Optimal Security : the Lumension Blog

The current Twitter cross-site-scripting vulnerability (Twitter XSS vulnerability) should not be a surprise to anyone given how new the Twitter platform is.  For millions of its users including myself, we have all seen our fair share of bugs and issues such as Twitter downtime for maintenance, lost profile pictures, misdelivered direct messages and publicly revealed [...]

Not so long ago, if you wanted to quickly take control of a user’s PC, you scanned the Internet looking for open ports for a vulnerable victim and hacked them with an OS vulnerability. In the age of Web 2.0, OS vulnerabilities have been replaced with browser vulnerabilities as the “keys to the kingdom,” and [...]

An updated virus (MyDoom)- not a botnet is responsible for the DDoS attacks against US and South Korean websites this past weekend. The virus discovered back in 2004 has been updated to now include a list of websites that have become targets of a DDoS attack as the virus spreads.
The list of Web sites can [...]

My take:

New Internet-based technologies bring new opportunities for the bad guys.
The growth of the applications we use has gone from dozens to nearly 1,000.
The losses are huge, and while the top-line number is disputable, no one can argue that cybercrime losses have reached previously unforeseen levels.
Regardless of whose survey you read, the majority of respondents [...]

Miscellaneous interesting news / tidbits I’ve run across whilst trying to keep up with/clean out my RSS feed …
Cyberczar. Lots of discussion about the “Cyber Czar” appointment in the US (apparently the EU is contemplating something similar) … who is it going to be? [some are suggesting Scott Charney, head of Microsoft's cybersecurity division] what [...]

According to a recent advertisement posted to the user comment areas of multiple blog sites across the Internet, the cost to rent a botnet to launch a Distributed Denial of Service attacks (DDos) has fallen dramatically. One has to wonder if it is the current state of the economy or simply the expansion of the [...]

Back in 2008, it was reported that a website was compromised once every five seconds to contain web-borne malware. Today, the rate is still increasing, as another website is reportedly now being compromised every 4.5 seconds.
The end game remains the same – downloading and installing malware.  The compromised PC most often becomes a soldier in a [...]

Wasn’t it Jerry Rubin, founding member of the Yippie movement and famous member of the Chicago 7, who once told us “don’t trust anybody over 30”? [ed: well, no; actually, it was Jack Weinberg.] Of course, this famous counter-culture saying from the 60’s was later changed to “don’t trust anyone under 30” (subject of this [...]

With Conficker still fresh on our minds, a new potential menace has emerged.  The remote access capability of a Trojan that spreads like a Virus - W32.Virut.CF (Symantec) or W32/Scribble-A (Sophos) is poised to wreak havoc on networks over the coming days.  Embedding itself deep within infected machines, the Trojan will make it difficult to [...]

While IT pros were attending RSA Security Conference in San Francisco last week, several urgent patches and upgrades were released to address serious security vulnerabilities in several widely used software. Further, the discovery of a botnet tied explicitly to Mac PCs is a not so subtle reminder that security vulnerabilities are not simply a Microsoft issue.
Apple “iBotnet” – over [...]