Security Advisor
Who's Still Talking About Conficker? Microsoft Is
Listening to Tim Rains, director of Microsoft Trustworthy Computing, discuss today's release of the semi-annual Microsoft Security Intelligence Report (SIR), one might think it's 2008 all over again. And that's because Microsoft chose to spotlight that pesky Conficker worm that we've all been dealing with for the past four or so years.
So why is Microsoft sending up the smoke signals for a worm that hasn't seen a variant in over two years? Because the infection continues to spread. Microsoft said that over 600 million systems fell victim to it during the second half of 2011.
What's even more disheartening is the fact that 92 percent of these infections were caused by a hacker either swiping or guessing your password.
If I was a software developer like Microsoft, this figure would get under my skin. No matter how well you secure your products, no matter how quickly you respond to found vulnerabilities and no matter how much you beat the drum for stronger passwords (look at today's SIR release), you can't fully protect against bad habits and user ignorance.
How do you deal with user ignorance when it comes to passwords in your organization? Are you guilty of employing unsafe, yet easy-to-remember passwords? Let me know at [email protected].
US Drops on the Spam List
For the first time since security firm Sophos has been studying spam, the U.S. is finally not the head of its "dirty dozen" for junk e-mail origination. That (dis)honor now goes to India, where about 1 in 10 unwanted e-mail comes from.
The U.S. drops to second with 8.7 percent of all worldwide spam, and South Korea wins bronze with its 5.7 percent share.
Sophos also found that an alarming 80 percent of spammers don't even know they're involved. They're sending out large amounts of trash, thanks to the work of hijacking hackers.
A glimmer of good news in Sophos' largely negative report is that worldwide spam is down. Hooray! That's because spammers are finding more success getting to you through social networking sites. Boo!
Is Privacy Completely Dead?
Besides writing duties for this blog, one of my tasks is to go through the comments on MCPmag and its sister's sites to weed out the pertinent conversations from those wanting to sell readers knockoff Prada bags and an incredible 80 percent discount.
One caught my eye that was discussing the idea of privacy now that we live in the age of the Internet:
"I'm going to go out on a limb here and say that there is no way short of leaving the Internet in its entirety that anyone can hope to reclaim some semblance of privacy as we once knew it. And even then, the person leaving the Internet has left footprints all over the virtual veldt.
"The Internet is a network of networks. People who are interested in gathering intelligence on their fellow human beings have all the interconnectedness they need to hunt down that sort of information. And we, the Internet users, are all too willing to share it in order to have access to the services that the first group provides as an incentive to get that information they crave. Add to that automated daemons that scour the 'Net for information of interest, and massive database engines that collect, collate and corroborate all the myriad bits and bytes, and you have the greatest privacy destruction engine the world has ever seen. And if you're interested in your privacy, don't expect the government of our nation states to come to your rescue -- it's in its best interest to be able to accumulate as much information on its citizens as it can in order to facilitate social cohesion and stability.
"Does this sound too cynical? Too cut and dried? Really? When the UK is becoming a surveillance society, when we have Congress considering CISPA, when we have Facebook hoovering up information daily by the terabyte, is this really anything more than a précis of the true situation? Privacy as we knew it died a long time ago; we're now arguing about its dried-out corpse. Pandora's box was opened; the demons have multiplied, and even a bigger box is not going to retrieve them." -- Den
Does Den have it right? Can we not go back to a simpler, more private existence due to the Internet? Does the access of information come with the cost of privacy? Let me know what you think at [email protected].