back to article Nine-ball attack splits security researchers

Security researchers are split over the seriousness of a web attack dubbed "Nine-ball" which broke onto the internet last week. Websense last week reported a web attack dubbed "Nine-ball", a moniker derived from the name of ninetorag.in, one of the malware hosts associated with the assault, had claimed 40,000 website victims …

COMMENTS

This topic is closed for new posts.
  1. Paul Smith

    Cat out of the bag

    Is this not just more proof that the so-called security consultants and experts only exist because of fear, and need to encourage that fear in order to surive?

  2. Destroy All Monsters Silver badge
    Flame

    The silly season has begun

    "A confusing factor is that there is not one clear infection path. With no fixed start point, no set route and no fixed end point, linking a series together and appreciating that it’s all part of the same campaign is not an easy thing to do"

    The old philosophical question: "what does it all mean"?

  3. Anonymous Coward
    Unhappy

    hmm been stung

    @Paul Smith

    We're not all out to rip you off you know!

    Some of us do still want to make the internet/YOUR network a safer place ;-)

    Unfortunatly We're going to stay around for a long time until network administrators/ and Users can devote significant resources to learning how to secure their systems (read: never going to happen).

    Lots of Love

    A Securty Consultant

  4. imposter
    Stop

    No we're right

    No, we know better. We are. Beleive us not them. Our scanning technology is better.

  5. Jimbo 7

    to @Paul Smith

    "Is this not just more proof that the so-called security consultants and experts only exist because of fear, and need to encourage that fear in order to surive?"

    I'm not security expert, but this comment stilll hurts ...

    personally, I think that

    1. server owners should be more responsible, there are too many dumbasses who just start web server, connect it to the internet, don't even correctly fill admin email address and walk away. Thanks to them we have so many zombies out there

    2. I will be willing to pay my internet provider for virus packet inspection of my incoming traffic. Yes it does not cover 100%, but if it catches 95% of viruses then I'm happy. I really don't get why internet providers are not more proactive

  6. Anonymous Coward
    Flame

    @ AC, 1554

    "A Securty Consultant"

    I do hope this isn't indicative of the qualifications needed to become an IT security consultant...

  7. Michael Hawkes
    Pint

    Whine

    In other words, one group is calling it "a complex, full-bodied pinot noir" and the everybody else says "It's grape juice."

  8. Anonymous Coward
    Pint

    Security Consultants

    The ones i really hate are the ones that end up on the BBC talking about how much of a threat to the world mydoom is. (In 2009)

    The real ones. Are the ones that write their own blogs. And understand what a stack overflow is.

    Instead of telling a company to "install a anti-virus"

    New icons?

  9. Kev K
    Terminator

    Sod the beer icon

    wheres the popcorn one ??

    (and wtf is THIS icon for?)

  10. jake Silver badge

    @zerofool2005

    "The real ones. Are the ones that write their own blogs."

    I know of zero real so-called "security consultants[1]" who maintain a blog.

    "New icons?"

    What icons? Icons are for AOLers (kinda like the stock sans serif font, which I also don't see).

    [1] They are known as "security administrators" in RealLife(tm). You can tell the fake ones from the real ones fairly easily. The fake ones babble about "cyber security", which doesn't exist.

  11. Aortic Aneurysm
    Headmaster

    @Ac1623

    " "A Securty Consultant"

    I do hope this isn't indicative of the qualifications needed to become an IT security consultant... "

    Perfect chance to use the new "pedantic grammar nazi alert" icon...

  12. Paul Smith

    so-called security consultants

    Please correct me if you think I have any of this wrong.

    A good security consultant will secure your network against current risks and propose procedures to ensure regular patching/updates. For a SMB, call it two days consultancy, once a year. Fifty SMB's on your books and you can make a comfortable living.

    A not so good security consultant will not secure your network. In fact they will tell you again, and again how dangerous the internet is and how hard it is to stay safe from zero day exposure and why you need their services at least once every couple of months to install the latest patchs, plus emergancy call outs, plus clean up expenses. Say ten to fifteen SMB's required for a comfortable living?

    The good consultant will also configure the mail servers to not accept mail unless correctly and exactly addressed, (no more best guess spam) and will also configure transmission limits, (no more zombies pumping out shite). Has either step been taken on your network?

  13. Jimbo 7

    to Paul Smith

    Yes there are tons of loosers of there who bullsh**t about security, but come on.

    I was never "security consultant" and never will be, I was used to manage back in the old days few smaller networks and it took far more than 2x a year check.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021