Archive

Posts Tagged ‘Report’

Microsoft Security Intelligence Report 7th

by log0 on November 6th, 2009
No comments

Microsoft Security Intelligence Report 7th is out! Interested individuals should check it out. =)

http://www.microsoft.com/security/portal/Threat/SIR.aspxhttp://www.microsoft.com/security/portal/Threat/SIR.aspx

Botnet, Malware ,

IE 8 Ranks First in Phishing Protection

by log0 on August 16th, 2009
No comments

NSSLabs conducted tests on phishing in July on 5 browsers : IE8, Firefox 3, Safari 4, Chrome 2, Opera 10. Given that phishing is still a big problem, the anti-phishing bundled in browser is one of the best places to start protecting end users. Let’s see.

The results :

Internet Explorer 8 achieved an overall block rate of 83% during our extended testing,
Firefox 3 achieved an overall block rate of 80% during our extended testing.
Opera 10 Beta achieved an overall block rate of 54% during our extended testing. NOTE: It appeared that Opera experienced operational issues during the latter part of testing which dragged down Opera 10’s effectiveness. Prior to those issues, Opera 10 was comparable with Internet Explorer 8 and Firefox 3.
Chrome 2 achieved an overall block rate of 26% during our extended testing.
Safari 4 achieved an overall block rate of 2% during our extended testing.

Some people are still stuck at Microsoft’s Blaster’s age of insecurity, but facts speak for it. If you use Firefox, Safari and Chrome, you might have noticed the statusbar showing you the SafeBrowsing feeds, and in this test Google lost to Firefox to a great deal, nevermind Apple. What does that mean? Google owned the SafeBrowsing but uses it badly than the 3rd parties, and Apple certainly doesn’t know how to use it correctly, yielding afterall a 2% ( sometimes a 0%, too, wow =] check the report. ). Afterall, they are the same feed, it can’t be a biased feed right?

Great that Firefox are statistically tied with IE, since it’s with IE the two of the most prevalent browsers. It’s good news for the consumers.

Food for thought. So how about China? A lot of people uses Firefox and IE, despite a few uses local flavours. The sources listed includes Sunbelt, Telus and Mailshell. Sunbelt should not be a new name in China, but a Baidu search yields little info for the latter two. I guess it’s fair to assume the rate of all is worse in China, so how protected are citizens browsing China domains?

WebAppSec ,

中國防火牆後的犯罪活動

by log0 on April 16th, 2009
3 comments

微軟的安全信息報告第六集出了,但裡頭沒有太多中國的資訊。但是,中國的違法和不良信息舉報中心就提供了這方面的情報了。違法和不良信息舉報中心的任務便是去打擊那些違返法例的網站。成立於2004年。

因為網站沒有正式的中英對照,故我自己作了個中英對照。以下反譯並不是官方而不是能是最準確的。(按圖可放大)

definition_c2e

-

三年來的每個月的舉報的件次。

total_number_of_reports_over_3_years

留意,三年來並沒有特別大的舉報次數增長。

-

以下為舉報案件中的百分比最多的兩種分類:詐騙及色情。

trend_of_phish_and_porn_3_years

這三年來,詐騙和色情的平均百分比達78.83%,尤其詐騙顯然特別猖狂。究竟中國的安全情況是如何,大有探索空間。即使中國已禁制了色情活動,但還是佔大多數的。

-

三年來的其他類別,剔除色情和釣魚攻擊後。

trend_of_other_activities_3_years

三年來,宣揚邪教、違背社會公德、攻擊黨和政府、違背憲法原則、私服外掛、侵權、(不尋常地)病毒,合起來只有平均 21.7%。其中病毒的情況微軟的安全信息報告第五集 (1月至6月 2008) 所顯示,中國並不是僵屍電腦的中央,不及俄國、北非以及南北美洲。

-

大家都不會想被以檢控的罪名:違背社會公德、攻擊黨和政府、違背憲法原則。三年來的走勢。

trend_of_various_society_offenses_3_years

雖然違背社會公德、攻擊黨和政府、違背憲法原則在總體百分比中沒有上升催勢,但數目還是有明確上升。2008年5月的社會公德很差,何解?

-

三年來的侵權概況。

trend_of_ipvio_3_years

總所眾知,中國人並不太尊重知識產權,意料之中的有微略的上升催勢。

-

三年來的賭博概況。

trend_of_gambling_3_years

中國人好賭。有著上升催勢。

-

三年來的色情概況。

trend_of_porn_3_years

奇怪地,踏入2009年始,特別多淫照網頁被舉報。

-

總結:

以上的資料意味著一個正在擴大的犯罪活動(有組織與否)。過去有報告顯示中國越來越受罪犯受寵幸,成為溫床。三年來,詐騙及色情仍是主要的問題,反而是不知何以病毒的影響力很小。但是,中國的本地安全公司也有一定的頁獻,此有待下一步的探索。

Source : http://net.china.com.cn – 违法和不良信息举报中心

Malware ,