NASA Announcement Coming

Just got an email announcing a press conference NASA has scheduled for Thursday at 2pm to discuss an “astrobiology finding that will impact the search for evidence of extraterrestrial life.”   Cerrtainly piqued my interest.  Rumors abound, ranging from “proof of life on Titan” to “first contact has been made,” depending on how optimistic you choose to be.  I just hope it’s not some lame announcement regarding the shuttle or space-station…

Update:  Cat’s outta the bag, NASA has found a new life form.  One that DOES NOT share the biological building blocks of anything currently living on planet Earth.  Unfortunately, it was not detected on Mars (or Uranus!), but rather a highly toxic lake in California.


Update:  Here is the official announcement.  Microbes that use arsenic instead of phosphorous in its DNA and cellular material.


WikiLeaks Site Attacked Again

Wikileaks has been hit by a second distributed denial of service attack.  The renewed DDoS attack followed attempts to knock the site off the web on Sunday night as it prepared to release the controversial hundreds of thousands of US diplomatic cables.

According to The Register, the site confirmed the latest attack on its Twitter feed Tuesday afternoon.  Analysis of the first attack by experts Arbor Networks shows that the attack threw a relatively modest 2-4Gbps at the site for several hours.  Modest by the standards of other similar attacks this year, it was severe enough for Wikileaks to move its systems back into Amazon’s cloud infrastructure to seek shelter from the onslaught.

WikiLeaks To Release US Bank Docs

Reuters has posted that Forbes Magazine reports that the now infamous whistle-blower website, WikiLeaks, plans to release tens of thousands of internal documents from a major US bank early next year.  Describing the release as a “megaleak” involving  a bank that is still doing business, Julian Assange suggests that it will “give a true and representative insight into how banks behave at the executive level in a way that will stimulate investigations and reforms”, comparing the release to the Enron email revelations.

“There will be some flagrant violations, unethical practices that will be revealed, but it will also be all the supporting decision-making structures and the internal executive ethos … and that’s tremendously valuable.  You could call it the ecosystem of corruption, but it’s also all the regular decision making that turns a blind eye to and supports unethical practices: the oversight that’s not done, the priorities of executives, how they think they’re fulfilling their own self-interest,” he said.

Assange also hinted that his group has material on many businesses and governments, including some on pharmaceutical companies, which he did not identify.

Personally, I am of two minds regarding these releases.  I am both skeptical of the quality and reliability of what may or may not be authenic documentation, and concerned about the lack of the affected organizations’ ability to detect and correct the leakage.  The sources of these leaks must be found, but the transparency of all organizations must be increased if there is indeed illegal, illicit or questionably moral activity going on inside.

I find myself suspicious of the intentions of WikiLeaks, and wonder just how it is that it can release damagaing information on such high profile businesses and people without seeming to suffer any serious repercussions.  Why hasn’t the owner and all of his critical staff been “disappeared”?  When I can read in the press how Boris, the Russian mobster can hire North American muscle to intimidate or persuade Security Researchers to go away, and drug cartels can get US and Mexican thugs to take care of their “problems”, how is it that these guys seem so untouchable?

Also, if WikiLeaks could get this information out of a bank, pharmaceutical company or government installation, who’s to say that a competitor or someone with an axe to grind couldn’t do the same?  Own a company?  Work for one that might want to protect its information assets, regardless of the reasons?  Time to Google “Data Leakage Prevention” and start doing your homework.

WikiLeaks info from Bruce Schneier:

Free & Paid Antivirus Programs Compared

PCWorld has teamed up with AV-Test for another comparison of Antivirus products for 2010, examining all 4 levels of antivirus products: free, paid, suites, and “premium” suites.   Moving up the ladder from free antivirus to premium suites typically provides more features, like content filtering, identity theft protection, firewalls, parental controls, and system performance tools.

Their findings indicate the big differentiator is Technical Support.  If you are security savvy, you won’t need too much help installing, running, dealing with with alerts, maintaining updates and upgrades, and can probably use one or more of the free product offerings.  However, if you rely on cousin Fred or that kid down the block for computer help, ignore or are unsure what to do when you receive an A/V or firewall alert, or can’t afford to “waste” time keeping up with the threats, vulnerabilities and protective controls that security gurus monitor, a commercial product is more likely to fill your needs.

Something to keep in mind, no matter what product you choose, I have had excellent experience with the combination of both free and commercial A/V software in conjunction with PCTools’ ThreatFire A/V enhancement product.  ThreatFire adds a behavioral detection and file integrity capabilities to most A/V engines.  Bear in mind that you will receive a number of alerts as the product “learns” what is normal for your system, which executables are present, and whenever one of these changes or changes behaviors.

Check out the surprising results.

Sun Solaris Patches

Just in case you missed this on Friday too, Sun has released details of 3 soalris component vulnerabilities:

All patches are available through “sunsolve”.

VMware Patch

VMWare has released a patch for their virtual service console kernel for Vmware ESX 4.1, to fix a stack pointer underflow issue that appears to provide a local account privilege elevation problem.   If you’re running VMware, you will want to read and assess this patch for your environment.

SecureList – Internet Fraud for Dummies

As long as there are people with money, fraud will exist.  It can be found everywhere and the Internet is no exception.  As the conclusion of an online article by Kaspersky says, it is found in email, on social networks, and on various websites.  Over the years, criminals have invented new tactics, but the scams are ultimately the same.  The only protection users can expect comes through awareness and self-preseravtion in the virtual space. 

I must thank Darya Gudkova for writing such a comprehensive overview of online fraud, Kaspersky Labs for sponsoring and maintaining the SecureList website, and hope that you find the advice and information in this article helpful, especially as we head towards another high-risk holiday season.

Internet Fraud for Dummies