Security trends for 2012

849 Comments

1. May 7, 2012 at 9:29 am

   Tomi Engdahl says:

   Apple security blunder exposes Lion login passwords in clear text
   http://www.zdnet.com/blog/security/apple-security-blunder-exposes-lion-login-passwords-in-clear-text/11963

   With the latest Lion security update, Mac OS X 10.7.3, Apple has accidentally turned on a debug log file outside of the encrypted area that stores the user’s password in clear text.

   An Apple programmer, apparently by accident, left a debug flag in the most recent version of the Mac OS X operating system. In specific configurations, applying OS X Lion update 10.7.3 turns on a system-wide debug log file that contains the login passwords of every user who has logged in since the update was applied. The passwords are stored in clear text.

   Anyone who used FileVault encryption on their Mac prior to Lion, upgraded to Lion, but kept the folders encrypted using the legacy version of FileVault is vulnerable.

   Since the log file is accessible outside of the encrypted area, anyone with administrator or root access can grab the user credentials for an encrypted home directory tree. They can also access the files by connecting the drive via FireWire. Having done that, they can then not only read the encrypted files that are meant to be hidden from prying eyes, but they can also access anything else meant to be protected by that user name and password.

   This leak of credentials could be catastrophic for businesses that have relied on the FileVault feature in Macs for years. FileVault is intended to protect sensitive information stored by providing an encrypted user home directory contained in an encrypted file system mounted on top of the user’s home directory.

   Reply
2. May 7, 2012 at 9:42 am

   Tomi Engdahl says:

   NASA, Air Force, Harvard, Military, ESA Hacked by Gray Hats ‘The Unknowns’
   http://digg.com/newsbar/topnews/nasa_air_force_harvard_military_esa_hacked_by_gray_hats_the_unknowns

   A new hacking collective called ‘The Unknowns’ breached 10 high-profile websites including NASA, the U.S. Air Force, Harvard University and the ESA before dumping proof on Pastebin. After the leaks and both NASA and ESA confirmed the hacks, the gray hat group released a message that the hackers were helping to improve the compromised sites’ security.

   The Unknowns, a new hacking groups that claims to be neither white hats nor black hats, have targeted, hacked and released over 200MB on the following list of victims: NASA’s Glen Research Center, US Air Force, the US Military’s Joint Pathology Center, Harvard University, the European Space Agency (ESA), the French Ministry of Defense, the Ministry of Defense in Bahrain, Renault, the Thai Royal Navy, and the Yellow Pages in Jordan.

   Reply
3. May 7, 2012 at 9:49 am

   Tomi Engdahl says:

   Everyone Has Been Hacked. Now What?
   http://www.wired.com/threatlevel/2012/05/everyone-hacked/all/1

   Then, last year, the myth of computer security was struck a fatal blow when intruders breached RSA Security, one of the world’s leading security companies that also hosts the annual RSA security conference, an august and massive confab for security vendors. The hackers stole data related to the company’s SecurID two-factor authentication systems, RSA’s flagship product that is used by millions of corporate and government workers to securely log into their computers.

   Independent security researcher Dan Kaminsky says he’s glad the security bubble has finally burst and that people are realizing that no network is immune from attack. That, he says, means the security industry and its customers can finally face the uncomfortable fact that what they’ve been doing for years isn’t working.

   “There’s been a deep conservatism around, ‘Do what everyone else is doing, whether or not it works.’ It’s not about surviving, it’s about claiming you did due diligence,” Kaminsky says. “That’s good if you’re trying to keep a job. It’s bad if you’re trying to solve a technical problem.”

   In reality, Kaminsky says, “No one knows how to make a secure network right now. There’s no obvious answer that we’re just not doing because we’re lazy.”

   Simply installing firewalls and intrusion detection systems and keeping anti-virus signatures up to date won’t cut it anymore — especially since most companies never know they’ve been hit until someone outside the firm tells them.

   “If someone walks up to you on the street and hits you with a lead pipe, you know you were hit in the head with a lead pipe,” Kaminsky says. “Computer security has none of that knowing you were hit in the head with a lead pipe.”

   So if hackers are everywhere and everyone has been hacked, what’s a company to do?

   Kaminsky says the advantage of the new state of affairs is that it opens the window for innovation. “The status quo is unacceptable. What do we do now? How do we change things? There really is room for innovation in defensive security. It’s not just the hackers that get to have all the fun.”

   “I don’t think we can win the battle,” Henry told Wired.com. “I think it’s going to be a constant battle, and it’s something we’re going to be in for a long time…. We have to manage the way we assess the risk and we have to change the way we do business on the network. That’s going to be a fundamental change that we’ve got to make in order for people to be better secure.”

   In most cases, the hacker will be a pedestrian intruder who is simply looking to harvest usernames and passwords, steal banking credentials or hijack computers for a botnet to send spam.

   “It comes down to balancing the risks, and companies need to assess how important is it for me to secure the data versus how important is it to continue doing my business or to be effective in my business,” he says. “We have to assume that the adversary is on the network and if we assume that they’re on the network, then that should change the way we decide what we put on the network and how we transmit it. Do we transmit it in the clear, do we transmit it encrypted, do we keep it resident on the network, do we move it off the network?”

   Bejtlich says that in addition to moving data off the network, the companies that have been most successful at dealing with intruders have redefined what’s trustworthy on their network and become vigilant about monitoring. He says there are some organizations who have been plagued by intruders for eight or nine years who have learned to live with them by investing in good detection systems.

   Other companies burn down their entire infrastructure and start from scratch, going dark for a week or so while they re-build their network, using virtualization tools that allow workers to conduct business while protecting the network core from attackers.

   Kaminsky advocates shrinking perimeters to limit damage.

   “Rather than one large server farm, you want to create small islands, as small as is operationally feasible,” he says. “When you shrink your perimeter you need to interact with people outside your perimeter and figure out how to do that securely” using encryption and authentication between systems that once communicated freely.

   “It changes the rules of the game,” he says. “You can’t trust that your developers’ machines aren’t compromised. You can’t trust that your support machines aren’t compromised.”

   He acknowledges, however, that this is an expensive solution and one that not everyone will be able to adopt.

   While all of these solutions are more work than simply making certain that every Windows system on a network has the latest patch, there’s at least some comfort in knowing that having a hacker in your network doesn’t have to mean it’s game over.

   “There have been organizations that this has been like an eight- or nine-year problem,” Bejtlich says. “They’re still in business. You don’t see their names in the newspaper all the time [for being hacked], and they’ve learned to live with it and to have incident detection and response as a continuous business process.”

   Reply
4. May 7, 2012 at 10:11 am

   Tomi Engdahl says:

   Is security becoming the next money flow service to telecom operators?

   In Finland telecom operator Elisa is already selling home security service
   http://www.elisa.fi/vahti/

   AT&T’s next business: Securing your home
   http://news.cnet.com/8301-12261_3-57428786/at-ts-next-business-securing-your-home/?part=rss&subj=news&tag=title

   The company has formed a new group that offers security monitoring services and the ability to remotely control your house using your phone.

   AT&T will finally make good on its promise to let consumers remotely control every facet of their home — from the thermostat to the door locks — through any smartphone, PC, or tablet.

   A day before the CTIA Wireless conference kicks off, AT&T said it would enter the home security and automation business in a big way. The company said it has formed a digital life services group to push these services, which will be available nationwide and work with any Internet connection.

   The creation of the group represents a completely new business for AT&T. Beyond offering Internet, phone, and television services to consumer, the company now wants to touch nearly every aspect of the home. The area plays into one of AT&T’s recent strengths and areas of focus: the use of non-conventional devices with a cellular or Internet connection.

   The home security and automation business is a burgeoning opportunity for a company looking for new sources of growth. It’s part of the broader push by carriers to expand into different businesses beyond traditional telephone or cell phone service, which have begun to show signs of maturing. AT&T isn’t the only one dabbling in this area; rival Verizon and the cable providers have also started offering similar services.

   “The home security market is the proverbial low hanging fruit as it has been a pretty stagnant market with little innovation over the years,” said Roger Entner, a consultant with Recon Analytics. “AT&T thinks they can shake things up.”

   “AT&T digital life will change the way people live, work and play — and meets a clear need in the market,” said Kevin Petersen, senior vice president of AT&T’s digital life busines

   AT&T plans to offer connected cameras, windows and door sensors, smoke, carbon monoxide, motion and glass-break sensors, door locks, thermostats, moisture detectors, and the ability to remotely turn off appliances. The devices are all hooked into the home’s broadband network, and can get commands from the homeowner’s iPad, Android smartphone, or other mobile device using a cellular network.

   Reply
5. May 7, 2012 at 3:24 pm

   Tomi Engdahl says:

   Opting-in to plugins in Firefox
   http://msujaws.wordpress.com/2012/04/11/opting-in-to-plugins-in-firefox/

   Whether you hate them or love them, content accessed through plugins is still a sizable chunk of the web. So much so, that over 99% of internet users have Flash installed on their browser. However, plugins can also carry with them extra vulnerabilities and system slowdowns.

   A couple days ago I landed an initial implementation of “click-to-play plugins” in desktop Firefox.

   When plugins.click_to_play is enabled, plugins will require an extra click to activate and start “playing” content. This is an incremental step towards securing our users, reducing memory usage, and opening up the web.

   Reply
6. May 7, 2012 at 9:21 pm

   Tomi says:

   Cybercrims dump email for irresistible Twitter, Facebook spam
   http://www.theregister.co.uk/2012/05/06/social_network_spam/

   Cybercrooks have quit pouring barrels of spam into email inboxes in favour of hassling marks on social networks as an easier way to make money.

   The dismantling of remote-controllable armies of compromised PCs, the collapse of some shady affiliate advertising networks, and better spam-filtering technology have all resulted in a decrease in traditional email spam delivery.

   Paul Judge, chief research officer at Barracuda Networks, said that one in 100 tweets on Twitter and one in 60 messages on Facebook were either spam or malicious. The switch from email was an obvious move for crooks because social networks are where the majority of internet users spend their time, Judge told delegates at Barracuda’s technical conference in Munich on Friday.

   “Wherever users are attackers will follow,” he explained.

   Judge described automated tools used to set up fake accounts on Facebook. These accounts use like-jacking (a form of click-jacking), among other techniques, to trick users into landing on pages that promote survey scams, earning miscreants affiliate revenue in the process. The nuisance level created by fake accounts is not in proportion to their actual number, which Judge admitted was hard to quantify. He compared the situation to the early days of email spam.

   Reply
7. May 8, 2012 at 5:10 am

   youDo you actually think that getting rid of malware and also viruses may help to make your computer operate faster. Don't you think it's really a matter of safety more than computer speed? I am aware there's some speed improvement however for many deskto says:

   Thank you for this article plus the numerous others which I’ve read through your site. Perhaps you have considered about being a guest writer. My small site could surely use a person with your background to share on occasion. You truly know your stuff.

   Reply
8. May 8, 2012 at 3:24 pm

   Tomi Engdahl says:

   Attackers target unpatched PHP bug allowing malicious code execution
   http://arstechnica.com/business/news/2012/05/attackers-target-unpatched-php-bug-allowing-malicious-code-execution.ars?clicked=related_right

   A huge number of websites around the world are endangered by an unpatched vulnerability in the PHP scripting language that attackers are already trying to exploit to remotely take control of underlying servers, security researchers warned.

   The code-execution attacks threaten PHP websites only when they run in common gateway interface (CGI) mode, Darian Anthony Patrick, a Web application security consultant with Criticode, told Ars. Sites running PHP in FastCGI mode aren’t affected.

   Nobody knows exactly how many websites are at risk, because sites also must meet several other criteria to be vulnerable, including not having a firewall that blocks certain ports. Nonetheless, sites running CGI-configured PHP on the Apache webserver are by default vulnerable to attacks that make it easy for hackers to run code that plants backdoors or downloads files containing sensitive user data.

   Making matters worse, full details of the bug became public last week, giving attackers everything they need to locate and exploit vulnerable websites.

   “The huge issue is the remote code execution, and that’s really easy to figure out how to do,”

   According to security researcher Ryan Barnett, exploits are already being attempted against servers that are part of a honeypot set up by Trustwave’s Spider Labs to detect Web-based attacks.

   “We just wanted to show that yes, bad guys are actively scanning for this.”

   What’s more, the open-source Metasploit framework used by hackers and penetration testers to exploit known vulnerabilities has been updated to include the exploit, providing a point-and-click interface for remotely carrying out the code execution attacks. Making matters worse, an update that PHP maintainers released late last week to patch the hole can easily be bypassed, leaving vulnerable websites at risk even after applying the fix.

   “I wouldn’t be surprised if we continue to see this bug exploited in the wild for two or three years, because it will take a while for people to patch their systems,” he told Ars. “There are a lot crusty old boxes out there running old versions of PHP, and if those are configured as CGI it’s going to affect it.”

   PHP running in FastCGI mode isn’t vulnerable!

   Reply
9. May 9, 2012 at 9:27 am

   Tomi Engdahl says:

   Why You Can’t Dump Java (Even Though You Want To)
   http://developers.slashdot.org/story/12/05/08/238239/why-you-cant-dump-java-even-though-you-want-to

   Since so many recent exploits have used Java as their attack vector, you might conclude Java should be shown the exit, but the reality is that Java is not the problem, writes Security Advisor’s Roger Grimes.

   But the core problem isn’t necessarily Java’s exploitability; nearly all software is exploitable. It’s unpatched Java.

   “The bottom line is that we aren’t addressing the real problems. It isn’t a security bug here and there in a particular piece of software; that’s a problem we’ll never get rid of. Instead, we allow almost all cyber criminals to get away with their Internet crime without any penalty. They almost never get caught and punished. Until we solve the problem of accountability, we will never get rid of the underlying problem.”

   Why you can’t dump Java (even though you want to)
   http://www.infoworld.com/d/security/why-you-cant-dump-java-even-though-you-want-192622

   So many recent exploits have used Java as their attack vector, you might conclude Java should be shown the exit

   Java’s direct responsibility in the recent Mac Flashback Trojan attacks have many calling for Java’s retirement, including InfoWorld’s own Woody Leonhard.

   It’s understandable. Unpatched Java is responsible for sizable proportion of today’s successful Internet browser attack

   It’s also been the culprit behind nearly every Windows exploit that’s affected friends and family, aside from the pure social engineering exploits from phishing, Craigslist scams, and so on.

   Those anecdotal experiences are backed up by good data. Microsoft’s Security Intelligence Report 11 shows Java exploits are by far the biggest ongoing problem impacting monitored Windows computers. Java has been bedeviled by hundreds of security vulnerabilities over time.

   Banishing Java: Easier said than done
   Is it time for Java to go? Should we recommend that people disable or remove it? Like most problems in life, the answer isn’t an easy yes or no.

   One thing is certain: Any software not in use, including Java, should be removed from your system. That’s common sense — and a long-recommended security tenet. It reduces the attack surface for exploits and their creators.

   But many enterprises live and thrive on Java — both pure Java programs and runtime applets running in the browser. They can’t remove it.

   There are enough cool and useful services that depend on Java that I end up reinstalling it.

   But the core problem isn’t necessarily Java’s exploitability; nearly all software is exploitable. It’s unpatched Java. Few successful Java-related attacks are related to zero-day exploits. Almost all are related to Java security bugs that have been patched for months (or longer).

   Of course, better patching is not so easy. Java installers didn’t uninstall older versions of Java even when a new version was applied. Many computers I’ve examined have two or more versions of Java running, and unfortunately, malicious code can query the visiting computer for its Java versions and run the one that the malicious code knows to be exploitable.

   Many enterprises have applications that rely on an old Java version. I’ve done some security audits where the company tells me it must have three to five different versions of Java to run the business. In all likelihood, the company can probably get by with just one version, simply by testing all its Java apps (or applets) against the new versions or making a few small modifications to the older programs. But that never seems to be a priority, so some companies simply cannot get rid of old versions of Java with known vulnerabilities.

   For all their good intentions, it didn’t work. Java has always been among the most successfully exploited software from the beginning. It turns out the security sandbox — all security sandboxes, for that matter — aren’t so safe once hackers turn their attention to them.

   Many vendors send me their security sandbox products for review, and I always turn them down. Why? While they temporarily increase security, none would withstand the passage of time if they became popular. How do I know? Because all popular security sandboxes made since the beginning of computers have fallen. Show me one popular security sandbox that didn’t fall.

   A good recent example is the Google Chrome browser’s security sandbox. Google Chrome and its security sandbox offer a great design and idea. Their framework should make them the most secure browser, yet the Chrome browser has suffered hundreds of found security exploits since it came out in September 2008.

   The lesson is that an application using a security sandbox does not equal better security. Don’t get me wrong, sandboxes help — just like antimalware scanners help. They reduce security risk, but they are in no way a panacea.

   The bottom line is that we aren’t addressing the real problems. It isn’t a security bug here and there in a particular piece of software; that’s a problem we’ll never get rid of. Instead, we allow almost all cyber criminals to get away with their Internet crime without any penalty.

   Getting rid of Java certainly won’t fix that.

   Why Internet crime goes unpunished
   https://www.infoworld.com/d/security/why-internet-crime-goes-unpunished-183605

   Until we make the Internet secure, cyber criminals will continue to pull off high-value, low-risk offenses

   For cyber criminals, the idiom “crime doesn’t pay” is laughable. Internet crime is worse than ever, and the reasons are clear: It’s highly lucrative and far less risky than, say, an old-fashioned bank heist. Until we take the necessary steps to increase the risk and lower the value of cyber crimes, we won’t be able to stop them.

   To fully appreciate the risks and rewards of cyber crimes versus traditional crimes, consider the following statistics from the FBI: In 2010, bank robbers pulled off 5,628 heists and ran off with $43 million. (These numbers held steady in the first and second quarters of 2011.) The average robbery netted $7,643.

   Further, the loot was recovered in 22 percent of cases

   Overall, physical bank robberies are high risk.

   Let’s compare that to Internet crime statistics. Per an FBI 2011 report, 300,000 people were victimized over the Internet to the tune of $1.1 billion. Although that averages out to only $3,666 per victim, the typical Internet hacker commits thousands to hundreds of thousands of these crimes and almost never gets caught. Those who get nabbed are unlikely to spend any time in jail, and when they do, they’ll probably serve, at most, a few years in a low-security facility.

   In contrast, identity thieves almost never get caught. For instance, from 2003 to 2006 (the years for which I can find trend data), the FBI was able to arrest between only 1,200 and 1,600 identity thieves, and about a third of those cases resulted in convictions, much less jail time. To put this in further perspective, these crimes affected 8.3 million victims, nearly 4 percent of the entire U.S. adult population. This means that one identity thief was convicted for every 20,750 victims.

   The conviction rate in 2010 was even worse.

   To sum up: Rob a bank and face a one-in-four or one-in-five chance of doing hard time. Steal someone’s identity and your odds of being caught are almost infinitesimal. Consider, too, that identity theft comprises only 9.8 percent of all Internet crime, not including the likes of intellectual property theft. Factor in all Internet crime, and the numbers are likely to be far, far worse — which is saying a lot.

   Reply
10. May 10, 2012 at 9:25 am

    Tomi Engdahl says:

    Machine Casts Phantom Votes in the Bronx, Invalidating Real Ones: Report
    http://www.wnyc.org/blogs/empire/2012/may/09/reports-find-machine-errors-led-uncounted-votes-2010/

    Tests on an electronic voting machine that recorded shockingly high numbers of extra votes in the 2010 election show that overheating may have caused upwards of 30 percent of the votes in a South Bronx voting precinct to go uncounted.

    A review by the state Board of Election and the electronic voting machines’ manufacturer ES&S found that these “over votes,” as they’re called, were due to a machine error. In the report issued by ES&S, when the machine used in the South Bronx overheated, ballots run during a test began coming back with errors.

    Reply
11. May 10, 2012 at 12:56 pm

    Tomi Engdahl says:

    Security theater is a term that describes security countermeasures intended to provide the feeling of improved security while doing little or nothing to actually improve security. The term was coined by computer security specialist and writer Bruce Schneier for his book Beyond Fear, but has gained currency in security circles, particularly for describing airport security measures. It is also used by some experts such as Edward Felten to describe the airport security repercussions due to the September 11 attacks.

    Security theater has real monetary costs but by definition provides no security benefits, or the benefits are so minimal as to not be worth the cost. Because security theater measures are often so specific (such as concentrating on potential explosives in shoes), it allows potential attackers to divert to other ways of attacks. Security theater encourages people to make uninformed, counterproductive political decisions.

    Theater of the Absurd at the T.S.A. For theater on a grand scale, you can’t do better than the audience-participation dramas performed at airports, under the direction of the Transportation Security Administration. … The T.S.A.’s profession of outrage is nothing but ‘security theater,’ Mr. Schneier said

    Yet another reason why the TSA is useless:

    Congress: The TSA Is Wasting Hundreds Of Millions In Taxpayer Dollars
    http://www.techdirt.com/articles/20120509/10161518848/congress-tsa-is-wasting-hundreds-millions-taxpayer-dollars.shtml

    The House Oversight Committee has come out with a report slamming the TSA for tremendous amounts of waste, specifically in the “deployment and storage” of its scanning equipment. Basically, it sounds like the TSA likes to go on giant spending sprees, buying up security equipment and then never, ever using it.

    Committee staff discovered that 85% of the approximately 5,700 major transportation security equipment currently warehoused at the TLC had been stored for longer than six months; 35% of the equipment had been stored for more than one year.

    As of February 2012, Committee staff discovered that TSA had 472 Advanced Technology 2 (AT2) carry-on baggage screening machines at the TLC and that more than 99% have remained in storage for more than nine months; 34% of AT2s have been stored for longer than one year.

    Oh yeah, and it appears that the TSA isn’t very good at tracking this stuff. When asked about the total cost of managing this equipment, the TSA was unable to provide an answer.

    One of the theories that was floated a few years ago when there was that big rush to rollout the nudie scanners, was that much of it was being driven by fear mongering from former government officials, like Michael Chertoff, who had economic relationships with the makers of the equipment. This report doesn’t confirm any of that, but it sure seems to fit that narrative pretty perfectly. Fear monger away, have the TSA buy a ton of questionable equipment it doesn’t actually need, and then have much of that equipment just sit in a warehouse. All on the taxpayers’ dime.

    Don’t forget:
    1. Lost value from people who no longer fly due to the TSA
    2. Lost value from International tourism which no longer happens because of the TSA
    3. Lost jobs from damage to the tourism industry
    4. Projects canceled because of all of the above

    Imagine what a pain travel would be if they used their funding to full efficiency. :O

    While it may seem that security theater must always cause loss, it may actually be beneficial, at least in a localised situation. This is because perception of security is sometimes more important than security itself. If the potential victims of an attack feel more protected and safer as a result of the measures, then they may carry on activities they would have otherwise avoided.

    Sources:
    http://en.wikipedia.org/wiki/Security_theater
    http://www.techdirt.com/articles/20120509/10161518848/congress-tsa-is-wasting-hundreds-millions-taxpayer-dollars.shtml
    http://news.slashdot.org/story/12/05/09/2014206/congress-the-tsa-is-wasting-hundreds-of-millions-in-taxpayer-dollars

    Reply
12. May 10, 2012 at 2:22 pm

    Tomi Engdahl says:

    Security biz scoffs at Apple’s anti-Trojan Gatekeeper
    Apple dev ghetto fears – plus it only probes executables
    http://www.theregister.co.uk/2012/02/20/apple_gatekeeper/

    Security watchers are expressing reservations about whitelisting security that Apple plans to integrate with OS X Mountain Lion this summer.

    The security feature, dubbed Gatekeeper, restricts the installation of downloaded applications based on their source. Users can choose to accept apps from anywhere (as now) but by default Gatekeeper only lets users install programs downloaded from the Mac App Store or those digitally signed by a registered developer. More cautious users can decide to accept only applications downloaded from the Mac App Store.

    The technology is designed to make it harder to trick Mac fans into installing Trojans. Apple is essentially acting to nip the problem of scareware scams and the like on Macs in the bud, before Apple-targeting malware gets out of control.

    From a system security perspective that’s a laudable aim but there may be less palatable consequences.

    The move could be a step along the road to making OS X as closed to unapproved developers as iOS.

    “Gatekeeper also begins to solidify Mac’s walled garden,” Sean Sullivan, a security advisor at F-Secure notes. “In the future, when Apple decides to further close its platform, device drivers could also be required to use Apple Developer IDs. Apple is famous for its focus on user experience, and it isn’t really very difficult to imagine it revoking third-party peripheral drivers in order to ‘secure’ that experience.”

    Gatekeeper is billed as offering: “More control for you” – “I keep reading it as: more control – over – you,” Sullivan observes wryly. “By 2014, I expect somebody out there will be jailbreaking their Mac…”

    “Gatekeeper code signing only applies to executable files, meaning anything that is not itself a Trojan – like malicious PDFs, Flash, shell scripts and Java – will still be able to be exploited without triggering a prompt,” Wisniewski warns.

    Reply
13. May 11, 2012 at 10:52 am

    Tomi Engdahl says:

    North Korean GPS blocking sparks cyber war fears
    Satnav stand-off as signal-stoppers slow ships, planes
    http://www.theregister.co.uk/2012/05/11/korea_gps_standoff_blocking/

    South Korea will lodge an official complaint with the UN over its reclusive neighbour after GPS-blocking by the North for over a week disrupted hundreds of flights, in what some officials are worried could be the first signs of a looming cyber war.

    As a result, South Korea will complain to UN agency the International Telecommunication Union (ITU) as well as the International Civil Aviation Organisation (ICAO), warning that its northern neighbour is breaking UN rules and endangering the safety of passengers.

    Although GPS is the de facto standard for commercial aircraft navigation, pilots can use alternative technologies such as the inertial navigation systems which were widely used before GPS was made available by the US government in the early 80’s.

    “The North has been piling data and training itself through these jamming attacks,” Yang Uk, a senior researcher at Korea Defense and Security Forum, told the Herald.

    “These signals are apparently not simply to provoke the South but to systemise its own techniques for a bigger strike one day, knowing Korea is a society that depends on telecommunication and computers.”

    A realisation of the strategic importance of GPS in the event of a potential conflict has led to China launching its own satnav rival, Beidou. Russia, meanwhile, is currently updating its GLOSNASS satellite system.

    Reply
14. May 11, 2012 at 11:02 am

    Tomi Engdahl says:

    Scamworld: ‘Get rich quick’ schemes mutate into an online monster
    http://www.theverge.com/2012/5/10/2984893/scamworld-get-rich-quick-schemes-mutate-into-an-online-monster

    A network of pitchmen have used the internet and fear of a failing economy to play the ultimate long con

    In some ways, Internet Marketing is an evolution of the old “make money from home, stuffing envelopes” ads you used to find in the back of Rolling Stone magazine, alongside those promising to make you a world famous songwriter or a musclehead who no longer has to take crap from bullies on the beach. In the internet, con artists have found a platform that allows them to scale their scams far beyond the penny stocks and worthless real estate deals of the past.

    Reply
15. May 14, 2012 at 11:24 am

    Tomi Engdahl says:

    More Americans Worried About Cybarmegeddon Than Terrorism, Study Finds
    http://www.wired.com/threatlevel/2012/05/cyberarmegeddon-terrorism/

    More Americans want the presidential candidates to focus on protecting the government and the electrical grid against hackers than fighting terrorism groups.

    That’s according to a new security study by Unisys (.pdf), which found that the three highest priorities for Americans when it comes to security issues in the presidential campaign are:

    Protecting government computer systems against hackers and criminals (74 percent)
    Protecting our electric power grid, water utilities and transportation systems against computer or terrorist attacks (73 percent)
    Homeland security issues such as terrorism (68 percent)

    Should we cry over proof of the success of the security-industrial complex’s PR campaign to convince Americans that cybarmegeddon is near?

    Reply
16. May 14, 2012 at 3:55 pm

    Tomi Engdahl says:

    Insider tells why Anonymous ‘might well be the most powerful organization on Earth’
    http://news.nationalpost.com/2012/05/12/insider-tells-why-anonymous-might-well-be-the-most-powerful-organization-on-earth/

    Christopher Doyon, a.k.a. Commander X, sits atop a hillside in an undisclosed location in Canada, watching a reporter and photographer make their way along a narrow path to join him, away from the prying eyes of law enforcement.

    Doyon, who readily admits taking part in some of the highest-profile hacktivist attacks on websites last year — from Tunisia to Orlando, Sony to PayPal — was arrested in September

    Thanks to his indictment, Doyon is one of the few Anonymous members whose real name is now publicly known.

    But as the leader of the People’s Liberation Front — a hacker group allied with Anonymous — and the second-most wanted information activist after WikiLeaks’ Julian Assange, he prefers not to show his face

    Terrorists to some, heroes to others, the jury is still out on Anonymous’s true nature. Known for its robust defence of Internet freedom – and the right to remain anonymous — Anonymous came in first place in Time Magazine’s 2012 online poll on the most influential person in the world.

    Fox News, on the other hand, has branded the hackers “domestic terrorists,”

    Our entire world is being controlled and operated by tiny invisible 1s and 0s that are flashing through the air and flashing through the wires around us. So if that’s what controls our world, ask yourself who controls the 1s and the 0s? It’s the geeks and computer hackers of the world.

    It seems like there’s a war going on between hacktivists or information activists and law enforcement.

    Q: Do you think the general public is not concerned enough with online surveillance or real-life surveillance?
    A: I think the general public is beginning to learn the value of information. To give an example, for a very long time nobody in the U.S. or the world was allowed to know the number of civilian casualties in Afghanistan or Iraq.

    Q: What do you say to people who believe Anons are just cyber-terrorists?
    A: Basically I decline the semantic argument. If you want to call me a terrorist, I have no problem with that. But I would ask you, “Who is it that’s terrified?” If it’s the bad guys who are terrified, I’m really super OK with that.

    Q: Anonymous started out as online pranksters but has gotten a whole lot more serious in the last two years. What happened?
    A: I believe Egypt was really a turning point for us emotionally in Anonymous.

    Q. What’s next for Anonymous?
    A: Right now we have access to every classified database in the U.S. government. It’s a matter of when we leak the contents of those databases, not if.

    Reply
17. May 15, 2012 at 1:41 pm

    Tomi Engdahl says:

    Five Disturbingly Simple Ways to Steal Facebook Logins
    http://www.techweekeurope.co.uk/news/steal-facebook-logins-72082

    There are some simple ways to hack Facebook accounts, so users should be wary about what they hand over to Zuckerburg and Co

    Facebook accounts are precious things. They contain a surfeit of valuable data that cyber criminals can use to steal money from members’ bank accounts.

    There are plenty of ways hackers can get hold of Facebook login details too.

    What’s most disturbing is how anyone with a really basic skill-set can acquire such details. Here’s five techniques below, but remember kids, hacking a Facebook account is illegal.

    Brute force: There are a load of GUI tools that can do this now, making it disturbingly simple for anyone to get involved in Facebook hacking. YouTube is regularly filled with tutorials on how to use these GUIs, in case the tools aren’t idiot-proof enough already

    Phishing: Phishers are getting awfully talented. Hackers build these fraudulent pages either using basic HTML skills, or by grabbing images from the official sites.

    Eavesdropping: Facebook only recently opened up the option to use SSL for communications on the service. It’s not yet default

    Keyloggers: Getting a bit of keylogging malware onto someone’s machine will get hackers the info they want.

    So what’s the answer for users? As far as you can, don’t put anything really valuable on Facebook. The more places you store important data online, the greater the attack vector for cyber criminals.

    Reply
18. May 15, 2012 at 9:25 pm

    Tomi says:

    Android devices are a ‘lucrative target’ as mobile malware threat quadruples
    http://www.theinquirer.net/inquirer/news/2174970/android-devices-lucrative-target-mobile-malware-threat-quadruples

    SOFTWARE DEVELOPER Google’s mobile operating system Android has become a “lucrative target” for cyber attackers, security firm F-Secure has warned.

    In its latest Mobile Threat Report released today, the Finnish security firm reported that the number of malware families targeting Android users has nearly quadrupled since 2011

    F-Secure’s report indicated that at least 3,063 malicious Android applications are active

    This gives Android users greater concern as mobile malware increases, especially considering that 34 of the current malware families are designed to steal money from infected handsets.

    Source: The Inquirer (http://s.tt/1bTIP)

    Download: Mobile Threat Report, Q1 2012
    http://www.f-secure.com/weblog/archives/00002363.html?tduid=8f4c40c15eb0950258dba8870d438b4d

    Reply
19. May 16, 2012 at 10:20 am

    Tomi Engdahl says:

    Americans More Worried About Cybersecurity Than Terrorism
    http://politics.slashdot.org/story/12/05/15/2246211/americans-more-worried-about-cybersecurity-than-terrorism

    “Well, it looks like all the fearmongering about hackers shutting down electrical grids and making planes fall from the sky is working. No matter that there’s no evidence of any actual risk, or that the only real issue is if anyone is stupid enough to actually connect such critical infrastructure to the internet (the proper response to which is: take it off the internet), fear is spreading.”

    Reply
20. May 21, 2012 at 10:04 am

    Tomi Engdahl says:

    Top Handset Maker Confirms Backdoor in One of Its Models
    http://www.wired.com/threatlevel/2012/05/zte-backdoor/

    One of the world’s top handset makers has acknowledged the existence of a backdoor in one of its models.

    ZTE, which is based in China and produces the ScoreM, which sells as a Google Android phone, admitted that it had placed a backdoor account with a hardcoded password, which is easily found online. The backdoor was used by the company to remotely update its firmware, according to Reuters. But its existence would also allow anyone else with knowledge of the password to access a Score phone and gain root access.

    “It could very well be that they’re not very good developers or they could be doing this for nefarious purposes,” Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, told the news service.

    ZTE has vowed to fix the security hole.

    Reply
21. May 21, 2012 at 10:05 am

    Tomi Engdahl says:

    ZTE confirms security hole in U.S. phone
    http://www.reuters.com/article/2012/05/18/us-zte-phone-idUSBRE84H08J20120518?feedType=RSS&feedName=technologyNews&utm_source=dlvr.it&utm_medium=twitter&dlvrit=56505

    ZTE Corp, the world’s No.4 handset vendor and one of two Chinese companies under U.S. scrutiny over security concerns, said one of its mobile phone models sold in the United States contains a vulnerability that researchers say could allow others to control the device.

    “I’ve never seen it before,” said Dmitri Alperovitch, co-founder of cybersecurity firm, CrowdStrike. The hole, usually called a backdoor, allows anyone with the hardwired password to access the affected phone, he added.

    “ZTE is actively working on a security patch and expects to send the update over-the-air to affected users in the very near future,” ZTE said in an emailed statement. “We strongly urge affected users to download and install the patch as soon as it is rolled out to their devices.”

    Reply
22. May 21, 2012 at 1:15 pm

    Tomi Engdahl says:

    Industrial control systems—Thwarting attacks
    http://www.eetimes.com/electronics-blogs/other/4373112/Industrial-control-systems-Thwarting-attacks

    The Department of Homeland Security put feelers out to other governments in the hope of bolstering the safety of industrial control systems (ICS) and created a venue to brainstorm solutions. Critical infrastructure safety was the subject of the ICSJWG 2012 Spring Conference and ICSJWG 2012 International Partners Day that took place in Savannah last week. Attendees quietly shared information and potential solutions to thwart and respond to attacks against ICS and Supervisory Control and Data Acquisition (SCADA) networks used to control pipelines, water supplies, electricity production and manufacturing processes.

    The conference seems to have been very timely; taking place on the heels of a series of cyber intrusions targeting natural gas pipelines companies in the U.S. The attacks, under investigation by several agencies including the FBI, involve sophisticated spear-phishing activities. Unlike the level of phishing schemes typically used with the general public, the phishing emails are convincing recipients that they are sent by a trusted and involved individual.

    Reply
23. May 21, 2012 at 10:53 pm

    Diablo 3 says:

    Thank you for the perform. Article aided me a great deal

    Reply
24. May 22, 2012 at 9:01 am

    Tomi Engdahl says:

    Multiple ‘mistakes’ led to massive health data breach, director says
    Ex-IT chief takes responsibility for ‘human error’
    http://www.deseretnews.com/article/865555954/Multiple-mistakes-led-to-massive-health-data-breach-director-says.html

    New details of what went wrong in a costly health information data breach emerged Wednesday, and for the first time, the man fired over the matter spoke up about the increasing difficulty of his former job.

    “There has been a huge increase in the number of attacks against state systems — about a 600 percent increase in the last four months — and it is always a difficult challenge to make sure that you have adequate resources there to make sure the attacks are turned away,” said Stephen Fletcher, who was director of the state’s Department of Technology Services until he was asked to resign on Tuesday.

    more than one human error is to blame for the health information of nearly 800,000 Utahns falling into untrusted hands.

    “Two, three or four mistakes were made,” VanOrden said, adding that it is hard to expect employees to memorize at least 100 pages of policy. “Ninety-nine percent of the state’s data is behind two firewalls, this information was not. It was not encrypted and it did not have hardened passwords.”

    Utah’s Medicaid Management Information System, which receives eligibility inquiries and billing information from providers, was not protected by a firewall as it was upgrading on March 10, when hackers in Eastern Europe first gained access to the state server.

    A process to ensure that new servers are monitored and a risk assessment performed prior to use was not followed, and factory-issued default passwords were still in effect on the server, which is also not “routine.”

    The final “mistake,” he said, is that information stayed on the server for too long and while it was there, it was not encrypted, leaving it vulnerable to hackers who began downloading the sensitive information March 30.

    “There are a lot of bad guys out there trying to get access to these systems, so you have to be very, very vigilant,” he said. ”

    “We have a lot of data … and that data has some very sensitive information and it does need to be protected,” he said, adding that state leaders need to continue its monitoring and oversight of the technology department “to make sure we don’t slip back into complacency and that we’re diligent and vigilant in how we handle our security in the future.”

    Reply
25. May 22, 2012 at 9:04 am

    Tomi Engdahl says:

    State of Utah outlines mistakes made allowing theft of 780K records
    http://nakedsecurity.sophos.com/2012/05/19/state-of-utah-outlines-mistakes-made-allowing-theft-of-780k-records/

    The attackers gained access to a server used by the state to receive Medicare, Medicaid and children’s health service claims.

    On March 30 the attackers began siphoning the names, addresses, birth dates and other personal information of 500,000 Utah residents. The attackers were also able to exfiltrate that data and the social security numbers of 280,000 additional residents.

    “Ninety-nine percent of the state’s data is behind two firewalls, this information was not. It was not encrypted and it did not have hardened passwords.”

    The server had been originally installed by a third-party contractor and security audit procedures were not followed. In this case every mistake that could be made when handling personally identifiable information was made.

    The data was not encrypted.

    The data was preserved for longer than necessary, exposing more information when compromised.

    Default passwords for service accounts were not changed/disabled.

    Regular penetration tests and audits were not being performed to discover the mistake.

    The state is offering one year of credit monitoring to victims of the theft

    Of course one year is not really much protection considering your social security number is with you for life, and most of us don’t change addresses all that often. Utah Department of Health Director Dr. David Patton apparently doesn’t understand that social security numbers are a far more critical thing to lose than credit card numbers.

    Dr Patton suggested that one year was enough, because after one year the information “goes stale”.

    It is this kind of attitude that might contribute to bureaucrats making half-baked attempts at protecting the data to begin with, not considering that these incidents may haunt victims their whole lives.

    Reply
26. May 22, 2012 at 11:29 am

    Tomi Engdahl says:

    Smartphone hijacking vulnerability affects AT&T, 47 other carriers
    Malicious data is injected by tricking firewalls into leaking sensitive data
    http://arstechnica.com/security/2012/05/smartphone-hijacking-on-att-47-other-carriers/

    Computer scientists have identified a vulnerability in the network of AT&T and at least 47 other cellular carriers that allows attackers to surreptitiously hijack the Internet connections of smartphone users and inject malicious content into the traffic passing between them and trusted websites.

    The attack, which doesn’t require an adversary to have any man-in-the-middle capability over the network, can be used to lace unencrypted Facebook and Twitter pages with code that causes victims to take unintended actions, such as post messages or follow new users. It can also be used to direct people to fraudulent banking websites and to inject fraudulent messages into chat sessions in some Windows Live Messenger apps. Ironically, the vulnerability is introduced by a class of firewalls cellular carriers use. While intended to make the networks safer, these firewall middleboxes allow hackers to infer TCP sequence numbers of data packets appended to each data packet, a disclosure that can be used to tamper with Internet connections.

    “The TCP sequence number inference attack opens up a whole new set of attack venues,” the researchers from the University of Michigan’s Computer Science and Engineering Department wrote in a research paper scheduled to be presented at this week’s IEEE Symposium on Security and Privacy. “It breaks the common assumption that communication is relatively safe on encrypted/protected WiFi or cellular networks that encrypt the wireless traffic. In fact, since our attack does not rely on sniffing traffic, it works regardless of the access technology as long as no application-layer protection is enabled.”

    The researchers tested their attack on Android-powered smartphones manufactured by HTC, Samsung, and Motorola. When the devices were connected to a “nation-wide carrier” that used sequence number-checking, the researchers were able to able to hijack connections to online services including Facebook, Twitter, Windows Live Messenger, and the AdMob advertising network.

    This week’s paper reports that of 150 worldwide carriers tested, 48 were found to use firewalls that allowed the researchers to deduce the TCP sequence numbers needed to hijack end-user connections.

    The required ingredient in all the attacks is a firewall on the carrier network that keeps track of sequence numbers for connections the end user has made with other address on the Internet. Firewalls that drop sequence numbers are manufactured by a variety of companies, including Cisco Systems, Juniper, and Check Point.

    “They all build on top of the sequence number inference,” Qian said of the attacks. “Without the sequence number, all of these attacks would not be possible, so you can think of sequence number inference as a building block for all of these attacks.”

    Qian said online services can go a long way towards repelling the attacks by encrypting sessions using the secure sockets layer (SSL) or transport layer security (TLS) protocols, since almost all of the exploits he and Mao devised work against pages and apps that transmit content in plaintext. But even when Web traffic is encrypted, sequence number inference can be used to mount denial-of-service attacks.

    Reply
27. May 22, 2012 at 1:53 pm

    Tomi Engdahl says:

    Are You a Human replaces annoying CAPTCHAs with games
    http://venturebeat.com/2012/05/21/are-you-a-human-replaces-annoying-captchas-with-games/

    Websites need to verify that a visitor is a real person and not an automated bot. But the CAPTCHA test that they came up with — where you have to type in the word that you see in a blurry distorted font image — is extremely annoying and often leads to multiple failures.

    So a Detroit-based startup, Are You a Human, is replacing the CAPTCHA with simple minigames instead. It is releasing its human authentication tool, PlayThru, to help companies fight spammers and bots that have begun to circumvent CAPTCHAs.

    On top of that, CAPTCHAs are frustrating to users who can’t discern the distorted text. About 20 percent of the users will leave a site rather than complete a CAPTCHA, according to the company’s research.

    With Are You a Human’s tool, companies can embed a simple game instead. For instance, one minigame requires users to look at a set of five images and pick up the two tools and put them in a tool box. Or the user can drag and drop toppings onto a pizza. Since the games are dynamic and always changing, they are hard for computers to solve but easy for people to complete. PlayThru can improve security and entertain users at the same time, and it works easily on touchscreen smartphones. The company’s own survey of 1,000 users showed that they preferred PlayThru four-to-one over traditional text-based CAPTCHAs. Sites using it have seen their submission rates go up by 40 percent.

    “Text-based CAPTCHAs are difficult to decipher and easy to break, which forces them to become increasingly more difficult to solve,”

    “This vicious cycle makes it frustrating for users, who many times will give up before following through to a site.”

    Reply
28. May 22, 2012 at 3:04 pm

    Tomi Engdahl says:

    http://en.wikipedia.org/wiki/Thunderbolt_%28interface%29

    Since Thunderbolt extends the PCI Express bus, which is the main expansion bus in current systems, it allows very low-level access to the system. PCI devices need to have unlimited access to memory, and may thus compromise security.[35] This issue exists with many high-speed expansion buses, including PC Card, ExpressCard and the IEEE 1394 interface, commonly known as FireWire.

    An attacker could, for example, send a maliciously-designed Thunderbolt device to a victim. Upon connecting to a computer, the device, through its direct and unimpeded access to system memory and other devices, would be able to bypass almost all security measures of the OS and have the ability to read encryption keys or install malware.

    A number of Intel processors since the introduction of the Nehalem microarchitecture (that is, a number of CPU branded Core i5, Core i7, or later) support VT-d, an IOMMU implementation. This allows the operating system (OS) to isolate a device in its own virtual memory address space (in a manner analogous to the isolation of processes from one another using the MMU). Devices could thus be prevented from having access to unauthorized parts of the memory space. However, this feature isn’t generally used other than for its initial purpose of giving guest virtual machines passthrough access to specific host hardware.

    Reply
29. May 24, 2012 at 11:34 am

    Tomi Engdahl says:

    Anonymous Hackers Apparently Infiltrate U.S. Justice Department Website
    http://www.huffingtonpost.com/2012/05/22/anonymous-justice-department_n_1534671.html

    One or more unauthorized users gained access to the inner workings of a website run by the U.S. Justice Department, a department spokeswoman said on Monday after the hacker group Anonymous said they were behind the incident.

    The hackers accessed a server that operates the Bureau of Justice Statistics’ website, the spokeswoman said.

    Online statements attributed to Anonymous said they were responsible for the security breach and that the files they obtained include emails.

    Reply
30. May 24, 2012 at 1:02 pm

    Tomi Engdahl says:

    Microsoft Security Intelligence Report
    July through December, 2011
    http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft_Security_Intelligence_Report_Volume_12_English.pdf

    At its peak, Conficker infected an estimated seven million computers worldwide, according to the Conficker Working Group. Conficker was immediately recognized as dangerous because it attempts to exploit a vulnerability on Windows XP®-based systems that allows remote code execution when file sharing is enabled (CVE-2008-4250, which Microsoft had addressed in October 2008 with critical update MS08-067). In

    In addition to quick propagation, the newer variants of Conficker use a larger array of attack techniques than most malware families.

    Conficker uses encryption and a method called HTTP rendezvous to protect its payload channel.

    Although the efforts of the Conficker Working Group and associated organizations restricted Conficker’s potential for damage, the MMPC received telemetry reports of the worm infecting or attacking 1.7 million computers in 4Q11, about 100,000 computers more than in 3Q11.

    Most of the analyzed incidents (60 percent) involved credential-based attacks, with the remaining 40 percent including all other known propagation methods.

    The third-greatest number of analyzed incidents (15 percent) involved infections that were present on the computer before the installation of the antimalware product that detected and removed the infection

    When considered from the perspective of the affected operating system, it becomes clearer that credential-based attacks on file shares are the primary mechanism Conficker uses to compromise computers running recent versions of the Windows operating system

    Windows 7 was never vulnerable to CVE-2008-4250 exploits, and although Windows Vista was vulnerable, no exploit attempts were observed in the measurement period.

    Although installing all relevant security updates and hardening the Autorun feature in Windows can close off several Conficker attack vectors, this analysis of the worm’s attacks shows that using weak passwords for network and local resources can still leave computers at significant risk of infection. To effectively defend against Conficker and similar malware families, responsible computer administrators should develop a multifaceted strategy that includes strong passwords, quick deployment of security updates, and the use of regularly updated, real-time antimalware software.

    Reply
31. May 24, 2012 at 1:08 pm

    Tomi Engdahl says:

    Microsoft Security Intelligence Report
    July through December, 2011
    http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft_Security_Intelligence_Report_Volume_12_English.pdf

    During the past five years, one specific category of threat has become much more widely discussed. Originally referred to as Advanced Persistent Threats (APT) by the U.S. military — referring to alleged nation-state sponsored attempts to infiltrate military networks and exfiltrate sensitive data — the term APT is today widely used in media and IT security circles to describe any attack that seems to specifically target individual organization, or is thought to be notably technical in nature, regardless of whether the attack was actually either advanced or persistent.

    In fact, this type of attack typically involves two separate components — the action(s) and the actor(s) — that may be targeted against governments, military organizations or, increasingly, commercial entities and civil society.

    Rather than the traditional focus on preventing compromise, an effective risk management strategy assumes that Determined Adversaries may successfully breach any outer defenses. The implementation of the risk management strategy therefore balances investment in prevention, detection, containment and recovery.

    Detailed information about specific Determined Adversaries is often difficult to obtain. The institutions victimized by Targeted Attacks are often reluctant to share information because of the highly sensitive nature of the networks or assets that they protect.

    Many of the early Targeted Attacks focused on military and defense networks,10 which are typically among the more well-defended networks in the world. Consequently, attackers were forced to develop a wide range of technical and non-technical skills to conduct successful attacks.

    Internet technologies provide a basis upon which to achieve huge efficiencies in communications, storage, data processing and business tractions. Given the ever-increasing use of the internet (2 billion users in 2011 with forecasts of another billion users coming online in the next four years),11 it is no surprise that bad actors are using this near-ubiquitous communications medium for their own ends.

    cybercriminals are using the same attack knowledge and tools that were previously focused exclusively on espionage to support the traditional criminal activity of counterfeiting goods. However, in many cases, organizations are simply not prepared for this shift in the threat environment.

    Although attackers have used computer networks to enable espionage for several decades, the widespread recognition of Targeted Attacks as a distinct class of security threat is a relatively recent development.

    Over the past 25 years, IT and information security have become more commoditized and based on a common security model, in which the focus is on infrastructure rather than asset protection. As internet technology has become cheaper and accepted as the industry standard, the emphasis has been on commercial off-the-shelf, easily deployable security mitigations to address generic threats on an enterprise wide basis. Such an approach was largely sufficient for non-military organizations 10 years ago, but during the last five years, the number of Targeted Attacks reported in industry has generally increased. And while the implementation of uniform commoditized security solutions is an important component in addressing opportunistic threats, enhanced risk management practices are more important than ever to ensure the adoption of appropriate mitigation measures to counter the more sophisticated attacks which will focus on specific assets.

    However, while risk management is a well understood discipline, the most commonly taken approach has challenges when applied to addressing cyber risks, including Targeted Attacks. Since the threat environment is constantly changing, past successes in managing cyber risks are not reliable indicators of actual security and the sole basis for future planning.

    Despite the high likelihood of compromise, prevention continues to be a priority in ensuring effective risk management. Commodity security solutions, such as firewalls and antimalware products, continue to offer wide ranging protection against a variety of generic threats and are essential in ensuring network hygiene

    Reply
32. May 24, 2012 at 3:56 pm

    Tomi Engdahl says:

    Attack of the clones: Researcher pwns SecureID token system
    But RSA claims it would only work on rootkit-compromised gear
    http://www.theregister.co.uk/2012/05/24/rsa_downplays_secureid_token_clone_attack/

    RSA Security has downplayed the significance of an attack that offers a potential way to clone its SecurID software tokens.

    The attack, developed by Behrang Fouladi, senior security analyst at SensePost, offers a potential way to defeat the hardware binding and copy protection embedded in RSA’s software. .

    In a demo, Fouladi set up two separate windows XP virtual machines, one running a cloned copy of the authentication software and the other the original software token. Both were cycling through the same sequence of eight-digit numbers.

    Essentially, RSA is saying that the attack is possible only with complete control, via a rootkit, or with physical access. But Fouladi disputes this, and says common or garden malware, launched remotely, would be enough.

    RSA’s SecurID two-factor authentication system is widely used for remote access logins to corporate networks through virtual private networks (VPNs) and other similar applications.

    The AES-based code generation algorithm used is known, so the security of the system depends on keeping seed values – which are different for every token – secret.

    RSA SecureID software tokens are available for a wide range of smartphones and Windows desktops.

    Fouladi focused on the Windows version of the technology, which (like smartphones) he reasoned would not be able to provide the level of tamper-resistance that hardware tokens offer. Sure enough he discovered a means to clone a SecurID software token after reverse-engineering Windows’ versions of RSA’s technology.

    Software tokens are supposed to be tied to a particular piece of hardware. Cloning would break this security model wide open.

    Fouladi has published his research, including a proof-of-concept demo, in a blog post entitled “A closer look into the RSA SecureID software token”
    http://sensepost.com/blog/7045.html

    “Fouladi hasn’t shown any exploit against SecurID soft tokens – this is an exploit against Windows itself,” said Schiappa, adding “he’s not connecting all the steps together” so that the attack remains “theoretical”.

    “Our aim at SensePost was to demonstrate how easy/hard it would be for an attacker, who has already compromised a system, to extract RSA token secrets and clone them on another machine,” he explained.

    Governments, spies and military goons: Be warned

    The research has potentially important implications for the safekeeping of tokens, in particular, and the security of two-factor authentication, in general.

    Government agencies, military contractors, and numerous enterprises use the technology to safeguard remote access.

    In subsequent posts, Fouladi makes it clear that what he has demonstrated is not a complete end-to-end attack.

    Scrutiny about the security of two-factor authentication in general, and RSA in particular, has grown since a raid on RSA’s network that led to the theft of sensitive SecurID-related information in March 2011.

    Reply
33. May 25, 2012 at 11:18 am

    Tomi Engdahl says:

    NMap 6.0 arrives
    http://www.theregister.co.uk/2012/05/25/nmap_6_released/

    Popular open source network discovery and security auditing tool Nmap has reached version 6.0.

    The new code hit the Net last Monday

    Fyodor recommends all users upgrade to the new version, so they can get their hands on 289 new scripts and a host of new features. The six he rates most important are:

    An enhanced scripting engine
    Better web scanning
    Full IPv6 support
    A new Nping tool that can generate all sorts of packets
    Improvements to the Zenmap GUI (pictured below)
    Faster scanning

    Reply
34. May 25, 2012 at 4:41 pm

    Tomi Engdahl says:

    http://www.theregister.co.uk/2012/05/25/quotw_ending_may_25/

    Security specialist Eugene Kaspersky is still talking up the dangers of Apple’s attitude to viruses. He previously said that Apple’s popularity was making it a target and that security-wise it was where Microsoft was 10 years ago.

    This week Kaspersky said he was peeved that Cupertino wouldn’t let security firms develop solutions for its iOS and that this would spell its doom:

    We as a security company are not able to develop true endpoint security for iOS. That will mean disaster for Apple.

    It is much more difficult to infect iOS but it is possible and when it happens it will be the worst-case scenario because there will be no protection. The Apple SDK won’t let us do it.

    Reply
35. May 25, 2012 at 4:48 pm

    Tomi Engdahl says:

    Passwords are for AES-holes
    Security is an illusion
    http://www.reghardware.com/2012/05/25/something_for_the_weekend_passwords_are_a_waste_of_time/

    My password fatigue came to a crunch while I was freelancing at a company that bullied its users into entering a unique login every time you wanted to do anything whatsoever on one of their computers. First up was a straightforward Active Directory login, which is fair enough, but this barely carried you beyond the company’s intranet page.

    Want to visit an external website? Another login. Check email? Another login – yes, even with AD. Run the core apps? Another login. Open the image library? Another login. Access the database? Another login. Browse the archive? Another login. Launch the production tool? By now, you know the answer.

    Most of the company employees got around the problem by creating identical ID names and passwords for everything. The IT department responded to this challenge by forcing users to change their passwords every month. The ever-resourceful users quickly discovered that the automatic prompt was fixed to a 12-month cycle, so all they had to do when prompted to change their passwords was to spend a minute changing it 12 times and then choose their original password again.

    What I don’t understand is why I would need 13 different logins at the same company simply to identify who I am.

    As for the need to create a password that isn’t the name of your kids or their birthdays or the word ‘password’, I do get it. But the current new wave of online harrassment to make you invent an utterly forgettable ‘strong’ password?

    Oh come on – the biggest security threat to my online accounts isn’t the risk of a mischievous Russian hacker spending a week trying to guess my ‘strong’ password but the depressing likelihood of a civil servant leaving my ‘strong’ password on a USB stick in the back of a taxi or a sacked call-centre underling in Bangalore selling my ‘strong’ password to the highest bidder.

    No, this saturation of logins we’re faced with today isn’t really about our security at all. It’s about employers bullying their staff into submission by forcing them 20 times a day to request permission to do their jobs. And it’s about organisations using endless rounds of ‘strong’ password reminders as a smokescreen to hide the fact that their own protection of customer records can be snapped like a twig by the dimmest disgruntled outsourced employee.

    Reply
36. May 28, 2012 at 10:14 am

    Tomi Engdahl says:

    Inside Facebook security: defending users from spammers, hackers, and ‘likejackers’
    http://www.theverge.com/2012/5/25/2996321/inside-facebook-likejackers-spammers-hackers

    If Facebook were a country, it would be the third largest in the world, just behind India and China. And like any country, Facebook has a police force to keep things under control. 300 people have been entrusted with the responsibility of keeping a 900-million-person virtual society from itself and from external forces.

    Facebook’s deal with the world’s biggest anti-virus companies to include their blacklists in Facebook’s URL-scanning database got us thinking about other things the company does behind the scenes to keep its users safe, because a hacked, spammed, and depressed user isn’t coming back for more.

    “Creating friction is the key to making users aware of what they’re actually doing,” Facebook Security and Safety team member Fred Wolens said, because a vast majority percent of “hacked” Facebook accounts don’t get hacked on Facebook.

    Facebook starts by scanning the usual suspects of PasteBin-esque websites weekly to check for hackers dumping thousands of usernames and passwords. Facebook cross references credential dumps with its entire database of user credentials, then alerts any users that match to change their passwords.

    Another measure Facebook takes is stripping every user of their referral URL when they click one of the two trillion links posted to Facebook every day.

    A popular and nefarious way that spammers manipulate you is by putting invisible Like buttons on top of real buttons you can see like “Download File.” For example, if you’re trying to pirate an album from a suspicious site, the Download link might actually be a Like button that subscribes you to content from that site. Without even knowing it, you are liking a page and thus polluting your friends’s News Feeds with a spam post

    Facebook responds to “likejacking” by sometimes showing a pop up that confirms whether or not you meant to Like that website.

    The goal of many of these spammers is to generate impressions, just like banner ads do for content farm websites. Spammers get paid every time somebody clicks a link and sees an ad

    When somebody has accidentally liked a page or clicked a nefarious link, it’s unlikely that their Facebook account will be compromised. The real problem is that most people use the same username and password on most sites they sign up for. When a user’s credentials for another site are stolen, thieves simply try them on banking sites and social networks like Facebook.

    When someone friends you on Facebook, that request doesn’t always get through to your inbox. Facebook employs a complex algorithm to decide the likelihood that you know somebody, and whether or not to push through a friend request or file it as spam inside your “See All Friend Requests” folder.

    Facebook’s database of malicious links contains billions of bad URLs, and its spam filters are precise enough that just .5 percent of users see spam on a given day, by its estimates

    The difference for now is that we’re all choosing to use Facebook and explicitly accepting the company’s monitoring and control — they’re unfortunate preconditions of the virtual society. Without these rules, a site that entertains us for hours each day might descend into a spam and crap-filled cesspool, which isn’t very fun. And unlike the real world, if these rules change, it’s a lot easier to delete your Facebook profile than it is to relocate to another country.

    Reply
37. May 28, 2012 at 10:11 pm

    Tomi says:

    Iran targeted by ‘Flame’ espionage virus
    http://www.telegraph.co.uk/technology/news/9295323/Iran-targeted-by-Flame-espionage-virus.html

    Iranian computer networks have been targeted by a cyber espionage virus many times more complicated than any malicious software ever seen before, security experts have said.

    The virus, named Flame or Skywiper, could only have been created by a state, according to analysts who have investigated it and the pattern of infection.

    The results of our technical analysis support the hypotheses that Skywiper was developed by a government agency of a nation state with significant budget and effort, and it may be related to cyber warfare activities,” said Crysys Lab, a unit that investigates computer viruses at Budapest University.

    The discover of the Flame/Skywiper, which may have been in circulation for more than five years, offers further confirmation of the secret battle being waged by intelligence agencies online.

    In their preliminary technical report, the investiagtors describe unprecedented layers of software, designed to allow Flame/Skywiper to penetrate computer networks undetected. The 20MB file, which infects Microsoft Windows computers, has five encryption algorithms, exotic data storage formats and the ability to steal documents, spy on computer users and more.

    Crysys Lab said the technical evidence for a link between Flame/Skywiper and Stuxnet or Duqu was inconclusive, however. While they shared many common components, the newly-discovered virus bears little resemblance; for instance Flame/Skywiper does not spread itself automatically but only when hidden controllers allow it.

    Reply
38. May 28, 2012 at 10:15 pm

    Tomi says:

    Flame Virus is Most Complex Threat Ever Discovered
    http://www.ibtimes.co.uk/articles/346076/20120528/flame-virus-discovered-cyber-attack-weapon-middle.htm

    A highly sophisticated and malicious computer virus whose complexity exceeds all other known cyber menaces to date, has been discovered and is actively being used as a cyber weapon attacking entities in several countries.

    The malware, now known as Flame, was discovered by Kaspersky Lab’s experts during an investigation prompted by the International Telecommunication Union (ITU), which is the UN agency for information and communication technologies.

    The primary purpose of Flame appears to be cyber espionage, by stealing information from infected machines. Such information is then sent to a network of command-and-control servers located in many different parts of the world.

    The Flame malware is currently affecting countries in the Middle East such as Iran, Israel, Sudan, Lebanon, Saudi Arabia and Egypt.

    The Flame malware is not new however, and it is estimated that it has been in operation since March 2010, but such is the complexity of the malicious software plus the targeted nature of the attacks, that no security software detected it.

    Flame will be the third major cyber weapon uncover following the discovery of the Stuxnet virus in 2010, which attacked Iran’s nuclear program, and its data-stealing cousin Duqu, which was named after a villain in Star Wars.

    “The geography of the targets and also the complexity of the threat leaves no doubt about it being a nation-state that sponsored the research that went into it,”

    Eugene Kaspersky, who IBTimes UK spoke to recently about cyber security, tweeted that it took his company six months to analyse the Stuxnet worm but the Flame virus is 20 times more complicated.

    Kaspersky added: “The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country. Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case.”

    Reply
39. May 29, 2012 at 9:27 am

    Tomi Engdahl says:

    Meet ‘Flame’, The Massive Spy Malware Infiltrating Iranian Computers
    http://www.wired.com/threatlevel/2012/05/flame/

    A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.

    The malware, discovered by Russia-based anti-virus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years.

    Reply
40. May 29, 2012 at 9:30 am

    Tomi Engdahl says:

    Flame: world’s most complex computer virus exposed
    http://digg.com/newsbar/topnews/flame_world_s_most_complex_computer_virus_exposed_telegraph

    The world’s most complex computer virus, possessing a range of complex espionage capabilities, including the ability to secretly record conversations, has been exposed.

    Middle Eastern states were targeted and Iran ordered an emergency review of official computer installations after the discovery of a new virus, known as Flame.

    It is the third cyber attack weapon targeting systems in the Middle East to be exposed in recent years.

    Iran has alleged that the West and Israel are orchestrating a secret war of sabotage using yber warfare and targeted assassinations of its scientists as part of the dispute over its nuclear programme.

    Kaspersky Labs said the programme appeared to have been released five years ago and had infected machines in Iran, Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egyp

    “If Flame went on undiscovered for five years, the only logical conclusion is that there are other operations ongoing that we don’t know about,” Roel Schouwenberg, a Kaspersky security senior researcher, said.

    Reply
41. May 29, 2012 at 9:58 am

    Tomi Engdahl says:

    Google Apps receives ISO 27001 certification
    http://googleenterprise.blogspot.com/2012/05/google-apps-receives-iso-27001.html

    In the early days of the cloud, security concerns were often at the top of business minds as they considered moving to Google Apps. More recently, though, security has become a major reason businesses are moving to the cloud. The reason for this shift is that businesses are beginning to realize that companies like Google can invest in security at a scale that’s difficult for many businesses to achieve on their own. This investment has produced an infrastructure and a set of services with robust data protections for our customers.

    Today we are proud to announce that Google Apps for Business has earned ISO 27001 certification. ISO 27001 is one of the most widely recognized, internationally accepted independent security standards and we have earned it for the systems, technology, processes and data centers serving Google Apps for Business.

    This new certification, along with our existing SSAE 16 / ISAE 3402 audits and FISMA certification for Google Apps for Government

    Reply
42. May 30, 2012 at 10:27 am

    Tomi Engdahl says:

    National Security As Culture War: Why Civil Libertarians Lose the Argument
    http://www.huffingtonpost.com/jimmy-soni/national-security-culture-war_b_1553200.html

    Turn security issues into cultural issues. The terms in which we debate civil liberties — “unauthorized surveillance,” “harsh interrogation,” “indefinite detention” — are often abstract and hard to grasp. By comparison, it’s much easier to have those debates in cultural shorthand — to argue not about policies, but about the kinds of people that support certain kinds of policies. Successfully paint civil liberties as soft or weak, and the argument is almost won.

    Create urgency. Caesar’s speech emphasized prudence, caution, and careful judgment. Cato’s message could not have been more different: we must act now.

    In other words, national security threats are qualitatively different from other crimes and demand preemptive action. Or, as another politician put it: “The smoking gun… could come in the form of a mushroom cloud.”

    Win the past.

    Own patriotism.

    No matter what, declare victory.

    Read and studied for centuries, Cato’s words are barely remembered today, but his way of arguing became a permanent part of our political inheritance — an inheritance that Greenwald and those who share his views would do well to remember.

    Reply
43. May 30, 2012 at 4:36 pm

    Tomi Engdahl says:

    Bogus story: no Chinese backdoor in military chip
    http://erratasec.blogspot.com.br/2012/05/bogus-story-no-chinese-backdoor-in.html

    Today’s big news is that researchers have found proof of Chinese manufacturers putting backdoors in American chips that the military uses. This is false. While they did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious.

    Backdoors are common, but rarely malicious

    Backdoors are a common problem in software. About 20% of home routers have a backdoor in them, and 50% of industrial control computers have a backdoor. The cause of these backdoors isn’t malicious, but a byproduct of software complexity. Systems need to be debugged before being shipped to customers. Therefore, the software contains debuggers. Often, programmers forget to disable the debugger backdoors before shipping. This problem is notoriously bad for all embedded operating systems (VxWorks, QNX, WinCE, etc.).

    Chips have reached the software level of complexity.

    Reply
44. May 30, 2012 at 5:40 pm

    Danilo Schmertz says:

    Can I just say what a reduction to find somebody who really is aware of what theyre talking about on the internet. You undoubtedly know how you can bring a problem to light and make it important. More people need to read this and perceive this facet of the story. I cant consider youre no more widespread since you definitely have the gift.

    Reply
45. May 31, 2012 at 12:07 pm

    Tomi Engdahl says:

    White House Unveils Initiative to Fight Computer Viruses
    http://www.bloomberg.com/news/2012-05-30/white-house-to-unveil-initiative-to-fight-computer-viruse.html

    Internet-service providers and financial-services companies would share data about networks of infected computers known as botnets under a pilot program announced today by the Obama administration.

    The White House also unveiled a voluntary set of principles developed by an industry group to prevent and detect botnets and a consumer-education campaign about the computer viruses.

    “The issue of botnets is larger than any one industry or country,” Howard Schmidt, the White House cybersecurity coordinator, said in an e-mailed statement. “This is why partnership is so important.”

    More than 5 million systems worldwide were infected with botnets between January and March of 2012, Michael DeCesare, co- president of McAfee Inc., a security software unit of Intel Corp. (INTC), said at a White House event on botnets today led by Schmidt.

    The Homeland Security and Commerce departments in September sought comments on a voluntary industry program, saying that botnets have emerged as an increasing threat during the past several years.

    Reply
46. May 31, 2012 at 12:31 pm

    Tomi Engdahl says:

    1 in 6 Windows PCs naked as a jaybird online
    Millions snub antivirus, firewalls in web poll
    http://www.theregister.co.uk/2012/05/30/unprotected_windows_survey/

    One in six Windows PCs worldwide are hooked up to the internet with no basic security software, according to a study by McAfee.

    The survey’s figures come from anonymised data voluntarily submitted by consumers around the world using the free diagnostic tool McAfee Security Scan Plus. The Windows-only software checks the user’s computer for threats, antivirus software and firewall protection.

    The US ranked in the bottom five least-protected consumer PC populations, with 19.32 per cent of punters living without basic security, according to McAfee’s stats. The situation was much better, but still not exactly brilliant, in Finland where only 9.7 per cent of consumer PCs went unprotected.

    McAfee has a clear self-interest in talking up the need for consumers to run antivirus suites. Along with Symantec and Kaspersky Lab, it is the main supplier of paid-for security software to consumers, after all. Many basic and perfectly functional antivirus packages for Windows are also available from the likes of Avira, Avast or AVG. Microsoft also supplies a basic antivirus scanner.

    Each of these scanners are far from effective at blocking brand-spanking new banking Trojans or botnet agents, but they are the best defence (along with patching) punters have against ruthless hackers. So the question arises: if security software is important, why isn’t everyone running it?

    McAfee reckons that some consumers avoid using antivirus software in the mistaken belief that they are unlikely to be hit by viruses.

    “Many consumers still believe that by simply sticking to known ‘safe’ sites, they’ll be protected from all forms of malicious content,” McAfee comments in a blog post about its scan results, published on Tuesday.

    Reply
47. May 31, 2012 at 1:09 pm

    Tomi Engdahl says:

    Flame-bait Questions
    http://www.f-secure.com/weblog/archives/00002372.html

    There are many ongoing discussions about “Flame” right now — an espionage tool, information was disclosed about it on Monday.

    • Am I protected from Flame?

    That’s the wrong question. You should be asking yourself this: am I at risk?

    • Alright then, am I at risk from Flame?

    Let’s see, are you a systems administrator for a Middle Eastern government?

    No? Then no… you aren’t at risk.

    The number of computers estimated to be infected with Flame is one thousand and there are more than one billion Windows computers in the world. You do the math. You’re just as likely to win the lottery.

    Additionally: Flame is not a worm. Its architecture includes wormable functionality but those functions are disabled by default. So Flame isn’t spreading like a worm and therefore you won’t be infected unless you’ve been specifically targeted.

    And then there’s the fact that Flame is now known to be in the wild. And so… it’s been “turned off”. Even Flame’s targets are no longer at risk. The real power of an espionage tool is that it’s a secret. Flame is no longer a secret and so it will therefore be abandoned. Operational security has been compromised.

    • How about the future? Will Flame’s tech give cyber-criminals new tools to work with? Should I worry about that?

    Two of our lab analysts literally laughed out loud when asked that question. Flame is big. It’s complex (just as lots of legitimate software are complex). But it’s not advanced crimeware. It’s different. Data stealing crimeware is interested in the quickest, most efficient way to steal what it needs. And it evolves quickly. You might call that: advanced evolution.

    Flame on the other hand is a “limited edition” spy tool with a limited scope that was used very carefully. It didn’t need to evolve. Clearly there was advanced planning involved, but that doesn’t necessarily make it what we would call advanced technology.

    • What was Flame designed for?

    Information gathering. And not just data from the computer, but also conversations and chats, contacts — intelligence.

    • Who made Flame?

    Well, it isn’t designed for profit. It is too big and “complex” to have been designed by “hackers”. So that leaves us with a nation state.

    • Wait. What? Nation states spy?

    Yeah. We know… shocking but true. #sarcasm

    Nation states spy — when have they not? It shouldn’t be surprising to anybody that they use digital espionage tools these days.

    • What nation made Flame?

    It’s evident that significant resources went into crafting Flame. Given that, we think a better question is what defense contractor developed Flame.

    • Defense contractor?

    Yes. The way in which Flame is structured suggests to us that it was written by a contractor — an organization that is being paid.

    Reply
48. June 1, 2012 at 6:13 am

    4.11 cfw says:

    4.11 cfw…

    [...]Security trends for 2012 « Tomi Engdahl’s ePanorama blog[...]…

    Reply
49. June 1, 2012 at 9:21 am

    Tomi Engdahl says:

    Hotspot Shield lets your Android surf safely over public Wi-Fi
    http://gigaom.com/mobile/hotspot-shield-lets-your-android-surf-safely-over-public-wi-fi/

    Looking for a little safety and mobile privacy at that public hotspot? AnchorFree’s Hotspot Shield app might be worth the look for your smartphone: The company launched an Android version of the mobile app in Google Play on Thursday, complementing its iOS edition that was introduced last year. The software is a multi-purpose utility, combining VPN web browsing with anti-malware and broadband data compression.

    Normally, I’m not a fan of security focused software; I generally find that if you’re smart about what you install and where you surf online, your risk of infection is fairly minimal. But given how open the Android Market is — apps aren’t under vigorous review — and a history of widespread malware apps hitting Android devices, I don’t think such solutions are a bad idea.

    The free version offers unlimited VPN (virtual private network) browsing and protection from about a million known security threats, but to add the data compression and more widespread protection — roughly 3.5 million malware, phishing and spam threats – you’ll have to ante up the monthly or yearly fee.

    Again, I personally don’t buy into some of the security hype, but there’s no harm in cheap insurance.

    Reply
50. June 1, 2012 at 10:31 am

    Tomi Engdahl says:

    Microsoft backs Industry Botnet Group to tackle infected Windows machines
    Ropes in others to clean up its mess
    http://www.theinquirer.net/inquirer/news/2181523/microsoft-backs-industry-botnet-tackle-infected-windows-machines

    MICROSOFT HAS ANNOUNCED that it will be part of the Industry Botnet Group to tackle the growing problem of botnets, which usually take advantage of Windows operating systems.

    Microsoft’s efforts to tackle the problem of botnets stems from the fact that the majority of infected machines run some version of its Windows operating system. Yesterday the firm announced the Industry Botnet Group to fight against botnets.

    According to Microsoft, its software has become more resilient so botnets are increasingly harder to code and operate, a claim with which some might argue.

    All of the Industry Botnet Group’s points are fair but ultimately it is the software and perhaps most importantly the operating systems that need to be fixed.

    He forgot to add that running a Linux-based operating system will almost certainly help prevent users’ machines from being taken over by a botnet.

    Reply