blog trackingRealtime Web Statistics rarely Archives | Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘rarely’

‘Babyface hacker who paralysed a phone giant’: Son of a single mother, TalkTalk suspect, 15, is violent video game addict who rarely leaves his bedroom

Source: National Cyber Security – Produced By Gregory Evans

‘Babyface hacker who paralysed a phone giant’: Son of a single mother, TalkTalk suspect, 15, is violent video game addict who rarely leaves his bedroom

The boy of 15 arrested over the TalkTalk cyber-attack is a baby-faced loner and gaming fanatic nicknamed ‘Vicious’ who rarely leaves his bedroom. The reclusive youngster is suspected of being behind the huge security breach that has put the banking details of four million households at risk. Scores of TalkTalk customers have been targeted by fraudsters exploiting the hacked data and the firm’s share price plunged. The boy was arrested in the pebble-dashed property he shares with his single mother on a rundown estate in Northern Ireland. His online blog reveals he is obsessed with violent video games such as Grand Theft Auto. It emerged today that he himself was targeted by hackers who published his personal details on a now-deleted website for young hackers known as ‘skids’ or ‘script-kiddies’, according to The Times. The hackers abused his closest family members and called the ‘fat b****es along with pictures of him with them. Neighbours say he was being taught at home after repeated suspensions saw him kicked out of school. ‘He’s always inside, in there 24/7 and up all night in his bedroom,’ said one. A close family friend said: ‘He never wanted to go to school. He never leaves […]

For more information go to, http://www., or

The post ‘Babyface hacker who paralysed a phone giant’: Son of a single mother, TalkTalk suspect, 15, is violent video game addict who rarely leaves his bedroom appeared first on National Cyber Security.

View full post on National Cyber Security

Zero-day exploits rarely used by criminals, Microsoft finds

Software exploits, including zero-day attacks, appear to play a much smaller part in malware infections than previously thought, Microsoft’s latest Security Intelligence Report (SIRv11) has found.

The vast majority of malware infections detected by the company’s Malicious Software Removal Tool (MSRT) for the first half of 2011 depended either on user interaction or an abuse of the Windows AutoRun feature to infect PC, with these used in 44.8 percent and 26 percent of attacks respectively.

Surprisingly, despite the fear surrounding software exploits, attacks depending on these barely registered, recording just 5.6 percent of infections. More surprisingly still, under one percent of those turned out to use zero-day exploits, with not a single example of the most common malware types incorporating the method.

This is an unexpected finding. As Microsoft points out, zero day attacks are one of the most feared threat types because it appears to give the attacker the ability to compromise systems in a way that is impossible to quantify until it is too late.

Given the anxiety that surrounds them, what might account for the rarity of zero-day exploits?

The report authors carried out a more detailed analysis of the zero-day attacks they did detect, which amounted to 0.12 percent over the six month period as a whole, peaking at 0.37 percent in June.

Almost all of this detection was down to only two vulnerabilities, CVE-2011-0611 CVE-2011-2110, both affecting Adobe’s Flash Player, the latter when they are embedded in PDFs. The first exploit was patched by Adobe within a week while the second was not used by malware criminals on any scale until weeks after a patch had been issued.

The conclusions of this are that software companies (in this case Adobe) have become responsive to zero days and now patch them rapidly compared to times gone by. Second, malware writers aren’t able to exploit them fast enough for it to make any difference; by the time the exploit is included it is in all likelihood no longer a zero day.

Tellingly, Microsoft’s report suggests they probably don’t need zero days as much as some analyses have claimed. With so many other successful attack methods on offer such as AutoRun, which requires no user interaction, why trawl criminal forums to pay for zero days with a short shelf life?

The company admits that its methodology for detecting zero-day attacks might not notice those occurring in low volumes, such as would be the case in targeted attacks. Any that do occur above certain thresholds are quickly noticed and patched.

The authors end by arguing for the industry to move away from technical definitions of malware (is it a virus, a worm or a Trojan?) to “taxonomies” based on the method of propagation.

“Many of the de facto standards that security professionals use were originally formulated when the threat landscape was very different than it is today,” say the authors.

In this system, ‘social engineering’ would be one heading, regardless of the underlying technical means used, as would exploits based on patched or unpatched vulnerabilities.

“SIRv11 provides techniques and guidance to mitigate common infection vectors, and its data helps remind us that we can’t forget about the basics,” said the Malware Protection Center’s general manager, Vinny Gullotto. “Techniques such as exploiting old vulnerabilities, Win32/Autorun abuse, password cracking and social engineering remain lucrative approaches for criminals.”

Article source:

View full post on National Cyber Security » Virus/Malware/Worms

Leveson phone hacking inquiry: Former reporter reveals his articles rarely told the truth

A former reporter for the tabloid paper the Daily Star has told how he could count on his “fingers and toes” the number of stories he wrote which “genuinely” told the truth.

View full post on hacking tools — Yahoo! News Search Results

View full post on National Cyber Security By Gregory D. Evans

Hacker For Hire By Gregory Evans

Gregory D. Evans On Facebook

Parent Securty By Gregory D. Evans

National Cyber Security By Gregory D. Evans

Dating Scams By Gregory Evans