Torrentreactor has long been regarded as one of the top bit torrent search engines, and with the demise of The Pirate Bay, it's likely bigger than ever. Now, it's been breached and is serving a potent cocktail of exploits to people browsing the site, Websense Security Labs says.
18:36 Michael Jackson themed mass-mailing worm Sophos discovered of a mass-mailing worm attack that is currently spreading via a malicious email campaign. The email, which has the subject line 'Remembering Michael Jackson' and claims to come from ... >>>
18:08 The state of todays firewall management challenges Most organizations are receiving a poor return on their firewall investments, according to an IDC multimedia white paper sponsored by McAfee. The findings are outlined in a study titled The State of ... >>>
18:06 Webroot upgrades its Web and Email Security SaaS solutionsWebroot announced new releases of Webroot Web Security SaaS and Webroot Email Security SaaS with essential enhancements including web browsing quotas to enforce Internet use policies and a new Webroo... >>>
17:58 Kaspersky Lab vs Zango: Kaspersky wins9th U.S. Circuit Court of Appeals has ruled in Kaspersky Lab's favor in claims brought by Zango. In a precedent-setting case for the Internet security industry, the 9th U.S. Circuit Court of Appeals r... >>>
Kaspersky Lab has secured a legal victory against notorious adware firm Zango, with a ruling that goes a long way towards protecting security software developers from nuisance lawsuits from the developers of internet pests in future.
15:21 A closer look at Little Snitch 2.1.4Little Snitch is a Mac tool that protects private data from undesirable transmission. It informs you whenever a program attempts to establish an outgoing Internet connection. You can then choose to al... >>>
Manchester City Council was prevented from issuing hundreds of motoring penalty notices in time after the infamous Conficker worm knocked out parts of its IT systems.
12:32 Current list of the top 5 most notorious botnetsAccording to the latest MessageLabs Intelligence Report, botnets are responsible for over 80% of all spam. Here's a snapshot of where the top 5 most notorious botnets currently stand:
Cutwail
Th... >>>
12:06 New CORE IMPACT Pro v9 penetration testing solutionCore Security Technologies released CORE IMPACT Pro v9, the latest installment of its flagship penetration testing software solution. The new version of CORE IMPACT Pro provides IT security managers w... >>>
12:06 Phishing for the Credit Union Australia users There is an email being spammed around purportedly from the Credit Union Australia informing people their Web Banker account contained a new message in the secure mailbox.
E-mail sent around is sho... >>>
12:05 New Digi TransPort VPN ConcentratorDigi International introduced the Digi TransPort VC7400, an enterprise-class virtual private network (VPN) concentrator that provides easy, secure connectivity to large installations of remote cellula... >>>
03:18 The Network Security Podcast, Episode 156Martin is off in Japan this week, so I’m joined by our good friend Amrit Williams from BigFix and the Techbuddha blog. Amrit and I start off by talking about the rolling blackouts in California and disaster preparedness, before jumping into the week’s security news.
<Martin> I’m off in Japan, but not forgotten. I’m almost [...] >>>
Federal prosecutors accused a Pennsylvania man of unleashing a crippling series of attacks against the websites of Rolling Stone and other groups after they published articles that cast him in an unfavorable light.
If the size of your company grows past 150 people, it's time to get name badges. It's not that larger groups are somehow less secure, it's just that 150 is the cognitive limit to the number of people a human brain can maintain a coherent social relationship with.
Primatologist Robin Dunbar derived this number by comparing neocortex -- the "thinking" part of the mammalian brain -- volume with the size of primate social groups. By analyzing data from 38 primate genera and extrapolating to the human neocortex size, he predicted a human "mean group size" of roughly 150.
This number appears regularly in human society; it's the estimated size of a Neolithic farming village, the size at which Hittite settlements split, and the basic unit in professional armies from Roman times to the present day. Larger group sizes aren't as stable because their members don't know each other well enough. Instead of thinking of the members as people, we think of them as groups of people. For such groups to function well, they need externally imposed structure, such as name badges.
Of course, badges aren't the only way to determine in-group/out-group status. Other markers include insignia, uniforms, and secret handshakes. They have different security properties and some make more sense than others at different levels of technology, but once a group reaches 150 people, it has to do something.
More generally, there are several layers of natural human group size that increase with a ratio of approximately three: 5, 15, 50, 150, 500, and 1500 -- although, really, the numbers aren't as precise as all that, and groups that are less focused on survival tend to be smaller. The layers relate to both the intensity and intimacy of relationship and the frequency of contact.
The smallest, three to five, is a "clique": the number of people from whom you would seek help in times of severe emotional distress. The twelve to 20 group is the "sympathy group": people with which you have special ties. After that, 30 to 50 is the typical size of hunter-gatherer overnight camps, generally drawn from the same pool of 150 people. No matter what size company you work for, there are only about 150 people you consider to be "co-workers." (In small companies, Alice and Bob handle accounting. In larger companies, it's the accounting department -- and maybe you know someone there personally.) The 500-person group is the "megaband," and the 1,500-person group is the "tribe." Fifteen hundred is roughly the number of faces we can put names to, and the typical size of a hunter-gatherer society.
These numbers are reflected in military organization throughout history: squads of 10 to 15 organized into battalions of 3-4 squads, organized into companies of three to four battalions, organized into regiments or brigades of three battalions, organized into divisions of three regiments, and organized into corps of two to three divisions.
Coherence can become a real problem once organizations get above about 150 in size. So as group sizes grow across these boundaries, they have more externally imposed infrastructure -- and more formalized security systems. In intimate groups, pretty much all security is ad hoc. Companies smaller than 150 don't bother with name badges; companies greater than 500 hire a guard to sit in the lobby and check badges. The military have had centuries of experience with this under rather trying circumstances, but even there the real commitment and bonding invariably occurs at the company level. Above that you need to have rank imposed by discipline.
The whole brain-size comparison might be bunk, and a lot of evolutionary psychologists disagree with it. But certainly security systems become more formalized as groups grow larger and their members less known to each other. When do more formal dispute resolution systems arise: town elders, magistrates, judges? At what size boundary are formal authentication schemes required? Small companies can get by without the internal forms, memos, and procedures that large companies require; when does what tend to appear? How does punishment formalize as group size increase? And how do all these things affect group coherence? People act differently on social networking sites like Facebook when their list of "friends" grows larger and less intimate. Local merchants sometimes let known regulars run up tabs. I lend books to friends with much less formality than a public library. What examples have you seen?
An edited version of this essay, without links, appeared in the July/August 2009 issue of IEEE Security & Privacy.
