During the incident response process we often come across a situation where a compromised system wasn't powered off by a user or administrator. This is a great opportunity to acquire much valuable information, which is irretrievably lost after powering off. I'm referring to things such as: running processes, open TCP/UDP ports, program images which are deleted but still running in main memory, the contents of buffers, queues of connection requests, established connections and modules loaded into part of the virtual memory that is reserved for the Linux kernel.
Science fiction often depicts a future where retinal scans are common and fingerprint scans replace passwords and even door keys. It may be science fiction no longer: A government agency is examining the possibility of applying biometrics to curb identity theft. A little-known provision of the Fair and Accurate Credit Transaction Act of 2003 requires the Department of the Treasury to examine the use of biometric technology as a security tactic. The FACT Act's primary mandate is that customers be notified when banks send credit bureaus negative reports on them.
A client called me a few weeks back cursing like Joe Pesci with Tourette's Syndrome. He had found himself defending against a maelstrom of security issues that had "become unmanageable" as he put it.
This was right at the time that we were dealing with yet another round of e-mail-borne worms and viruses, while simultaneously drowning in urgent doomsday warnings about the ASN.1 issue -- presented as the "Oh my Lord in Heaven" vulnerability by everyone and their grandmother.
A new malicious computer program has been detected that can create networks of remotely controlled computers to take part in online attacks, send junk e-mail messages as spam and engage in other shady activities common to the bad neighborhoods of cyberspace.
The new program, known as "phatbot" or "polybot," uses technology like that developed for file-sharing networks like Gnutella and KaZaa to control the machines. ("Bot" is shorthand for "software robot," a term generally applied to automated software.)
More than 1,400 Canadians, primarily in the provinces of British Columbia and Alberta, have been notified of a major security breach at Equifax Canada Inc., a national consumer-credit reporting agency.
Equifax confirmed yesterday that it discovered the breach in late February and has notified affected consumers via registered mail asking that they contact the agency to review the contents of their respected credit files.