SamuraiNet Blog

“90% of emails sent are spam” is a statistic found on the following article. With such a large percentage of emails being considered spam protection techniques need to move to proactive, rather than reactive. One method being suggested is tracking the sources and flow of email traffic.http://sify.com/finance/fullstory.php?id=14698112

In my continuing search for information pertaining to cyber warfare I have found the following two articles. The first describes why global hackers are so hard to detect and the problems both security related and political this creates. The second article shows that France is making an effort to join the “digital front line.” It explains France’s strategy to get into the cyber warfare game. http://www.livescience.com/technology/080619-chinese-hackers.html http://news.xinhuanet.com/english/2008-06/19/content_8402780.htm

This article lists 10 of the most infamous “black hat’s” over the years along with what they are known for doing. Interestingly enough, the fact that they are known shows they are not quite as good as people make them out to be. http://www.itpro.co.uk/603831/ten-of-the-most-infamous-black-hat-hackers

With anti-virus software and firewalls on the rise, virus writes have moved to targeting routers. By changing the DNS settings on a router the attacker gains control of all traffic the infected network has access too. Pointing sites to malware ridden pages or conducting man-in-the-middle attacks are only the beginning of this potential. http://www.itpro.co.uk/603852/new-trojan-threat-able-to-control-network-routers

“Be careful what you say” is something we’ve all heard, but in the current day and age perhaps “be careful what you email” is more relevant. Two Bear Stearns hedge fund managers have been brought up on charges for misleading investors. Part of the evidence are email records proving that these two knew the market was not where they claimed it to be. http://biz.yahoo.com/ap/080620/bear_stearns_investigation.html

MySQL may be partially going closed source thanks to Sun, but IBM is taking DB2 to the open source market. It is not directly going to be put out for all eyes, but according to Chris Livesey it is inevitable that DB2 will end up in the open source world. Read more here: http://news.cnet.com/IBM-to-open-source-DB…1694.html?tag=html.alert.hed

For those of you old enough to remember some of Blizzard’s classics: Diablo and Diablo II (and Lord of Destruction), it seems Blizzard is going to be blessing us with Diablo III. So far 2 character classes have been released, the barbarian and the witch doctor. http://www.blizzard.com/diablo3/

Virtual machine’s use unique MAC addresses to access the internet. This article provides a listing of their identifiers so that you may asertain whether or not a particular machine is within a Virtual machine. http://blogs.techrepublic.com.com/networking/?p=538&tag=nl.e102

Botnets are no new threat and neither is the way they are used. The article shows some statics on just how powerful they are and what sorts of damages they are doing. The second link provided is from SANS and discusses a proactive, rather than reactive way to deal with the possibility of infection. The final link provided shows how bot herders are using their destructive potential to make money. With such a lucrative business in place it puts more and more pressure on security professionals to take the next step in securing their systems. http://www.sourcewire.com/releases/rel_display….9472&hilite= http://isc.sans.org/diary.html?date=2008-06-14 http://www.technewsworld.com/story/The-….Con-Game-63357.html

Again we find proof that hackers are compromising government systems and using the data attained to raise problems. What is possibly more disturbing is the government’s continuing lax efforts to deal with the issue at hand. It seems that just pushing it under the carpet is the defacto method of dealing with these problems, when the correct approach should be to deal with the problem at the source. Here we see that Chinese hackers actually managed to gain access to dissident lists and actually managed to find the people on those lists. http://ap.google.com/article/ALeqM5g….ZaBwez4_gq7mwD918ATTG0

Mozilla’s Firefox 3 was supposed to come packaged with “private browsing” a “no digital trail” method of surfing the net, however; because of the amount of code affected by this options it has been released without this feature. http://news.cnet.com/8301-10789_3-9967829-57.html

Restrictive passwords make cracking more difficult by requiring that users use a wider range of characters; however, can restrictive password policies actually decrease time required to crack? This blog goes into the math behind it. http://lukenotricks.blogspot.com/2008/03/more-on-counting-restrictive-password.htm

Mozilla has a new campaign to break the world record for number of downloads in 24 hours. They have even gone to allowing people to pledge downloads, to be sure they accomplish their goal. This is an interesting marketing campaign. http://www.spreadfirefox.com/en-US/worldrecord/

In a previous post (America’s Cyber defense or lack there of) I pointed out problems with foreign hackers and our government. Here are two articles as a semi-continuation of the saga. http://www.scmagazineus.com/Potential-security-breach-by-China/article/110790/ http://www.thehindubusinessline.com/2008/06/04/stories/2008060451781200.htm

If you are considering being in the IT field or are looking to hire new IT staff, this article is well worth a read. 30 items that IT staff should know. I don’t agree with all 30, but the list itself is something to be looked at and will help you evaluate yourself or potential staff. http://www.infoworld.com/article/08/06/02/23FE-how-to-fire-IT-staff-skills-list_1.html

After battling with an .htaccess problem all day long I ended up at this article. It didn’t solve my problem, but is a great source of information on all things .htaccess. http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/