Next-generation defense against adaptive malware

October 9, 2011 (posted by Ng Chong) -  The possibility of predicting crime before it happens, popularized by Steven Spielberg's Minority Report is no longer a far-fetched idea.  It is an active research area that has gone beyond the confines of crime fighting and crime prevention.  The same enthusiasm is manifestedMinority-Report-Cool-UI in the virus-antivirus arms race.

With rapid advances in computing, experts anticipate that a virulent malware can not only mutate itself randomly but also adapt to the varying conditions of the host environment as it multiples and spreads throughout the network to avoid being detected.  And it is only a matter of time that malware can weaken or defeat today's anti-virus defenses.  A recent breakthrough sheds light on how using many of the existing algorithms to characterize and predict program behavior could be used one day to thwart viruses in the microseconds before they begin to execute.


Privacy watch: from cookies to supercookies

August 21, 2011 (posted by Ng Chong) - HTTP cookies are not new and many websites today would not work without them.  They are small plain-text files (up to 4KB) that are stored on your computer when instructed by the Web site you are visiting.  They are typically used to track information about you on your computer as well as to customize Web sites based on the state information collected. Cookies  The main concern with cookies is their stealth use without people's knowledge or permission in harmful ways.  Browsers provide various ways to block certain tracking cookies if desired. However, the advent of supercookies has radically changed the landscape of online privacy.  Compared to the regular cookies, they don't expire on their own; can store a lot more information about you (e.g., Flash cookies can store up to 100KB); live outside a browser and hence they can circumvent browser privacy protections.  According to an article from Stanford, they are capable of respawning a user's cookie even after it has been deleted by the user.   Reportedly mounting criticisms have led Microsoft and Hulu among other sites to suspend the use of supercookies for targeted advertising.

Related article



Who sends the most spam?

June 13, 2011 (posted by Ng Chong) -  Spam need no introduction.  Every day a deluge of spam mail floods the Internet wasting countless computing and human resources.  Hijacked computers are spam haveStop Spamns and as their number continues to grow by leaps and bounds, the problem is not getting better.  SpamRankings, an incentive-oriented initiative aims to reduce spam by publicizing and ranking the names and addresses (ASNs) of organizations that are prolific spam senders, with an initial focus on health-care providers that have been infected by spam bots.  It is the hope of the creators that the publicity will drive up pressure on organizations to clean up their acts and pay more attention to security.



audio captchaAudio CAPTCHAS Cracked

May 29, 2011 (posted by Ng Chong) - CAPTCHAS (short for Completely Automated Public Turing test to tell Computers and Humans Apart) are often the first line of defense to protect web forms from intrusive, automated attacks such as spambots.  Captchas normally consist of distorted images of letters and numbers that are hard for computers to decipher, and are often complemented by an audio version for the visually impaired. Researchers from Stanford University developed Decaptcha, a machine-learning program that can be trained to understand audio captchas.  In a test, it successfully decoded Microsoft's audio captchas 50% of the time, Yahoo 45.5% of the time and Digg 50% of the time but only 1% of the time on reCAPTCHA.  The security weakness found is quite serious as it could be exploited to create or register fraudulent email accounts, which then can be used to gain access to online services such as email, video rating and commenting.


What if a digital certificate authority gets hacked?

April 9, 2011 (posted by Ng Chong) - Secure communications and commerce on the Internet rely on encryption to Browser closed lock iconguarantee confidentiality and integrity of the interactions between websites and their visitors.  Secure websites' URLs begin with "https" and are typically identified with a closed lock icon on Web browsers. In addition to data encryption, these sites make use of a chain of digital certificates to prove their authenticity to Web browsers.  These certificates are issued and signed by a growing number of certificate authorities that browser makers trust.  According to the Electronic Frontier Foundation, there were 676 organizations issuing certificates as of December 2010.

How trustworthy are these certificates? What happens if a certificate authority falls victim of a security attack? What are the mechanisms in place to govern and validate the issuance of these certificates?  

Comodo, a certificate authority trusted by all major browsers reported a recent successful attack to some of its affiliates which are authorized to issue certificates on its behalf via the Registration Authority program.  The breach resulted in the issuance of rogue certificates for,,,,, and 'Global Trustee'.  Fraudulent certificates may be used to impersonate secure sites and launch  man-in-the-middle attacks againsts Web browser users. The Comodo security breach exposes weakness in the certificate issuing chain of the Internet trust infrastructure.

Related articles: The New York Times, ZDNET