Good morning, folks. Highlights this week include a new episode of the Security Kahuna Podcast (with Dave Lewis, Martin McKeay and I), and some previews of the upcoming Q4 State of the Internet – Security report.
The Trouble With Bots, Spiders and Scrapers
Third-party content bots and scrapers are becoming more prevalent as developers seek to gather, store, sort and present a wealth of information available from other websites.
Security Kahuna Podcast, 1-13-15
Microsoft's announcement that it will no longer offer advance patch notification to the masses has rekindled the debate over how best to handle vulnerability disclosure. Bill Brenner, Dave Lewis and Martin McKeay discuss this and other issues.
Open Redirect, XSS and SEO Attacks
Ezra Caltum writes: A couple of months ago, my colleague Or Katz published an article about an interesting trend that he uncovered, in which Black Hat SEO marketers where abusing Open Redirect vulnerabilities on popular websites to increase the popularity of advertisement sites. While performing unrelated attack trend analysis, I recently stumbled upon an interesting finding that further demonstrates the use of web application layer vulnerabilities for SEO purposes. https://blogs.akamai.com/2015/01/open-redirect-xss-and-seo-attacks.html
TCP Flag DDoS Attack by Lizard Squad Indicates DDoS Tool Development
Selected as the Spotlight Attack for the quarter in the Q4 2014 State of the Internet - Security Report , which will be available later this month, the multiple TCP flag DDoS attack was part of a DDoS attack campaign launched against an Akamai customer in August and again in December. The attack achieved its goal in that it generated high traffic volumes and high packet rates. Of course, Akamai scrubbed the malicious traffic, sending only clean traffic to the customer.
ShmooCon Security Conference This Weekend
ShmooCon has always been one of my favorite security conferences. Unfortunately, I can't be there this year. But for those who are going this weekend, here's what to expect.
3 Problems With UK PM Cameron's Crypto Proposal
By Dave Lewis, in Forbes… It seems that David Cameron has a desire to return the UK to an agrarian society. This by virtue of his promise to ensure that their are backdoors in encryption implementations so that law enforcement could monitor all encrypted traffic in the UK. This week the UK prime minister dropped a gem of a missive. He let it known that should his party regain power for another term that he would see to it that encryption would only be allowed that could surveilled by the government.
By Bill Brenner, in Liquidmatrix… There's much alarm in the security community over new anti-hacking laws President Obama plans to float in his State of the Union address next week. The alarm is justified. But we can educate the public.