Welcome to the SecAware blog

I spy with my beady eye ...

29 Jan 2009


Hi there!

We've just released an updated, refreshed and extended awareness module on malware, one of those enduring "core topics" that we have covered several times in the six years or so since we launched NoticeBored, and yet the threat is subtly different every year. As with the previous awareness topic, hacking, the most noticeable change lately has been the increasing use of malware for criminal purposes such as identity theft, spamming and industrial espionage. The days of viruses displaying funny graphics and playing silly tunes are long gone. It’s become much more serious, both for individuals and for organizations on the receiving end.

Malware authors are constantly exploring different modes of infection, creating new payloads and inventing novel criminal activities. Some malware modifies its own code in order to try to escape detection by pattern-matching antivirus software, or picks up new component parts through the Internet as the infection progresses (Malware As A Service!). Read more about the malware scourge in this month’s awareness module and newsletter.

15 Jan 2009

"I like to learn something new, to travel, walk on a nature"

I can't resist re-posting this hilarious 419 scam fresh from my inbox, allegedly from innocent Natalya pictured above from the JPG attached to "her" email - I say "her" because the sender was listed as Frederick somebody, hardly a common ladies' name where I come from!

Hi! I ask you to read this letter, it will not borrow a lot of your time. This letter not
advertising, but this letter from usual Russian woman which wishes to meet the man of she dream...
My name is Natalya. I'm 28 years old. My friends speak, that I - very cheerful and sociable woman
and I have good sense of humour. I like to learn something new, to travel, walk on a nature. But
unfortunately, I did not manage to meet the man to which I could trust, be very close with him and love
At my age it is time to me to reflect on family, children. But all men whom I met, did not concern
to this seriously. Therefore I have decided to try to find the man in other country. I have addressed in
agency of acquaintances and to me have offered to dispatch my letter, I have agreed... If there is even
one chance from thousand, I am ready... I believe... I so would like to give my heart, the love my
favourite person.

If you have read my letter and wish to continue dialogue, write on mine e-mail: natalyakorobkova@googlemail.com

If you will write to me only for game or to receive my photos, I ask you to stop it.
If you have decided to answer my letter, I ask you tell about yourself. It will be interesting to
me to know about you more.
What is your name?
How old are you? Your city.
Would you like to meet the woman for love?
So, I finish the letter, thanks, that you have read it. I hope, that I shall receive the answer
from you. And this hope allows me to look at the world in another way...
Please be in earnest to my letter very much. Also be fair.

I wish you good day.
Good day to you. Go forth and multiply, Natalya.

POSTSCRIPT 15th January 2009: a British man has lost £130,000 to Nigerian 419 scammers.

13 Jan 2009

Hacker desperate to avoid extradition to the US

Hacker Gary McKinnon has to date successfully avoided extradition to the US to face up to his hacking of US military systems in 2001/2002. He continues to make full use of the British and European legal systems, his latest exploit involving allegedly admitting to an offense under the UK Computer Misuse Act in an apparent attempt to be incarcerated at Her Majesty's pleasure rather than, perhaps, end up languishing in an orange jump suit in Cuba.

Admitting to the CMA offense is surely a desperate measure since it is hardly likely to improve his defense if he ever stands before the US courts.

This is all an object lesson in the perils of hacking Uncle Sam's. It could literally be a life-changing experience.

4 Jan 2009

Is hacking a governance failure?

The president of a company that develops software for oil and gas exploration was sentenced to 12 months' supervised probation and fined $2,500 for hacking a competitor using an airport's wireless network connection, according to eWeek. The company is also facing charges that it sold restricted software products to Cuba, potentially implying a wider governance failure if proven rather than simply a rogue employee, albeit a very senior one.

Governance concerns are also raised by the alleged hacking of the World Bank's systems by an IT outsourcing supplier although the supplier denies the accusations. The supplier's website proudly announces that it won "the coveted Golden Peacock Global Award for Excellence in Corporate Governance for 2008" [an award that I personally hadn't heard of, but what do I know?], so it is possible that, if true, the hacker was a lone Black Hat that the company's award-winning governance processes failed to identify and/or stop.