Archive for the ‘Threat Management’ Category
January 2, 2012
A list of threats that we read/discussed in 2011….and agreed that some of them may become major threats in near future. Mobile and Cloud security are going to be the most talked about security issues in 2012 (though, Cloud is missing from this list).
Emerging threats from 2011 are on track to become the major players for cyberactivity in 2012, including mobile banking, “legal” spam and virtual currency. McAfee Labs also predicts that attacks involving political motivation or notoriety will also make headlines, including high-profile industrial attacks, cyberwarfare demonstrations and hacktivist attacks targeting public figures.
Posted in Risk Management, Security Strategy, Threat Management | 1 Comment »
January 2, 2012
Elinor Mills / cnet
The researchers, who can make thousands of dollars for reporting just one security hole on the social-networking site, can use the card to make purchases, just like a credit card, or create a PIN and take money out of an ATM. As the researchers find more bugs, Facebook can add more money to the account.
Posted in DDoS, Security Strategy, Threat Management | Leave a Comment »
December 1, 2011
Tom Spears / Ottawa Citizens
To people who want to encrypt data, this is a potential source of randomly-chosen numbers that are used as a “key” to lock and unlock sensitive data — military transmissions, banking transactions, or your email.
The idea is that if no one knows how the key was created in the first place, hackers and code-breakers won’t be able to figure out the secret and decode the messages.
Posted in Communication, Cryptography, Threat Management | Leave a Comment »
October 23, 2011
GCN / Henry Kenyon
A research team from Google, George Mason University and the National Security Agency have developed a hardened kernel for the Android 3.0 operating system that could solve the problem of using smart phones in military operations and emergency response.
The kernel, which is in the final stages of certification testing, opens the way for the Army to begin issuing smart phones or tablet-type wireless devices to troops in combat operations.
Posted in Infrastructure Security, Report / Paper, Threat Management | Leave a Comment »
September 13, 2011
Software Protection Initiative / Department of Defense
Lightweight Portable Security (LPS) creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac). LPS boots a thin Linux operating system from a CD or USB flash stick without mounting a local hard drive. Administrator privileges are not required; nothing is installed.
The idea behind it is that workers can use a CDROM or USB stick to boot into a tamper proof, pristine desktop when using insecure computers such as those available in hotels or a worker’s own home. The environment that it offers should be largely resistant to Internet-borne security threats such as viruses and spyware, particularly when launched from read-only media such as a CDROM. The LPS system does not mount the hard drive of the host machine, so no trace of work activity can be written to the local computer.
Posted in Communication, Infrastructure Security, Threat Management | Leave a Comment »
August 29, 2011
Mikko / F-Secure
The current theory is that a nation-state wanted to break in to Lockheed-Martin and Northrop-Grumman to steal military secrets. They couldn’t do it, since these companies were using RSA SecurID tokens for network authentication. So, the hackers broke into RSA with a targeted email attack. They planted a backdoor and eventually were able to gain access to SecurID information that enabled them to go back to their original targets and succesfully break into there. In the aftermath of the attack, RSA was forced to replace SecurID tokens for their customers around the world.
Posted in Authentication, Cryptography, Threat Management | Leave a Comment »
August 25, 2011
John Cox / Network World
Dubbed Tamper-evident pairing, or TEP, the technique is based on understanding how man-in-the-middle attacks tamper with wireless messages, and then detects and in some cases blocks the tampering. The researchers suggest that TEP could have detected the reported but still unconfirmed cellular man-in-the-middle attack that unfolded at the Defcon conference earlier this month in Las Vegas.
Posted in Communication, Consumer Information Protection, Threat Management | Leave a Comment »
July 17, 2011
Any passcode that uses a typical formula or obvious pattern provides the same level of security as no passcode (it’s like a lock that can be unlocked without a key). These passcodes souldn’t be used for smart phone devices, security systems, voice mails, debit card PIN, or any external facing devices.
Naturally, 1234 is the most common passcode: mimicking the most common internet passwords. To put this into perspective, these 10 codes represent 15% of all passcodes in use. Most of the top passcodes follow typical formulas, such as four identical digits, moving in a line up/down the pad, repetition. 5683 is the passcode with the least obvious pattern, but it turns out that it is the number representation of LOVE (5683), once again mimicking a very common internet password: “iloveyou.”
Posted in Authentication, Cybersecurity, Privacy, Threat Management | Leave a Comment »
July 10, 2011
Rich Mogull / Dark Reading
We security pundits, researchers, and vendors tend to forget how hard real-world operational IT is. If you’re small, you can control more, but you have fewer resources at your disposal. If you’re large, you still struggle for resources, but now at an enormous scale. It’s a no-win situation because no one can be perfect all the time. Or even some of the time.
……
Security is hard. It’s even harder at scale. And we need to stop pretending that even the most basic of practices are always simple, and start focusing on how to make them more effective and easier to manage in a messy, ugly, real world.
Posted in Cybersecurity, Information Security, Security Strategy, Threat Management | Leave a Comment »
July 8, 2011
Corey Harrell / Journey into Incident Response
Google queries show the information currently in Google’s index and cache while Google alerts send email notifications when Google is returning new information. The combination of queries and alerts can be leverage by organizations to identify security issues such as data leakage, website vulnerabilities, and stolen information.
The majority of the data breaches referenced had two things in common. The first commonality was sensitive company information was exposed to the Internet. The second commonality was the companies were notified about the data leakage after a third party located the information through Google searches.
Posted in Communication, Infrastructure Security, Threat Management, Vulnerability Analysis | Leave a Comment »
June 26, 2011
How does a hacker group get dissolved?
But in this shadowy world of claims, boasts and posturing, nothing is quite what it seems. It may have been other members of the hacker “community” – disgruntled with the antics of LulzSec – who forced the group into retreat. A document posted online in the last 24 hours purports to be a history of LulzSec, complete with full details on its leaders.
……
But even if LulzSec has gone offline, its members and other hackers trying to make a name for themselves may soon pop up elsewhere. And the other question is whether we should take any publicity-hungry group like this too seriously. The real damage is more likely being done by criminal groups who wouldn’t dream of boasting of their exploits on Twitter or anywhere else.
Posted in Application Security, Consumer Information Protection, DDoS, Threat Management | Leave a Comment »
June 19, 2011
Ellen Messmer / InfoWorld
Researchers at North Carolina State University claim they’ve achieved a breakthrough in how encryption can be used in technology called non-volatile main memory, which is seen as an eventual replacement for conventional dynamic random-access memory.
—-
In work conducted with graduate students, Solihin says N.C. State researchers completed building a hardware-based method to self- encrypt NVMM data. The idea is it might eventually become integrated into chipsets.
Posted in Application Security, Cryptography, Threat Management | Leave a Comment »
June 19, 2011
Thomas Claburn / Information Week
Google is fanatically devoted to speed, because Web apps depend on speed to compete with desktop apps and slow response times lead to a poor user experience. So last year, Google’s computer scientists proposed a way to shorten the technical handshake ritual.
Now their proposal, Transport Layer Security (TLS) False Start, has been tested and the results are in: SSL False Start significantly reduces the amount of time required to establish a secure connection.
Posted in Communication, Cryptography, Threat Management | Leave a Comment »
June 19, 2011
InfoWorld
The industry has already come up with the CVE (Common Vulnerabilities and Exposures) system for uniquely identifying security flaws without each vendor using a different nomenclature, and the CVSS (Common Vulnerability Scoring System), a system for rating their severity. The CVRF is the last major plank of this industry overhaul.
The idea is that instead of each vendor using its own report design, in the future they will adopt the CVRF, removing the time-consuming and potentially insecure chore of having to translate between incompatible reports, one into the other, many times over.
Posted in Risk Management, Threat Management, Vulnerability Analysis | Leave a Comment »
February 17, 2011
Just two weeks ago, we all saw the end of an era when DHS annouced that the color coded threat system will be phased out and replaced with new system known as National Terrorism Advisory System.
Today, Norton released Cybercrime Index, which quantifies the state of cybercrime and converts danger level into a simple number. Is it beginning of a new era?
At the top level, the CyberCrime Index takes this data and creates a number evaluating the relative risk of the threats of the day. However, it also provides a more in-depth look at active threats, threat trends, and provides advice on what kinds of behaviors are being most heavily targeted that day.
Posted in Anti Virus, Infrastructure Security, Risk Management, Threat Management, Training / Awareness | Leave a Comment »
February 3, 2011
This is a follow up to the 2008 report “Securing Cyberspace for the 44th Presidency”, published by Center for Strategic and International Studies (CSIS), which included 25 recommendations for change. Now two years later, CSIS published this report to review where progress has been made on these recommendations and where action is necessary. The report identified 10 key areas where the nation must take action. The report starts with
2010 should have been the year of cybersecurity. It began with a major exfiltration of data from Google and other Fortune 500 companies, saw the Department of Defense describe how its classified networks had been compromised, watched the Stuxnet worm cut through industrial control systems, and ended with annoying denial of service attacks over Wikileaks.
and suggest cloud as one of the solutions -
Cloud computing has weaknesses, but it also offers the opportunity to aggregate and automate cyber defense. Much of the burden of security will shift from consumers and businesses to service providers that may be better equipped to meet advanced challenges.
which is correct but it’ll not come free – data security during transmission from end user to cloud and authentication will be two big ticket items that we need to pay for. The report ends with……and with what will not work.
Many of the solutions still advocated for cybersecurity are well past their sell-by date. Public-private partnerships, information sharing, and self-regulation, are remedies we have tried for more than a decade without success. We need new concepts and new strategies if we are to reduce the risks in cyberspace to the United States.
Posted in Cybersecurity, Policy and Governance, Privacy, Report / Paper, Risk Management, Security Strategy, Tech and Laws, Threat Management | Leave a Comment »
February 2, 2011
In his recent “Building Security In” article Gunnar Peterson talks about the driving forces and challenges of moving critical systems to the cloud.
The main trends that will drive security architecture are visibility and verification, which we can pithily sum up as “Don’t trust. And verify.”
Enterprises are often told, even by security luminaries, that they must trust the cloud, but that’s bunk. Sure, they must rely on some access control and other security services that are beyond their control. However, this can be partly mitigated by visibility services offered by gateways (chokepoints) and monitoring (audit event logging). In other words, a nickel’s worth of visibility trumps a dollar of access control.
…………
Many enterprise systems have two security modes: untrusted and fully trusted. Cloud security requires a partial-trust model.
Posted in Application Security, Infrastructure Security, Security Strategy, Threat Management | Leave a Comment »
January 31, 2011
Last week ComputerWorld reported that Intel was developing a technology (most probably, a Chip) that will stop ALL zero-day attacks. Wow…that’s like, finding solution for global recession, religious conflicts, or terrorism problems. I am not being sarcastic; I intentioanlly took these examples because they fall into the same bucket as zero-day threats – i.e., we can’t predict when these events will occur and how deep the impact will be.
I respect Mr. Rattner, who was named one of top 200 individuals having the greatest impact on the U.S. computer industry back in 90s, and I am sure he is up to something big but if what he said comes true it’ll be HUGE!
We’re going to see a quantum jump in the ability of future devices, be them PCs or phones or tablets or smart TVs, to defend themselves against attacks.
….the technology won’t be signature-based, like so much security is today. Signature-based malware detection is based on searching for known patterns within malicious code. The problem, though, is that zero-day, or brand-new, malware attacks are often successful because they have no known signatures to guard against.
We’ve found a new approach that stops the most virulent attacks. It will stop zero-day scenarios. Even if we’ve never seen it, we can stop it dead in its tracks.
Still, I’d have preferred the article heading more like how Paul Ducklin put it, <quote> It’s a pity that Intel’s work has been touted in such hyperbolic fashion. Headlines like “Intel to add new low-level layer of computer security” would, surely, have been much more meaningful. <unquote>
Posted in Anti Virus, Application Security, DDoS, Infrastructure Security, Threat Management | 1 Comment »
