Unlike members of the insect family, computer software bugs live forever. Software security bugs (well, flaws) are especially troubling since they demand respect from every software developer now and forever. We want to believe we can "eradicate" software flaws through reviews, testing, and vigilance. Eradication is a myth. A flaw's spores simply go dormant to... Continue Reading →
To the left we see part of a malicious email. The author brags about how the From address is the same as the To address. This is supposed to mean that the author has broken into my email account. I have been waiting patiently for someone to mail one of these to me. Now I... Continue Reading →
Here's a clever two-step attack on a Macintosh. First, the victim downloads a file - it may be enough to email it to the victim as an attachment. Second, the victim opens a file or clicks a link. This executes the downloaded file. Yipes!
I received an impressive email scam recently. My response was to forward it to the email provider's abuse contact (firstname.lastname@example.org) and file a complaint with the Internet Crime Complaint Center (ic3.gov). I'll include the whole email later. The bottom line: Scammer has my password and will humiliate me if I don't pay $1900 in bitcoin.... Continue Reading →
My textbook lists categories of cyber-attacks that focus on an attack's lasting impact: how does it affect the target's assets and resources? Since the categories really reflect the attack's impact on the target, they really represent risks. Here are the categories I use right now: Denial of service - Pillage - Subversion Masquerade - Forgery - Disclosure This is a... Continue Reading →