I've been doing a lot of thinking about Cloud Computing lately. This was sparked, in large part, by Symantec's internal engineering conference, Cutting Edge, as well as a number of things I've been reading. Cloud Computing is shaping up to be one of the "next big things" that we are all going to be hearing a lot about over the next couple of years. In fact, Microsoft just announced "Azure," their cloud computing services platform. Microsoft Azure is positioned to bring cloud computing to the development masses. Anyone will be able to write cloud-aware applications and run them hosted i...
I was surfing the web tonight and I came across an article on Scientific American. The author asked some friends for permission to break into their bank accounts and then went to work trying to steal their identity. The ease at which he was able to do so is startling. He first used a variety of techniques to gather information including reading the target's blog and googling them and then he used that information to break into the user's email accounts via password resets. Once he had access to the target's email he would be able to receive password reset emails from their bank accoun...
The Boston Globe had an article recently on how difficult it is to be anonymous in the internet age. Reading the article compelled me to perform my every-once-in-a-while "googling" of myself. What I found was pretty interesting.
First of all, I'm not keeping a very low profile. There were approximately 23,000 responses to the search query on my name (541 if you put my name in quotations.) Most of the front page stuff was computer related. A post on an old blog of mine about a web programming framework; several links to my posts on the Norton Protection Blog; a patch I submitted to an...
There has been a lot of coverage in the tech-related blogosphere lately regarding a specific threat called (among other things) Trojan.Gpcoder.F. Once this malware has infected your machine it searches for files on your system that could potentially be important to you (based on the extension of the file) and then encrypts the data using a 1024 bit key (technically it creates an encrypted copy of the file and deletes the original.) Once your data has been encrypted, the malware informs you that your files are being held for ransom along with details on how to buy the decryptor program to...
A recent PCMag.com blog post points out that the fake White House website whitehouse.org (no, I won't link you to it) has been hacked and is serving up malware. Part of the issue here is that many people attempting to go to the government website www.whitehouse.gov will accidentally mistype it as whitehouse.org. This is a specific case of a very real threat.
If you look at the list of the top 500 most popular websites according to Alexa.com. How many of these domain names are easily misspelled or mistyped? There is nothing stopping bad people from registering common typos of popular do...
There was a great article in the most recent issue of the Communications of the ACM entitled "The Psychology of Security: Why do good users make bad decisions?"
The main thrust of the article is to shed some light on the psychological process for decision making and how the process manifests itself when users are asked to make security decisions. Armed with this knowledge security software developers can make better decisions regarding what to present to a user and how these choices should be ultimately represented. I took away three key observations from the article:
First, the article po...
I was surfing through some security news this weekend and ran into an interesting article on SecurityFocus. The article references a report that states that the reported damages from cybercrime and fraud rose by more then 20% from 2006 to 2007.
One interesting piece of information turned up by the report is that while identity theft is the most commonly cited example of cybercrime, other criminal activities like auction fraud are causing greater monetary damage.
This is alarming to me both as a consumer and as a developer of security software. As a consumer if I want to buy something on eB...