Nine-ball attack splits security researchers Security researchers are split over the seriousness of a web attack dubbed "Nine-ball" which broke onto the internet last week. Websense last week reported a web attack dubbed "Nine-ball", a moniker derived from the name of ninetorag.in, one of the malware hosts associated with the assault, had claimed 40,000 website victims …
"A confusing factor is that there is not one clear infection path. With no fixed start point, no set route and no fixed end point, linking a series together and appreciating that it’s all part of the same campaign is not an easy thing to do"
The old philosophical question: "what does it all mean"?
@Paul Smith
We're not all out to rip you off you know!
Some of us do still want to make the internet/YOUR network a safer place ;-)
Unfortunatly We're going to stay around for a long time until network administrators/ and Users can devote significant resources to learning how to secure their systems (read: never going to happen).
Lots of Love
A Securty Consultant
"Is this not just more proof that the so-called security consultants and experts only exist because of fear, and need to encourage that fear in order to surive?"
I'm not security expert, but this comment stilll hurts ...
personally, I think that
1. server owners should be more responsible, there are too many dumbasses who just start web server, connect it to the internet, don't even correctly fill admin email address and walk away. Thanks to them we have so many zombies out there
2. I will be willing to pay my internet provider for virus packet inspection of my incoming traffic. Yes it does not cover 100%, but if it catches 95% of viruses then I'm happy. I really don't get why internet providers are not more proactive
The ones i really hate are the ones that end up on the BBC talking about how much of a threat to the world mydoom is. (In 2009)
The real ones. Are the ones that write their own blogs. And understand what a stack overflow is.
Instead of telling a company to "install a anti-virus"
New icons?
"The real ones. Are the ones that write their own blogs."
I know of zero real so-called "security consultants[1]" who maintain a blog.
"New icons?"
What icons? Icons are for AOLers (kinda like the stock sans serif font, which I also don't see).
[1] They are known as "security administrators" in RealLife(tm). You can tell the fake ones from the real ones fairly easily. The fake ones babble about "cyber security", which doesn't exist.
Please correct me if you think I have any of this wrong.
A good security consultant will secure your network against current risks and propose procedures to ensure regular patching/updates. For a SMB, call it two days consultancy, once a year. Fifty SMB's on your books and you can make a comfortable living.
A not so good security consultant will not secure your network. In fact they will tell you again, and again how dangerous the internet is and how hard it is to stay safe from zero day exposure and why you need their services at least once every couple of months to install the latest patchs, plus emergancy call outs, plus clean up expenses. Say ten to fifteen SMB's required for a comfortable living?
The good consultant will also configure the mail servers to not accept mail unless correctly and exactly addressed, (no more best guess spam) and will also configure transmission limits, (no more zombies pumping out shite). Has either step been taken on your network?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
