January's Security Streams

Tuesday, January 31, 2006

January's Security Streams

It's been quite a busy month, still I've managed to keep my blog up to date with over 30 posts during January, here they are with short summaries. Thanks for the comments folks!

I often get the question, how many people is my blog attracting, the answer is quantity doesn't matter, but the quality of the visits, still, for January there were 7,562 unique visits and over 13,000 pageloads. I'm already counting over 400 .mil sub domains, have the majority of security/AV vendors(hi!) reading it, and the best is how long they spend on average, and how often they come back. To sum up, 60% of all visits come from direct bookmark of my blog, 30% through referers, and 10% from search engines. It is also worth mentioning my last referring link, notice the domain and what they are interested in.

1. What's the potential of the IM security market? Symantec thinks big" gives a brief overview of the wise acquisition Symantec did and a little something the IM security market.

2. "Keep your friends close, your intelligence buddies closer!" mentioning the release of a book excerpt and provides further resources on various NSA and intelligence related topics

3. "Security quotes : a FSB (successor to the KGB) analyst on Google Earth" is Google Earth or satellite imagery a national security threat? At least the Russian FSB thinks so!

4. "How to secure the Internet" discusses the U.S National Strategy to Secure Cyberspace and some thoughts on the topic

5. "Malware - Future Trends" the original announcement for the release of my research

6. "Watch out your Wallets!" gives more info on ID theft and talks about a case that left a 22 years old student in debt of $412,000

7. "Would we ever witness the end of plain text communications?" a released report on the growth of VPNs prompted me to open up the topic, recently, Yahoo! communicate over SSL by default which is a great progress from my point of view

8. "Why we cannot measure the real cost of cybercrime?" an in-depth summary of my thoughts on why we cannot measure the real cost of cybercrime, and why I doubt the costs outpace those due to drug smuggling

9. "The never-ending "cookie debate" tries to emphasize on how the Cookie Monster should worry about cookies only, and what else to keep in mind concerning further techniques that somehow invade your privacy

10. "The hidden internet economy" here I argue on what would the total E-commerce revenues be given those afraid to purchase over the Internet actually start doing it.

11. "Security threats to consider when doing E-Banking" provides a link to practical research conducted by a dude I happen to know :)

12. "Insecure Irony" is indeed an ironical event, namely how a private enterprise, one used to gather intelligence actually lost sensitive info belonging to the Intelligence Community

13. "Future Trends of Malware" the post mentioning my Slashdotted research and the rest of the people and respected sites that recognized it

14. "To report, or not to report?" how can you measure costs when the majority of companies aren't even reporting the breaches, cannot define a breach, or think certain breaches don't require law enforcement intervention?

15. "Anonymity or Privacy on the Internet?" argues on what exactly different individuals are trying to achieve, is it Anonymity, is it Privacy and provides further resources on the topic

16. "What are botnet herds up to?" gives a brief overview of recent botnet herds' activities the ways used to increase the revenues through affiliate networks, or domaining. It also provides good resources on the topic of Bots and Botnets

17. "China - the biggest black spot on the Internet’s map" a very recent and resourceful overview of Internet Censorship in China, that also provides further resources on the topic

18. "FBI's 2005 Computer Crime Survey - what's to consider?" one day after the release of the FBI's survey I summarized the key points to keep in mind

19. "Why relying on virus signatures simply doesn't work anymore?" a very practical post that argues and tries to build more awareness on how the number of signatures detected by a vendor doesn't actually matter, still there are other solutions that will get more attention with the time. I received a lot of feedback on this, both vendors and from folks I met through my blog, thanks for the ideas!!

20. "2006 = 1984?" gives more details on private sector companies innovating in the wrong field, and further resources on censorship and surveillance practices

21. "Cyberterrorism - recent developments" an extended overview of Cyberterrorism, and a lot of facts worth mentioning obtained through a recently released report on the topic

22. "Still worry about your search history and BigBrother?" Some humor, be it even a black one is always useful

23. "Homebrew Hacking, bring your Nintendo DS!" Homebrew hacking is slowly emerging and I see a lot of potential in the "do it yourself culture"

24. "Visualization, Intelligence and the Starlight project" a post worth checkin' out, it provides an overview of various visualization technologies and talks about the Starlight project

25. "The Feds, Google, MSN's reaction, and how you got "bigbrothered"?" I'm not coining new terms here, "bigbrothered" is slowly starting to be used be pretty much everyone, yet I try to give practical tips on why the whole idea was wrong from the very beginning, and how other distribution vectors should also be considered

26. "Personal Data Security Breaches - 2000/2005" I came across a great report summarizing the issue, and tried to highlight the cases worth mentioning, some are funny, others are unacceptable

27. "Skype to control botnets?!" good someone is brainstoring, but that's rather unpractical compared to common sense approaches botnet herders currently use

28. "Security Interviews 2004/2005 - Part 1" Grab a beer and start going through this great contribution, soon to appear at Astalavista itself!

29. "Security Interviews 2004/2005 - Part 2" Part 2

30. "Security Interviews 2004/2005 - Part 3" and Part 3

31. "Twisted Reality" Everything is not always as it seems, and it's Google I have in mind :(

32. "How we all get 0wn3d by Nature at the bottom line?" :)

33. "Was the WMF vulnerability purchased/sold for $4000?!" among the few vendors I actually trust released a nice summary no one seems to be taking into consideration, still I find it truly realistic given the potential of the 0day market for software vulnerabilities

Till next month, and thanks to all readers for taking their time to go through my research and contributions!

Technorati tags :
security, information security

Dancho Danchev

Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com