Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
SpywareGuide powered by FaceTime Security Labs
Search SpywareGuide Greynets Database & Site
Security Email Alerts & Updates
Search the Blog
Recent Posts
Monthly Blog Archives
Subscribe to this blog's feed
About the Blog
About SpywareGuide Greynets Blog
Link to Us
Link to SpywareGuide.com

The SpywareGuide Greynets Blog


August 13, 2007

  • "Best Defence Is Your Head"

I recently had an interview with SiliconValley.com - here's the full piece, which focuses on the ever present danger from social networking and the new phenomenon of 419 Scammers targeting property websites.

March 21, 2007

  • Top Influencers in IT Security

The 59 Top Influencers in IT Security

We had the great fortune of having two members of Facetime's research team named on ITSecurity.com's Top Influencers in IT Security list. It is truly a highpoint to be recognized on the same page as security influentials like Amrit Williams, Alan Shimel, Richard Stiennon, Dr. Anton Chuvakin, and Bruce Schneier to name only a few.

The 59 Top Influencers in IT Security
Our list of the most influential security experts of 2007 - from corporate tech officers and government security types, to white hat hackers and bloggers.

You can see the full list here.

The Legendary Paperghost

Our own Chris Boyd, director of malware research, who also pens the "kung-fu style"- VitalSecurity.org is certainly deserving of this honor. Chris contributes not only here, but indy style at VitalSecurity.org- putting in countless hours to track down the story, frame it so that others can understand the nature of the threat and to make security interesting for everyone in a flair that is completely unique. That was one of the goals we set when we started blogging many, many months ago. To help communicate the story about online security and greynets in a human fashion- in a "real" fashion that we hoped would resonate, educate and interest people from all walks of life.

Team Honor

I was placed on the list for this blog by name, and being a blog veteran of several years, I help lead up the efforts. However, it must be clarified this is a team blog- an ongoing work of collaboration. You may often see my name heading entries or included in research and more frequently see Mr. Boyd's moniker (Paperghost), but there are many others that contribute in many different ways- often quietly and behind the scenes.

We try to recognize individuals in entries when they wish to be recognized (some actually do not) because it takes the hard work of a concerted team, working in unison, to go traveling to some of the places we must go and to face off with some of the situations we encounter. Often these people behind the scenes don't receive the public accolades they deserve or broad recognition. These are people who often pursue a lead on their own, run an ethereal trace, help gather the pieces of a complex puzzle, run extra forensics, or simply ask the right questions.

Sometimes just asking the right questions can lead to big breakthroughs.

With that in mind I am happy The Greynets Blog is recognized as an influential force in IT Security. I am happy we have had the support of our executive staff who believed the effort was worthwhile, and granted us the freedom and trust to message in our own voice and style and from where we chose. It has been exciting, tiring and much like a rollercoaster at times. However, one could not ask for a more dedicated team of individuals and diverse voices. Most importantly thanks to the readers, volunteers and colleagues who work with us day-in-day-out, to put the heat on the streets and get the message out...

Be vigilant, be smart, and travel with care.

March 16, 2007

  • China: The Dragon Roars

Check out this piece over at ITWeek. I offer up a few thoughts on the current craze for Chinese Adware and Malware - more and more, this stuff is starting to spread outside the confines of China itself and out into the West. There's a near limitless supply of these infections at the moment, and while a lot of it is throwaway rubbish (or older, rehashed files) some of the more advanced specimens are doing pretty clever things and proving extremely hard to remove in the process....

February 26, 2007

  • False 'Friends' Prey On Social Networking Sites

"These Web sites are just bottomless pits of useful information" for phishers, identity thieves and others, said Chris Boyd, security research manager at FaceTime Communications, an Internet security firm. Raiding them, he said, is the equivalent of "Dumpster diving." Link

A good article regarding the perils of Myspace - some interesting facts and figures, along with this (vaguely worrying) quote:

"MySpace now is trying to hire attorneys and additional security experts to make improvements, Nigam said."

...considering the scope of Myspace, shouldn't this sort of setup already be in place?

February 14, 2007

  • Q&A: Paperghost talks to PCWorld Spain

While recently in Spain (doing a sort of QA session on the latest spyware threats), I was surprised to find they wanted a short video session too, so here it is. Nothing technical - just an entry level ramble about basic protection, the risks of unsafe Instant Messaging and a bunch of other stuff.

October 31, 2006

  • John Battelle on Google and DHS and Google Trends Can See

Noted blogger John Battelle reports in his blog based on a couple of pieces...about who Google (NASDAQ:GOOG) is working with these days.

One example from HomeLandStupidity.us he references:

IT contractors and intelligence officials familiar with the arrangement confirmed to HSToday.us that Google had been providing assistance to the intelligence community, but would not say under what authority that assistance had been requested or provided.

The intelligence community appears to be interested in data mining Google's vast store of information on each user who uses Google's services. Google collects data on each user's search queries, which web sites users visited after making a query, and through its Google Analytics service, can also track users on cooperating web sites. It's not clear what level of access to or how much of this information has been made available to intelligence agencies.

John goes on to note:

This might be filed in the Tin Foil Hat category, or it might be something we look back on and wonder how we ever missed it. I don't have any idea which. That alone sort of scares me.

The story says that Google is working with the Govt. in the war on terror. It depends a lot on ex CIA agent Robert Steele, who may or may not be a trustworthy source.

I've seen this story all over the place this weekend, and it strikes me as possibly accurate on at least one level: If the CIA/Dept. of Homeland Security was NOT trying to secretly work with Google, it's even lamer than we might imagine. After all, the company has just about the best infrastructure in the world to help them do their job. Is it legal? Moral? Right? Another question entirely....

This is ironic for two reasons:

1) Chris Boyd (Microsoft Security MVP) and head of our Malware Research Labs (currently on hiatus preparing for our talk at the RSA show and something he want talk about called The Fourth Wall) and yours truly- Wayne Porter, also Microsoft Security MVP, Director of Special Research, currently working on e-commerce analysis....were recently, along with the Facetime Communication's team and our Security Labs team, noted publicly on Google's Security thank you page:

Google Thanks You People and organizations with an interest in security issues have made a tremendous contribution to the quality of the online experience. We are grateful for the responsible disclosure of security vulnerabilities in our software. On behalf of our millions of users, would like to thank the following individuals and organizations for going out of their way to improve the Google experience for everyone:

* Alex Shipp, Messagelabs
* Bryan Jeffries
* Castlecops
* H D Moore
* Jeremiah Grossman
* Johannes Fahrenkrug
* Martin Straka
* Team Cymru
* Yahoo! Paranoids
* Wayne Porter & Chris Boyd, FaceTime Communications
* Alex Eckelberry, Sunbelt Software
* Richard Forand

I add as an odd aside that after commenting on an article at ThoughtShapers on Google's move into podcasting/adsense and how they are tearing up top down media all kinds of people pinged me on whether I was one of the 'trusted sources" who leaked this to Jeff Molander. The answer is no. I made that clear in my personal blog notably here (The Google Rumor Mill Redux- Getting Details Straight) and an aside here Leaked Papers and Google Adsense.

Going back to John's observations though I have no idea how Google or to what capacity they are working with Homeland Security- I am just a cog. With their processing and information gathering power I would be hard pressed to say that it wouldn't make sense for DHS and / or the CIA not to want to do so.

Remember that GUID I talked about at Revenews? (Note: GUID is a Globally Unique Identifier. A GUID is often a pseudo-random number used in software applications. Each generated GUID is "statistically guaranteed" to be unique.)

For example, the concept of a GUID or the longer they use a service (even anonymously and in aggregate) makes it easier to determine who they are. Granted Google may not have any nefarious purposes for this, but what happens when other agencies do? You might be “anonymous” to Google, but when another agency plays connect the dots after obtaining access to your machine and subpoenas activity around a GUID- you aren’t so anonymous anymore. In reality, you become an online novel- I can perhaps establish your character by your queries. Of course, this risk exists with any tracking mechanisms, but a service as ubiquitous as Google, especially one that looks at queries, is all the more potent.

2) I do know that Homeland Security does pay attention to cyberthreats- as they should. I was surprised to find some of our research in their daily briefing reports, specifically around some notable worms. These reports a.k.a. The DHS Daily Open Source Infrastructure Report (Daily Report) is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. They divide it up by the critical infrastructure sectors and key assets defined in the National Strategy for the Physical Protection of Critical Infrastructures and Key Assets.

An Example- this was over the KMeth Worm, which I find interesting.

  • Kmeth Worm noted by DHS [PDF Document]
  • Most of these Daily Briefings- which are free and unclassified appear on the DHS.gov site, although to search them you need to use the FEMA.gov site...

    Tin Foil Hats? I don't know. Safety and privacy and security are all different but related and require a delicate balance. Then you have to think back to the NSA wiretaping scandal. Did people really notice? Did they really care?

    Take a look at Google Trends (given the questions is this a good place to validate this question?). Google trends is a fairly good indicator of search activity. It is an indirect reflection of what is going on online.

    Here we see the terms: wiretapping, NSA scandal, wiretapping scandal, wire tapping

    Click to See Chart

    Interesting...there is some movement there.

    Now: NSA scandal, wiretapping scandal, ATT scandal, NSA wiretapping, phone tapping

    Click to See Chart

    Nada, zilch. Not even if you analyze U.S. queries only- despite major press coverage. Try your own strings and see what turns up.

    Of course per Google: "Google Trends aims to provide insights into broad search patterns. As a Google Labs product, it is still in the early stages of development. Also, it is based upon just a portion of our searches, and several approximations are used when computing your results. Please keep this in mind when using it."

    October 01, 2006

    • Twisted Pair at Network World Talk Pipeline Worm

    Remember the modular Pipeline Worm the Facetime Security Labs Team uncovered recently? The W32.Pipeline Worm, which hit right before the really strange MSN HeartWorm.a...Thanks to the guys Twisted Pair at Network for the mention of the menace.

    They also covered some nasty work via another Russian pron attack from our research friends at Sunbelt Software get.

    The Pair note the Pipeline Worm, the rootkit element and the botnet menace and give a nice mention of our RTGuardian 500 device which won the Network World Choice Award also see here. We clocked in with a latency of zero milliseconds on executable and nonexecutable and an efficacy of 98.5%! Great job research and great job from engineering.

    From the pre show blurb:

    Jason and Keith talk about the winners in the Motorola-Symbol deal; more battery recalls involving Sony; a new AOL IM worm that has obvious red-flag warnings; Russian porn site security risks; Life is (Not) Good; iTunes million dollar movie week; and, the continuing HP spy saga. Plus Pigskin Pick'em! (32:39)

    Streaming Podcast Page: Located Here

    Are on the goal- grab the MP3 and pop it into your player of choice...or whatever you do with your MP3's!

    Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide JapanJapanese

    © Copyright 2006, FaceTime Communications, Inc. All rights reserved.