Sunday, February 27, 2011

End of Year Security Reports, The Complete List

This is a list of annual security reports by vendors, non-vendors and governments that I was able to collect in the last few weeks.

Vendors list:
Akamai, state of the internet report, (pdf)
Arbor, Network Infrastructure Security Report 2010, (pdf)
Blue Coat, 2011 Web Security Report, (pdf)
Cisco 2010 Annual Security Report, (pdf)
Damballa Top 10 Botnet threat Report, (pdf)
GFI Labs, 2010 report on Fake Security Products, (details)
Mcafee, A Good Decade for cybercrime, report, (pdf)
Message Labs 2010 Annual Report, (pdf)
PandaLabs 2010 Annual Report, (pdf)
PandaLabs, The Cyber-Crime Black Market: Uncovered, (pdf)
Qualys, State of browser security, (pdf)
SecureWorks Spambot evolution, 2011, (details)
Secunia 2010 Security Report:, (pdf)
Sophos Security Threat Report, 2011, (pdf)
Symantec Report on Attack Kits, and Malicious Websites, (pdf)
Symantec 2010 end-of-year report, (pdf)
Symantec, 2010 US Cost of Data Breach, (pdf)
Trustwave 2011 global security report, (pdf)
Barracoda Labs 2010 report, (pdf)
HP TippingPoint 2010 report, (pdf)
IBM X-Force 2010 report, (pdf)
McAfee, Underground Economies, (pdf)

Government List:
Dutch 2010 National Cyber Crime, and Digital Safety Trend Report, (pdf)
European Union, statistical office, Safer Internet Day Report, (pdf)
ICS-CERT, Industrial control systems, 2010 report, (pdf)
Internet Crime Complaint Center 2010 report, (pdf)
Whitehat Security statistics report, require registration, (details)

Non-Vendors List:
Global Risks 2011, World Economic Forum, (pdf)
DDOS 2010 Report, (details)
PriceWaterHouseCoopers, Global State of Information Security Survey, (pdf)
Web-based threats, SEI-Carnegie Mellon, (pdf)



Tuesday, November 16, 2010

Sunday, June 20, 2010

DNS sinkhole ISO image

Guy Bruneau has created a DNS sinkhole ISO image, available for 32-bit and 64-bit.
sinkhole is using 3 public lists for known bad domains (Malware Domain Blocklist, Zeus Tracker, and SRI malware list).
A step-by-step guide is available here.

I will be waiting for other lists to be added, such as Phishtank, GoogleSafeBrowsing, XSSED, and others.

DNS can be used effectively to detect and prevent infection inside a network, such as checking the cached entries on your DNS servers for bad hosts.

I do not know exactly if vendors are implementing such DNS filtering on their products, maybe on the IPS level.

update:
check this clarification on tracking the clients.

Update:
Here is an updated detailed paper from Guy Bruneau.

Saturday, May 29, 2010

Monday, March 29, 2010

Smartphone Security - Part 4


In CanSecWest Pwn2Own 2010, researchers were able to break in a fully patched IPhone using unknown Safari vulnerability, it took them 2 weeks to find the vulnerability and write the exploit and took them 20 seconds to hijack the entire SMS database and uploaded it to a server.

The researchers claim that they can also hijack the emails and photos using the same vulnerability.

Vulnerability details will be disclosed after releasing a patch by Apple, as per the press release.

Whatever the details of the vulnerability is, it is a fact that finding a vulnerability is not that difficult, and considering the growing market share of the smartphones, with more and more powerful hardware, the problem of smartphone security will be a big issue.

You may want to check Part 1, 2, 3 of related smartphone security issues.