To paraphrase a quote attributed to the great American novelist F. Scott Fitzgerald: ‘Rich countries aren’t like you and me. They have less malware.’ That’s the conclusion of a special Security Intelligence Report released by Microsoft on Wednesday, which found that the rate of malware infections was relatively lower in countries that were wealthy than those with lower gross income per capita. The study, “Linking Cybersecurity Policy and Performance” investigated the links between rates of computer infections and a range of national characteristics including the relative wealth of a nation, observance of the rule of law and the rate of software piracy. The conclusion: wealthier nations, especially in Europe, do a better job preventing malware infections than poorer and developing nations. The report marks an effort by Microsoft to dig into some of the underlying causes of cyber insecurity globally. Using data gathered from its Malicious Software Removal Tool (MSRT) […]
Tag: software
Researchers: Hole In TLS Encryption Could Expose Secure Web Sessions
Researchers at the University of London are going public with a paper that claims to have found a flaw in the specification for Transport Layer Security (TLS) that could leave supposedly secure Web, IM, VoIP and other online sessions exposed to prying eyes. The researchers, Nadhem Al Fardan and Kenny Patterson of the Information Security Group at Royal Holloway, University of London said that the security hole stem from a flaw in the TLS specification, rather than a bug in how TLS is implemented. The two researchers have developed proof of concept attacks that take advantage of the flaw, and that could be used to recover a complete block of TLS-encrypted plaintext, the researchers said. Al Fardan is a Ph.D student in the Information Security Group. Patterson is a professor of Information Security there. The two have discovered other, serious holes in TLS before. Notably: the two discovered a critical […]
Funding Cut, Military’s List of Critical Defense Technologies Languishes
The U.S. Department of Defense is failing to adequately maintain its main reference list of vital defense technologies that should be banned from export, despite rules requiring its use and upkeep, according to a new report from the Government Accountability Office (GAO). The Militarily Critical Technologies List (MCTL) is “outdated and updates have ceased,” the GAO found in a report released this week. The list was intended as the DOD’s main resource for tracking sensitive technology and preventing its export to foreign nations or entities. But the government agencies charged with using the list say it is too broad and out-of-date to be of much use and have long since abandoned it. Now budget cuts to the program that maintains the list are forcing export control officials in the government to use alternative information sources and informal “networks of experts” to tell them what technologies are in need of protection, […]
Are Cyber Criminals Using Plus-Sized Malware To Fool AV?
Obesity is an epidemic in the United States. And it looks as if it may soon be a problem in malware circles, as well. After years watching malware authors pack their poison into smaller and smaller packages, one forum frequented by those seeking help with virus infections says that they’re seeing just the opposite: simple malware wrapped within obscenely large executables – in one case, over 200 megabytes. A post on the French-language web site Malekal.com on Thursday described what may be a nascent trend towards ‘plus size’ malware executables. In at least two cases in recent days, the forum has seen evidence of Trojan Dropper programs that deposit very large files – between 16 megabytes and 200 megabytes – on infected systems. In one case, the author discovered an exploit kit that deposited a very large file – around 16 megabytes- on infected systems. In a separate incident, he […]
Update: Student’s Expulsion Exposes Computer Science Culture Gap
Editor’s Note: Updated to include comment from Dawson CS Professor Simonelis. – PFR 1/22/2013 The expulsion of a 20 year-old computer science major at Dawson College in Quebec, Canada has laid bare what one expert says is a culture gap between academic computer science departments and the ‘real world’ of application development. In the wake of news stories that have drawn attention to the case, Dawson’s faculty and administration have stood by their decision, saying that “hacking” of the type Ahmed Al-Khabaz was engaged in was an example of “unprofessional conduct” by a computer sciences engineer. This, even as private sector firms – including the company whose software Al-Khabaz exposed – have come forward with job offers and scholarships. Al-Khabaz was expelled in November by a school administration that looked askance at his security audits of a student portal web site dubbed “Omnivox,” accusing him of launching “SQL injection” attacks […]
