Dynamics of (In)Security

Article in The Guardian’s Information Security 2011 supplement

2011-04-14T13:28:00.001+02:00

I wrote an article to be published in the The Guardian’s Information Security 2011 supplement. AbstractPicture this scenario. You walk into your local supermarket to buy your weekly groceries and just before you drop an item of produce into your trolley, you quickly scan it over for freshness and check its expiry date. You wouldn’t knowingly choose something that was marked out-of-date. And if

Cybercriminals do not need administrative privileges

2011-04-08T14:36:00.001+02:00

For years the software industry has promoted reduced privileges for user accounts as a key security best practice to prevent misuse and successful exploitation of end-point systems. There are two main rationales/assumptions that back up this strategy: A) malware requires administrative access to successfully exploit and compromise a system, and B) users without administrative access are

Why cybercriminals do not need to target Microsoft

2010-09-28T11:57:00.015+02:00

Next week Secunia will be at the e-Crime Mid Year Meeting 2010 in London. I am presenting on October 5th at 10:20h and 12:45h covering the topic "Why cybercriminals do not need to target Microsoft” - providing a closer look at the fundamental failings of end-point security that turn most of us into easy prey for cybercriminals. Following is an abstract of my talk: This seminar explores the

An alarming trend for end-user security

2010-08-25T15:00:00.013+02:00

Secunia has just released the first Secunia Half Year Security Report 2010, where I elaborate on the evolution of the security threat posed by vulnerabilities, and provide projections for the 2010 vulnerability levels. With this report we continue to publish results from my research into the threats typical end-users face when surfing the Internet.Earlier this year, in the RSA 2010 paper The

“Silent updates” vs. “loss of control”

2009-05-05T10:29:00.030+02:00

In recent years the Web browser has increasingly become the number one target as an infection vector for vulnerable hosts.With researchers from Google and IBM Internet Security Systems we analyzed the patch level of the global Web browser population in our “Insecurity Iceberg” study, published at DefCon 16 in 2008. We found that at any day from January 2007 to June 2008 at least 45.2%, or 637

Welcome to the Dynamics of (In)Security

2009-05-04T11:37:00.003+02:00

After several years in IT security and research it is about time for me to provide a better platform for publications and interactivity. My “Dynamics of (In)Security” blog will be 1) a place for the publication of findings that neither justify a whitepaper nor an academic publication, and 2) a platform for feedback on my research. As I won’t start a new blog without content lined up - wait for