I was checking my server logs today and found there are quite a lot of ssh brute force attempts recently, I did a quick grep sudo grep ‘invalid’ /var/log/auth.log*|grep -v “;”|wc -l And returns 2595 . Looking further into this, turns out they are initialized by 43 unique IPs, 27 of them have more than 5 failure attempts.

Read the original:
Block brute force attacks with iptables

Ryan Barnett from Breach Security posted a very detailed distributed brute force attacks against yahoo on his blog . He did a superb job on introducing the problem, analyzing the attacks and proposing defensive takeaways. I took some time to put up a simple perl script to attempt to simulate the attack, the script is very straight forward: it reads username and password files from two separate files.

Read this article:
"Distributed Brute Force Attacks Against Yahoo! Mail", an attempt to reproduce the attack

Adobe will overtake Microsoft as the primary target for hackers and virus writers in 2010, net-security firm McAfee predicts.

Attacks targeting vulnerabilities in Acrobat Reader and Flash are already commonplace, driven in part by that software’s widespread use. The often-tricky update process and lack of user awareness that apps as well as browsers and Windows need updating further compounds the problem of PDF-based malware - which McAfee reckons will only increase next year.

See more from the orginal:

Adobe predicted as top 2010 hacker target

An organization that monitors the size and scope of botnet activity estimates that 7 million machines remain infected with the Conficker/Downadup worm, making up a zombie army awaiting orders from the cybercriminals behind the massive Conficker botnet.

Security experts say the good news is that the Conficker bots are still being closely monitored to detect any signs of activity. Despite the botnet’s size, it would be difficult for anyone to use it to make money or break it up and rent portions out without being detected, said Mikko Hyppönen, chief research officer at F-Secure Corp. Hyppönen said those behind Conficker would be safer to abandon it altogether or risk being caught by law enforcement eager to follow a money trail.

“Conficker was unique in many ways and the biggest mystery around Conficker is why?” Hyppönen said. “The most logical explanation is that Conficker got too big and too noisy. It attracted too much attention.”

See more from the original here:

Conficker-infected machines now number 7 million, Shadowserver finds

Strong two-factor authentication is falling short, and businesses need to take notice, according to a report from Gartner.

In a new report, “Where Strong Authentication Fails and What You Can Do About It,” Gartner analyst Avivah Litan contends that Trojan-based, man-in-the-browser attacks are circumventing strong two-factor authentication and proving that any authentication method that relies on browser communications can be defeated. This includes chip cards and biometric technologies.

See More from the original:

2-Factor Authentication Falling Short for Security

The German government is planning to establish a botnet cleanup helpline for computer users affected by malware infection.

ISPs are teaming up with the German Federal Office for Information Security (BSI) to set up an operation geared towards cleansing consumer systems from botnet infestation. ISPs will track down infected machines, before directing users towards a website offering advice and an associated call centre, staffed by around 40.

The project, due to start in 2010, was announced on Tuesday at the German IT summit in Stuttgart. No funding details were provided.

See more from Original here:

German ISPs team up with gov agency to clean up botnet

A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits.

The SQL injection attacks started in late November and appear to be the work of a relatively new malware gang, said Mary Landesman, a researcher with ScanSafe, a web security firm recently acquired by Cisco Systems. Hacked sites contain an invisible iframe that silently redirects users to 318x .com (a space has been added to protect the clueless), which goes on to exploit known vulnerabilities in at least five applications.

See the original link for more:

Potent malware link infects almost 300,000 webpages

Google safebrowsing results

I was on the fence of whether to sign up a twitter account, one message caught my eyes during sign up: Too obvious, when I typed 1234567 in the password field. It made me wonder how twitter detects password strength.

Read this article:
how twitter detects password strength & weak password list

Still, are Microsoft’s cost cuts enough? Google Apps, by comparison, which includes apps for documents, spreadsheets and presentations, in addition to email, costs only $50 per user per year. Markezich’s response is that Microsoft offers a scaled-down version of Exchange Online, designed for employees who aren’t frequent PC users, for $24 a year, and a scaled-down version of BPOS for $36 a year. What’s more, “we’re not seeing any inclination that Zoho or Google or Zimbra or any other of those offering fake Office capabilities can replace [Microsoft Office],” Ron Markezich, corporate VP of Microsoft Online said.

See Original for more:

Microsoft calls Zoho, Google Docs the Fake office

Zoho’ s post

Prevx, the anti-malware vendor that claimed a Microsoft patch caused users to experience black screens of death, has backtracked and apologized. Yesterday, Microsoft denied that there were any problems with the patch, and even hinted that Prevx users (or others) who experienced the problem might really be dealing with an untreated virus.

See more from the original:

Microsoft Patches Not Responsible for Black Screen

Sans Internet Strom Center Diary