Gunter Ollmann, Damballa

Outdated Assumptions

By Gunter OllmannThe term “targeted attack” gets thrown around an awful lot nowadays. In fact I’m guessing you’ll be hard pressed to find many public breach disclosures that make it to the news that aren’t labeled as having been “targeted”. It reminds me of an important quote from the character Inigo Montoya in The Princess Bride – “You keep using that word. I do not think it means what you think it means.”

Lessons From the Rustock Takedown

By Gunter OllmannAs a follow-up to the Rustock botnet news, Microsoft have identified themselves as the key instigators of the takedown.
This is the second time Microsoft’s legal team has been actively
involved in combating the botnet menace – and they obviously learned
from their previous attempt at trying to takedown the Waledac botnet.

Why You Should Write Down Your Passwords

By Gunter OllmannCommon wisdom over the last couple of decades has been to never write
down the passwords you use for accessing networked services. But is now
the time to begin writing them down? Threats are constantly evolving
and perhaps it’s time to revisit one of the longest standing idioms of
security – “never write a password down”.

By Gunter Ollmann, DamballaLast night my attention was drawn to a couple of blog entries
relating to Google and the attacks they fell victim to earlier this
year. These attacks were eventually labeled as “Operation Aurora” by
McAfee (based upon the presence of the “aurora” keyword embedded within
some of the malware).

By Gunter Ollmann, Damballa2009 saw many, many new botnet outbreaks and advancements in their criminal management. Throughout the year Damballa  tracked thousands of distinct criminal operated botnets and identified millions of newly compromised enterprise systems each day. This week I’m going to share some of our findings from the year now that we’ve finished analyzing terabytes of unique Command and Control (CnC) data.

By Gunter Ollmann, DamballaThe recent Google Advanced Persistent Threat (APT) dialogue has been
hogging the press for a week now, and each day reveals new (and often
conflicting) insight. As I mentioned on Thursdays blog – “Preemptive Protection” Isn’t – If You’re Battling APT’s
– this particular attack doesn’t represent some new shift in tactics.
It’s not the first APT in the world, in fact I’m pretty sure it’s not
Google’s first exposure to APT’s, and I’m certain it isn’t going to the
last. In fact I’d say its a safe bet to say that there are several
other equivalent APT successes currently operating within Google’s
networks waiting to be discovered. Such is the state of the threat.

Guest editorial by Gunter OllmannBotnets come in all shapes and sizes and if you can’t find one that fits your unique purposes off-the-rack, it’s trivial to create a custom one using a do-it-yourself construction kit – which helps to explain the diversity we’re seeing within the enterprise. In general though, enterprise-targeted botnets tend to be a different breed – make use of enterprise-specific functionality (e.g. being proxy aware and exploiting vulnerabilities over the network that would be blocked by perimeter firewalls) – and their objectives tend to be more “refined” and clearly criminal.

By Gunter Ollmann
It’s like one of those magic candles people place on birthday cakes that sparkle and relight themselves each time you think they’ve been blown out. That’s how I’d define the most recent ignition of the “bugs for cash” debate.

By now you’ll have probably heard that Dino Dai Zovi, Charlie Miller and Alex Sotirov have declared “No more free bugs” (Dai Zovi affirms his position and provides insight to his side of the argument over on his blog titled “No more free bugs”).