Security trends for 2012

Here is my collection of security trends for 2012 from different sources:

Windows XP will be the biggest security threat in 2012 according to Sean Sullivan, security advisor at F-Secure: “People seem to be adding new systems without necessarily abandoning their old XP machines, which is great news for online criminals, as XP continues to be their favourite target.”

F-Secure also says also that it might not be long before the cyber criminals turn their attentions to tablet devices. Attacks against mobile devices have become more common and I expect this to continue this year as well.

Americans more susceptible to online scams than believed, study finds. A recent survey from The Ponemon Institute and PC Tools dives into this question and reveals a real gap between how aware Americans think they are of scams and how likely they actually are to fall for them.

Fake antivirus scams that have plagued Windows and Mac OSX during the last couple of years and now it seems that such fake antivirus scams have spread to Android. Nearly all new mobile malware in Q3 2011 was targeted at Android.. When antivirus software becomes a universally accepted requirement (the way it is on Windows is the day), has the platform has failed and missed the whole point of being mobile operating system?

crystalball

Cyber ​​criminals are developing more sophisticated attacks and the police will counterattack.

Mobile phone surveillance will increase and more details of it will surface. Last year’s findings have included Location data collecting smart-phones, Carrier IQ phone spying busted and Police Surveillance system to monitor mobile phones. In USA the Patriot Act lets them investigate anything, anywhere, without a warrant. Now they are on your devices and can monitor everything. Leaked Memo Says Apple Provides Backdoor To Governments: “in exchange for the Indian market presence” mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as “RINOA”) have agreed to provide backdoor access on their devices.

Geo-location tagging in smartphones to potentially cause major security risks article says that geo-location tagging security issues are likely to be a major issue in 2012—and that many users of smartphones are unaware of the potentially serious security consequences of their use of the technology. When smartphones images to the Internet (to portals such Facebook or Flickr) there’s a strong chance they will also upload the GPS lcoation data as well. This information could be subsequently misused by third parties.

You need to find your balance between freedom and security (
Vapauden ja turvallisuuden tasapaino). Usernames poured out for all to see, passwords and personal identification numbers are published. A knowledge of access management is even more important: who has the right to know when and where the role of functioning? Access, identity and role management are essential for the protection of the whole system. Implementation of such systems is still far from complete.

When designing networked services, the development of safety should taken into account in the planning stage, rather than at the end of execution. Even a secure network and information system can not act as operating a vacuum.

crystalball

Reliability of the server certificates will face more and more problems. We can see more certificate authority bankruptcies due cyber attacks to them. Certificate attacks that have focused on the PC Web browsers, are now proven to be effective against mobile browsers.

Stonesoft says that advanced evasion techniques (AET) will be a major threat. Stonesoft discovered that with certain evasion techniques (particularly when combined in particular combinations) they could sneak common exploits past many IDS/IPS systems (including their own, at the time last summer). Using the right tool set (including a custom TCP/IP stack) attackers could sneak past our best defenses. This is real and they foresee a not too distant future where things like botnet kits will have this as a checkbox feature.

Rise of Printer Malware is real. Printer malware: print a malicious document, expose your whole LAN says that sending a document to a printer that contained a malicious version of the OS can send your sensitive document anywhere in Internet. Researchers at Columbia University have discovered a new class of security flaws that could allow hackers to remotely control printers over the Internet. Potential scenario: send a resume to HR, wait for them to print it, take over the network and pwn the company. HP does have firmware update software for their printers and HP Refutes Inaccurate Claims; Clarifies on Printer Security. I wonder how many more years until that old chain letter, where some new insidious virus infects everything from your graphics card to your monitor cable, becomes true.

Unauthorized changes in the BIOS could allow or be part of a sophisticated, targeted attack on an organization, allowing an attacker to infiltrate an organization’s systems or disrupt their operations. How Do You Protect PCs from BIOS Attacks? The U.S. National Institute of Standards and Technology (NIST) has drafted a new computer-security publication that provides guidance for computer manufacturers, suppliers, and security professionals who must protect personal computers as they start up “out of the box”: “BIOS Integrity Measurement Guidelines,” NIST Special Publication 800-155.

According to Stonesoft security problems threaten the lives and the year 2012 may be the first time when we lose lives because of security offenses. According to the company does this happen remains to be seen, but the risk is due to industrial SCADA systems attacks against targets such as hospitals or automated drug delivery systems. I already posted around month ago about SCADA systems security issues.

849 Comments

  1. Tomi Engdahl says:

    German gov’t endorses Chrome as most secure browser
    http://www.computerworld.com/s/article/9223957/German_gov_t_endorses_Chrome_as_most_secure_browser

    Federal security agency touts sandbox, silent update as features that keep citizens safer online

    Reply
  2. Tomi Engdahl says:

    Symantec warns of Android Trojans that mutate with every download
    A new Android Trojan employs server-side polymorphism to generate unique variants
    http://www.techworld.com.au/article/414311/symantec_warns_android_trojans_mutate_every_download

    Researchers from security vendor Symantec have identified a new premium-rate SMS Android Trojan horse that modifies its code every time it gets downloaded in order to bypass antivirus detection.

    A special mechanism that runs on the distribution server modifies certain parts of the Trojan in order to ensure that every malicious app that gets downloaded is unique. This is different from local polymorphism where the malware modifies its own code every time it gets executed.

    “As with malware that affects traditional computing devices, the level of sophistication of the polymorphism used can affect how easy or difficult the threat is to detect,” said Vikram Thakur, the principal security response manager at Symantec. “More complicated polymorphism requires more intelligent countermeasures.”

    Reply
  3. Tomi says:

    http://www.tietoviikko.fi/kaikki_uutiset/tietoturvallisuusmies+quothaktivismi+on+ajan+ilmio++on+hyvaksyttava+etta+ikavia+asioita+tapahtuuquot/a771770?s=r&wtm=tietoviikko/-06022012&

    Information Security Guy: “Hacktivism is the time phenomenon – have to accept that bad things happen”

    “It is accepted that bad things happen. Company must be able to identify the problem quickly, to limit its effects, fix it and find out the extent of the damage as quickly as possible,” security consultancy specializing in Nixu advisory services unit leader Jari Jay says.

    Nixu anticipate haktivismin of political and ideological reasons of security attacks to continue for at least last year. Trend is expected to cause headaches for companies.

    “Hacktivismi is a time phenomenon, which will accelerate and grow.

    In most companies have accepted that the long partner threads of that the time and place independent of the availability of the entire IT environment of difficulty mean that the company never fully secure.

    Reply
  4. Tomi Engdahl says:

    Anonymous May Have Completely Destroyed This Military Law Firm
    http://gizmodo.com/5882717/anonymous-may-have-completely-destroyed-military-law-firm

    Anonymous’ gutting of Puckett & Faraj, the firm that defended the Marines behind the Haditha Killing, might have been more than a major embarrassment. The hack attack might have killed the group entirely.

    “Not sure how this will affect the business of the firm going forward,” says namesake attorney Neal Puckett, “but for now, we’re not able to do any business.”

    “This may completely destroy the Law Firm,” laments Marcy Atwood, the Pucket & Faraj’s business manager.

    Reply
  5. Tomi Engdahl says:

    Facebook’s ‘man in the middle’ attack on our data
    Is Facebook secretly using your data for nefarious purposes? Privacy advocate Eben Moglen says yes.
    http://www.itworld.com/it-managementstrategy/247344/facebooks-man-middle-attack-our-data

    Moglen likens Facebook to a hacker who launches a “man in the middle” (MITM) attack — intercepting an apparently private communication between two parties and using that information for his own nefarious purposes.

    The fact is, anybody can add your name to a photo on Facebook and there’s nothing you can do about it. All you can do is keep these pictures off your own personal timeline and tell Facebook to not “suggest” that your friends tag you when it recognizes your mugshot.

    Read also discussion at
    Moglen: Facebook Is a Man-In-The-Middle Attack
    http://yro.slashdot.org/story/12/02/06/1828231/moglen-facebook-is-a-man-in-the-middle-attack

    Moglen is absolutely correct and I am very impressed by this great analogy: Facebook (and some other “social” media) is a man-in-the-middle attack; it’s just not a technical hack but a social hack. Best 20 second explanation ever.
    Google might very well join them soon – if they use profiling on gmail conversations.

    It amazes me that people think Moglen is overstating the case. He is not. Let’s forget the datamining for commerce. Let’s just think about what a simple post on a social network can do with ones life

    Sorry, but I attended an FBI presentation last week, and the SA told us point-blank that Facebook was the greatest investigative aid ever. It used to take a warrant and months of hard work to figure out who someone was, what they did, who they hung out with, what kinds of things they talk about over drinks, and who supplies the dope to the party. Now it’s a browser away and they don’t even need a warrant.

    Reply
  6. Tomi Engdahl says:

    Hackers wanted $50,000 to keep Symantec source code private
    http://news.cnet.com/8301-1009_3-57372308-83/hackers-wanted-$50000-to-keep-symantec-source-code-private/

    An e-mail exchange revealing the extortion attempt posted to Pastebin today shows a purported Symantec employee named Sam Thomas negotiating payment with an individual named “Yamatough” to prevent the release of PCAnywhere and Norton Antivirus code.

    “We will pay you $50,000.00 USD total,” Thomas said in an e-mail dated Thursday. “However, we need assurances that you are not going to release the code after payment.

    A Symantec representative confirmed for CNET the extortion attempt in this statement: In January an individual claiming to be part of the ‘Anonymous’ group attempted to extort a payment from Symantec in exchange for not publicly posting stolen Symantec source code they claimed to have in their possession.

    Symantec instructed its PCAnywhere users in late January to disable the product until the company could issue a software update to protect them against attacks that could result from the theft of the product’s source code.

    Reply
  7. Tomi Engdahl says:

    Avast! Mobile Security
    http://www.reghardware.com/2012/02/07/app_of_the_week_android_avast/

    The security or lack thereof of the Android platform – real or imagined – is a common topic of conversation at the moment so it seems like a good time to take a look for a comprehensive security app. My preferred choice is Avast!.

    Avast! for Android is free and carries no advertising, making it perfect for anyone who is just a little worried about mobile security but thinks that it could be a case of a lot of smoke but very little fire.

    Reply
  8. Tomi Engdahl says:

    Anonymous releases Symantec code
    http://www.theinquirer.net/inquirer/news/2144387/anonymous-releases-symantec-code

    The group has danced with Symantec for some time, but now that dance is over. A tweet from the @AnonymousIRC account links to Pirate Bay and Pastebin releases.

    The Bittorrent link takes users to a download of PCanywhere source code

    Symantec’s official line is that no customer data is affected and that it has fixed any vulnerabilities that its code might have.

    Reply
  9. Tomi Engdahl says:

    Cyber attacks are named in top five global risks
    http://www.theinquirer.net/inquirer/news/2137275/cyber-attacks-named-global-risks

    A REPORT put out by the World Economic Forum rates cyber attacks as the fourth most likely risk to occur over the next 10 years.

    “With over five billion mobile phones coupled with internet connectivity and cloud-based applications, daily life is more vulnerable to cyber threats and digital disruptions,” said the report.

    The report said, “Companies are increasingly aware of cyber threats but are not necessarily sure how to address them.”

    Reply
  10. Tomi Engdahl says:

    ‘Nothing is certain. Nothing is secure,

    Reply
  11. Tomi Engdahl says:

    Hackers spunk ‘pcAnywhere source’ after negotiation breakdown
    ‘Fed posing as Symantec worker’ offered $50k to activists
    http://www.theregister.co.uk/2012/02/07/pcanywhere_shenanigans/

    Hacktivists affiliated with Anonymous uploaded what they claim is the source code of Symantec’s pcAnywhere software early on Tuesday, following the breakdown of negotiations between the hacking group and “a federal agent posing as a Symantec employee”.

    Symantec has confirmed that a dialogue had taken place between the hacktivists and “a law enforcement official”, saying it had turned the case over to the Feds as soon as the hackers had contacted it.

    A search on torrent sites suggests that only the code for pcAnywhere and Norton Antivirus has been released. Whether the code released is the genuine deal remains unconfirmed.

    PCAnywhere and Norton Antivirus totaling 2350MB in size (rar)

    Symantec was not immediately able to confirm whether the source code torrent was genuine.

    Reply
  12. Tomi Engdahl says:

    Hacker releases Symantec source code
    http://www.reuters.com/article/2012/02/07/us-symantec-hackers-idUSTRE8160KB20120207

    A hacker released the source code for antivirus firm Symantec’s pcAnywhere utility on Tuesday, raising fears that others could find security holes in the product and attempt takeovers of customer computers.

    Symantec also expects hackers to release other source code in their possession, 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security.

    Reply
  13. Tomi Engdahl says:

    Move over cybercrims, DDoS now protesters’ weapon of choice
    http://www.theregister.co.uk/2012/02/08/ddos_attack_trends/

    Ideological hacktivism has replaced cybercrime as the main motivatation behind DDoS attacks, according to a study by Arbor Networks.

    Up until last year, DDoS attacks were typically financially driven – either for reasons of competition or outright extortion – but the activities of Anonymous and related groups have changed that. The plethora of readily available DDoS attack tools (such as LOIC, a sometime favourite of Anonymous) means that anyone can launch an attack and any business could potentially be targeted.

    Arbor, which specialises in supplying DDoS mitigation and traffic management tools to telcos and ISPs, describes the rise of hacktivism as a “sea-change in the threat landscape”.

    The single largest reported DDoS attack during the survey period hit 60 Gbps,

    Around half of respondents reported application-layer attacks on their networks. More than 40 per cent of network operators quizzed by Arbor reported an inline firewall and/or IPS failing due to a DDoS attack.

    For the first time, a respondent to Arbor’s survey observed a native IPv6 DDoS attack on their network.

    “Based on fourth quarter statistics, Prolexic predicts that 2012 will feature DDoS attacks that will be shorter in duration, but much more devastating in terms of packet-per-second volume,”

    Reply
  14. Tomi Engdahl says:

    Home webcams’ security vulnerability leads to public viewing
    http://www.theinquirer.net/inquirer/news/2144598/home-webcams-security-vulnerability-leads-public-viewing

    HOME SECURITY webcam firm Trendnet is struggling to fix an error that allowed anyone on the internet to view live footage without a password.

    According to the BBC, internet addresses linking to the video streams have been posted to message board web sites

    Trendnet security cam flaw exposes video feeds on net
    http://www.bbc.co.uk/news/technology-16919664

    Feeds from thousands of Trendnet home security cameras have been breached, allowing any web user to access live footage without needing a password.

    US-based Trendnet says it is in the process of releasing updates to correct a coding error introduced in 2010.

    Tech news website The Verge first publicised the issue last week after discovering a blog which had published details of the vulnerability on 10 January.

    The author discovered that after setting up one of the cameras with a password, its video stream became accessible to anyone who typed in the correct net address.

    The firm – whose slogan is “networks that people trust” – said it had halted shipments of affected products to retailers

    TRENDnet IP Camera Vulnerability
    TRENDnet (2/7/2012)
    http://www.trendnet.com/press/view.asp?id=1958

    However, we recently became aware of a vulnerability with several TRENDnet SecurView IP cameras purchased since April 2010.
    TRENDnet SecurView Cameras bought between April of 2010 to the present may have a firmware vulnerability.

    Reply
  15. Tomi Engdahl says:

    Keep in mind good passwords:

    Anonymous Hacks Syrian President’s Email. The Password: 12345
    http://mashable.com/2012/02/07/anonymous-assad-email-password/

    Syrian President Bashar al-Assad has been under fire from world leaders to step down this week. He’s also under fire from hacktivist group Anonymous, who leaked hundreds of his office’s emails on Monday.

    the passwords commonly used by Assad’s office accounts: 12345. The string of consecutive numbers is the second-weakest password according to a 2011 study.

    Reply
  16. Tomi Engdahl says:

    Facebook criticised for ‘hurting’ cybercrime investigation
    A major internet security firm has criticised Facebook for identifying the alleged members of the gang behind the Koobface worm, a piece of malicious software designed to hijack users’ computers.
    http://www.telegraph.co.uk/technology/facebook/9068166/Facebook-criticised-for-hurting-cybercrime-investigation.html

    In an unusual step, Facebook last month named six Russian men it said had been running the $2m scam against its members since for three years. It publicised photographs of the group and pinpointed their office in central St Petersburg.

    The anti-virus firm Kaspersky Lab criticised Facebook’s strategy at a cyber security conference.

    “Naming and shaming can stop companies like Facebook really dealing with things like Koobface,” he said.

    “I’m questioning whether these guys will ever get arrested now.”

    “If they [cyber criminals] don’t get caught before they quit they will probably never get caught.”

    Facebook’s Continued Fight Against Koobface
    https://www.facebook.com/notes/facebook-security/facebooks-continued-fight-against-koobface/10150474399670766

    Reply
  17. Tomi Engdahl says:

    Have your accounts been compromised? Find out.
    https://www.pwnedlist.com/

    PwnedList is a tool that allows an average person to check if their accounts have been compromised.

    Tool has developed a network security expert Alan Puzic in July last year. The list is now almost five million e-mail addresses that are suspected to have been a victim of a data breach.

    Just enter an email address or username associated with any of your accounts to see if it’s on our list.

    Don’t trust us? You can also use a SHA-512 hash of your email/username as input.

    Reply
  18. Tomi Engdahl says:

    secure your computer and surf fully #anonymous BLACK-HAT STYLE
    http://pastebin.com/sp6YAvGb

    This is a guide with which even a total noob can get high class security for his system and complete anonymity online. But its not only for noobs, it contains a lot of tips most people will find pretty helpfull. It is explained so detailed even the biggest noobs can do it

    Reply
  19. Tomi Engdahl says:

    F-Secure is seeking a cloud
    Information security is no longer enough
    http://www.3t.fi/artikkeli/uutiset/teknologia/tietoturva_ei_enaa_riita

    Traditional security changes when software security is getting better and better. This will force the F-Secure’s new look for the future growth of cloud services

    Security Business is changing, when the operating system security is improved.

    For more than ten years of Windows XP operating system has been making a lot of money for Security Software companies.

    Security software purchase as shop packed software has ended in many countries. As much as 61 percent of sales is through telecommunications operators.

    Reply
  20. Tomi Engdahl says:

    The dark side of the cloud
    http://www.cloudpro.co.uk/cloud-essentials/cloud-security/2791/dark-side-cloud?page=0,0

    As cloud-borne threats grow, anti-malware companies look to the cloud for solutions.

    “If you’re sharing information via the cloud it is bound to be a vector for infection,” claimed Leon Ward, a field marketing manager at Sourcefire – the anti-malware company responsible for study.

    “Cybercriminals use exactly the same tools as legitimate businesses, and are becoming more proficient,” added Michael de Crespigny, CEO of the Information Security Forum (ISF). And with allegations rife that hackers based in China, Russia and elsewhere are state-sponsored, he reminded us “Government espionage units have the same access to those tools” as well.

    “Nobody can stop 100 per cent of threats, it is just not possible,” he said.

    “90 per cent of malware comes through spam – that’s anything that requires a click on any vector,” he claimed. “Anything else is a technical problem.”

    “Maybe instead of talking about 100 per cent protection, we should accept that eventually something will break, and talk about how to make things harder for the attacker and minimise the risk.”

    “Internet technologies were designed for an ideal world and a trusted environment,” he said. “You have to design things for the real world – for example Windows 8 will allow security checks during application installation, which adds mitigation opportunities.”

    “Internet technologies were designed for an ideal world and a trusted environment,” he said. “You have to design things for the real world – for example Windows 8 will allow security checks during application installation, which adds mitigation opportunities.”

    “Cyber resilience is more than just incident response. It’s a business issue, not an IT issue, and it’s having a very strong organisation that responds not just technically but also in respect of customers, shareholders and so on, and it’s about responding faster.”

    “They need to be aware of what is being done online in order to be aware of the possible consequences.”

    Looking forward, Royal Holloway’s Cavallaro warned the versatility and mobility of the cloud will make these assessments ever more complex.

    “Mobile and cloud malware will be hot,” he said,

    Reply
  21. Tomi Engdahl says:

    It seem that even big intelligence agencies are not safe from hacktivism:

    ‘Anonymous’ Knocks CIA Site Offline
    http://techland.time.com/2012/02/10/anonymous-knocks-cia-site-offline/?iid=tl-article-latest

    Hacking group Anonymous has apparently claimed credit for knocking the Central Intelligence Agency’s website offline.

    The group also recently intercepted a conference call between the FBI and Scotland Yard, which entailed cybercrime investigators discussing Anonymous’ activities.

    Anonymous has recently claimed takedowns of sites belonging to the Boston Police Department, the FBI, the DOJ, the U.S. Copyright Office and two of Brazil’s largest banks.

    Reply
  22. Tomi Engdahl says:

    Israel tops cyber-readiness poll but China lags behind
    http://www.bbc.co.uk/news/technology-16787509

    Israel, Finland and Sweden are seen as leading the way in “cyber-readiness”, according to a major new security report.

    The McAfee-backed cyberdefence survey deemed China, Brazil and Mexico as being among the least able to defend themselves against emerging attacks.

    Reply
  23. Tomi Engdahl says:

    Traveling Light in a Time of Digital Thievery
    http://www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html?_r=1&pagewanted=all

    When Kenneth G. Lieberthal, a China expert at the Brookings Institution, travels to that country, he follows a routine that seems straight from a spy film.

    He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns.

    In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely.

    He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”

    “If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,” said Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence.

    Both China and Russia prohibit travelers from entering the country with encrypted devices unless they have government permission

    McAfee, the security company, said that if any employee’s device was inspected at the Chinese border, it could never be plugged into McAfee’s network again. Ever. “We just wouldn’t take the risk,” said Simon Hunt, a vice president.

    In the meantime, companies are leaking critical information, often without realizing it.

    Reply
  24. Tomi Engdahl says:

    Best Practice: Travel Light To China
    http://it.slashdot.org/story/12/02/13/0158207/best-practice-travel-light-to-china

    What may once have sounded like the behavior of a raving paranoid is now considered standard operating procedure for officials at American government agencies, research groups and companies as the NY Times reports how businesses sending representatives to China give them a loaner laptop and cellphone that they wipe clean before they leave and wipe again when they return.

    ‘Everybody knows that if you are doing business in China, in the 21st century, you don’t bring anything with you,’ says Jacob Olcott, a cybersecurity expert at Good Harbor Consulting. ‘That’s “Business 101″ — at least it should be.’”

    Reply
  25. Tomi Engdahl says:

    Trustwave 2012 Global Security Report
    https://www.trustwave.com/global-security-report

    For the second year, the food & beverage industry made up the highest percentage of investigations at nearly 44%.

    Industries with franchise models are the new cyber targets: more than a third of 2011 investigations occurred in a franchise business.

    Data harvesting techniques continued to target data “in-transit” within victim environments as was seen in 62.5% of 2011 investigations.

    The most common password used by global businesses is “Password1″ because it satisfies the default Microsoft Active Directory complexity setting.

    Reply
  26. Tomi Engdahl says:

    Chinese Hackers Had Unfettered Access To Nortel Networks For a Decade
    http://it.slashdot.org/story/12/02/14/1947254/chinese-hackers-had-unfettered-access-to-nortel-networks-for-a-decade

    Brian Shields, a former Nortel employee who launched an internal investigation of the attacks, the Wall Street Journal reports [from behind a paywall]
    … Over the years, the hackers downloaded business plans, research and development reports, employee emails and other documents.

    Nortel hit by suspected Chinese cyberattacks for a decade
    http://www.cbc.ca/news/business/story/2012/02/14/nortel-chinese-hackers.html

    Hackers based in China enjoyed widespread access to Nortel’s computer network for nearly a decade, according to a report.

    The hackers – who appeared to be based in China – had unfettered access to the former telecommunications giant as far back as 2000, according to Brian Shields, a former Nortel employee who launched an internal investigation of the attacks, the Wall Street Journal reports.

    They “had access to everything”, Shields told the Journal. “They had plenty of time. All they had to do was figure out what they wanted.”

    According to the internal report, Nortel “did nothing from a security standpoint” about the attacks.

    China has rejected allegations of cyberspying

    According to Shields, Nortel discovered the hacking in 2004, and the company’s silence put acquiring companies at risk.

    Nortel, currently selling off assets as part of a 2009 bankruptcy filing, failed to disclose the attacks to potential buyers of its patents and business units, according to the Journal.

    Reply
  27. Tomi Engdahl says:

    Unauthorized iOS Apps Leak Private Data Less Than Approved Ones
    http://apple.slashdot.org/story/12/02/15/0036242/unauthorized-ios-apps-leak-private-data-less-than-approved-ones

    In the wake of news that the iPhone app Path uploads users’ entire contact lists without permission, Forbes dug up a study from a group of researchers at the University of California at Santa Barbara and the International Security Systems Lab that aimed to analyze how and where iPhone apps transmit users’ private data.

    one in five of the free apps in Apple’s app store upload private data back to the apps’ creators that could potentially identify users

    programs in Cydia, the most popular platform for unauthorized apps that run only on ‘jailbroken’ iPhones, tend to leak private data far less frequently than Apple’s approved apps.

    Your address book is mine: Many iPhone apps take your data
    http://venturebeat.com/2012/02/14/iphone-address-book/

    Path got caught red-handed uploading users’ address books to its servers and had to apologize. But the relatively obscure journaling app is not alone. In fact, Path was crucified for a practice that has become an unspoken industry standard.

    Facebook, Twitter, Instagram, Foursquare, Foodspotting, Yelp, and Gowalla are among a smattering of iOS applications that have been sending the actual names, email addresses and/or phone numbers from your device’s internal address book to their servers, VentureBeat has learned. Several do so without first asking permission, and Instagram and Foursquare only added permissions prompts after the Path flare-up.

    iOS apps and the address book: who has your data, and how they’re getting it
    http://www.theverge.com/2012/2/14/2798008/ios-apps-and-the-address-book-what-you-need-to-know

    Stated simply: any iOS app has complete access to a large amount of data stored on your iPhone, including your address book and calendar. Any iOS app can, without asking for your permission, upload all of the information stored in your address book to its servers. From there, the app developer can either use it to help find your friends, store it in perpetuity, or do any number of other things with it.

    The way to tell if an app is uploading any data to a server is simply to watch all the outgoing data that it is sending

    In almost all of the cases we tested, that data was fairly-well encrypted as it connected via a secure HTTPS connection instead of an insecure HTTP connection. Also, in most cases, data was submitted via a “post” command, though in some cases data was submitted via a “get” command, which is roughly equivalent to typing a URL into a browser.

    The policy fix failed, it’s time for a technical one

    Apple is the company that most obviously attempts to curate its app selection in order to protect users. In fact, Apple’s own App Store Guidlines have explicitly forbidden this type of behavior since 2010

    However, even Apple cannot fully vet every single app for all the information it uploads, as has been demonstrably proven by Path, Hipster, Foursquare, and quite possibly others. The App Store policy is not a scalable solution

    The proper technical solution is for iOS to limit access to the contacts database for all apps, so that an app must ask the user for explicit permission to access it. Apple already does this for location information.

    Reply
  28. Tomi Engdahl says:

    99.8% Security For Real-World Public Keys
    http://it.slashdot.org/story/12/02/14/2322213/998-security-for-real-world-public-keys

    If you grab all the public keys you can find on the net, then you might expect to uncover a few duds — but would you believe that 2 out of every 1000 RSA keys is bad? This is one of the interesting findings in the paper ‘Ron was wrong, Whit is right’

    Security researcher Dan Kaminsky has commented on the paper, saying that while the survey work itself is good, it doesn’t necessarily support the paper’s thesis. He writes, “On the most basic level, risk in cryptography is utterly dominated, not by cipher selection, but by key management. The study found 12,720 public keys. It also found approximately 2.94 million expired certificates. And while the study didn’t discuss the number of certificates that had no reason to be trusted in the first place (being self signed), it did find 5.4M PGP keys. It does not matter the strength of your public key if nobody knows to demand it.”

    Reply
  29. Tomi Engdahl says:

    Magic Quadrant for Enterprise Network Firewalls
    http://www.renaissance.co.nz/sites/default/files/investor-news/gartner-magic-quadrant-2011.pdf

    The enterprise network firewall market is undergoing a period dynamic
    evolution, as effective next-generation firewalls are now increasingly
    necessary. Vendors that have addressed advanced targeted threats have
    seen gains in the market.

    The enterprise firewall market is one of the largest and most mature security markets. It is populated with both mature vendors and some more recent entrants. Changes in threats, as well as increased enterprise demand for mobility, virtualization and use of the cloud, have increased demand for new firewall features and capabilities.

    Firewalls long ago became a “check the box” requirement in most
    compliance regimes for securing trust boundaries. Throughout the years, firewalls have continued to evolve to add deeper and more flexible inspection and enforcement capabilities as threats advanced, and to run at faster and faster throughput rates as network speeds increased.

    Skepticism about next-generation firewalls is finally ending according to the new Gartner firewall Magic Quadrant. Now as enterprises implement the new technology

    Reply
  30. Tomi Engdahl says:

    Senate cybersecurity bill leaves Internet alone, exempts tech companies from oversight
    http://arstechnica.com/tech-policy/news/2012/02/senate-cybersecurity-bill.ars

    The Senate Homeland Security Committee has introduced the broad cybersecurity legislation promised late last year by Senate majority leader Harry Reid (D-NV). But contrary to the fears of many—or perhaps because of them—the bill’s scope is tightly restrained, excluding the vast majority of commercial systems and Internet infrastructure itself from coverage.

    The bill still does give DHS a broad new set of powers and responsibilities over industries that fall under the header of “critical”: those with infrastructure that, if attacked, could interrupt critical services, damage the economy, or threaten national security.

    But the bill would also allow critical infrastructure companies to figure out how to best meet DHS’s security standards and to “self-certify” their compliance annually. And the bill gives organizations a protection from litigation, protecting them from punitive damages for outages or incidents triggered by a cyber-attack if they are deemed to have met DHS’s standards.

    Reply
  31. Tomi Engdahl says:

    Whistleblower: Decade-long Nortel hack ‘traced to China’
    They had access to everything
    http://www.theregister.co.uk/2012/02/15/nortel_breach/

    Nortel went bankrupt three years ago, back in 2009. It allegedly failed to disclose the breach on its network to prospective buyers of its assets around the time it went under.

    “Organisations need to ensure they have the proper tools at the perimeter and within their networks, and aggressive monitoring to detect outbound traffic and suspicious activity in the event of a breach. The Aurora attacks, the RSA breach and others demonstrate that Fortune 500 companies and other large enterprises are under constant threat from nation states such as China seeking shortcuts to technological advances.”

    The prevalence of breaches is likely to prompt tougher rules on breach disclosure, according to Roiter.

    “Perhaps more disturbing, if the report is accurate, is the failure of Nortel to respond when the breach was discovered, and, less surprisingly, their failure to disclose it. Perhaps the danger was less clear eight years ago than it is now, but the continued failure of what was viewed as an innovative and sophisticated IT company to appreciate and address the risk is puzzling. We expect that the new SEC guidelines will result in more disclosures, such as the recent revelation of the VeriSign breach in 2010, and that companies will be more up front about these events for the sake of the business community at large.”

    Reply
  32. Tomi Engdahl says:

    Report: Nortel Breached by Hackers for Almost 10 Years
    http://www.pcmag.com/article2/0,2817,2400242,00.asp

    The hack was carried out via seven stolen passwords that belonged to Nortel executives, the Journal said. Evidence suggests that the attacks originated in China and started in 2000. The cyberscammers managed to access “technical papers, research-and-development reports, business plans, employee emails and other documents,” thanks to installed spyware.

    The Journal was made aware of the intrusions by Brian Shields, a former Nortel employee who led the investigation into the hacks.

    Sophos analyst Graham Cluley warned not to immediately point the finger at China, an easy target.

    “It’s very hard to prove a Chinese involvement. Yes, the data might have been transmitted to an IP address based in Shanghai, but it is possible that a computer in Shanghai has been compromised by.. say.. a remote hacker in Belgium,” he wrote. “It’s all too easy to point a finger, but it’s dangerous to keep doing so without proof.”

    Reply
  33. Tomi Engdahl says:

    Apple: App Access to Contact Data Will Require Explicit User Permission
    http://allthingsd.com/20120215/apple-app-access-to-contact-data-will-require-explicit-user-permission/

    After a week of silence, Apple has finally responded to reports that dozens of iOS applications have been accessing, transmitting and storing user contact data without explicit permission.

    Apple has faced growing criticism that it has given iOS developers far too much access to address book information without requiring a user prompt.

    Today, the company agreed with that assessment, and said that soon, apps that use address book data will require explicit user permission to do so.

    “Apps that collect or transmit a user’s contact data without their prior permission are in violation of our guidelines*,” Apple spokesman Tom Neumayr told AllThingsD.

    Apple has faced growing criticism that it has given iOS developers far too much access to address book information without requiring a user prompt.

    Today, the company agreed with that assessment, and said that soon, apps that use address book data will require explicit user permission to do so.

    So Apple has done the right thing, arguably something it should have done long ago: Assure users that no app can read their contact data without their permission.

    Reply
  34. Tomi Engdahl says:

    http://www.tietokone.fi/uutiset/varo_suomalaisista_digi_tv_laitteista_loydetty_tuholaisia

    CERT-FI, says that the Finns equipment contamination is detected the malware generated network traffic. Authority will evaluate the infestation of a few dozen.

    A television apparatus involved in criminal attacks

    An attacker may order the unit to take part in, for example, denial of service attack. The devices can also be the victim of some of the Internet to scan ranges of IP addresses to find new victims.

    http://www.cert.fi/tietoturvanyt/2011/12/ttn201112121551.html

    And viruses do not have a computer problem. Became aware of cases in which the digital set top boxes are scanned through a systematic web-addresses for receipt of malware infection.

    Most of the new digital tuners, televisions and other consumer electronics devices can be connected to the Internet, in which case they can be used for various network services, and the device can also upgrade to the server directly from the manufacturer. Devices typically include a stripped version of the Linux operating system, onto which the device functions to manage the software has been implemented.

    The sheer home router to address translation (NAT) to improve the situation significantly, if the entertainment devices are the so-called home network “private addresses”, which are not routed over the Internet.

    The device of malware detection is difficult and can really only by analyzing network traffic. If your Internet provider appears on the home interface’s IP address on the future from malicious traffic, you should also take into account the possibility that there is some other device to your computer.

    If you suspect malware infection, you should first check your firewall or router settings, and then turn the power off for a moment the suspicious device.

    Reply
  35. Tomi Engdahl says:

    ‘Predictably random’ public keys can be cracked – crypto boffins
    Battling researchers argue over whether you should panic
    http://www.theregister.co.uk/2012/02/16/crypto_security/

    Cryptography researchers have discovered flaws in the key generation that underpins the security of important cryptography protocols, including SSL.

    Two teams of researchers working on the problem have identified the same weak key-generation problems. However, the two teams differ in their assessment of how widespread the problem is – and crucially which systems are affected.

    EFF group: It could lead to server-impersonation attacks

    An audit of the public keys used to protect HTTPS connections, based on digital certificate data from the Electronic Frontier Foundation’s SSL Observatory project, found that tens of thousands of cryptography keys offer “effectively no security” due to weak random-number generation algorithms.

    Poor random-number generation algorithms led to shared prime factors in key generation. As a result, keys generated using the RSA 1024-bit modulus, the worst affected scheme, were only 99.8 per cent secure.

    Michigan group: It just affects embedded devices

    Another set of security researchers working on the same problem were able to remotely compromise a higher percentage: about 0.4 per cent of all the public keys used for SSL web site security. They said: “The keys we were able to compromise were generated incorrectly – using predictable ‘random’ numbers that were sometimes repeated.”

    There’s no need to panic as this problem mainly affects various kinds of embedded devices such as routers and VPN devices, not full-blown web servers.

    4.1% of the SSL keys in our dataset, were generated with poor entropy.

    Reply
  36. Tomi Engdahl says:

    Google’s iPhone Tracking
    Web Giant, Others Bypassed Apple Browser Settings for Guarding Privacy
    http://online.wsj.com/article_email/SB10001424052970204880404577225380456599176-lMyQjAxMTAyMDEwNjExNDYyWj.html

    Google Inc. and other advertising companies have been bypassing the privacy settings of millions of people using Apple Inc.’s Web browser on their iPhones and computers—tracking the Web-browsing habits of people who intended for that kind of monitoring to be blocked.

    The companies used special computer code that tricks Apple’s Safari Web-browsing software into letting them monitor many users

    A Sad State of Internet Affairs: The Journal on Google, Apple, and “Privacy”
    http://battellemedia.com/archives/2012/02/a-sad-state-of-internet-affairs-the-journal-on-google-apple-and-privacy.php

    Now, the headline certainly is attention-grabbing, but the news alert email had a more sinister headline: “Google Circumvented Web-Privacy Safeguards.”

    Wow! What’s going on here?

    Turns out, no one looks good in this story, but certainly the Journal feels like they’ve got Google in a “gotcha” moment. As usual, I think there’s a lot more to the story

    Now, from what I can tell, the first part of that story is true – Google and many others have figured out ways to get around Apple’s default settings on Safari in iOS – the only browser that comes with iOS, a browser that, in my experience, has never asked me what kind of privacy settings I wanted, nor did it ask if I wanted to share my data with anyone else (I do, it turns out, for any number of perfectly good reasons). Apple assumes that I agree with Apple’s point of view on “privacy,” which, I must say, is ridiculous on its face, because the idea of a large corporation (Apple is the largest, in fact) determining in advance what I might want to do with my data is pretty much the opposite of “privacy.”

    But to the point, Google circumvented Safari’s default settings by using some trickery described in this WSJ blog post, which reports the main reason Google did what it did was so that it could know if a user was a Google+ member, and if so (or even if not so), it could show that user Google+ enhanced ads via AdSense.

    In short, Apple’s mobile version of Safari broke with common web practice, and as a result, it broke Google’s normal approach to engaging with consumers. Was Google’s “normal approach” wrong?

    Since this story has broken, Google has discontinued its practice, making it look even worse, of course.

    In this case, what Google and others have done sure sounds wrong – if you’ve going to resort to tricking a browser into offering up information designated by default as private, you need to somehow message the user and explain what’s going on. Then again, in the open web, you don’t have to – most browsers let you set cookies by default.

    t’s one more example of the sad state of the Internet given the war between the Internet Big Five. And it’s only going to get worse, before, I hope, it gets better again.

    How Google Tracked Safari Users
    http://blogs.wsj.com/digits/2012/02/16/how-google-tracked-safari-users/

    How have they been able to do it? Well, first they made Safari think the user was submitting an invisible form associated with the ad.

    That technique allowed the companies to then place a “cookie”

    By default, Apple’s Safari browser accepts cookies only from sites that a user visits;

    Google disabled its code after being contacted by The Wall Street Journal.

    Microsoft blasts Google over iPhone browser tracking, pushes IE9 while it’s at it
    http://thenextweb.com/microsoft/2012/02/17/microsoft-blasts-google-over-iphone-browser-tracking-pushes-ie9-while-its-at-it/

    With Google acknowledging that it utilised features in its services to bypass Apple’s built-in security measures in its Safari mobile browser to track users, Microsoft has taken the opportunity to join the debate, condemning the search giant and using it as a platform to tout the security of its own browser, Internet Explorer 9.

    Remarking that Google’s tracking practices are “not new”, Microsoft’s blog post entitled ‘Browse Without Being Browsed’ accuses the company of circumventing the privacy protections in Apple’s mobile browser “in a deliberate, and ultimately, successful fashion.”

    Microsoft then proceeds to list how its Internet Explorer 9 browser has some of the “strongest privacy protection in the industry,” highlighting its Tracking Protection feature and how it puts users in control of their actions online.

    Browse Without Being Browsed
    http://windowsteamblog.com/ie/b/ie/archive/2012/02/16/browse-without-being-browsed.aspx

    The Internet Big Five By Product Strength
    http://battellemedia.com/archives/2012/01/the-internet-big-five-by-product-strength.php

    Reply
  37. Tomi Engdahl says:

    In the Cloud, a Data Breach is Only As Bad As Your Contract
    http://www.cio.com/article/700343/In_the_Cloud_a_Data_Breach_is_Only_As_Bad_As_Your_Contract

    Loss of control is one of the main things that gives people pause when they think about putting their data in the cloud. We’ve all seen how painful a data breach can be, and it can seem almost like asking for trouble to put your data in the hands of someone else. It’s hard enough to prepare for a breach when you’re in control. How do you do it when you put someone else in charge?

    Reply
  38. Tomi Engdahl says:

    Google Didn’t “Track” iPhones, But It Did Bypass Safari’s Privacy Settings
    http://marketingland.com/google-didnt-track-iphones-but-it-did-bypass-safaris-privacy-settings-6247

    The Wall Street Journal is out with a story about how Google has been “bypassing the privacy settings of millions of people” who use Apple’s Safari web browser, along with a headline about “Google’s iPhone tracking.” More accurately, Google’s been bypassing Safari’s default privacy settings that block certain types of cookies rather than overriding what people specifically set.

    As said, the Wall Street Journal found that Google, along with the ad networks of Vibrant Media, Media Innovation Group and PointRoll, were all getting around these blocks on third-party cookies.

    To do this, the companies were making it seem as if the person visiting a web site had filled out some type of form, even though no form was actually shown to the person.

    In Google’s case, the company said this was being done as a way to allow its +1 buttons on ads it distributes through its AdSense network to other sites to work within Safari.

    Google also pushed back fairly hard against the WSJ’s story, being quoted within it saying:
    The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

    But Privacy Settings Were Bypassed, And That’s Bad

    Reply
  39. Tomi Engdahl says:

    Leaky Cellphone Nets Can Give Attackers Your Location
    http://yro.slashdot.org/story/12/02/20/010216/leaky-cellphone-nets-can-give-attackers-your-location

    “GSM cellular networks leak enough location data to give third-parties secret access to cellphone users’ whereabouts, according to new University of Minnesota research. ‘We have shown that there is enough information leaking from the lower layers of the GSM communication stack to enable an attacker to perform location tests on a victim’s device.

    Attackers have all they need from leaky cellphone networks to track you down
    http://www.networkworld.com/news/2012/0217120-gsm-cellphone-privacy-leak-minnesota-256293.html

    GSM cellular networks leak enough location data to give third-parties secret access to cellphone users’ whereabouts, according to new University of Minnesota research.

    “We have shown that there is enough information leaking from the lower layers of the GSM communication stack to enable an attacker to perform location tests on a victim’s device. We have shown that those tests can be performed silently without a user being aware by aborting PSTN calls before they complete,” write the authors, from the College of Science and Engineering, in a paper titled “Location Leaks on the GSM Air Interface.”

    Location Leaks on the GSM Air Interface
    http://www-users.cs.umn.edu/~foo/research/docs/fookune_ndss_gsm.pdf

    Reply
  40. Tomi Engdahl says:

    Android Malware Grew 3,000 Percent in 2011: Report
    http://www.eweek.com/c/a/Security/Android-Malware-Grew-3000-Percent-in-2011-Report-575050/

    Mobile malware developers targeted Google’s Android more than any other mobile operating system in 2011. However, cyber-crooks also abused Apple’s iOS, RIM’s BlackBerry and Symbian.

    Malware that specifically targeted mobile operating systems increased in 2011 as smartphones became more popular with enterprise users, as well as consumers. These cyber-criminals also developed affection for the Google Android OS, which saw the biggest jump in malware during the past 12 months, according to a new report from Juniper Networks.

    Juniper Mobile Security Report 2011 – Unprecedented Mobile Threat Growth
    http://forums.juniper.net/t5/Security-Mobility-Now/Juniper-Mobile-Security-Report-2011-Unprecedented-Mobile-Threat/ba-p/129529

    Today, the Juniper Networks Mobile Threat Center (MTC) released its 2011 Mobile Threats Report, which shows evidence of a new level of maturity in security threats targeting mobile devices.

    In 2011, we saw unprecedented growth of mobile malware attacks with a 155 percent increase across all platforms. Most noteworthy was the dramatic growth in Android Malware from roughly 400 samples in June to over 13,000 samples by the end of 2011. This amounts to a cumulative increase of 3,325 percent. Notable in these findings is a significant number of malware samples obtained from third-party applications stores, which do not enjoy the benefit or protection from Google’s newly announced Android Market scanning techniques.

    Looking ahead, 2012 also promises to be a remarkable year for mobile device security, with the projected rapid increase in malware already being seen. Other notable trends include the targeting of online banking and financial transactions, browser-based exploits including drive-by downloads and the targeting of third-party applications installed on the device.

    You can find copy of the full report at http://www.juniper.net/us/en/security/

    Reply
  41. Tomi Engdahl says:

    Security Tool HijackThis Goes Open Source
    http://news.slashdot.org/story/12/02/19/1543245/security-tool-hijackthis-goes-open-source

    The popular free security tool HijackThis has been open sourced by its owner, Trend Micro. The tool scans systems to find settings that may have been modified by spyware, malware or other programs that have wiggled their way onto a system and caused problems. Downloaded over 10 million times, HijackThis generates reports to help users analyze and fix an infected or problem computer.

    Trend Micro Migrates Security Tool HijackThis to Open Source
    https://www.securityweek.com/trend-micro-migrates-security-tool-hijackthis-open-source

    Trend Micro today announced that is has open sourced the code to its popular free security tool, HijackThis. The tool scans systems to find settings that may have been modified by spyware, malware or other programs that have wiggled their way onto a system and caused problems.

    Cupertino, California based Trend Micro acquired the tool from creator Merijn Bellekom in 2007, and has offered it for free ever since, but now is making the code available to the public. The code, originally written in Visual Basic, is now officially available at Sourceforge at http://sourceforge.net/projects/hjt/

    Reply
  42. Tomi Engdahl says:

    Did the 2006 Symantec Breach Expose RSA’s SecurID?
    http://www.infosecisland.com/blogview/20137-Did-the-2006-Symantec-Breach-Expose-RSAs-SecurID.html

    This is an invitation for both Symantec and EMC to clarify whether or not any of the code contained in public leaks of Symantec source code has been remediated in order to protect current customers since I see it as a liability for EMC’s RSA division unless there’s a valid explanation for what I’ve discovered, and that I’m wrong about the potential impact.

    And given the RSA break in last year to obtain valid “keys” to use to infiltrate so many government and corporate systems using SecurID, I can’t help but wondering if this code was stolen back in 2006 or thereabouts, could this possibly be the reason why the attackers had such widespread success?

    Having the source code headers for the libbsafe library would certainly give them everything they’d need as long as they could gather enough keys to figure out the rest of the algorithm given the sources in my estimation.

    Reply
  43. Tomi Engdahl says:

    Gauging The Long-Term Effects Of RSA’s Breach
    http://www.darkreading.com/authentication/167901072/security/attacks-breaches/231903015/gauging-the-long-term-effects-of-rsa-s-breach.html

    Worries still linger of future attacks, but experts hope the event shook industry out of black-and-white security mentality

    To this day, RSA still won’t confirm what exactly was stolen from its systems, but speculation has run high that the token seeds were compromised in some way.

    “Since there’s no such thing as perfect security, it’s impossible to predict what could happen. Nevertheless, we worked proactively and openly with customers immediately after the attack in March and continue to do so,”

    “We still don’t know what we don’t know,” Moy says. “I think it’s hard to say without knowing how many of the tokens that RSA has replaced. There very well could be additional incidents out there. It’s hard to close the book on it because they haven’t really come forth with details.”

    As the attack on RSA shows, all of that information for every customer can prove a tantalizing target for hackers.

    “I think one of the things that this incident shows us is that a business model where an enterprise is trusting a third party to hold their seeds is potential very risky,” Moy says. “There’s a certain amount of risk that they have to calculate. If you’re a small organization or don’t have the resources to do it better in-house, you’re going to probably go that route. If you’re a large organization, you might want to look to other alternatives. There are other models where you don’t have to give your seeds to someone else.”

    Reply
  44. Tomi Engdahl says:

    How to Avoid One of the Biggest Email Hacking Threats
    http://www.entrepreneur.com/article/222788?cm_mmc=Market-_-Outbrain-_-NA-_-NA

    About one in every 300 emails in 2011 was a phish, according to security software maker RSA, a unit of EMC Corp.

    You might have heard of something called “spear phishing.” It’s an attempt to hack your computer or your accounts, or to con you out of money, by using an email message that’s tailored to you or your company.

    Spear phishing emails can be alarmingly effective.

    Use technology as the first line of defense.

    Teach employees how to spot these phishing emails.

    About 50 percent of people will fall for a reasonably good phish
    But they say employee education can whittle that number down to 10 percent or less.

    Training programs usually start with sending employees fake phishing messages. If they fall for the ruse, they are given immediate online training

    You also can encourage employees to use instant messaging and work together on documents using collaboration software, he says, making your company less reliant on unsecure email.

    Reply
  45. Tomi Engdahl says:

    More Sneaky Business From Google: It Bypasses Internet Explorer Privacy Settings, Too

    Google does not honor a default privacy setting in Microsoft’s Internet Explorer 9 Web browser, but instead uses a trick to get around it.

    Read more: http://www.businessinsider.com/more-sneaky-business-from-google-it-bypasses-internet-explorer-privacy-settings-too-2012-2?op=1#ixzz1mzo2rk2c


    Microsoft Accuses Google of Violating Internet Explorer’s Privacy Settings
    http://tech.slashdot.org/story/12/02/20/2127250/microsoft-accuses-google-of-violating-internet-explorers-privacy-settings

    Google Bypassing User Privacy Settings
    http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx

    When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: is Google circumventing the privacy preferences of Internet Explorer users too? We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.

    We’ve found that Google bypasses the P3P Privacy Protection feature in IE. The result is similar to the recent reports of Google’s circumvention of privacy protections in Apple’s Safari Web browser, even though the actual bypass mechanism Google uses is different.

    Not just Google: Facebook also bypasses privacy settings in IE
    http://www.zdnet.com/blog/facebook/not-just-google-facebook-also-bypasses-privacy-settings-in-ie/9302

    Summary: Google isn’t the only one bypassing Microsoft Internet Explorer’s privacy settings: Facebook does it too, as do tens of thousands of other companies. So, who is to blame?

    Google responds to Microsoft over privacy issues, calls IE’s cookie policy ‘widely non-operational’
    http://www.theverge.com/2012/2/20/2813225/google-responds-microsoft-internet-explorer-privacy-bypass

    Earlier today, Microsoft accused Google of manipulating Internet Explorer’s default privacy restrictions in order to “bypass user preferences about cookies.” Google’s just responded with a lengthy rebuttal, arguing that Microsoft’s P3P cookie technology is “widely non-operational,” and that the issue has been around since 2002. The response also points to other offenders, citing a 2010 Carnegie Mellon research paper that says over 11,000 websites don’t use valid P3P policies.

    Google’s also specifically bringing Facebook and Amazon into the fracas, citing their similar use of the P3P bypass.

    Both Facebook and Google say that P3P doesn’t support their modern web services — Google says that “newer cookie-based features are broken by the Microsoft implementation in IE,” and Facebook’s policy states that “the P3P standard is now out of date and does not reflect technologies that are currently in use on the web.”

    Reply
  46. Tomi Engdahl says:

    Anonymous threatens to darken the entire Internet
    http://www.tietokone.fi/uutiset/anonymous_uhkaa_pimentaa_koko_internetin

    Activist group Anonymous threatening the entire Internet to “Operation Global Blackout” project. The network is a weak point at which the total internet can theoretically “black out”. Anonymous threatens to do so, March 31 day.

    Operation Global Blackout
    http://pastebin.com/NKbnh8q8

    “To protest SOPA, Wallstreet, our irresponsible leaders and the beloved
    bankers who are starving the world for their own selfish needs out of
    sheer sadistic fun, On March 31, anonymous will shut the Internet down.”
    “In order to shut the Internet down, one thing is to be done. Down the
    13 root DNS servers of the Internet.”
    “Reflective DNS Amplification DDoS tool to be used for
    this attack.”

    Anonymous threatens to DDOS root Internet servers
    The threat from the hacktivist group is unlikely to be successful, said an expert
    http://www.computerworld.com/s/article/9224404/Anonymous_threatens_to_DDOS_root_Internet_servers

    An upcoming campaign announced by the hacking group Anonymous directed against the Internet’s core address lookup system is unlikely to cause much damage, according to one security expert.

    “They might affect a few of the root DNS servers, but it’s unlikely they could take all of them down, at least for any period of time,” Graham wrote. “On the day of their planned Global Blackout, it’s doubtful many people would notice.”

    There are hundreds of other servers worldwide that hold the same data as the root servers, which increase the resiliency of DNS.

    Lastly, root DNS servers are closely watched.

    Reply
  47. Tomi Engdahl says:

    First IPv6 Distributed Denial of Service Internet attacks seen
    http://www.zdnet.com/blog/networking/first-ipv6-distributed-denial-of-service-internet-attacks-seen/2039

    Summary: You know IPv6 must finally be making it: The first IPv6 Distributed Denial of Service Internet attacks have been spotted in the wild.

    We could have expected this. Besides human nature, Arbor Network’s Worldwide Infrastructure Security Report had predicted IPv6 DDoS attacks. “This is a significant milestone in the arms race between attackers and defenders,” stated the report. “We believe that the scope and prevalence of IPv6 DDoS attacks will gradually increase over time as IPv6 is more widely deployed.” And, now, they’ve started.

    Reply
  48. Tomi Engdahl says:

    Alert on Hacker Power Play
    U.S. Official Signals Growing Concern Over Anonymous Group’s Capabilities
    http://online.wsj.com/article_email/SB10001424052970204059804577229390105521090-lMyQjAxMTAyMDIwMDEyNDAyWj.html

    The director of the National Security Agency has warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack.

    The group has never listed a power blackout as a goal, but some federal officials believe Anonymous is headed in a more disruptive direction. An attack on a network would be consistent with recent public claims and threats by the group.

    “The industry is engaged and stepping up widely to respond to emerging cyber threats,” said one electric-industry official. “There is a recognition that there are groups out there like Anonymous, and we are concerned, as are other sectors.”

    U.S. intelligence officials already have found what they say is evidence of Chinese and Russian cyberspies snooping in computer systems that run the electric grid

    “It’s a real threat,” said James Lewis, a cybersecurity specialist at the Center for Strategic and International Studies

    “Some hacker, next thing you know, could be into our electrical grid. We have to get after this.”

    Reply
  49. Tomi Engdahl says:

    Future Chrome Version May Choose Your Passwords, and Change Them When You’ve Been Hacked
    http://www.webmonkey.com/2012/02/future-chrome-version-may-choose-your-passwords-and-change-them-when-youve-been-hacked/

    Google’s Chrome development team is working on a system to automatically generate passwords, which would help users secure their online identities with passwords that would be diversified across different sites, and are randomized and thus harder to guess.

    Initial versions of the system would create passwords on an individual basis, at the user’s request. But Google’s development team states that “At some point in the future it might also be possible for us to automatically change all of a user’s passwords when we realize that their account is hijacked.”

    Chrome can already store passwords, a common feature in modern browsers, and it syncs them across computers, with the passwords encrypted in transit and at rest in Google data centers

    Reply
  50. Tomi Engdahl says:

    Anonymous denounces internet DNS attack
    Lights off for Op Global Blackout
    http://www.theinquirer.net/inquirer/news/2153951/anonymous-denounces-internet-dns-attack

    HACKING COLLECTIVE Anonymous is not behind a threat to attack main root servers in an attempt to knock the internet offline.

    Reports about the potential attack have been bubbling for some time now

    Anonymous has denied that it is behind the attack and the messages that support it.

    “GlobalBlackOut is another Fake Operation. No intention of #Anonymous to cut Internet,”

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*