December 8, 2011 | San Diego, CA

Secure DNS? Encrypt the last mile

DNSSEC has been making the headlines lately as a possible defense against nasty DNS redirection schemes on the server end. Combined with anti-malware efforts at thwarting DNS changing via malicious registry/host file modification, it’s making a dent. Now OpenDNS is proposing a last mile approach which intends to secure the problematic link between users’ devices and the Internet itself. By releasing a security add-on using encrypted communication to get your requests to and from the DNS server, the effort aims to protect the traffic from intermediary prying eyes and man-in-the-middle DNS redirection attacks, which may spirit you off to potentially malicious sites.

November 30, 2011 | San Diego, CA

Support-Scammer Tricks

Having been blogging this topic for quite a while, I figure this might be a good time to highlight some of the snippets of information that people have posted on some of those blogs (anonymized, of course). You might also be interested in a resource page I've started here at AVIEN.One prospective victim instructed to connect via the Run window to

November 27, 2011 | San Diego, CA

Facebook Christmas Tree Virus: it’s Still a Hoax

On the "old hoaxes never die" tack,it seems that last year's Christmas Tree App "virus" warning is circulating again: at any rate, Facecrooks has found it necessary to put a warning on its Facebook page against spreading it.There is plenty of information available about this little beauty, so I'll just give you a few pointers:Facecrooks cites a write-up at Hoax SlayerSnopes has a write-up hereGeek Squad, which is alleged in the hoax message to have validated the alert, has denied it here (and also thrown in some advice for Facebook users)Graham Cluley included some screen shots and a historical note here,  and I gilded the lily with some more information on the CHRISTMA EXEC worm here.As I haven't seen a recent version of the message myself, here's the one that Graham cited in 2010.WARNING!!!!!!….

November 24, 2011 | San Diego, CA

Holiday shopping? We know where you are

Well, not you exactly you, but malls are rolling out technology that tracks customers’ patterns throughout the mall using cell signals. They say they aren’t collecting personal information, but say they want to be able to track customer traffic patterns, for example, how many customers visit Starbucks after visiting Nordstroms.The technology, called FootPath, is being rolled out at a mall in California and Virginia. There are signs hanging around the mall describing the technology, and apparently customers may opt-out by turning off their mobile devices.

November 24, 2011 | Bratislava

ESET Releases ESET Mobile Security for Android Smartphones

ESET, the leader in proactive protection against cyber-threats, has released its flagship product for the mobile Android platform ESET Mobile Security. With ESET Mobile Security, the company offers advanced protection for three operating systems including Symbian, Windows Mobile and Android. ESET Mobile Security for Android is available for download from the company’s website,

November 22, 2011 | San Diego, CA

SCADA attacks gone crazy

SCADA, an old, stodgy network setup for controlling infrastructure, is hitting the headlines in force for falling victim to cyber scammers. There have been several incidents of unauthorized access to the Supervisory Control and Data Acquisition (SCADA) recently, from guessing simple passwords, to full-on spear phishing attacks against a hardware vendor, which were then used to access infrastructure equipment at a water treatment site without permission. While we’ve discussed industrial hacking here and here, we now see more exploits in the wild.The attacks range from targets-of-opportunity, basically checking every car at the mall for an open door or cracked window, to one targeting credentials at an upstream equipment supplier.

November 21, 2011 | San Diego, CA

US Pentagon: it’s official, military response to cyber attacks

Awhile back we noticed signals from the US Pentagon that they were considering the possibility of a traditional military response to cyber attacks on US physical infrastructure. Basically, a cyber attack on infrastructure could be considered an act of war. We now see the official report released, confirming this.The report states, “When warranted, we will respond to hostile acts in cyberspace as we would to any other threat to our country.

November 16, 2011 | San Diego, CA

SOPA and PIPA and DNS: An open letter to Congress

SOPA and PIPA are pieces of legislation currently under consideration in the United States Congress that have serious implications for DNS, the Domain Name System which makes possible the Internet as we know it. To give them their full names these bills are HR 3261, the Stop Online Piracy Act (SOPA), and S.968, the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 or PROTECT IP Act (PIPA). What follows is an open letter to Congress explaining why these bills, as currently written, are bad for the Internet and bad for our economy.

November 15, 2011 | San Diego, CA

Anonymous – is hacktivism here to stay?

Months back a rather vocal series of micro-hacktivist groups formed a somewhat larger, more vocal pseudo-organized non-organization ruled essentially democratically via IRC (among other things), attempting to cast light on perceived misdeeds by the large corporation (or government organization) du-jour they thought had behaved badly. The idea was to hack an organization, parade them around a bit, hopefully attracting attention to convince them to get right with the world and the greater good.Now months later, some announced attacks have gone as planned, and others (shutting down NYSE on a given date) never came to fruition (well yet anyway). So are they to be believed as an organization, and – more importantly – is this an idea who’s time has come, or just a passing fad?During the nascent stages of the Occupy Wall Street (and others) movement, Anonymous chimed in saying they would provide collateral support aiding the folks on the ground, sort of a synergistic parallel movement online, marching “virtually” along with the sign bearers, and possibly even defending them against perceived heavy-handed treatment by law enforcement (and the alleged proxy forces behind them).