<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

Author Archives:francisturner

Recent Posts

Block China and other simple DLP/APT remedies

Blocking foreign countries is one of the simplest and most effective ways to stop data loss and other hack attacks. If your computers/servers/users ... have no reason to communicate with devices in certain countries then a geographic block on the firewall to stop all traffic to/from them is a great way to reduce the threat of infection or data loss. What may be the most serious data breach ever - the loss of some 35 million records of personal data from the Korean company SK Comunications - would have been stopped if the SK Comunications computers had been blocked from communicating with China:

Read More

Share this:

Academic Freedom Need Not Mean Botnet Infections

ThreatSTOP has a number of universities and places of higher education as clients and, it turns out, there's a good reason for this. That reason is 'Academic Freedom' and the possibly unintended consequences of that on computers and networks.

Read More

Share this:

The ineffectiveness of AV

Over at ZDnet Ed Bott has a report on the ineffectiveness of anti-vrus tools against current malware where he notes that many AV vendors only detect it a day or two after it has been distributed and that by then a new variant that they don't detect has also been sent out. In the IT security space, this is not exactly new news. In fact here at ThreatSTOP, we've been using similar statistics in our sales pitch for about a year now and in fact the AV vendors themselves admit they have a problem. If you ask them in private that is.

Read More

Share this:

SonicWALL IP Reputation Fail

Since ThreatSTOP is an IP Reputation company, we naturally have a google news feed on the topic of 'IP reputation'. Today, for some reason, it provided a link to the IP reputation page of the firewall vendor SonicWALL. Naturally I had to test the page out to see how well it did. I picked the 4 addresses currently listed on our home page as being the "worst of the web":

Read More

Share this:

ThreatSTOP blocking osCommerce vulnerability

ThreatSTOP subscribers are protected against visiting infected osComemrce sites - current google reports over 5,000,000 hits for the vulnerability. The ip address for the most prevalent domain (willysy.com) is currently in our emergency feed, the one for the other domain (exero.eu) has been in one of our feeds for a week and has now been added to our emergency feed as well.

Read More

Share this:

ThreatSTOP IP Reputation Protects Against Zero-day Attacks

One of the themes of this blog is that IP reputation - when delivered in an actionable form the way we do at ThreatSTOP - can protect against threats that you had no idea existed. There's an interesting Reuter's report that explains the problem:

Read More

Share this:

Blocking Bot 'Call Homes' Can Stop You Losing $250,000

Over the last couple of days, Brian Krebs has reported about ACH fraud that is driven by ZeuS and SpyEye trojans/bots. Although the case law is limited it seems like banks have little or no liability if a trojan steals bank login details and, as a result, an organization's bank account is emptied.

Read More

Share this:

ThreatSTOP Blocking New Facebook Malware

There is some nasty Facebook spread malware going around at the moment. F-Secure states that the malware infects users in the US and UK and applies to both Mac and PC users.

Read More

Share this:

IP Reputation to Reduce the Risk of Being Hacked

As anyone who reads the technical, financial or even the general news is aware, May has not been a good month for Internet security. We started with Sony which appears to have been comprehensively "PWNed" by one of more groups of criminals and we end up with the news of Lockheed and PBS joining the list of victims. Needless to say these news reports have led to a lot of our customers (and potential customers) asking whether ThreatSTOP's IP Reputation can save them.

Read More

Share this:

Collateral Damage and IP Reputation

All IP reputation systems (and related filtering too for that matter) will tend to group similar things together under that assumption that if a number of them are definitely bad the rest probably are too. This isn't perfect but it generally works, as long as the system pays careful attention to corner cases to exclude any false positives.

Read More

Share this:

Home Page

ARCHIVES

see all

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter