STE WILLIAMS

Supercharge your infrastructure

UK-based Windows XP users were six more likely to actually be infected than their counterparts who use more recent versions of Windows, according to figures from Microsoft.

The company is likely trying to highlight the infection rates of the 12-year-old OS as a way to get customers to upgrade. It says that 9.1 of 1,000 XP (SP3) boxes scanned – which is just under one per cent – had been found to be infected.

The software giant’s latest annual “Security Intelligence Report” reports that, on average, 17 per cent of computers worldwide encountered malware during the first half of 2013.

Top threats facing the UK include HTML/IframeRef: – “specially formed” iFrame tags that point to remote websites containing malicious code; Sirefef: – a rogue security software family called Antivirus 2010 among other names; and BlacoleRef: – malicious JavaScript inserted into compromised websites that redirects browsers to the infamous Blackhole Exploit Kit.

From Microsoft’s report

The Microsoft Security Intelligence Report takes data from over one billion sources across the Windows landscape – data was drawn from Redmond real estate such as its Malicious Software Removal Tool, Exchange Online, Windows Defender and more (see page 134) – providing an overview into the threat landscape across Windows boxes around the world. The information was collected during the first six months of 2013.

The research also looks at software vulnerabilities, software vulnerability exploits, malicious and potentially unwanted software and security vulnerabilities in both Microsoft and third-party software.

“Vulnerability disclosures across the industry decreased 1.3 per cent from 2H 2012, and 10.1 percent from 1H 2012. An increase in operating system vulnerability disclosures in 1H 2013 largely offset a corresponding decrease in application vulnerability disclosures during the same period, resulting in little overall change,” according to Microsoft.

“Overall, however, vulnerability disclosures remain significantly lower than they were prior to 2009, when totals of 3,500 disclosures or more per half-year period were not uncommon.”

Microsoft doesn’t provide a reason but El Reg‘s security desk suspects that some combination of improved security practices among vendors and the growth in the exploit marketplaces (which naturally result in lower vulnerability disclosures) is behind the change.

Application vulnerability disclosures accounted for 63.5 per cent of total disclosures for the first half of 2013. Operating system vulnerabilities accounted for 22.2 per cent of total disclosures, while browser bug reports made up the remaining 14.3 per cent.

Redmond is urging laggard Win XP users to upgrade their machines before security updates for the OS end on 8 April 2014. ®

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/31/security_intelligence_report_microsoft/

In February, incident response firm Mandiant released its much-publicized report outlining the activities of a Chinese espionage group, dubbed APT1, and its connections to the Chinese government. The report linked the group to more than 140 attacks over seven years and postulated that the well-funded actors were likely part of an intelligence unit within the People’s Liberation Army.

Initially, the conclusions caused a stir among computer security professionals and policy makers alike. Yet, despite shining the spotlight on the China’s connection to the attacks and some uncertain pressure by the U.S. government, the People’s Republic of China continued to deny involvement and the espionage attacks continued to compromise systems.

If companies hoped that shedding light on nation-state attackers would curb their espionage activities, they were disappointed. While the report did a lot to spotlight the issue of nation-state attacks and what companies could do to investigate them, it also showed the plausible deniability is a workable strategy, says Adam Meyers, vice president of intelligence for security-services firm CrowdStrike.

“I think we are going to see proliferation in cyber operations–that’s my biggest concern,” he says. “When nation-state actors have calculable successes, other nations are going to jump in.”

While the APT1 report has largely failed to impact China’s espionage activities, the revelation of another nation’s cyber operaitons has had quite a dramatic impact on its policies. Whistleblower Edward Snowden’s leaking of documents outlining the extent to which the National Security Agency collected data and communications on foreign and American citizens has resulted in multiple congressional hearings, an investigation by the Obama administration and pressure from allies, many of whom were the target of the agency’s information gathering efforts.

[Leaked operations manual reveals NSA attack techniques that are not significantly better than common cybercrime capabilities, despite their high cost to government. See NSA Hack Attacks: Good Value For Money?.]

There are a variety of reasons that the results of the two cases are different, but a significant factor is the type of evidence presented in each case, says Michael Sutton, vice president of security research for cloud-security provider Zcaler.

“In the Mandiant report, the activity is never tied directly to the Chinese government; they are in a position where they can claim plausible deniability,” he says. “Compare that to the Snowden revelations: There is no plausible deniability for the U.S. government. It is very clear that this is business-as-usual for them. When you are looking at the PowerPoint decks, it is hard to deny that that is your program.”

In addition, the United States and China have different cultures, and the NSA’s ability to collect and sift through data on U.S. citizens does not sit well with people’s expectation of privacy and freedom in the United States, Sutton says.

For companies suffering from probable nation-state attacks, the comparison between outing Chinese espionage and the Snowden revelations leaves little hope that naming and shaming will ease the pressure on their defenses. It’s unlikely that a hacker embedded in an espionage group will come forward with documents describing their activities.

Yet, attackers do react to being spotlighted by investigations into their activities, according to Mandiant.

Following the report, the incident response firm has detected some changes in the behavior of APT1, but almost all the activity has been aimed at evading future detection, according to the company’s intelligence group. APT1 issued commands to their infrastructure to communicate through different servers and, in some case, replaced the malware.

“While Mandiant’s APT1 report appears to have affected (its) operations, APT1 is still active using a well-defined attack methodology with a discernible post-report shift towards tools not included in the … report,” says the intelligence group in a statement sent to Dark Reading. “Mandiant has also observed an overall decrease in APT1 operations volume; however, it is possible (the group) shifted operations into areas we currently lack visibility.”

Perhaps the most significant impact of the Mandiant report, however, is that it allowed companies to see what they were up against and to have indicators of compromise that could be used to block the activity, says CrowdStrike’s Meyers.

“Only by going public will companies get the resources they need to deal with these issues,” he says. “That is far better than sitting passively by and letting them attack over and over again.”

Until nations take stronger actions against known espionage activity–and can claim the moral high ground by eliminating their own espionage activities–companies and individuals will have to rely on the sharing of such information to help them combat such attacks, he says.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/advanced-threats/naming-and-shaming-unlikely-to-work-for/240163384

Today’s information security teams increasingly need to improve their communications with other groups, align their activities more closely with business objectives, and excel at a variety of diverse tasks, industry experts say. And a new study suggests that these skills and attributes are most common among the industry’s smallest minority of professionals: women.

Women represent about 11 percent of the current IT security workforce, according to “Agents of Change: Women in the Information Security Profession” (PDF), a new report written by Frost Sullivan and published by the (ISC)2 security professionals’ association. Yet women’s strongest skill sets are the very skill sets that are in short supply across the industry, the report suggests.

“Security is becoming less about technology and more about people — understanding their behavior and protecting users as they do their work,” says Julie Peeler, director of the (ISC)2 Foundation. “The study shows that women tend to value skills such as communication and education — the skills that are currently in short supply.”

“The report data indicates that the perspectives of women offer viewpoints needed to elevate the security industry to the next level,” adds Michael Suby, author of the report and vice president of research at Frost Sullivan.

Survey respondents were divided into two job title categories: Leaders and Doers. The Leaders (3,466 respondents) category included job titles such as executives, managers, and strategic advisers. Doers (2,348 respondents) included respondents with job titles such as security analysts and compliance auditors.

In the Leaders category, more women (34 percent) were in consultant and adviser job titles than men (26 percent), and more than twice as many men as women were network security or software architects. In the Doers category, 38 percent of women cited security analyst as their job titles, versus 27 percent of men. A higher proportion of men held security engineer and network administrator job titles.

“The 2013 Global Information Security Workforce Study identified ‘security analyst’ as the number one most needed position in the information security industry, leading the way for a strong female presence in the future,” the report says.

IT security has traditionally been dominated by males who study computer sciences in school and are strong in technology, Peeler observes. But as security practices increase their focus on communication and training, it’s possible that women will play a more important role.

“In the past, companies have taken their IT people, who are strong technically, and tried to teach them how to communicate with staff and management,” Peeler notes. “But recently, they’ve begun to discover that it’s easier to teach technology to someone who communicates well than it is to teach communication to someone who’s basically a technical person.”

But getting women into the security profession may not be easy, Peeler says. The percentage of females in the industry has not changed much in the past several years, and there doesn’t appear to be a great influx on the horizon.

“More needs to be done in the schools and in business to make security more attractive to women,” Peeler says. “Studies show that many females are bored by the idea of working alone in a room with a machine. But as the industry becomes more about people and less about technology, that could change.”

“Combating [current] threats requires a community approach to training, and hiring qualified security professionals from a variety of backgrounds,” Suby states. “As our research reveals, women leaders are the strongest proponents of security and risk management education and training in the industry. This type of mentality is crucial to building standards in the industry and echoes the report’s findings that women are indeed, ‘agents of change’ in the future of information security.”

Have a comment on this story? Please click “Add a Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/vulnerability/shortage-of-women-hurting-it-security-in/240163388

Supercharge your infrastructure

Two firms at the sharp end of privacy have joined forces to build an email system that provides end-to-end encryption that will hopefully prove impossible for service providers to eavesdrop and crack – even if forced to do so.

“As founding partners of the Dark Mail Alliance, both Silent Circle and Lavabit will work to bring other members into the alliance, assist them in implementing the new protocol and work jointly to proliferate the world’s first end-to-end encrypted Email 3.0 across email software developers and service providers globally,” the pair said in a statement.

“Our goal is to open source the protocol and architecture and help others implement this new technology to address the privacy concerns over surveillance and back door threats of any kind.”

Both firms have had a lot of experience in the field. Lavabit was the encrypted email service used by NSA whistleblower Edward Snowden, and the outfit shut down in August rather than “become complicit in crimes against the American people,” as founder Ladar Levinson said at the time.

Silent Circle was set up by members of the PGP encryption team (including Phil Zimmerman and Jon Callas) and two former Navy SEALs to provide secure voice, text, and email services – although the email part of that was shut down shortly after launch in the wake of Lavabit being confronted by US g-men.

The Dark Mail Alliance team described today’s system of email as “fundamentally broken from a privacy perspective,” and will work with other firms to get software and legal protocols in place for a more secure service.

Presumably this will mean that the service can’t be set up in the US due to laws such as the Patriot Act that give the government the right to access data services while not allowing the companies involved to alert their customers. Silent Circle already does this by basing its servers in Canada and Amsterdam.

The announcement of the alliance was made at Wednesday’s Inbox Love conference in Mountain View, California, and more details will be forthcoming shortly. No doubt the NSA and other spook nerve centers will be watching developments closely. ®

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/31/lavabit_and_silent_circle_create_dark_mail_alliance_to_stop_snoops/

Supercharge your infrastructure

Two firms at the sharp end of privacy have joined forces to build an email system that provides end-to-end encryption that will hopefully prove impossible for service providers to eavesdrop and crack – even if forced to do so.

“As founding partners of the Dark Mail Alliance, both Silent Circle and Lavabit will work to bring other members into the alliance, assist them in implementing the new protocol and work jointly to proliferate the world’s first end-to-end encrypted Email 3.0 across email software developers and service providers globally,” the pair said in a statement.

“Our goal is to open source the protocol and architecture and help others implement this new technology to address the privacy concerns over surveillance and back door threats of any kind.”

Both firms have had a lot of experience in the field. Lavabit was the encrypted email service used by NSA whistleblower Edward Snowden, and the outfit shut down in August rather than “become complicit in crimes against the American people,” as founder Ladar Levinson said at the time.

Silent Circle was set up by members of the PGP encryption team (including Phil Zimmerman and Jon Callas) and two former Navy SEALs to provide secure voice, text, and email services – although the email part of that was shut down shortly after launch in the wake of Lavabit being confronted by US g-men.

The Dark Mail Alliance team described today’s system of email as “fundamentally broken from a privacy perspective,” and will work with other firms to get software and legal protocols in place for a more secure service.

Presumably this will mean that the service can’t be set up in the US due to laws such as the Patriot Act that give the government the right to access data services while not allowing the companies involved to alert their customers. Silent Circle already does this by basing its servers in Canada and Amsterdam.

The announcement of the alliance was made at Wednesday’s Inbox Love conference in Mountain View, California, and more details will be forthcoming shortly. No doubt the NSA and other spook nerve centers will be watching developments closely. ®

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/31/lavabit_and_silent_circle_create_dark_mail_alliance_to_stop_snoops/

5 ways to prepare your advertising infrastructure for disaster

British and US intelligence agencies managed to tap into the connections between data centers run by Yahoo! and Google, and in one month this year slurped 181,280,466 records, including metadata and the contents of communications, according to new documents from Edward Snowden.

A report dated January 9, 2013, from NSA’s acquisitions directorate, detailed the operation, dubbed MUSCULAR, in which operatives from the NSA and Britain’s GCHQ tapped the fiber-optic transmission cables from the non-US data centers run by the two firms.

One document, sent to the Washington Post, shows a hand-drawn diagram of how it’s done, including a smiley face.

NSA surveillance design and emoticon

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” Google’s chief legal officer, David Drummond, told the paper in a statement.

“We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

Under the scheme, GCHQ intercepts the traffic and stores it in a “buffer” that can hold between three and five days’ worth of traffic from the data centers. The NSA then picks through this to find useful information using up to 100,000 search terms before emptying the buffer.

What makes MUSCULAR so puzzling is that under the terms of the PRISM program, US intelligence services already have access to the records of both Google and Yahoo! Either Snowden’s documents are incorrect or the NSA and GCHQ have decided to cut out the middle man and go for the data directly.

The Washington Post speculates that the reason overseas data centers are targeted is to avoid the possibility of collecting data on US citizens in breach of America’s Foreign Intelligence Surveillance Act. In a statement the NSA denied this, and claims that it gathered “vast quantities of U.S. persons’ data from this type of collection.”

“NSA applies Attorney General-approved processes to protect the privacy of U.S. persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination,” it said. “NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.”

The NSA is subject to political oversight and on Tuesday intelligence operatives testified in front of Congress, along with those tasked with conducting a review of surveillance activities by the NSA and others. Representative Mike Rogers, who as head of the Permanent Select Committee on Intelligence helps provide congressional oversight of the NSA, shared this little gem with the panel.

“You can’t have your privacy violated if you don’t know your privacy is violated, right?” ®

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/31/nsa_and_uk_hacked_yahoo_and_google_data_center_interconnects_report/

5 ways to prepare your advertising infrastructure for disaster

British and US intelligence agencies managed to tap into the connections between data centers run by Yahoo! and Google, and in one month this year slurped 181,280,466 records, including metadata and the contents of communications, according to new documents from Edward Snowden.

A report dated January 9, 2013, from NSA’s acquisitions directorate, detailed the operation, dubbed MUSCULAR, in which operatives from the NSA and Britain’s GCHQ tapped the fiber-optic transmission cables from the non-US data centers run by the two firms.

One document, sent to the Washington Post, shows a hand-drawn diagram of how it’s done, including a smiley face.

NSA surveillance design and emoticon

“We have long been concerned about the possibility of this kind of snooping, which is why we have continued to extend encryption across more and more Google services and links, especially the links in the slide,” Google’s chief legal officer, David Drummond, told the paper in a statement.

“We do not provide any government, including the US government, with access to our systems. We are outraged at the lengths to which the government seems to have gone to intercept data from our private fiber networks, and it underscores the need for urgent reform.”

Under the scheme, GCHQ intercepts the traffic and stores it in a “buffer” that can hold between three and five days’ worth of traffic from the data centers. The NSA then picks through this to find useful information using up to 100,000 search terms before emptying the buffer.

What makes MUSCULAR so puzzling is that under the terms of the PRISM program, US intelligence services already have access to the records of both Google and Yahoo! Either Snowden’s documents are incorrect or the NSA and GCHQ have decided to cut out the middle man and go for the data directly.

The Washington Post speculates that the reason overseas data centers are targeted is to avoid the possibility of collecting data on US citizens in breach of America’s Foreign Intelligence Surveillance Act. In a statement the NSA denied this, and claims that it gathered “vast quantities of U.S. persons’ data from this type of collection.”

“NSA applies Attorney General-approved processes to protect the privacy of U.S. persons – minimizing the likelihood of their information in our targeting, collection, processing, exploitation, retention, and dissemination,” it said. “NSA is a foreign intelligence agency. And we’re focused on discovering and developing intelligence about valid foreign intelligence targets only.”

The NSA is subject to political oversight and on Tuesday intelligence operatives testified in front of Congress, along with those tasked with conducting a review of surveillance activities by the NSA and others. Representative Mike Rogers, who as head of the Permanent Select Committee on Intelligence helps provide congressional oversight of the NSA, shared this little gem with the panel.

“You can’t have your privacy violated if you don’t know your privacy is violated, right?” ®

Free Regcast : Managing Multi-Vendor Devices with System Centre 2012

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/31/nsa_and_uk_hacked_yahoo_and_google_data_center_interconnects_report/

Supercharge your infrastructure

It’s past time to plan the abandonment of legacy crypto, warns the European Union Agency for Network and Information Security (ENISA) in a new 96-page study providing recommendations for crypto designers that also says most protocols are hard to install in a secure fashion.

The good news, however: behind the huge amount of detail that you’d have to work through if you were actually implementing crypto, ENISA says (PDF) there are only two decisions that have to be made at the high level:

• 1 – Is the legacy system you’re already using fit for purpose, in terms of its crypto primitive, scheme, protocol and key size? If the answer is no, ENISA makes a strong recommendation that the system be updated “as a matter of urgency”.
• 2 – Is the primitive, scheme, protocol or key size you’re looking at suitable for new deployments?

The second case, ENISA writes, depends on characteristics like proofs of security, key sizes of 128 bits of symmetric security or better, are well-studied and without structural weaknesses, are standardised, and have a reasonable existing installed base.

Mind you, the group is pretty demanding about what it considers “fit for future” deployment: you – or rather, the best research you can find – should expect the system to remain secure for between 10 and 50 years.

In a remark that won’t surprise insiders but illustrates the complexity of the world of crypto, ENISA notes that while primitives and schemes are well-studied, the area of protocols is less so. To understand why this is important, here are the divisions between these three fields:

• Primitives – the basic building blocks that arise from the mathematical foundations of cryptography. These include block ciphers, hash functions, stream ciphers, factorings, discrete logarithms, and pairings.
• Schemes – How the building blocks are assembled together, along with whatever proof exists that the scheme doesn’t provide opportunities for an attacker to break the underlying primitives.
• Protocols – Things like TLS, which stipulate how two ends of a conversation choose their encryption scheme.

Not only are protocols under-studied, the report states, but “most of the deployed protocols which can be used by a naive user, are in fact either incredibly complex to install in a manner which we would deem secure, or are in fact insecure with respect to modern cryptographic standards.”

Lovely stuff.

The report also recommends a list of primitives, schemes and protocols it believes are sufficient for future deployments. While too long to reproduce here, ENISA’s view of primitives is worth looking at.

For block ciphers, only AES and Camilla are considered suitable for future deployments: 3DES, Kasumi, Blowfish still get a pass mark for legacy applications only, and DES, of course, is a dead duck.

Crypto designers should stick to SHA-2, SHA-3 or Whirlpool for their hashes, and where there’s a choice, opt for longer outputs. SHA-1, SHA-2 and RIPEMD-160 are only suitable for legacy applications. Rabbit and SNOW 3G are future-suitable stream ciphers.

Designers should work with at least 128 bit keys for AES; 256-bit for hashing, and their public key primitives should be at least 256 bits long, ENISA says, and should plan that each of these be doubled in the future. ®

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/31/most_security_protocols_insecure_suggests_enisa/

Supercharge your infrastructure

It’s past time to plan the abandonment of legacy crypto, warns the European Union Agency for Network and Information Security (ENISA) in a new 96-page study providing recommendations for crypto designers that also says most protocols are hard to install in a secure fashion.

The good news, however: behind the huge amount of detail that you’d have to work through if you were actually implementing crypto, ENISA says (PDF) there are only two decisions that have to be made at the high level:

• 1 – Is the legacy system you’re already using fit for purpose, in terms of its crypto primitive, scheme, protocol and key size? If the answer is no, ENISA makes a strong recommendation that the system be updated “as a matter of urgency”.
• 2 – Is the primitive, scheme, protocol or key size you’re looking at suitable for new deployments?

The second case, ENISA writes, depends on characteristics like proofs of security, key sizes of 128 bits of symmetric security or better, are well-studied and without structural weaknesses, are standardised, and have a reasonable existing installed base.

Mind you, the group is pretty demanding about what it considers “fit for future” deployment: you – or rather, the best research you can find – should expect the system to remain secure for between 10 and 50 years.

In a remark that won’t surprise insiders but illustrates the complexity of the world of crypto, ENISA notes that while primitives and schemes are well-studied, the area of protocols is less so. To understand why this is important, here are the divisions between these three fields:

• Primitives – the basic building blocks that arise from the mathematical foundations of cryptography. These include block ciphers, hash functions, stream ciphers, factorings, discrete logarithms, and pairings.
• Schemes – How the building blocks are assembled together, along with whatever proof exists that the scheme doesn’t provide opportunities for an attacker to break the underlying primitives.
• Protocols – Things like TLS, which stipulate how two ends of a conversation choose their encryption scheme.

Not only are protocols under-studied, the report states, but “most of the deployed protocols which can be used by a naive user, are in fact either incredibly complex to install in a manner which we would deem secure, or are in fact insecure with respect to modern cryptographic standards.”

Lovely stuff.

The report also recommends a list of primitives, schemes and protocols it believes are sufficient for future deployments. While too long to reproduce here, ENISA’s view of primitives is worth looking at.

For block ciphers, only AES and Camilla are considered suitable for future deployments: 3DES, Kasumi, Blowfish still get a pass mark for legacy applications only, and DES, of course, is a dead duck.

Crypto designers should stick to SHA-2, SHA-3 or Whirlpool for their hashes, and where there’s a choice, opt for longer outputs. SHA-1, SHA-2 and RIPEMD-160 are only suitable for legacy applications. Rabbit and SNOW 3G are future-suitable stream ciphers.

Designers should work with at least 128 bit keys for AES; 256-bit for hashing, and their public key primitives should be at least 256 bits long, ENISA says, and should plan that each of these be doubled in the future. ®

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/31/most_security_protocols_insecure_suggests_enisa/

Supercharge your infrastructure

good FastMail, the cloudy messaging outfit that earlier this week proclaimed it had found a nasty bug in the way OS X Mavericks’ Mail client talks IMAP, has retracted its analysis.

The title of the new post, “Apple mail ‘bug’ turns out to be user script after all” tells you most of what you need to know about the situation.

Here’s the detail. FastMail got in touch with Apple, which in turn chatted to the user with the spam-spawning situation. After they conversed for a time, FastMail reports the following outcome:

“A very embarassed user discovered an applescript he wrote years ago to move mail from OS X Mail’s ‘semantic junk’ folder to the real Junk folder at FastMail where our bayes trainer could learn from it.”

What has changed is that OS X Mail now correctly detects the Junk special-use on the folder at our server, and sets the semantic trash to be that folder – meaning he was moving messages from that folder to the same folder.”

That leaves lots of egg on the user’s face and a bit on FastMail’s too. The company goes on to make the point that IMAP is far from perfect, Mavericks Mail is using it in odd ways and other email clients also make odd choices or implement IMAP badly.

Welcome to the imperfect world of the internet, FastMail. ®

Free Regcast : Microsoft Cloud OS

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/31/mavericks_mails_spamspewing_flaw_was_scripted_by_redfaced_user/