I believe there is more going on to this than you would understand. For example, the Zeus/Qakbot strain always downloads a file. Most times it will be randomized. For arguments sake, lets say it was named nbc.exe. What Zeus/Qakbot did was communicate out via IE. Even though the nbc.exe was the application responsible for running the show, the communications portion was done via good ole GET and POST via HTTPS. At issue with detecting nbc.exe where Zeus/Qakbot was/is concerned, is the fact that the operators of the malware were/are changing the executable N amount of hours. So most AV systems wouldn't even detect it. So no... IPS/IDS here means nothing. Blacklisting *may* have worked to stop the communication, but even then a fast flux would have trumped that.

Any IDS/IPS is only as good as its signatures. The problem with these devices is that attackers can use a flurry of heuristic tactics to completely bypass these systems as well as DLP. There is a difference had you mentioned SIEM which *may* have worked if there were vigilant analysts looking at logs repeatedly. In order to understand why IDS/IPS' fail, you need to understand attacks. At any point in time, when I perform pentests, I ALWAYS start off sending a barrage of data to generate junk. This is done for a few reasons: 1) it tests responses from DFIR teams and 2) allows me to get in under the radar. Now when you state: "machines communicating encrypted data to site out on the Internet is something that IDS applications are designed to detect" you're 10000000% wrong. Any IPS/IDS admin doing this is giving themselves a headache. Do you have any idea how many false positives it would generate from employees going to log into say Gmail, their banks, or anything else using SSL.

"Does Your Work Schedule Make You Unproductive?" - no but Slashdot and TheChive sure do

I don't know, paper was generated by MIT, so it just may be legit http://pdos.csail.mit.edu/scigen/

You had me at Windows

Everyone is in luck: June 21st, 2013, 07:09 GMT By Eduard Kovacs http://news.softpedia.com/news/LinkedIn-Outage-Caused-by-DDOS-Attack-on-Network-Solutions-362473.shtml --- This means, that on Sunday, you will all find out it was a DoS attack. This also means, on Sunday, if you visit that site you can also get the Powerball results which haven't been posted yet and all retire.

While I understand WHY the USPS would do this, I wonder how much money they've spend on storing data (the photos) all the while cutting the hours of employees due to budget cuts, etc. as for the comment by Bruce Schneier: "whether it was a postal worker taking down information or a computer taking images, the program was still an invasion of privacy." I disagree. There is a difference between taking an address down and reading your mail. I don't see Bruce complaining about UPS, FedEx, etc. doing the same. Get over it

The same elite "Cyber" group in the PLA is also selling fake Rolexes. If you believe Mandiant, feel free to contact me about shares in the Brooklyn Bridge http://cybernonsense.blogspot.com/2013/02/chinese-hackers-and-security-malware_4130.html