Another take down of the world third largest botnet (after Cutwail and Lethic), called GRUM and this time roughly 18 percent of global spam, or 18 billion spam messages a day was reported on Wednesday, 18 July 2012, according to NY Times. The C&C servers pointing to IP addresses 184.108.40.206 and 220.127.116.11 have identified by FireEye researchers with the help of Dutch authorities and these IP addresses are Russian and Panama IP addresses, respectively. GRUM botnet has been around since 2008 according to FireEye security researcher. When the 2 servers was taken down by the Dutch authorities, the bot herders quickly move their C&C servers to Ukraine and the Panama servers were removed immediately by the bot herders. Even tough we have successfully taken down GRUM but the world has not yet free from SPAM and worst, one botnet died, 3 more botnet sprang up. At the end, we need to catch those coders and put them behind bars, as quoted by Jose Nazario, a senior security researcher from Arbor Networks.
Google invites everyone to hack google chrome, as described in its chrome blog. The reward is up to $ 1 million and it will be announced at the annual CanSecWest security conference in Vancouver March 7-9 2012. They withdrew from the Pwn2own since they discovered that contestants are allowed to enter Pwn2Own without having to reveal full exploits or even the bugs used to the vendors. Are you ready for the challenge?
Are you up to the challenge? Microsoft is hiring security researchers to be located in Redmond, WA, USA. They are looking for people who is passionate about security research.
They are looking for passionate and self motivated researchers that are able to perform research on vulnerability and exploits. Coding skills using C/C++ and be able to perform reverse engineering on the binaries is a must for this job. They also must have an in-depth understanding of the TCP/IP stack and at least one major application-layer protocol. The person must be able to demonstrate their passion for the work through one of the information security professional certification mentioned in Microsoft page.
The original announcement can be found here.
At the Black Hat Conference 2011, Katie Moussouris who leads the Security Community Outreach and Strategy team at Microsoft announced Blue Hat Prize with the following detail below:
Microsoft event offer this prize to whoever (from 14 years of age up) can find the mitigation technology that is able to prevent the exploitation of memory vulnerabilities. This is the first time, Microsoft provides such money for finding the vulnerabilities and mitigation technology for the related vulnerabilities. Generally, security researchers have 3 purposes as shown below:
Microsoft intend to fulfill these 3 purposes and Microsoft intend to have the Intellectual Property still attached to the inventor as the recognition. Some of the example of mitigation technology that already helped developers to further provide secure code as shown below:
These tools can be found as a collection knows as Enhanced Mitigation Experience Toolkit (EMET) and can be downloaded from here. The Black Hat 2011 Summary Webcast be be viewed here. Are you ready for the challenges? To get more detail about the Blue Hat Prize, go to the following link.