Perspective

Posts ∙ 63 posts


Posts

A few weeks ago I put together my annual Predictions blog post for the coming year. In that post and accompanying webinar, I suggested five emerging risk areas that CISOs need to pay attention to in the coming year.

Before the holidays I ran a quick, three-question, survey of the securitymetrics.org mailing list membership about the number of passwords people use. Here are the results, drawn from 51 responses (not bad, considering the list membership is about 400 people). I’d promised the respondents that I’d share the results… so here they are.

If you are involved in your firm’s desktop security strategies (Windows in particular), you should read this:

Characterizing the IRC-based Botnet Phenomenon

This is a fact-filled but eminently readable paper about 3,290 IRC-based botnet command and control networks in China from June 2006 to June 2007. In addition to doing the normal things you’d expect to see in a botnet analysis, the researchers analyzed the extent of malware samples circulated within the botnets. They also attempted to determine the effectiveness of nine anti-virus engines in detecting the samples in circulation.

If you don’t want to read the whole thing, I’ve put together the Cliff’s Notes, at least from the perspective of a data junkie like me. Here are some of the more interesting metrics from the report. Some of these are from the report itself, and I’ve derived others. Editorial comments are in italics.