Brian Prince

A security researcher has uncovered new details on the malware behind one of the largest ongoing cyber-crime operations on the Internet. Known alternatively as the Clampi, Ligats or Ilomo Trojan, the malware is believed to have been infecting computers since 2007. Today, it is believed to have swiped data from hundreds of thousands of Windows […]

IBM has acquired Ounce Labs to bolster its application testing abilities. The move underscores the demand for vulnerability testing, which analysts say has continued to grow even in the face of an economic downturn. According to Gartner, the market for both dynamic and static testing has grown steadily during the past few years and now […]

A Day in the Life of the Rustock Botnet by Brian Prince Evolution of Rustock This is a picture of the early evolution of the Rustock backdoor Trojan. Totmau is a Trojan Symantec found a few months before Rustock was discovered. Researchers there suspect the malware authors may be the same or connected, but that […]

Will Google Chrome OS Security Be Tough Enough? by Brian Prince Locking Down the OS Given that the focus is on supporting cloud applications, this should come naturally. By turning Google Chrome OS into a “toaster” and running primarily—if not only—Web apps like Google Docs and Picasa, Google can substantially reduce the attack surface, noted […]

Oracle has announced the release of Oracle TimesTen In-Memory Database 11g as well as a new database caching option in a nod toward the middle tier. The TimesTen In-Memory Database is a stand-alone in-memory relational database with full persistence and recoverability. With the caching option, Oracle is looking to improve application performance by caching data […]

Microsoft made good on its promise to deliver two out-of-band security bulletins July 28 that cover vulnerabilities in Internet Explorer and Visual Studio. All told, the bulletins cover six bugs in IE and Visual Studio. MS09-035, the Visual Studio bulletin, provides an updated copy of the ATL (Active Template Library) that swats three bugs in […]

For all that has been written and said about the notorious Conficker worm, much remains unknown to the public. Who was behind it? What was their motive? Unfortunately, those mysteries will not be unraveled this week at the Black Hat security conference, when F-Secure Chief Research Officer Mikko Hypponen gives his presentation on the worm. […]

A security researcher who has asserted Apple’s iPhone 3GS is not enterprise-ready has posted tutorials on YouTube to back up his claims. Jonathan Zdziarski, who teaches forensic classes about recovering data from the iPhone, has posted two tutorials to YouTube to demonstrate issues he contends are serious enough to make IT pros leave the iPhone […]

AT&T blocked portions of the 4chan.org bulletin board July 25 and 26 in response to denial-of-service attacks against an AT&T customer, touching off a debate on censorship and network neutrality. In response to criticism, AT&T stressed that it moved against 4chan.org because of the attack, and not because of content posted there. Click here to […]

Kaspersky Lab released some interesting statistics recently in a technical whitepaper. As part of its research into the cyber-underground, the company took a look at how botmasters are pricing the networks under their control. The prices cover a fairly large range, and depend on both what buyers are interested in and what they plan to […]