Network Security - Page 14 - Results from #260

Discover Network Security News

Botnet Operators Infecting Servers, Not Just PCs

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Botnet operators have always been able to easily infect and convert PCs into bots, but they also are increasingly going after servers -- even building networks of compromised servers. Web servers, FTP servers, and even SSL servers are becoming prime targets for botnet operators, not as command and control servers or as pure zombies, but more as a place to host their malicious code and files, or in some cases to execute high-powered spam runs.

Alex
Dec 17, 2009

Google Public DNS: DNS security threats and mitigations

Here's a great overview of DNS and its intrinsic security issues, and how Google hopes to address them, and improve the security of DNS on the Internet. Because of the open, distributed design of the Domain Name System, and its use of the User Datagram Protocol (UDP), DNS is vulnerable to various forms of attack. Public or "open" recursive DNS resolvers are especially at risk, since they do not restrict incoming packets to a set of allowable source IP addresses. We are mostly concerned with two common types of attacks:

Dave Wreski
Dec 05, 2009

Google wants to unclog Net's DNS plumbing

Google wants to speed up a key part of the Internet's inner workings called the Domain Name System and is inviting technically savvy folks to try their ideas out. The DNS is a crucial part of the Internet. It converts the text addresses people can remember into the numeric Internet Protocol addresses actually used to locate information on the Internet. For example, CNET.com's IP address is 216.239.122.102.

Anthony Pell
Dec 04, 2009

Koobface Rears Up

News, of the latest iteration of the Koobface Botnet, has hit the blogosphere. Utilizing client based attack vectors, this evil bit of badness can

Alex
Dec 01, 2009

Bug puts net's most popular DNS app in Bind

Makers of Bind have warned of a security vulnerability in versions of the domain name resolution application that could allow attackers to trick servers into returning unauthorized results.

Alex
Nov 25, 2009

Tempting Those Blackhatted Poohs with a Taste of Virtual Honey

It isn

Alex
Nov 24, 2009

Using a Cisco Router as a

Have you ever thought about your routers. I mean - *really* thought about them? They think all day long, processing all of the packets in and out of your company

Anthony Pell
Nov 20, 2009

Cloud Security's Silver Lining: Q&A With ISF President Howard Schmidt

The bad guys of the Internet -- black hat hackers, scammers, and the like -- are becoming more organized and directed in their attacks, according to Howard Schmidt, president of the Information Security Forum. As companies begin looking toward cloud services, they're often wary of the problems they've faced in the past but also careful not to fall into the same traps again.

Anthony Pell
Nov 18, 2009

How Secure Is Cloud Computing?

Great interview with crypto-legend Whitfield Diffie. Cryptography solutions are far-off, but much can be done in the near term, says Whitfield Diffie. Cloud computing services, such as Amazon's EC2 and Google Apps, are booming. But are they secure enough? Friday's ACM Cloud Computing Security Workshop in Chicago was the first such event devoted specifically to cloud security.

Anthony Pell
Nov 17, 2009

Searching an Encrypted Cloud Searching

Recent advances in cryptography could mean that future cloud computing services will not only be able to encrypt documents to keep them safe in the cloud--but also make it possible to search and retrieve this information without first decrypting it, researchers say.

Anthony Pell
Nov 17, 2009

The Botnet Hunters

They're the Internet equivalent of storm chasers, spending endless hours scanning and sleuthing, looking for the telltale signs of botnets. Here's an inside look at the battle against cybercrime's weapons of mass infection.

Anthony Pell
Nov 17, 2009

DNS problem linked to DDoS attacks gets worse

Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet's DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims.

Alex
Nov 16, 2009

VeriSign: Major internet security update (DNSSEC) by 2011

VeriSign has said a significant outstanding internet security vulnerability will be closed by 2011, after delays caused by technical aspects of the implementation. The problem is that DNS, the Domain Name System that translates internet addresses such as website URLs into numerical values, can be seeded with false values and used to misdirect users.

Anthony Pell
Nov 16, 2009

Breaking the Botnet Code

Networks of compromised computers controlled by a central server, better known as botnets, are a Swiss Army knife of tools for online criminals. Hackers can use these co-opted systems to churn out spam, host malicious code, hide their tracks on the Internet, or flood a corporate network to cut off its access to the Web.

Alex
Nov 13, 2009

64 percent of websites contain serious flaws

Cross-site scripting and SQL injection remain the top methods of attack. Vulnerabilities in web applications remain the primary avenue of attack for cybercriminals, according to a WhiteHat Website Security Statistics Report released this week.

Anthony Pell
Nov 13, 2009

Seven keyholders for the DNS root zone

Preparations for securing the domain name system root zone using the DNS Security Extensions (DNSSEC ) protocol are entering a key phase. At the 76th meeting of the Internet Engineering Task Force (IETF) in Hiroshima, the design team from VeriSign, the internet administration authority ICANN and the US NTIA presented the strict security conditions under which the various keys required will be generated, held and renewed. IETF developers expressed concern about the lack of channels for both explaining the DNSSEC rollout, scheduled to commence in January, to ISPs and for collecting reports of anything untoward from the ISPs.

Anthony Pell
Nov 12, 2009

How a Botnet Gets Its Name

There is a new kid in town in the world of botnets - isn't there always? A heavyweight spamming botnet known as Festi has only been tracked by researchers with Message Labs Intelligence since August, but is already responsible for approximately 5 percent of all global spam (around 2.5 billion spam emails per day), according to Paul Wood, senior analyst with Messagelabs, which keeps tabs on spam and botnet activity.

Anthony Pell
Nov 11, 2009

Pricing Scheme for a DDoS Extortion Attack

With the average price for a DDoS attack on demand decreasing due to the evident over-supply of malware infected hosts, it should be fairly logical to assume that the "on demand DDoS" business model run by the cybercriminals performing such services is blossoming.

Anthony Pell
Nov 09, 2009

Turning clouds into crackers: $45 a password

Security experts recommend long, complex passwords because they require a super computer

Alex
Nov 06, 2009

Vendors scrambling to fix bug in Net's security

Software makers around the world are scrambling to fix a serious bug in the technology used to transfer information securely on the Internet. The flaw lies in the SSL protocol, best known as the technology used for secure browsing on Web sites beginning with HTTPS, and lets attackers intercept secure SSL (Secure Sockets Layer) communications between computers using what's known as a man-in-the-middle attack.

Alex
Nov 05, 2009

Linux Network Security

I2P 2.5.0 Release Brings Improvements in Tunnels, I2PSnark & More

Canonical Makes Network Management Simpler and More Secure with Netplan 1.0

GTPDOOR Linux Malware Threatens Telecoms, Exploits GPRS Roaming Networks