Beware False Positives - Real Threat Assessment

Boston got caught by a wicked "false-positive."

Austin didn't: Cartoon Network Stunt Didn’t Cause Problems In Austin.

Apparently Texans are either too savvy to panic at a finger-flashing LED display or too busy to notice.

As most of us are not highly trained law-enforcement personal like Jack Bauer, it can be difficult to really assess if a object, person, or action is a real hostile threat going about our daily lives.

Honest mistakes can happen....

Recent Schneier on Security Highlights

• Non-Terrorist Embarrassment in Boston - Security guru Bruce Schneier takes a hard look at the Mooninite invasion.

• The Psychology of Security - Essay in Progress by Bruce on how our brains work and fail at assessing security threats and "...why our feeling of security so often diverges from reality."

• Dave Barry on Superbowl Security: Super security: Bad guys don't stand a chance - Very funny

New (to me) Security Blogs

I've mentioned before that I try to do a daily review of RSS feeds on computer security topics and websites. This helps to get me focused on the right frame of mind as I begin my workday. From time to time I will be able to identify either a growing threat and/or solution and share it with the "powers that be."

Two new computer security blogs I've added to my RSS feed list recent are Mark Curphey's SecurityBuddha.com and .:Computer Defense:. Both bloggers have a really down-to-earth style of writing that avoids the try techno-speak.

Thanks to Computer Defense, I was led to a newly-birthed blog, A Random View of an Insecure World. It looks to be off to a interesting start.

Network and Computer Threat Portals

So there, I learned about rpoppa's views on global computer and threat trend pages (he has some points) and particularly the Arbor Atlas - Global Summary Dashboard threat portal.

Overall, it is a well designed threat-page. It provides a global map of active threats, summaries of current threats, a vulnerability risk index, top scanned services, and top threat sources.

Not a bad place to check in at periodically.

That got me looking and reviewing for more:

• SANS Internet Storm Center - Still my number one place to check daily for network and computer related security tips, techniques and threat information.

• ATLAS Dashboard: Global Summary - mentioned above.

• Postini: Stat Track - Resource center with information about Directory Harvest Attacks (DHAs), spam activity levels, virus frequency, and they have maps too!

• McAfee Threat Center - Good information about breaking threats, current malware, potentially unwanted programs (PUPs), spam activity, Top Phish scams, and vulnerabilities. Yep, maps here as well.

• Vulnerability and Virus Information - Secunia - I like this site a lot. Security highlights, advisories, information and statistics. No maps.

• FrSIRT - Security Research and Cyber Threats Monitoring 24/7 - Security highlights, advisories, and malware alerts. Color coded to stress you out.

• Welcome to CERT! - Security Alerts, current activity lists, and vulnerability resources at a glace.

• Virus Bulletin : Independent Malware Advice - provides quite a lot of virus, malware, and spam-related information, reviews and analyses. Free registration is required to access their informative archives and content.

New Anti-Malware Products

Released: Sunbelt Software's CounterSpy v2. A well updated program that has a long and solid history of helping home user's keep their pc's clean. More details on the enhancements at the SunbeltBlog. Free 15-day full-version trial. Low consumer-friendly price.

In development: Lavasoft is working on its latest version of the popular anti-spyware product Ad-Aware SE Personal. According to a February 5th post on the Lavasoft Blog, the new version will be named Ad-Aware 2007 and come in both Free, Plus, and Pro versions. Currently they are looking for folks willing to become a registered Lavasoft beta tester. So if you can't wait for the spring targeted release, and are willing to put up with beta software, this might be a good opportunity.

Did you know that Lavasoft offers some extensions, tools, and themes that can plug-into Ad-Aware?

• FileSpecs - for Ad=Aware Pro only - gives additional data on files located during the scan.

• HexDump - view information on files - such as cookies - like who the originator was.

• LSP Explorer - view active Layered Service Providers (LSP's) on your system.

• Messenger-Control - disable the Windows Messenger Service.

• OE/W Messenger-Control - disables the Windows Messenger Service from running if you use Outlook Express.

• Tweak SE - Tweak items and features of Ad-Aware. Handy tool to customize the program.

• Skins (free) - Yellow Sky, Greyscale, Medium Blue, and the Default

Keep safe,

--Claus