stories about: "mcafee"
Fri, Jul 20th 2007 3:22am
McAfee CEO Dave DeWalt has been pushing politicians to create new laws to deal with cybercrime. He says cybercrime is now a bigger business than illegal drug trafficking in the US, and that the punishment doled out to cybercriminals isn't an effective deterrent. He may have a valid point there, but new laws and sentencing guidelines don't seem to be the most effective potential tool against computer crimes -- particularly when much of this crime comes from overseas, where being caught and punished by a remote government isn't likely to stop many criminals. DeWalt says that the technical side of security is "pretty advanced", and that government is lagging. But if things really were so rosy in the computer security business, it doesn't seem like there would be much of a need for new laws. He mentions malware and phishing, two areas where he says new laws could help -- but both of these represent areas where security vendors could show some improvements too. Traditional methods, like blacklists, seem to be flagging, so some fresh thinking and innovation in the industry, not just a bunch of new laws, would be beneficial. There are some areas, though, where some stronger deterrents might be useful, such as in getting businesses and government to take the security of personal information more seriously.
Wed, Jul 18th 2007 3:27pm
from the cloak-and-dagger-or-point-and-click dept
A teenager in Washington state got sentenced to 90 days in juvenile detention this week, after he plead guilty to making some bomb threats via e-mail to a high school. It turns out that the FBI nabbed him with a piece of spyware called the Computer and Internet Protocol Address Verifier, or CIPAV. The FBI used the spyware after it had obtained server logs from Google and MySpace, which gave them an IP address that led to an infected computer in Italy. This isn't too surprising, really, but what makes it a little more intriguing is that it's not clear how the FBI slipped the program onto the kid's computer, nor how it evaded detection by anti-virus software. The most likely possibility is that they took advantage of some unpatched vulnerability on the kid's PC, with a browser or plug-in hole exploited by a MySpace web message. The question of evading security software looms larger, though, with CNet's Declan McCullagh wondering if the government persuaded security software vendors to whitelist CIPAV. He said that some vendors said they'd comply with court orders to ignore government or police spyware, and that McAfee and Microsoft wouldn't say if that's what had, in fact, happened here. Meanwhile, Kevin Poulsen over at Wired says that a more likely (and less controversial) explanation is that without ever seeing CIPAV, security software vendors can't make a signature for it, so their systems can detect it.