IronPort's Pat Peterson joins Robert Vamosi this week to talk about how online criminals make money using botnets.
Listen now: Download today's podcast
How do online criminals make money off of botnets? Previously, we've explored how parts of the Storm worm botnet may have been rented out to others. No matter who owns the botnet, the traffic is usually the same: spam. But what kind of spam?
IronPort Systems, a divison of Cisco, released a report this week (registration required) that identified some of the specific spam messages being used. Not surprising is the pharmaceutical spam. But criminals are also luring unsuspecting individuals with various "work from home" scams. People who fall for this are told to buy expensive products in the United States for delivery overseas. For their effort, they'll receive a percentage of the purchase price. These "money mules," as they are called, are actually cashing out stolen credit cards for foreign criminals.
CNET's Robert Vamosi spoke via phone with Pat Peterson, who is vice president of technology at IronPort.
Listen now: Download today's podcast
If you haven't tried Firefox, what are you waiting for? The latest version, Firefox 3, will soon be out, and the release candidates are stable enough these days for daily use. (Currently, RC2 is the latest build.)
What's good about Firefox 3 is that it's light on resources (even if you have 15 tabs open) and very fast--an improvement over Firefox 2 by far. What's even better are all the built-in security features.
CNET's Robert Vamosi spoke this week with Jonathan Nightingale. He is Mozilla's "Human Shield," aka its security user interface designer. Nightingale, along with Window Snyder and others on the security team at Mozilla, developed some of the cool new security features baked into Firefox 3.
Listen now: Download today's podcast
Last week, an independent security researcher announced that it was possible to install a rootkit on the Cisco IOS network, which is used for routers and voice over Internet Protocol.
This week, CNET's Robert Vamosi spoke with Ari Takanen, co-founder and chief technology officer of Codenomicon. While Takanen's company doesn't engage in vulnerability research, it creates the tools by which enterprises can check their own software for vulnerabilities.
That raises a question. Previous Security Bites episodes have featured independent researchers who, outside of a given company, have identified and made public serious vulnerabilities. One would think an independent voice might be better than one located inside a company.
Takanen disagrees. He thinks companies are doing a good job finding and fixing their own vulnerabilities outside the public's attention.
Listen now: Download today's podcast
This week, CNET's Robert Vamosi talks about spam with Matt Sergeant, senior antispam technologist for MessageLabs.
About two weeks ago, MessageLabs discovered that spammers were publishing to Google Docs. What this does, says Sergeant, is allow spammers to use Google's incredible bandwidth and also have a Web site that is never going to get blacklisted.
Also, MessageLabs this week reported an uptick in the number of spam e-mails related to the Storm worm and botnet. A few weeks ago, MessageLabs said that Storm was going away, its numbers decreasing. To paraphrase Mark Twain, the rumors of its death have been greatly exaggerated. The new burst of infections, according to Sergeant, number around 80,000.
Listen now: Download today's podcast
For years, biometric finger scanners have been used in ATMs and at the cash register. But there are problems with finger scanners. Researchers have demonstrated how a flat photograph or molded fingertip can easily fool these devices into giving a false approval. And while face recognition is improving, especially 3D facial mapping, these devices aren't yet in wide use today.
Fujitsu PalmSecure is another option. Already in use in hospitals and government offices, the device reads the hand's vein pattern using near-infrared light. This week, CNET's Robert Vamosi talks about the technology with Joel Hagberg, vice president of marketing and business development at Fujitsu Computer Products of America. Because PalmSecure reads the blue blood veins, Hagberg argues the system can't be defeated.
Listen now: Download today's podcast
A correction was made to this story. Read below for details.
Following the February 5 presidential primary, several county clerks in New Jersey asked an independent researcher to study the vote results on the state's electronic voting machines. The vendor, Sequoia, has threatened legal action, but so far hasn't taken any. Initial results suggest that there were some inconsistencies in vote tallies, although none were enough to reverse the election results themselves.
Since last year, several states have requested audits of electronic voting systems. In California, the audits resulted in some systems being scrapped for the 2008 presidential primaries. As we turn our attention to the fall 2008 presidential election, several security researchers have come forth with their own studies and suggestions. One of them is Brian Chess, chief scientist at Fortify.
Here's a recap of some of the previous Security Bites podcasts you may have missed.
- Security Bites Podcast 100: Google Docs claimed by spammers
Guest: Matt Sergeant, senior antispam technologist for MessageLabs.
Date: May 23, 2008 - Security Bites Podcast 99: Fujitsu gives biometrics a hand
Guest: Joel Hagberg, vice president of marketing and business development at Fujitsu Computer Products of America.
Date: May 16, 2008 - Security Bites Podcast 98: The good (and bad) news about electronic voting
Guest: Brian Chess, chief scientist at Fortify.
Date: May 9, 2008 - Security Bites podcast 97: SQL-injections hit the Web
Guest: Jeremiah Grossman, CTO of WhiteHat Security
Date: May 2, 2008 - Security Bites Podcast 96: PCI DSS hits Web 2.0
Guest: Danny Allan, director of security research at Watchfire, an IBM company
Date: April 25, 2008 - Security Bites Podcast 95: What's on your network?
Guest: Chris King, director of marketing for Palo Alto Networks
Date: April 18, 2008 - Security Bites Podcast 94: Dude, where's my perimeter?
Guest: Dan Geer, Verdasys
Date: March 21, 2008 - Security Bites Podcast 93: Hacking gets political
Guest: Josh Corman, principal security strategist for IBM Internet Security Systems
Date: March 17, 2008 - Security Bites Podcast 92: Why spam isn't going away
Guest: Jose Nazario, a senior security researcher at Arbor Networks
Date: March 3, 2008 - Security Bites Podcast 91: Why software sucks
Guest: Chris Wysopal of Veracode
Date: February 22, 2008 - Security Bites Podcast 90: What IT can learn from botnets
Guest: Josh Corman, host protection architect for Internet Security Systems (ISS)
Date: February 15, 2008 - Security Bites Podcast 89: Nonpersistent Web threats
Guest: Yuval Ben-Itzhak, CTO of Finjan
Date: February 11, 2008 - Security Bites Podcast 88: Here come the HTTP botnets
Guest: Jose Nazario of Arbor Networks
Date: January 11, 2008 - Security Bites Podcast 87: When Web apps attack
Guest: Chris Wysopal of Vedacode
Date: January 11, 2008 - Security Bites Podcast 86: Some truth behind identity theft
Guest: Dan Geer, CTO of Verdasys
Date: December 19, 2007 - Security Bites Podcast 85: Protecting your computer assets
Guest: Dan Geer, CTO of Verdasys
Date: December 7, 2007 - Security Bites Podcast 84: State-sponsored malware
Guest: Dave Marcus of McAfee
Date: November 29, 2007 - Security Bites Podcast 83: Battling botnets
Guest: Jose Nazario of Arbor Networks
Date: November 16, 2007 - Security Bites Podcast 82: Storm, the 'Energizer' botnet
Guest: Jose Nazario of Arbor Networks
Date: November 9, 2007 - Security Bites Podcast 81: Cracking passwords
Guest: Robert Graham, CEO of Errata Security
Date: November 2, 2007 - Security Bites Podcast 80: Why online criminals get away
Guest: Dave Merkel, Mandiant's vice president of products
Date: October 27, 2007 - Security Bites Podcast 79: Storm's brewing on the Internet
Guest: Joe Stewart of SecureWorks
Date: October 20, 2007 - Security Bites Podcast 78: Hacking via security cameras
Guest: Adrian Pastor, a London-based security researcher
Date: October 5, 2007 - Security Bites Podcast 77: Too much information
Guest: Tod Beardsley, lead counter-fraud engineer for TippingPoint
Date: September 28, 2007 - Security Bites Podcast 76: What's behind retail store data breaches
Guest: Neal Krawetz of Hacker Factor
Date: September 14, 2007 - Security Bites Podcast 75: The rise of crimeware
Guest: Yuval Ben-Itzhak, CTO of Finjan,
Date: September 7, 2007 - Security Bites Podcast 74: Phishing's effect on online commerce
Guest: Bassam Khan, vice president of marketing for Cloudmark
Date: August 31, 2007 - Security Bites Podcast 73: Spam that might just kill you
Guest: Fred Feldman, chief marketing officer at MarkMonitor
Date: August 24, 2007 - Security Bites Podcast 72: Defeating online banking security
Guest: Brendan O'Connor, an independent security researcher
Date: August 20, 2007 - Security Bites Podcast 71: Black Hat preview
Guest: Fortify's Brian Chess and Jacob West
Date: July 27, 2007 - Security Bites Podcast 70: Ajax insecurity, part II
Guest: SPI Labs' Billy Hoffman
Date: July 20, 2007 - Security Bites Podcast 69: Ajax insecurity
Guest: Bryan Sullivan, senior research engineer for SPI Labs, and Billy Hoffman, the company's lead researcher.
Date: July 13, 2007 - Security Bites Podcast 68: Joris Evers returns (kind of)
Guest: Joris Evers, McAfee
Date: June 29, 2007 - Security Bites Podcast 67: When the Web attacks
Guest: Roger Thompson of Exploit Prevention Labs
Date: June 25, 2007 - Security Bites Podcast 66: FBI cracks down on bot herders
Guest: Jose Nazario of Arbor Networks
Date: June 15, 2007 - Security Bites Podcast 65: Google Desktop vulnerable to attack
Guest: Robert Hansen, also known as Rsnake
Date: June 8, 2007 - Security Bites Podcast 64: The perils of flaw disclosure
Guest: security researcher Christopher Soghoian
Date: June 1, 2007 - Security Bites Podcast 63: Skype worm jumps apps
Guest: Chris Boyd of FaceTime Communications
Date: May 25, 2007 - Security Bites Podcast 62: Wardriving retail stores
Guest: George Ou
Date: May 18, 2007
Robert Vamosi has appeared on CNN, NBC, ABC, MSNBC, and various other media outlets as an expert on computer viruses, spyware, identity theft, phishing, and other criminal activities on the Internet.
