This is the
talk page for discussing
WikiProject Computer Security and anything related to its purposes and tasks. |
|
Archives: 1, 2, 3, 4Auto-archiving period: 90 days |
Computer Security: Computing Project‑class | |||||||||||||||
|
Hello,
I've been working on a draft for - Draft:Dancho Danchev which I believe needs improvements and the following references based on articles and Google Scholar and Google Books including the following Google Books references added.
I also collected the following articles mentioning his research which is outstanding for references and adding additional content.
Extended content
|
---|
https://abcnews.go.com/Technology/PCWorld/story?id=4960161 https://arstechnica.com/information-technology/2008/03/ongoing-iframe-attack-proving-difficult-to-kill/ https://boingboing.net/2008/08/30/indias-underground-c.html https://boingboing.net/2012/05/15/new-skype-malware-threat-repor.html https://foreignpolicy.com/2009/05/12/dont-pay-your-ransom-via-sms/ https://foreignpolicy.com/2009/05/20/in-gaz-we-trust-a-fake-russian-energy-company-facilitating-cybercrime/ https://foreignpolicy.com/2009/11/04/is-aggregate-and-forget-the-future-of-cyber-extortion/ https://money.cnn.com/2013/02/22/technology/security/nbc-com-hacked-malware/index.html https://securitywatch.pcmag.com/apple/283499-has-ev-ssl-growth-been-slow https://securitywatch.pcmag.com/security/296289-zeus-zbot-trojan-spread-through-rogue-us-airways-email https://threatpost.com/adele-bests-adderall-affiliate-spammers-offer-music-downloads-060412/76647/ https://threatpost.com/fake-paypal-emails-distributing-malware-102312/77145/ https://threatpost.com/how-much-does-botnet-cost-022813/77573/ https://threatpost.com/report-vishing-attack-targets-skype-users-050211/75190/ https://threatpost.com/spammers-using-fake-youtube-notifications-peddle-drugs-122612/77344/ https://uk.pcmag.com/software/17274/news/nbccom-hacked-infected-with-citadel-trojan https://www.cnet.com/news/attackers-booby-trap-searches-at-top-web-sites/ https://www.cnet.com/news/carpet-bombing-networks-in-cyberspace/ https://www.cnet.com/news/fake-microsoft-e-mail-contains-trojan-virus/ https://www.cnet.com/news/firefox-add-on-encrypts-sessions-with-facebook-twitter/ https://www.cnet.com/news/green-dam-exploit-in-the-wild/ https://www.cnet.com/news/high-tech-bank-robbers-phone-it-in/ https://www.cnet.com/news/sony-playstation-site-victim-of-sql-injection-attack/ https://www.cnet.com/news/storm-worm-e-mail-says-u-s-attacked-iran/ https://www.cnet.com/news/twitter-warms-up-malware-filter/ https://www.computerworld.com.au/article/210515/hackers_expand_massive_iframe_attack_prime_sites/ https://www.computerworld.com.au/article/256798/russian_hacker_militia_mobilizes_attack_georgia/ https://www.computerworld.com/article/2484233/cybercrime-hacking/cybercrime-service-automates-creation-of-fake-scanned-ids.html https://www.computerworld.com/article/2532189/security0/massive-faux-cnn-spam-blitz-uses-legit-sites-to-deliver-fake-flash.html https://www.computerworld.com/article/2536384/security0/hackers-expand-massive-iframe-attack-to-prime-sites.html https://www.crn.com.au/news/spam-email-contains-malware-not-apple-gift-card-353159 https://www.csoonline.com/article/2118281/build-ci-sdlc/danchev--the-small-pack-web-malware-exploitation-kit.html https://www.csoonline.com/article/2123341/build-ci-sdlc/danchev--massive-sql-injection-the-chinese-way.html https://www.csoonline.com/article/2123470/build-ci-sdlc/danchev--anti-fraud-site-ddos-attack.html https://www.csoonline.com/article/2123901/build-ci-sdlc/danchev--a-crimeware-developer-s-to-do-list.html https://www.csoonline.com/article/2124089/build-ci-sdlc/danchev-rained-on-my-scareware-campaign.html https://www.csoonline.com/article/2124947/build-ci-sdlc/danchev--money-mule-recruiters.html https://www.cyberdefensemagazine.com/botnets-for-rent-criminal-services-sold-in-the-underground-market/ https://www.darkreading.com/attacks-breaches/hacking-the-tdos-attack/d/d-id/1139863 https://www.dw.com/en/bulgarian-sleuth-unveils-botnet-operators/a-15689368 https://www.helpnetsecurity.com/2010/06/17/months-old-skype-vulnerability-exploited-in-the-wild/ https://www.helpnetsecurity.com/2012/08/31/fake-ups-notices-deliver-malware/ https://www.helpnetsecurity.com/2012/10/31/can-the-nuclear-exploit-kit-dethrone-blackhole/ https://www.helpnetsecurity.com/2013/01/15/automated-youtube-account-generator-offered-to-cyber-crooks/ https://www.helpnetsecurity.com/2013/09/10/cc-php-script-for-staging-ddos-attacks-sold-on-underground-forums/ https://www.infosecurity-magazine.com/news/russian-malware-as-a-service-offers-up-server/ https://www.infoworld.com/article/2629993/malware/microsoft-declares-war-on--scareware-.html https://www.infoworld.com/article/2652021/security/hackers-knocked-comcast-net-offline.html https://www.itnews.com.au/news/buy-500-hacked-twitter-accounts-for-less-than-a-pint-309382 https://www.itworld.com/article/2767489/endpoint-protection/what-s-really-the-safest-web-browser-.html https://www.networkworld.com/article/2285012/lan-wan/hackers-expand-massive-iframe-attack-to-prime-sites.html https://www.nytimes.com/2012/01/17/technology/koobface-gang-that-used-facebook-to-spread-worm-operates-in-the-open.html https://www.pcworld.com/article/149642/malware.html https://www.pcworld.com/article/166714/article.html https://www.pcworld.com/article/189868/article.html https://www.recordedfuture.com/deconstructing-the-al-qassam-cyber-fighters-assault-on-us-banks/ https://www.researchgate.net/publication/271893977_Virtual_jihad_How_real_is_the_threat https://www.scmagazine.com/home/news/buggy-diy-botnet-tool-leaks-in-black-market/ https://www.scmagazine.com/home/news/mass-website-hacking-tool-alerts-to-dangers-of-google-dorks/ https://www.scmagazineuk.com/article/1482050 https://www.securityfocus.com/brief/744 https://www.securityweek.com/new-diy-google-dorks-based-hacking-tool-released https://www.sfgate.com/business/article/Hackers-infiltrate-Google-searches-3288807.php https://www.techrepublic.com/blog/apple-in-the-enterprise/watch-out-for-malware-with-those-pretty-mac-screensavers/ https://www.techrepublic.com/blog/it-security/is-the-death-knell-sounding-for-traditional-antivirus/ https://www.techrepublic.com/blog/it-security/kaspersky-disputes-mcafees-shady-rat-report/ https://www.theinquirer.net/inquirer/news/1017058/faked-cnn-spam-blitz-pushes-fake-flash https://www.theregister.co.uk/2009/09/18/scareware_botnet_scam/ https://www.theregister.co.uk/2009/12/09/amazon_ec2_bot_control_channel/ https://www.theregister.co.uk/2010/03/17/bulletproof_hosting_exposed/ https://www.theregister.co.uk/2012/01/18/koobface_prime_suspect_outed/ https://www.theregister.co.uk/2012/10/11/exploit_vulnerability_marketplace/ https://www.theregister.co.uk/2013/02/14/phone_harvesting_service_creates_spam_menace/ https://www.theregister.co.uk/2013/02/27/apt1_china_dark_visitor_b_team/ https://www.thetechherald.com/articles/CAPTCHAs-are-dead-new-research-from-Dancho-Danchev-confirms-it https://www.tripwire.com/state-of-security/latest-security-news/upgraded-modular-malware-platform-released-black-market/ https://www.v3.co.uk/v3-uk/news/2252440/java-exploit-kit-sells-for-usd40-per-day https://www.v3.co.uk/v3-uk/news/2267552/bitcoins-are-being-traded-for-hack-tools https://www.wired.com/2008/01/fraudsters-target-facebook-with-phishing-scam/ https://www.wired.com/2008/04/cia-copies-thre/ https://www.wired.com/2010/04/ransomware/ |
Here's also heavily referenced here in Dutch:
And here in French:
https://www.reseaux-telecoms.net/recherche.html?kw=dancho+danchev&sa= Ahsks873 ( talk) 16:19, 26 January 2024 (UTC)
There are never any sources cited for "isolation dates" on the pages for worms or viruses, nor is there any explanation as to what an isolation date is. I am just curious how this information, in most cases, supersedes the need for a release date, and how in many cases the isolation date is not present. Thanks in advance for anyone who can clear this topic up for me. GordonFreeman1997 ( talk) 17:23, 2 February 2024 (UTC)
I've nominated Cross-site leaks (a while back) for promotion to a Featured article. Reviews, comments and suggestions are welcomed at the nomination page :) Sohom ( talk) 21:36, 9 March 2024 (UTC)
I've conducted a detailed review of articles on DNS-related attacks, including DNS hijacking, spoofing (and cache poisoning), and noticed some areas where we could improve clarity and accuracy, especially regarding the interchangeability of terms and the mention of modern security practices like DoT and DoH.
Terminology Clarification
There seems to be some confusion and overlap in how we define and use terms like DNS hijacking, spoofing, poisoning, cache poisoning, rebinding and redirection. A concerted effort to standardize these terms with clear definitions could significantly benefit the readers. Specifically, distinctions between terms such as DNS hijacking and DNS spoofing, as well as DNS poisoning vs. DNS cache poisoning, need to be more clearly delineated.
Inclusion of MiTM Contexts and Clarification on Attack Strategies
Enhancing these articles to explicitly explain how DNS attacks can facilitate MiTM attacks, including the roles of ARP poisoning and race condition attacks, is necessary. The latter, often conceptualized as a "first reply race" in DNS spoofing scenarios, involves attackers responding to DNS queries more quickly than legitimate servers.
Remedies and Modern Solutions
The absence of discussions on current DNS security measures like DoT (DNS over TLS) and DoH (DNS over HTTPS) in the remedies sections of these articles is a notable gap.
I propose we collaborate to update these articles for accuracy and to reflect latest advancements in DNS security. This effort would involve revising the existing content for clarity, updating terminology to reflect the precise use of DNS-related terms, and adding sections on modern remedies such as DoT and DoH.
I look forward to your feedback, suggestions, and any additional insights you might have on these topics.
Links:
WalterMccan ( talk) 12:28, 19 March 2024 (UTC)
Is there a standard practice for how we treat data breaches on Wikipedia? I'm looking at things like 2011 PlayStation Network outage (which I've done some work on and would appreciate eyeballs), 2015_TalkTalk_data_breach, and 2015_TalkTalk_data_breach - but there isn't much consistency. At the very least they should probably all use Template:Infobox_event, but I'm curious to know if there is any 'best practice' I can look at... Joe ( talk) 18:31, 20 March 2024 (UTC)
This is the
talk page for discussing
WikiProject Computer Security and anything related to its purposes and tasks. |
|
Archives: 1, 2, 3, 4Auto-archiving period: 90 days |
Computer Security: Computing Project‑class | |||||||||||||||
|
Hello,
I've been working on a draft for - Draft:Dancho Danchev which I believe needs improvements and the following references based on articles and Google Scholar and Google Books including the following Google Books references added.
I also collected the following articles mentioning his research which is outstanding for references and adding additional content.
Extended content
|
---|
https://abcnews.go.com/Technology/PCWorld/story?id=4960161 https://arstechnica.com/information-technology/2008/03/ongoing-iframe-attack-proving-difficult-to-kill/ https://boingboing.net/2008/08/30/indias-underground-c.html https://boingboing.net/2012/05/15/new-skype-malware-threat-repor.html https://foreignpolicy.com/2009/05/12/dont-pay-your-ransom-via-sms/ https://foreignpolicy.com/2009/05/20/in-gaz-we-trust-a-fake-russian-energy-company-facilitating-cybercrime/ https://foreignpolicy.com/2009/11/04/is-aggregate-and-forget-the-future-of-cyber-extortion/ https://money.cnn.com/2013/02/22/technology/security/nbc-com-hacked-malware/index.html https://securitywatch.pcmag.com/apple/283499-has-ev-ssl-growth-been-slow https://securitywatch.pcmag.com/security/296289-zeus-zbot-trojan-spread-through-rogue-us-airways-email https://threatpost.com/adele-bests-adderall-affiliate-spammers-offer-music-downloads-060412/76647/ https://threatpost.com/fake-paypal-emails-distributing-malware-102312/77145/ https://threatpost.com/how-much-does-botnet-cost-022813/77573/ https://threatpost.com/report-vishing-attack-targets-skype-users-050211/75190/ https://threatpost.com/spammers-using-fake-youtube-notifications-peddle-drugs-122612/77344/ https://uk.pcmag.com/software/17274/news/nbccom-hacked-infected-with-citadel-trojan https://www.cnet.com/news/attackers-booby-trap-searches-at-top-web-sites/ https://www.cnet.com/news/carpet-bombing-networks-in-cyberspace/ https://www.cnet.com/news/fake-microsoft-e-mail-contains-trojan-virus/ https://www.cnet.com/news/firefox-add-on-encrypts-sessions-with-facebook-twitter/ https://www.cnet.com/news/green-dam-exploit-in-the-wild/ https://www.cnet.com/news/high-tech-bank-robbers-phone-it-in/ https://www.cnet.com/news/sony-playstation-site-victim-of-sql-injection-attack/ https://www.cnet.com/news/storm-worm-e-mail-says-u-s-attacked-iran/ https://www.cnet.com/news/twitter-warms-up-malware-filter/ https://www.computerworld.com.au/article/210515/hackers_expand_massive_iframe_attack_prime_sites/ https://www.computerworld.com.au/article/256798/russian_hacker_militia_mobilizes_attack_georgia/ https://www.computerworld.com/article/2484233/cybercrime-hacking/cybercrime-service-automates-creation-of-fake-scanned-ids.html https://www.computerworld.com/article/2532189/security0/massive-faux-cnn-spam-blitz-uses-legit-sites-to-deliver-fake-flash.html https://www.computerworld.com/article/2536384/security0/hackers-expand-massive-iframe-attack-to-prime-sites.html https://www.crn.com.au/news/spam-email-contains-malware-not-apple-gift-card-353159 https://www.csoonline.com/article/2118281/build-ci-sdlc/danchev--the-small-pack-web-malware-exploitation-kit.html https://www.csoonline.com/article/2123341/build-ci-sdlc/danchev--massive-sql-injection-the-chinese-way.html https://www.csoonline.com/article/2123470/build-ci-sdlc/danchev--anti-fraud-site-ddos-attack.html https://www.csoonline.com/article/2123901/build-ci-sdlc/danchev--a-crimeware-developer-s-to-do-list.html https://www.csoonline.com/article/2124089/build-ci-sdlc/danchev-rained-on-my-scareware-campaign.html https://www.csoonline.com/article/2124947/build-ci-sdlc/danchev--money-mule-recruiters.html https://www.cyberdefensemagazine.com/botnets-for-rent-criminal-services-sold-in-the-underground-market/ https://www.darkreading.com/attacks-breaches/hacking-the-tdos-attack/d/d-id/1139863 https://www.dw.com/en/bulgarian-sleuth-unveils-botnet-operators/a-15689368 https://www.helpnetsecurity.com/2010/06/17/months-old-skype-vulnerability-exploited-in-the-wild/ https://www.helpnetsecurity.com/2012/08/31/fake-ups-notices-deliver-malware/ https://www.helpnetsecurity.com/2012/10/31/can-the-nuclear-exploit-kit-dethrone-blackhole/ https://www.helpnetsecurity.com/2013/01/15/automated-youtube-account-generator-offered-to-cyber-crooks/ https://www.helpnetsecurity.com/2013/09/10/cc-php-script-for-staging-ddos-attacks-sold-on-underground-forums/ https://www.infosecurity-magazine.com/news/russian-malware-as-a-service-offers-up-server/ https://www.infoworld.com/article/2629993/malware/microsoft-declares-war-on--scareware-.html https://www.infoworld.com/article/2652021/security/hackers-knocked-comcast-net-offline.html https://www.itnews.com.au/news/buy-500-hacked-twitter-accounts-for-less-than-a-pint-309382 https://www.itworld.com/article/2767489/endpoint-protection/what-s-really-the-safest-web-browser-.html https://www.networkworld.com/article/2285012/lan-wan/hackers-expand-massive-iframe-attack-to-prime-sites.html https://www.nytimes.com/2012/01/17/technology/koobface-gang-that-used-facebook-to-spread-worm-operates-in-the-open.html https://www.pcworld.com/article/149642/malware.html https://www.pcworld.com/article/166714/article.html https://www.pcworld.com/article/189868/article.html https://www.recordedfuture.com/deconstructing-the-al-qassam-cyber-fighters-assault-on-us-banks/ https://www.researchgate.net/publication/271893977_Virtual_jihad_How_real_is_the_threat https://www.scmagazine.com/home/news/buggy-diy-botnet-tool-leaks-in-black-market/ https://www.scmagazine.com/home/news/mass-website-hacking-tool-alerts-to-dangers-of-google-dorks/ https://www.scmagazineuk.com/article/1482050 https://www.securityfocus.com/brief/744 https://www.securityweek.com/new-diy-google-dorks-based-hacking-tool-released https://www.sfgate.com/business/article/Hackers-infiltrate-Google-searches-3288807.php https://www.techrepublic.com/blog/apple-in-the-enterprise/watch-out-for-malware-with-those-pretty-mac-screensavers/ https://www.techrepublic.com/blog/it-security/is-the-death-knell-sounding-for-traditional-antivirus/ https://www.techrepublic.com/blog/it-security/kaspersky-disputes-mcafees-shady-rat-report/ https://www.theinquirer.net/inquirer/news/1017058/faked-cnn-spam-blitz-pushes-fake-flash https://www.theregister.co.uk/2009/09/18/scareware_botnet_scam/ https://www.theregister.co.uk/2009/12/09/amazon_ec2_bot_control_channel/ https://www.theregister.co.uk/2010/03/17/bulletproof_hosting_exposed/ https://www.theregister.co.uk/2012/01/18/koobface_prime_suspect_outed/ https://www.theregister.co.uk/2012/10/11/exploit_vulnerability_marketplace/ https://www.theregister.co.uk/2013/02/14/phone_harvesting_service_creates_spam_menace/ https://www.theregister.co.uk/2013/02/27/apt1_china_dark_visitor_b_team/ https://www.thetechherald.com/articles/CAPTCHAs-are-dead-new-research-from-Dancho-Danchev-confirms-it https://www.tripwire.com/state-of-security/latest-security-news/upgraded-modular-malware-platform-released-black-market/ https://www.v3.co.uk/v3-uk/news/2252440/java-exploit-kit-sells-for-usd40-per-day https://www.v3.co.uk/v3-uk/news/2267552/bitcoins-are-being-traded-for-hack-tools https://www.wired.com/2008/01/fraudsters-target-facebook-with-phishing-scam/ https://www.wired.com/2008/04/cia-copies-thre/ https://www.wired.com/2010/04/ransomware/ |
Here's also heavily referenced here in Dutch:
And here in French:
https://www.reseaux-telecoms.net/recherche.html?kw=dancho+danchev&sa= Ahsks873 ( talk) 16:19, 26 January 2024 (UTC)
There are never any sources cited for "isolation dates" on the pages for worms or viruses, nor is there any explanation as to what an isolation date is. I am just curious how this information, in most cases, supersedes the need for a release date, and how in many cases the isolation date is not present. Thanks in advance for anyone who can clear this topic up for me. GordonFreeman1997 ( talk) 17:23, 2 February 2024 (UTC)
I've nominated Cross-site leaks (a while back) for promotion to a Featured article. Reviews, comments and suggestions are welcomed at the nomination page :) Sohom ( talk) 21:36, 9 March 2024 (UTC)
I've conducted a detailed review of articles on DNS-related attacks, including DNS hijacking, spoofing (and cache poisoning), and noticed some areas where we could improve clarity and accuracy, especially regarding the interchangeability of terms and the mention of modern security practices like DoT and DoH.
Terminology Clarification
There seems to be some confusion and overlap in how we define and use terms like DNS hijacking, spoofing, poisoning, cache poisoning, rebinding and redirection. A concerted effort to standardize these terms with clear definitions could significantly benefit the readers. Specifically, distinctions between terms such as DNS hijacking and DNS spoofing, as well as DNS poisoning vs. DNS cache poisoning, need to be more clearly delineated.
Inclusion of MiTM Contexts and Clarification on Attack Strategies
Enhancing these articles to explicitly explain how DNS attacks can facilitate MiTM attacks, including the roles of ARP poisoning and race condition attacks, is necessary. The latter, often conceptualized as a "first reply race" in DNS spoofing scenarios, involves attackers responding to DNS queries more quickly than legitimate servers.
Remedies and Modern Solutions
The absence of discussions on current DNS security measures like DoT (DNS over TLS) and DoH (DNS over HTTPS) in the remedies sections of these articles is a notable gap.
I propose we collaborate to update these articles for accuracy and to reflect latest advancements in DNS security. This effort would involve revising the existing content for clarity, updating terminology to reflect the precise use of DNS-related terms, and adding sections on modern remedies such as DoT and DoH.
I look forward to your feedback, suggestions, and any additional insights you might have on these topics.
Links:
WalterMccan ( talk) 12:28, 19 March 2024 (UTC)
Is there a standard practice for how we treat data breaches on Wikipedia? I'm looking at things like 2011 PlayStation Network outage (which I've done some work on and would appreciate eyeballs), 2015_TalkTalk_data_breach, and 2015_TalkTalk_data_breach - but there isn't much consistency. At the very least they should probably all use Template:Infobox_event, but I'm curious to know if there is any 'best practice' I can look at... Joe ( talk) 18:31, 20 March 2024 (UTC)