TechnicalInfoBannerA
TechnicalInfoBannerB
TechnicalInfoBannerC

Frequency-X

  Frequency-X in 2007

Frequency-X_BlogEntry Placing a Value on Passwords - November 20, 2007
How much is your password worth? Talk about a difficult question to answer! Back in 2004 a survey conducted at one of the UK’s busiest railway stations revealed that 70% of people would reveal their computer password for a chocolate bar.  What if I was to tell you that, today, ...
Frequency-X_BlogEntry Psst... wanna buy some credit cards? - November 12, 2007
Of the millions of credit cards electronically stolen each year, have you ever thought about where they go and what happens to them once they reach their final destination? Data leakage in the form of ‘lost’ credit cards and the supporting identity information needed to ...
Frequency-X_BlogEntry XSOX.NAME and Proxy Bots - October 22, 2007
Web proxies are an interesting beast.  Within the corporate environment they allow organizations to regulate access to the Web as well as provide some degree of protection against several classes of threat.  Outside, elsewhere in the Internet, Web proxies have ...
Frequency-X_BlogEntry RFID Worms - Fact or Fiction? - October 16, 2007
A few weeks ago IBM ISS worked with the Georgia Tech Information Security Center (GTISC) to release a paper entitled “Emerging Cyber Threats Report for 2008”.  As one of the contributors to the report I subsequently received a number of enquiries concerning some of the content;
Frequency-X_BlogEntry Anti-malware's backward brother - October 15, 2007
A couple of weeks ago I was asked by a journalist to go in to a little more depth about the increase in malware being observed.  As you’ve probably noted, the mid-year X-Force threat report pointed out that nearly as much malware was captured and analyzed within the first ...
Frequency-X_BlogEntry Charitable Donations on Your Behalf - September 20, 2007 at 6:24 PM EDT. A colleague in the UK pointed me to an interesting news story concerning fraudulent donations that have been made to CastleCops (a volunteer security community seeking to make the Internet a safer ...
Frequency-X_BlogEntry Phishing on the Fly - September 17, 2007
There must have been something in the water somewhere, because it looks like last week was an exceptionally active week for the Phishers - in fact the busiest ever.  In the period running 10th through to the 17th September IBM anti-spam gurus over in Kassel identified 453,932 ...
Frequency-X_BlogEntry Ultimate Data Storage - Microfiche? - September 12, 2007
Over the last few years “security” has increasingly been associated with the term “privacy”.  It wasn’t always the case though.  At the turn of the millennium the first thing that would have jumped in to an IT managers mind if you mentioned the word “security” ...
Frequency-X_BlogEntry The Short Path to Deniability - August 30, 2007
"When is identity theft advantageous to the victim?”  That was a question that came up in a recent hallway conversation, and it got me thinking… Over the years I’ve seen and heard plenty of excuses for various hack attempts and fraudulent claims – all of which were geared ...
Frequency-X_BlogEntry Old Threats Never Die - August 19, 2007
What kind of answer do you give if someone asks you “how long did it take before the slammer worm ceased to be a threat?” Slammer kicked off in the morning of January24th, 2003, and within its first 10 minutes of propagation had managed to compromise an estimated 75,000...
Frequency-X_BlogEntry International Money Mule Recruitment – Part II - The Recruitment Site - August 15, 2007
Continuing yesterday’s international money mule theme and the FAQ, I figured it would be worthwhile running through a fairly typical mule recruitment website – in this case, one that appears to have been around for quite some time (which is pretty weird given how quickly...
Frequency-X_BlogEntry International Money Mule Recruitment – Part I – The FAQ - August 14, 2007
My suspicion that not many people know what a money mule is has definitely been confirmed these past couple of weeks based upon the number of queries I’ve had about last months posting on the topic. So, this evening I figured I’d do two things – write up a short FAQ ...
Frequency-X_BlogEntry Social Network Hacking - August 08, 2007
A couple of weeks back I stumbled upon some news postings about the use of MySpace and Facebook in successful identity theft crimes. Without filling up a paragraph with links to the various news stories themselves, I’ll sum it up as basically as I can.  The victims had lots...
Frequency-X_BlogEntry The Vulnerability Brokers - August 04, 2007
You’ve probably already read several postings from me over the years about responsible disclosure and my views of the ethics behind vulnerability-based services.  So, today I’m planning on going a little further – dispel a myth, and propose something to the major...
Frequency-X_BlogEntry The Mule Trade - July 31, 2007
99.9 percent of the online world knows what spam is, and I’d guess that around half of them know what phishing is. But how many know what a mule is? Whatever this lowly figure is (which I’d guess to be less than one percent), I’d postulate that there are probably more ...
Frequency-X_BlogEntry Top-10 Vulnerable Vendors - July 24, 2007
At the beginning of this year X-Force introduced a new style annual security report – focusing on how threats developed and matured throughout the year – based upon statistical analysis of key data X-Force had accumulated.
Frequency-X_BlogEntry Phishing under the Microscope - July 11, 2007
When discussing phishing, most people I meet are only all-too familiar with the spam-based email flooding their inbox and the cloned websites waiting out there to suck down their banking credentials and steal their identity.  But many of them have no inkling as to the mechanics ...
Frequency-X_BlogEntry Heisenberg Uncertainty - July 04, 2007
Some people feel that I tend to take an unduly harsh position on signature protection engines.  In fact, a quick review of my blog entries so far throughout 2007 may reveal to some people that I am not a huge fan of them – often referring to them as “legacy” – while promoting ...
Frequency-X_BlogEntry Firewall Spring Cleaning - July 01, 2007
You’d think that after nearly twenty years of firewalls being the frontline defense for enterprises, all the kinks would have been worked out by now.   To be fair, as defenses go, the good old firewall has stood up surprisingly well in the face of increasingly complex networked...
Frequency-X_BlogEntry Spear Phishing and Whaling - June 28, 2007
For all its simplicity, over the last decade the term “phishing” has evolved from a particular attack vector into a stratified class of online fraud and deception. This has resulted in a number of colorful names for the various sub-classes and vectors within Phishing.
Frequency-X_BlogEntry Web Browser Exploitation - June 24, 2007
I guess Web browser exploitation started to get exciting back in 2004 when SkyLined introduced everyone to the concept of heap-spraying.  All of a sudden, several years worth of DoS vulnerabilities in Microsoft’s Internet Explorer looked ripe for some real exploitation.
Frequency-X_BlogEntry Disclosure vs. Ethics - June 13, 2007
Public disclosure of security vulnerabilities has been a topic in which not many people have chosen to sit quietly upon the fence.  Like an Australian brushfire the heated discussions on disclosure flair up at random locations, burn brightly for a few days, consume the local tundra...
Frequency-X_BlogEntry Phishing Kits Classified - June 06, 2007
Phishing attacks have evolved quite a bit over the last few years.  When I wrote my first whitepaper on the subject back in 2004 – ‘The Phishing Guide’ – the vectors for attack were already numerous, and since then many more vectors have appeared.  Starting with a “Ph..."
Frequency-X_BlogEntry Counting Vulnerabilities - May 29, 2007
It would seem to me that, on a daily basis, I get asked way too often “how many vulnerabilities are there in popular software?” If you have read the 2006 Trend Statistics report – you will have observed that X-Force tracked, analyzed and researched 7,247 public vulnerability ...
Frequency-X_BlogEntry A Slowdown in Vulnerability Disclosure? - May 24, 2007
It’s interesting to note that the total number of vulnerabilities publicly disclosed so far this year has only increased by 4.7 percent over the same period in 2006 – not nearly as bad as the 39.5 percent annual increase observed last year (2006 vs. 2005).
Frequency-X_BlogEntry Microsoft Vista Vulnerability Ranking - March 19, 2007
Over the weekend I noticed an interesting article the ComputerWorld site with the awe inspiring title “Microsoft security guru wants Vista bugs rated less serious” covering comments made by Microsoft’s Michael Howard (a senior security program manager in their security engineering...
Frequency-X_BlogEntry Stopping Botnet C&C on the Wire - February 21, 2007
The expectations of a network management team are often at odds with the security management team, which are in turn at further odds with the audit and compliance teams.  You can sometimes see these different expectations materialize within enterprise-level RFI and...
Frequency-X_BlogEntry Targeted or Personalized Attacks? - February 19, 2007
Like a catch phrase from an old Arnold Schwarzenegger movie, the term “targeted attack” has swept the security industry and can be heard reverberating around conference stands and found scattered throughout this years glossy product brochures.  I haven’t seen this much ...
Frequency-X_BlogEntry Violent Crime, CSI and Vulnerability Disclosure - January 14, 2007
It would seem that the Internet isn’t the only place in which criminals can learn from the good-guy disclosures and develop more successful ways to conduct their crime.  With the increased popularity of crime sleuthing shows such as CSI: Crime Scene Investigation and Cold Case...
     
    Copyright 2001-2007 © Gunter Ollmann