Stories by Joan Goodchild

Why I did it: Former hacker Mitchell Frost explains his motivation

In 2006, Mitchell Frost, then a 19-year-old college student at the University of Akron, used the school's computer network to control the botnets he had created. Authorities say between August 2006 and March 2007, Frost launched a series of denial of service (DDOS) attacks against several conservative web sites, including Billoreilly.com, Anncoulter.com and Rudy Giuliani's campaign site, Joinrudy2008.com. He is accused of taking down the O'Reilly site five times, as well as disrupting the University of Akron's network during a DDOS attack Frost allegedly launched on a gaming server hosted by the university.

3 tips for using the social engineering toolkit

Two years ago, Dave Kennedy, a penetration tester, social engineering expert and contributor to the website social-engineer.com, wanted to create a tool for pen testers to simulate social engineering attacks.

Three mobile malware techniques that use social engineering

Social engineers have been using various dirty tricks to fool people for centuries. Social engineering, the art of gaining access to buildings, systems or data by exploiting human psychology, rather than by breaking in or using technical hacking techniques, is as old as crime itself and has been used in many ways for decades.

Reasons trustworthy sites can no longer be trusted

Last year, malware became increasingly more common on popular and trusted domains, according to research released this week by security firm Blue Coat Systems. Migration to popular hacked sites with trusted reputations and acceptable-use category ratings was the primary theme for hosting malware delivery infrastructure, researchers claim.

Enterprise risk management: all systems go

Understanding that security is mission-critical has led the Georgetown University Safety and Information Services departments to work together in unprecedented ways.

Skype worm no cause for panic, says expert

Security research firm Bkis earlier this month warned of a vicious virus targeting both Skype and Yahoo! Messenger. BKIS said in a <a href="http://blog.bkis.com/en/skype-new-target-of-the-worm-spreading-via-im/">blog post</a> the attack involved inserting malicious URLs into chat windows with sophisticated social engineering hooks.

How botnets get their name

There is a new kid in town in the world of botnets &#8211; isn't there always? A heavyweight spamming botnet known as Festi has only been tracked by researchers with Message Labs Intelligence since August, but is already responsible for approximately 5 percent of all global spam (around 2.5 billion spam emails per day) according to Paul Wood, senior analyst with Messagelabs, which keeps tabs on spam and botnet activity.

Rogue security software is big business for crooks

The bogus ads are everywhere. A pop-up tells you: &quot;Your computer may be infected&quot; and urges you to download security software that will scan your computer for viruses, protect it from future infection or both. The problem is most of these products are scams that give you software which is useless. In some cases, the software is even dangerous because it downloads malicious code onto your computer.
The threat from these &quot;scareware&quot; tactics is growing, according to the results of a report released this week by Symantec. The Report on Rogue Security Software reveals that cybercriminals are profiting from a highly organized affiliate-based business model that rewards scammers for selling bogus security programs to users caught off-guard by persuasive online scare tactics.

Client and web apps the two biggest cyber risks

Two major cyber risks dwarf all others, but organisations are failing to invest in the proper tools to mitigate them, choosing instead to focus security attention on lower risk areas, according to a report released Tuesday by SANS Institute.

Social Engineering: Anatomy of a Hack

As the founder of Lares, a Colorado-based security consultancy, social-engineering expert Chris Nickerson is often asked by clients to conduct penetration testing of their on-sight security. Nickerson leads a team which conducts security risk assessments in a method he refers to as Red Team Testing. Watch Nickerson and his team pull off a $24,000 heist <a href="http://video.google.com/videoplay?docid=5642547759793319840">in this video</a>.

Business Continuity in a Hurricane Zone

The corporate headquarters building for OSI Restaurant Partners is a mere 240m from the end of runway at Tampa International Airport in Florida. But according to OSI CIO Dusty Williams, that's the least of their concerns.

Despite threats, companies lag on Web 2.0 security

A new study says companies are lagging seriously behind when it comes to protecting themselves from new threats in the <a href="http://www.csoonline.com/article/447763/New_Ways_to_Approach_Security_in_a_Web_._World">Web 2.0 world</a>. While Web-based threats have become more common in recent years, businesses are still focused on e-mail threats, according to the research.

[]