Dear Bloggers,

I don’t know about you but I could deal with a lot less spam email trying to sell me cheap Viagra and fake Rolexes….and coincidentally, that is just what may have happened!

Grum, the top botnet of spam email, is estimated to have delivered 35% of the world’s spam email. Using servers located in the Netherlands, Russia, and Panama, Grum rose through the ranks overtaking Lethic for the top spot.

Recently a senior staff scientist at FireEye identified the IP addresses on the 4 command-and-control (C&C) servers making up the botnet. Two of those four servers were responsible for pushing configuration changes to infected computers while the other two server were responsible for identifying which spam messages to send out.

Two of the four servers located in the Netherlands were taken off line leaving Grum crippled but not dead.  It would have been capable to resurrect the botnet but security officials were quick to react and successfully took down the last of the servers located in Russia and Panama.

The permanent takedown of the top spam botnet sends a strong message to other botnets.

With Grum dead, zombies infected with malware are relatively harmless as they are unable to communicate with the servers .

With less spam, I can now focus my attention on valid email offers, like shoes!!

Until next time……

References

Rashid, F. (2012, July 18). Dutch police disable Grum botnet to slow spam spread. Retrieved from http://www.scmagazine.com/dutch-police-disable-grum-botnet-to-slow-spam-spread/article/250656/

Rashid, F. (2012, July 19). Grum botnet dead after remaining servers are shut off. Retrieved from http://www.scmagazine.com/dutch-police-disable-grum-botnet-to-slow-spam-spread/article/250656/

Dear Bloggers,

To add to the ever growing list of companies who have been hacked, Yahoo has now confirmed a database breach consisting of 400,00 usernames and passwords from their Contributor Network site.

To add insult to injury, the credentials stolen were stored on Yahoo's site unencrypted and have now been made public for all the world to see.

I'm a little surprised to note that the most common passwords were '123456' and 'welcome'. Actually, I'm passed surprised, I'm appalled! In this day and age when SO much personal and financial information is stored online, how can a person not perform a due diligence and create a strong password for their information. Would this at least give their data a fighting chance to staying out of the public eye??

The breach occured through a SQL injection attack and obtained the data in clear text. This should not be a foreign concept to hear as this was a common threat seen in the Verizon Data Breach Investigations report.

Yahoo has reported that the security vulnerability has been fixed and has increased their security measures and controls to prevent this type of attack in the future.

This seems to be a weekly cycle of information found on the scmagazine.com website...company reports a breach, vulnerability has been patched......company reports a breach, vulnerability has been patched....... it's a scary merry-go-'round that is happening all too often.

Oh look! Billabong has just reported a breach!!! <Sigh>

Until next time.....

References

Kaplan, D. (July, 2012). Yahoo confirms breach, passwords appear not encrypted. Retrieved from http://www.scmagazine.com/yahoo-confirms-breach-passwords-appear-not-encrypted/article/250002/

Kaplan, D. (July, 2012). Yahoo closes security hole that led to password breach. Retrieved from http://www.scmagazine.com/yahoo-closes-security-hole-that-led-to-password-breach/article/250426/

Dear Bloggers,

No matter how many employees hold a security certification, no environment is perfectly secure. There will always be an employee who opens an infected email or clicks on an attachment for a nasty infection to occur. You will not be able defend your environment from human error. It is the “Achilles’ heel of most security operations” (Kaplan, 2012).

CISSP stands for Certified Information Systems Security Professional. In the world of Information Security, this is THE certification to have. Fresh out of college candidates for employment do not have the security skills sought by most companies. The process of obtaining the CISSP certification impresses on employers that the skills they are looking for can be found in a candidate that has obtained this accomplishment. Obtaining (and keeping) this certification is a selling feature. The certification is obtained by individuals who have achieved five years of full-time security work experience and have trained for and passed the test. Those certified CISSP individuals must also keep up with changes in security as the certification requires 120 continuing professional education (CPE) credits every three years. Don't take the endeavor of studying for this test lightly though, just last December 3,700 certification exams were taken and only half of those test takers passed.

If you can get the certification you are in luck! The demand for security professionals far outweighs the supply. More demand + few supplies = More money to be had.

The professional environment has recently evolved though. It had gotten to the point where there were multiple certification bodies and each with their own certification which has the effect of bringing down the value of the CISSP since organizations didn’t know which certification was the better one to look for.

On a positive note, this washing out of security certifications did not go unnoticed. Organizational bodies such as the Cyber Security Credentials Collaborative (C3) and the National Initiative for Cyber Security Education are working together to create a common classification allowing security roles to be matched with security competencies enabling hiring agencies to better perform their job. This type of classification will better the security environment providing for the advancement of careers while meeting the needs of the organizations. That’s very good news indeed!

Until next time…..

Reference

Kaplan, D. (May, 2012). Seal of approval: Security certifications. Retrieved from http://www.scmagazine.com/seal-of-approval-security-certifications/article/236301/

Dear Bloggers,

To coincide with our reading from week 4, I've found an article giving us better insight into insider threats.

In opposition to external threats which are often reported, there is, more often than not, a lack of reporting regarding insider threats for two reasons: organizations either didn't know about the threat or didn't want to report the threat. While companies seem to be all geared up to fight the good fight against external threats, they simply are not "prepared or equipped" (Cortiss, 2012) to battle the threats from inside the organization.

Our author details in the article that while malicious threats from organization are low, incidents regarding "erroneous or accidental breaches" (Cortiss, 2012) are happening at a rate that in a cause for concern. Examples of these include choosing 'reply to all' instead of just a simple 'reply' and sending email not only to the person you intended to send the email to but also to the entire global address book.........oopsie!

Threats from inside the organization are coming more popularly in the forms of third party contractors, blending personal and work information on the same portable device, and in conjunction with that, a "phenomenon" (Cortiss, 2012) our author describes as BYOD or Bring Your Own Device.

It's up to the organization to be proactive and implement security training and make sure their employees know what they can do regarding "appropriate custodial care of data" (Cotriss, 2012) to be a safer organization.

Until next time......


Reference
Cotriss, D. (2012, July).Danger within: Insider threat. Retrieved from http://www.scmagazine.com/danger-within-insider-threat/article/245432/