee Labs did a nice blog post on it.

Do you think the use of Apache is going to go up or down? IMHO, the breach will have no effect or might actually increase Apache usage. The reality is that all organizations have breaches regularly. Sharing detailed information like this helps us improve our security.

BTW, if your organization is not experiencing breaches, it's due to lack of visibility.

15. April 2010 · Comments Off on Conventional password policy recommendations questioned · Categories: Security Policy · Tags:

Microsoft researcher Cormac Herley recently published a paper casting doubt on the economic value of following conventional password policy recommendations. Whether you agree with Herely or not, his economic analysis is well worth reading.

Security Watch has a nice summary.

11. April 2010 · Comments Off on More PDF exploits – time to stop downloading PDFs · Categories: Malware · Tags:

It seems like there is a constant flow of PDF vulnerabilities. Two new ones are highlighted here.

It's time to stop using PC-based PDF readers.I've switched to a browser plug-in called gPDF which works with IE, Firefox, and Chrome.It opens the PDF file in Google Docs. Google Docs gives you the ability to print it without downloading it. The one issue I have is, there is no apparent way to save the document in Google Docs for future reference. So for that, I save the link in Delicious.

I'm done with downloading PDF's for now – just not worth the risk.

11. April 2010 · Comments Off on Spotlighting the Botnet business model · Categories: Malware, Network Security · Tags:

TrendLabs has a nice article on the botnet business model. It features an illustration showing the relationships between different botnets including CUTWAIL, BREDO, KOOBFACE, ZEUS, WALEDEC, and others.

The level of cooperation and coordination is stunning. If you are not monitoring for and blocking botnet activity in your organization, you are exposing your organization to serious risks. If you are seeing no botnet activity in your organization, you are not using the right tools.