Security researchers are split over the seriousness of a web attack dubbed "Nine-ball" which broke onto the internet last week. Websense last week reported a web attack dubbed "Nine-ball", a moniker derived from the name of ninetorag.in, one of the malware hosts associated with the assault, had claimed 40,000 website victims. …
Cat out of the bag
Is this not just more proof that the so-called security consultants and experts only exist because of fear, and need to encourage that fear in order to surive?
The silly season has begun
"A confusing factor is that there is not one clear infection path. With no fixed start point, no set route and no fixed end point, linking a series together and appreciating that it’s all part of the same campaign is not an easy thing to do"
The old philosophical question: "what does it all mean"?
hmm been stung
We're not all out to rip you off you know!
Some of us do still want to make the internet/YOUR network a safer place ;-)
Unfortunatly We're going to stay around for a long time until network administrators/ and Users can devote significant resources to learning how to secure their systems (read: never going to happen).
Lots of Love
A Securty Consultant
No we're right
No, we know better. We are. Beleive us not them. Our scanning technology is better.
to @Paul Smith
"Is this not just more proof that the so-called security consultants and experts only exist because of fear, and need to encourage that fear in order to surive?"
I'm not security expert, but this comment stilll hurts ...
personally, I think that
1. server owners should be more responsible, there are too many dumbasses who just start web server, connect it to the internet, don't even correctly fill admin email address and walk away. Thanks to them we have so many zombies out there
2. I will be willing to pay my internet provider for virus packet inspection of my incoming traffic. Yes it does not cover 100%, but if it catches 95% of viruses then I'm happy. I really don't get why internet providers are not more proactive
@ AC, 1554
"A Securty Consultant"
I do hope this isn't indicative of the qualifications needed to become an IT security consultant...
In other words, one group is calling it "a complex, full-bodied pinot noir" and the everybody else says "It's grape juice."
The ones i really hate are the ones that end up on the BBC talking about how much of a threat to the world mydoom is. (In 2009)
The real ones. Are the ones that write their own blogs. And understand what a stack overflow is.
Instead of telling a company to "install a anti-virus"
Sod the beer icon
wheres the popcorn one ??
(and wtf is THIS icon for?)
"The real ones. Are the ones that write their own blogs."
I know of zero real so-called "security consultants" who maintain a blog.
What icons? Icons are for AOLers (kinda like the stock sans serif font, which I also don't see).
 They are known as "security administrators" in RealLife(tm). You can tell the fake ones from the real ones fairly easily. The fake ones babble about "cyber security", which doesn't exist.
" "A Securty Consultant"
I do hope this isn't indicative of the qualifications needed to become an IT security consultant... "
Perfect chance to use the new "pedantic grammar nazi alert" icon...
so-called security consultants
Please correct me if you think I have any of this wrong.
A good security consultant will secure your network against current risks and propose procedures to ensure regular patching/updates. For a SMB, call it two days consultancy, once a year. Fifty SMB's on your books and you can make a comfortable living.
A not so good security consultant will not secure your network. In fact they will tell you again, and again how dangerous the internet is and how hard it is to stay safe from zero day exposure and why you need their services at least once every couple of months to install the latest patchs, plus emergancy call outs, plus clean up expenses. Say ten to fifteen SMB's required for a comfortable living?
The good consultant will also configure the mail servers to not accept mail unless correctly and exactly addressed, (no more best guess spam) and will also configure transmission limits, (no more zombies pumping out shite). Has either step been taken on your network?
to Paul Smith
Yes there are tons of loosers of there who bullsh**t about security, but come on.
I was never "security consultant" and never will be, I was used to manage back in the old days few smaller networks and it took far more than 2x a year check.