Wikipedia talk:WikiProject Computer Security
| This is the talk page for discussing WikiProject Computer Security and anything related to its purposes and tasks. |
|
Archives: 1, 2, 3, 4Auto-archiving period: 90 days  |
 | Computer Security: Computing Project‑class | ||||||||||||||
| |||||||||||||||
Draft for review - Dancho Danchev
Hello,
I've been working on a draft for - Draft:Dancho Danchev which I believe needs improvements and the following references based on articles and Google Scholar and Google Books including the following Google Books references added.
I also collected the following articles mentioning his research which is outstanding for references and adding additional content.
Extended content
|
|---|
|
https://abcnews.go.com/Technology/PCWorld/story?id=4960161 https://arstechnica.com/information-technology/2008/03/ongoing-iframe-attack-proving-difficult-to-kill/ https://boingboing.net/2008/08/30/indias-underground-c.html https://boingboing.net/2012/05/15/new-skype-malware-threat-repor.html https://foreignpolicy.com/2009/05/12/dont-pay-your-ransom-via-sms/ https://foreignpolicy.com/2009/05/20/in-gaz-we-trust-a-fake-russian-energy-company-facilitating-cybercrime/ https://foreignpolicy.com/2009/11/04/is-aggregate-and-forget-the-future-of-cyber-extortion/ https://money.cnn.com/2013/02/22/technology/security/nbc-com-hacked-malware/index.html https://securitywatch.pcmag.com/apple/283499-has-ev-ssl-growth-been-slow https://securitywatch.pcmag.com/security/296289-zeus-zbot-trojan-spread-through-rogue-us-airways-email https://threatpost.com/adele-bests-adderall-affiliate-spammers-offer-music-downloads-060412/76647/ https://threatpost.com/fake-paypal-emails-distributing-malware-102312/77145/ https://threatpost.com/how-much-does-botnet-cost-022813/77573/ https://threatpost.com/report-vishing-attack-targets-skype-users-050211/75190/ https://threatpost.com/spammers-using-fake-youtube-notifications-peddle-drugs-122612/77344/ https://uk.pcmag.com/software/17274/news/nbccom-hacked-infected-with-citadel-trojan https://www.cnet.com/news/attackers-booby-trap-searches-at-top-web-sites/ https://www.cnet.com/news/carpet-bombing-networks-in-cyberspace/ https://www.cnet.com/news/fake-microsoft-e-mail-contains-trojan-virus/ https://www.cnet.com/news/firefox-add-on-encrypts-sessions-with-facebook-twitter/ https://www.cnet.com/news/green-dam-exploit-in-the-wild/ https://www.cnet.com/news/high-tech-bank-robbers-phone-it-in/ https://www.cnet.com/news/sony-playstation-site-victim-of-sql-injection-attack/ https://www.cnet.com/news/storm-worm-e-mail-says-u-s-attacked-iran/ https://www.cnet.com/news/twitter-warms-up-malware-filter/ https://www.computerworld.com.au/article/210515/hackers_expand_massive_iframe_attack_prime_sites/ https://www.computerworld.com.au/article/256798/russian_hacker_militia_mobilizes_attack_georgia/ https://www.computerworld.com/article/2484233/cybercrime-hacking/cybercrime-service-automates-creation-of-fake-scanned-ids.html https://www.computerworld.com/article/2532189/security0/massive-faux-cnn-spam-blitz-uses-legit-sites-to-deliver-fake-flash.html https://www.computerworld.com/article/2536384/security0/hackers-expand-massive-iframe-attack-to-prime-sites.html https://www.crn.com.au/news/spam-email-contains-malware-not-apple-gift-card-353159 https://www.csoonline.com/article/2118281/build-ci-sdlc/danchev--the-small-pack-web-malware-exploitation-kit.html https://www.csoonline.com/article/2123341/build-ci-sdlc/danchev--massive-sql-injection-the-chinese-way.html https://www.csoonline.com/article/2123470/build-ci-sdlc/danchev--anti-fraud-site-ddos-attack.html https://www.csoonline.com/article/2123901/build-ci-sdlc/danchev--a-crimeware-developer-s-to-do-list.html https://www.csoonline.com/article/2124089/build-ci-sdlc/danchev-rained-on-my-scareware-campaign.html https://www.csoonline.com/article/2124947/build-ci-sdlc/danchev--money-mule-recruiters.html https://www.cyberdefensemagazine.com/botnets-for-rent-criminal-services-sold-in-the-underground-market/ https://www.darkreading.com/attacks-breaches/hacking-the-tdos-attack/d/d-id/1139863 https://www.dw.com/en/bulgarian-sleuth-unveils-botnet-operators/a-15689368 https://www.helpnetsecurity.com/2010/06/17/months-old-skype-vulnerability-exploited-in-the-wild/ https://www.helpnetsecurity.com/2012/08/31/fake-ups-notices-deliver-malware/ https://www.helpnetsecurity.com/2012/10/31/can-the-nuclear-exploit-kit-dethrone-blackhole/ https://www.helpnetsecurity.com/2013/01/15/automated-youtube-account-generator-offered-to-cyber-crooks/ https://www.helpnetsecurity.com/2013/09/10/cc-php-script-for-staging-ddos-attacks-sold-on-underground-forums/ https://www.infosecurity-magazine.com/news/russian-malware-as-a-service-offers-up-server/ https://www.infoworld.com/article/2629993/malware/microsoft-declares-war-on--scareware-.html https://www.infoworld.com/article/2652021/security/hackers-knocked-comcast-net-offline.html https://www.itnews.com.au/news/buy-500-hacked-twitter-accounts-for-less-than-a-pint-309382 https://www.itworld.com/article/2767489/endpoint-protection/what-s-really-the-safest-web-browser-.html https://www.networkworld.com/article/2285012/lan-wan/hackers-expand-massive-iframe-attack-to-prime-sites.html https://www.nytimes.com/2012/01/17/technology/koobface-gang-that-used-facebook-to-spread-worm-operates-in-the-open.html https://www.pcworld.com/article/149642/malware.html https://www.pcworld.com/article/166714/article.html https://www.pcworld.com/article/189868/article.html https://www.recordedfuture.com/deconstructing-the-al-qassam-cyber-fighters-assault-on-us-banks/ https://www.researchgate.net/publication/271893977_Virtual_jihad_How_real_is_the_threat https://www.scmagazine.com/home/news/buggy-diy-botnet-tool-leaks-in-black-market/ https://www.scmagazine.com/home/news/mass-website-hacking-tool-alerts-to-dangers-of-google-dorks/ https://www.scmagazineuk.com/article/1482050 https://www.securityfocus.com/brief/744 https://www.securityweek.com/new-diy-google-dorks-based-hacking-tool-released https://www.sfgate.com/business/article/Hackers-infiltrate-Google-searches-3288807.php https://www.techrepublic.com/blog/apple-in-the-enterprise/watch-out-for-malware-with-those-pretty-mac-screensavers/ https://www.techrepublic.com/blog/it-security/is-the-death-knell-sounding-for-traditional-antivirus/ https://www.techrepublic.com/blog/it-security/kaspersky-disputes-mcafees-shady-rat-report/ https://www.theinquirer.net/inquirer/news/1017058/faked-cnn-spam-blitz-pushes-fake-flash https://www.theregister.co.uk/2009/09/18/scareware_botnet_scam/ https://www.theregister.co.uk/2009/12/09/amazon_ec2_bot_control_channel/ https://www.theregister.co.uk/2010/03/17/bulletproof_hosting_exposed/ https://www.theregister.co.uk/2012/01/18/koobface_prime_suspect_outed/ https://www.theregister.co.uk/2012/10/11/exploit_vulnerability_marketplace/ https://www.theregister.co.uk/2013/02/14/phone_harvesting_service_creates_spam_menace/ https://www.theregister.co.uk/2013/02/27/apt1_china_dark_visitor_b_team/ https://www.thetechherald.com/articles/CAPTCHAs-are-dead-new-research-from-Dancho-Danchev-confirms-it https://www.tripwire.com/state-of-security/latest-security-news/upgraded-modular-malware-platform-released-black-market/ https://www.v3.co.uk/v3-uk/news/2252440/java-exploit-kit-sells-for-usd40-per-day https://www.v3.co.uk/v3-uk/news/2267552/bitcoins-are-being-traded-for-hack-tools https://www.wired.com/2008/01/fraudsters-target-facebook-with-phishing-scam/ https://www.wired.com/2008/04/cia-copies-thre/ https://www.wired.com/2010/04/ransomware/ |
Here's also heavily referenced here in Dutch:
And here in French:
https://www.reseaux-telecoms.net/recherche.html?kw=dancho+danchev&sa= Ahsks873 (talk) 16:19, 26 January 2024 (UTC)
Isolation dates on virus pages?
There are never any sources cited for "isolation dates" on the pages for worms or viruses, nor is there any explanation as to what an isolation date is. I am just curious how this information, in most cases, supersedes the need for a release date, and how in many cases the isolation date is not present. Thanks in advance for anyone who can clear this topic up for me. GordonFreeman1997 (talk) 17:23, 2 February 2024 (UTC)
- The isolation date should be the date when the virus was first analysed by anyone who was able to understand something about the virus. Generally this tends to be for viruses that are developed by organizations that are not forthcoming about the exact origins of the code (and thus generally don't provide release dates). Viruses that have been around for longer periods of time, generally tend to have much fuzzier timelines and so might not have exact isolation dates. Hope that helps. Sohom (talk) 19:02, 2 February 2024 (UTC)
- Thank you so much! This explanation really helps. GordonFreeman1997 (talk) 21:41, 2 February 2024 (UTC)
FAC for Cross-site leaks
I've nominated Cross-site leaks (a while back) for promotion to a Featured article. Reviews, comments and suggestions are welcomed at the nomination page :) Sohom (talk) 21:36, 9 March 2024 (UTC)
- I'm sadly too late to properly comment but I think you got a good discussion in the end - I definitely think I would agree that I'd like to see a shorter and more simple lead section. Joe (talk) 18:40, 20 March 2024 (UTC)
Comprehensive review and update on DNS attack articles for clarity and modern practices
I've conducted a detailed review of articles on DNS-related attacks, including DNS hijacking, spoofing (and cache poisoning), and noticed some areas where we could improve clarity and accuracy, especially regarding the interchangeability of terms and the mention of modern security practices like DoT and DoH.
Terminology Clarification
There seems to be some confusion and overlap in how we define and use terms like DNS hijacking, spoofing, poisoning, cache poisoning, rebinding and redirection. A concerted effort to standardize these terms with clear definitions could significantly benefit the readers. Specifically, distinctions between terms such as DNS hijacking and DNS spoofing, as well as DNS poisoning vs. DNS cache poisoning, need to be more clearly delineated.
Inclusion of MiTM Contexts and Clarification on Attack Strategies
Enhancing these articles to explicitly explain how DNS attacks can facilitate MiTM attacks, including the roles of ARP poisoning and race condition attacks, is necessary. The latter, often conceptualized as a "first reply race" in DNS spoofing scenarios, involves attackers responding to DNS queries more quickly than legitimate servers.
Remedies and Modern Solutions
The absence of discussions on current DNS security measures like DoT (DNS over TLS) and DoH (DNS over HTTPS) in the remedies sections of these articles is a notable gap.
I propose we collaborate to update these articles for accuracy and to reflect latest advancements in DNS security. This effort would involve revising the existing content for clarity, updating terminology to reflect the precise use of DNS-related terms, and adding sections on modern remedies such as DoT and DoH.
I look forward to your feedback, suggestions, and any additional insights you might have on these topics.
Links:
WalterMccan (talk) 12:28, 19 March 2024 (UTC)
- At a glance, all three of the articles need significant work and I think they'd be a great project for a newish editor. I would encourage you to be WP:BOLD and start by adding verified sources and doing some general housekeeping according to WP:MOS. Hit me up on my talk page if you'd like someone to review what you've done. Joe (talk) 18:35, 20 March 2024 (UTC)
- Sounds like a plan! I will get on it over the weekend and keep you up-to-date. Thank you. WalterMccan (talk) 11:20, 21 March 2024 (UTC)
Data breach template
Is there a standard practice for how we treat data breaches on Wikipedia? I'm looking at things like 2011 PlayStation Network outage (which I've done some work on and would appreciate eyeballs), 2015_TalkTalk_data_breach, and 2015_TalkTalk_data_breach - but there isn't much consistency. At the very least they should probably all use Template:Infobox_event, but I'm curious to know if there is any 'best practice' I can look at... Joe (talk) 18:31, 20 March 2024 (UTC)