New Mega-Botnet Discovered
yahoi writes "According to the DarkReading article, 'Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the US. The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains — 51 of which are in the US government. Researchers from Finjan who found the botnet say it's controlled by six individuals, and includes machines in major banks.'"
How can we expect to clean up the botnets if the hosts are never contacted. I may think I am clean, but if I unknowingly lack the skills to know better, I would never know better, and would never do better. The big papers detailing botnets never provide enough details to know if *I* screwed up the internet.
20 characters max for the password? How will I use my favorite poems as passwords?
Cue the response of the typical /. user:
Too bad you forgot to turn off images and just got pwned by the 0 day buffer overflow the hackers discovered in libjpeg.
Ever notice that 99% of trojan and virus attacks require user intervention?
Social Engineering is the primary attack risk to a computer network once basic protection measures are taken (firewall, AV, and current updates), because users are the primary vulnerability. That's why it is usually worth the trouble to simply give the user bare minimum rights to their machines. It helps limit the damage they can cause.
This is, however, inconvenient, and so is not done universally. There are even reasons not to do it that are sound, though requiring any kind of security generally makes low user rights a necessity.
Security is mostly a superstition... Avoiding danger is no safer in the long run than outright exposure. - Helen Keller