In my last post, I talked about some of the MITB attacks currently being used by modern banking trojans like URLZone and Zeus/Zbot. Although most modern-day banks have in place various security measures like multi-factor authentication to prevent online theft, based on my last article, we can see that most of these techniques are not enough to prevent MITB attacks. These techniques are mostly there to make the credentials theft difficult, but not impossible.
Today I am going to describe some other techniques (just some random thoughts) that might be used to defend against common MITB attacks.
Disclaimer: Technique #2 as explained below may already be known in the security industry. It is not my intention to take any credit for inventing this technique if it is already known. Let's just critically analyze these techniques and do a cost and benefit analysis.
Continue reading "MITB (Man in the Browser) Protection Layers" »
Becoming a millionaire has never been so easy but there are some spam emails which tempt us to believe so. Here is the recent one from my SPAM trap.
Continue reading "Kin/Beneficiary for US$20 Millions" »
Critical government, military, and civilian networks have been repeatedly infiltrated to steal our intellectual property and national secrets. So, how do we build a modern, national cyber security policy as we enter into the 44th Presidency? The Center for Strategic and International Studies' report weighed in on this topic, but I think they missed the point in their technical recommendations.
Before I go further, I should introduce myself. I'm Ashar Aziz, FireEye's CEO and founder. I'll be chiming in to write about the big picture security issues that are facing CIO/CISO's, businesses, our national cyber infrastructure, and essentially anyone who does anything on the Internet these days.
Continue reading "Barbarians Inside the Cyber Gates" »
There's lots of talk these days about how URL based signatures are quickly becoming obsolete, but rarely you see real live proof of this. Today I'll show you a couple quick examples to try to hammer the point home.
Continue reading "The case against URL blacklists" »
