August 4, 2008
May the X-Force be with you
IBM’s X-Force security division may not have the raw fury of Wolverine or the magnetism of, erm, Magneto, but they proved they are a force to be reckoned with as they unleashed the results of their latest cyber-threat survey.
Their survey revealed that attacks utilising flaws in browser plug-ins accounted for 78 of your earth percentage points. (Link)
Launching through cyberspace like a well-dressed, intergalactic security aficionado, X-Force operations manager Kris Lamb commented on the “acceleration and proliferation” of bugs being the key theme of 2008 so far and said:
“Without a unified process for disclosing vulnerabilities, the research industry runs the risk of actually fuelling online criminal activity. There's a reason why X-Force doesn't publish exploit code for the vulnerabilities we have found, and perhaps it is time for others in our field to reconsider this practice.”
Like a blast from a light sabre, the report also revealed that 90% of spam is URL based, meaning that spam filters have trouble detecting it. And although they lost the race to the moon the Russians can call themselves the best spammers, responsible for 11% of the world’s spam.
Gender unspecific
On the subject of browser vulnerabilities, here’s an interesting story. Since browsers will hand your browsing history to anyone who wants it, a script that uses this information (to enhance the browsing experience you understand) has been developed.
Called “Social History” its intended use is for bloggers who want to invite their readers to post their blog to one or more of the many social networking sites. Rather than clutter the page with thirty-odd website badges for this purpose, Social History will browse a user’s web history and only provide badges for the sites that the user visits.
Clever stuff. But techie blogger Mike On Ads has taken this a step further by modifying the script to analyse the sites visited and from that apply basic mathematics to predict whether or not the visitor is male or female. (Link)
You can run the test yourself at the above link. My results?
Likelihood of you being FEMALE is 40% / Likelihood of you being MALE is 60%
Given that all previously known evidence had suggested I’m 100% male, I’m really not too sure how to process this.
Three quarters of bank websites are flawed
Researchers at the University of Michigan found a barrel with some fish in it and shot at them when they revealed that at least 75% of bank websites contain one serious design flaw that put their users at risk.
(Link)
The initiator of the study behind the paper “Analyzing Web sites for user-visible security design flaws”, Professor Atul Prakash said:
“To our surprise, design flaws that could compromise security were widespread and included some of the largest banks in the country.”
Some of those flaws included:
• Placing secure login boxes on insecure pages.
• Putting contact information and security notices on insecure pages.
• Allowing inadequate user IDs and passwords. Sites frequently allowed email addresses as user IDs and didn't require strong passwords.
The study was completed in 2006 and has taken two years to surface. Geoff Sweeney, CTO at technology company Tier-3 said:
"Some banks are reported to have reworked their sites as a result of the team notifying them of their problems, but I suspect that many will take time to change their portals."
|
