Feed aggregator

Teenage WikiLeaks volunteer: Why I served as an FBI informant

Security blogs - Vie, 06/28/2013 - 02:09

A young Icelandic boy's journey as an informant all began with a cryptic e-mail sent to the United States Embassy in Reykjavík from Sigurdur “Siggi” Thordarson (Sigurður Ingi Þórðarsson), then an 18-year-old.

Thordarson had been involved with WikiLeaks during the previous 18 months, moving ever-closer to the inner circle of the group—Julian Assange eventually promoted him to running the group’s IRC channel, and he was put in charge of dealing with newcomers, media, and other volunteers.

Tags: wikileaksFBIIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Why you should care about your local hackerspace

Security blogs - Vie, 06/28/2013 - 02:01

I had the good fortune to be able to attend Maker Faire North Carolina this weekend in Raleigh, N.C. Maker Faires are amazing events that bring together representatives from all parts of the Maker culture, DIY culture, and the hackerspaces movement. At this local Maker Faire, I was struck by the number of hackerspaces represented. The energy, buzz, and activity around their booths was captivating.

Tags: HackersIndustry Newsl33tdawg
Categorías: Bundle Security blogs

Dell on cyber security: You're screwed

Security blogs - Vie, 06/28/2013 - 01:23

I’m at the Dell Analyst conference this week and the Thursday morning session was all about security.

The track was well attended, likely because a lot of people have become very concerned about security thanks to the news that hackers from China have managed to compromise a number of companies along with US weapons systems under development.

Tags: DellSecurityl33tdawg
Categorías: Bundle Security blogs

The Hackers Behind 4 Years of Cyberattacks Against South Korea

Security blogs - Vie, 06/28/2013 - 01:21

Part of the mystery shrouding the cyberattacks on South Korea has been lifted. Online security firm Symantec revealed on Wednesday that one single group — codenamed the DarkSeoul Gang — is responsible for four years of cyberattacks against the country.

The cyberattacks have been persistent over the past few years, with the country's authorities blaming its neighbors and enemies from North Korea. The most recent of the many attacks came on Tuesday, but perhaps the most massive one hit South Korean banks and TVs in March, wiping off multiple hard drives.

Tags: HackersKoreal33tdawg
Categorías: Bundle Security blogs

How Netflix, HBO May Benefit From Illegal Password-Sharing

Security blogs - Vie, 06/28/2013 - 00:31

There may be good reason HBO and Netflix have professed little concern over customers who lend subscription passwords to those who don’t pay the monthly fees to access their programming.

While execs have said their own internal data suggests such activity is minimal — contrary to growing media attention — a new survey indicates password-sharing may be more pervasive than they are letting on — and that it might even be a good thing.

Tags: Industry Newsl33tdawg
Categorías: Bundle Security blogs

Solo el 35% de las empresas detecta oportunamente las infracciones de seguridad

Security blogs - Jue, 06/27/2013 - 15:33
Estudio de McAfee revela cómo las organizaciones de todo el mundo son incapaces de aprovechar el poder de los grandes volúmenes de datos con fines de seguridad. Diario TI McAfee ha publicado un estudio que revela cómo las organizaciones de todo el mundo son incapaces de aprovechar el poder de los grandes volúmenes de datos con fines de seguridad.  De noreply@blogger.com (Seguridad de la Información)
Categorías: Bundle Security blogs

Pre-9/11 NSA Thinking

Security blogs - Jue, 06/27/2013 - 14:49

This quote is from the Spring 1997 issue of CRYPTOLOG, the internal NSA newsletter. The writer is William J. Black, Jr., the Director's Special Assistant for Information Warfare.

Specifically, the focus is on the potential abuse of the Government's applications of this new information technology that will result in an invasion of personal privacy. For us, this is difficult to understand. We are "the government," and we have no interest in invading the personal privacy of U.S. citizens.

This is from a Seymour Hersh New Yorker interview with NSA Direcor General Michael Hayden in 1999:

When I asked Hayden about the agency's capability for unwarranted spying on private citizens -- in the unlikely event, of course, that the agency could somehow get the funding, the computer scientists, and the knowledge to begin making sense out of the Internet -- his response was heated. "I'm a kid from Pittsburgh with two sons and a daughter who are closet libertarians," he said. "I am not interested in doing anything that threatens the American people, and threatens the future of this agency. I can't emphasize enough to you how careful we are. We have to be so careful -- to make sure that America is never distrustful of the power and security we can provide."

It's easy to assume that both Black and Hayden were lying, but I believe them. I believe that, 15 years ago, the NSA was entirely focused on intercepting communications outside the US.

What changed? What caused the NSA to abandon its non-US charter and start spying on Americans? From what I've read, and from a bunch of informal conversations with NSA employees, it was the 9/11 terrorist attacks. That's when everything changed, the gloves came off, and all the rules were thrown out the window. That the NSA's interests coincided with the business model of the Internet is just a -- lucky, in their view -- coincidence.

schneier
Categorías: Bundle Security blogs

Expiring Albert: Recycling User IDs and the Impact on Privacy

Security blogs - Jue, 06/27/2013 - 14:28
Within many organisations offering online services to the public, there must be a great temptation to expire redundant user accounts [...]Martin Lee
Categorías: Bundle Security blogs

Pindrop Security Names New VP Of Global Sales

Security blogs - Jue, 06/27/2013 - 13:48
Michael Hughes has more than 25 years of experience in tech sales, mainly focused on fraud and risk management solutions(author unknown)
Categorías: Bundle Security blogs

Skybox Security Releases Data On Its Approach To Vulnerability Management

Security blogs - Jue, 06/27/2013 - 13:46
Results came from analysis of customer deployments and customer lab tests(author unknown)
Categorías: Bundle Security blogs

Good Technology Introduces New Security Solutions

Security blogs - Jue, 06/27/2013 - 13:28
Good Dynamics Secure Mobility Platform enables the containerization and management of mobile apps and data(author unknown)
Categorías: Bundle Security blogs

CSA Announces Keynotes & Sessions For Annual CSA Congress 2013

Security blogs - Jue, 06/27/2013 - 13:25
Speaker lineup will include some of the most prominent enterprise leaders and recognized cloud experts(author unknown)
Categorías: Bundle Security blogs

U.S. Cellular Expands Relationship With NQ Mobile For Mobile Security And Privacy Android Apps

Security blogs - Jue, 06/27/2013 - 13:18
U.S. Cellular to offer NQ Mobile Security and NQ Mobile Vault products(author unknown)
Categorías: Bundle Security blogs

Lessons from Biological Security

Security blogs - Jue, 06/27/2013 - 09:34

Nice essay:

The biological world is also open source in the sense that threats are always present, largely unpredictable, and always changing. Because of this, defensive measures that are perfectly designed for a particular threat leave you vulnerable to other ones. Imagine if our immune system were designed to deal only with a single strain of flu. In fact, our immune system works because it looks for the full spectrum of invaders ­ low-level viral infections, bacterial parasites, or virulent strains of a pandemic disease. Too often, we create security measures ­ such as the Department of Homeland Security's BioWatch program ­ that spend too many resources to deal specifically with a very narrow range of threats on the risk spectrum.

Advocates of full-spectrum approaches for biological and chemical weapons argue that weaponized agents are really a very small part of the risk and that we are better off developing strategies ­ like better public-health-response systems ­ that can deal with everything from natural mutations of viruses to lab accidents to acts of terrorism. Likewise, cyber crime is likely a small part of your digital-security risk spectrum.

A full-spectrum approach favors generalized health over specialized defenses, and redundancy over efficiency. Organisms in nature, despite being constrained by resources, have evolved multiply redundant layers of security. DNA has multiple ways to code for the same proteins so that viral parasites can't easily hack it and disrupt its structure. Multiple data-backup systems are a simple method that most sensible organizations employ, but you can get more clever than that. For example, redundancy in nature sometimes takes the form of leaving certain parts unsecure to ensure that essential parts can survive attack. Lizards easily shed their tails to predators to allow the rest of the body (with the critical reproductive machinery) to escape. There may be sacrificial systems or information you can offer up as a decoy for a cyber-predator, in which case an attack becomes an advantage, allowing your organization to see the nature of the attacker and giving you time to add further security in the critical part of your information infrastructure.

I recommend his book, Learning from the Octopus: How Secrets from Nature Can Help Us Fight Terrorist Attacks, Natural Disasters, and Disease.

schneier
Categorías: Bundle Security blogs

Can Apple read your iMessages? Ars deciphers “end-to-end” crypto claims

Security blogs - Mié, 06/26/2013 - 19:15
Aurich Lawson

Ever since the National Security Agency's secret surveillance program came to light three weeks ago, implicated companies have issued carefully worded statements denying that government snoops have direct or wholesale access to e-mail and other sensitive customer data. The most strenuous denial came 10 days ago, when Apple said it took pains to protect personal information stored on its servers, in many cases by not collecting it in the first place.

"For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them," company officials wrote. "Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form."

Some cryptographers and civil liberties advocates have chafed at the claim that even Apple is unable to bypass the end-to-end encryption protecting them. After all, Apple controls the password-based authentication system that locks and unlocks customer data. More subtly, but no less important, cryptographic protections are highly nuanced things that involve huge numbers of moving parts. Choices about the types of keys that are used, they ways they're distributed, and the specific data that is and isn't encrypted have a huge effect on precisely what data is and isn't protected and under what circumstances.

Read 15 remaining paragraphs | Comments

Categorías: Bundle Security blogs

“Out of the Box” SIEM? Never…

Security blogs - Mié, 06/26/2013 - 16:41

A reflexion about the multiple SIEM (“Security Information and Event Management“) products available on the market… I’m currently working with a customer on a big SIEM implementation in an environment that must be PCI compliant and integrates a multitude of devices coming from non-heterogenous security vendors (big-players). Security visualization being one of my favorite topics, people often ask me what the “best-SIEM-solution-ever” or I’m contacted by vendors who announce new products with new features more and more performant and easy to use. A classic argument used by niche players ((c) Garner ) is  the extreme complexity of their competitors. They claim to have an “out-of-the-box” solution: No need to write complex rules, reports are available through a click & run interface, etc. Really?

Let me demonstrate that a good SIEM must be one deployed for your devices and applications by you and for your  business! Most SIEM vendors propose useful “compliance” packages. You must be [PCI|SOX|HIPAA|ISOxxxxx] compliant ? There is a corresponding (and expensive) package which includes all the required stuff to generated reports “just by pressing a button“. Have a look at the screenshot below:

(Click to enlarge)

This is a query coming from a PCI compliance package installed in a well-known SIEM environment. This query is part of the PCI requirement #1 – Firewall Configuration – and should return disallowed traffic from DMZ to untrusted hosts (example: a server in the DMZ trying to connect directly to the Internet). Translated in full English, the query select events:

  • IF the target is not :
    • known as a regular destination from the DMZ
    • OR known as a trusted target
    • OR known as a “cardholder” target
  • AND IF the destination port is not known as allowed (via an Active List)
  • AND IF the traffic is not coming from a VPN device
  • AND IF the traffic is not coming from a SIEM device
  • AND IF the source is flagged as an attacker from the DMZ

Don’t take too much time to understand the rule syntax, it’s not the goal here. The problem that we detected was the following: the report generated too much noise. There was a lot of false positives like:

Source (DMZ)   Target      Destination Port 192.168.x.x x.x.x.x   123

This event is a DMZ host (192.168.x.x) trying to communicate with a NTP server (x.x.x.x). Based on the query describe above, a solution could be to tag the NTP server IP address as “trusted” but we don’t control the IP addresses behind the FQDN and the same IP address could be the destination of other communications.  Another solution could be to add the NTP port (123) into the list of trusted ports in the DMZ. This is not a solution: By trusting the port, it could be used by another server for other communications and not be listed in the PCI report.

Our solution was to replace the active list containing the trusted ports by a new one with two fields: the DMZ source and the destination port. This way, we can define precisely who is allowed to use which protocol.

Another example: some PCI reports returned no results at all while we knew that some events were generated! In this case the problem was located at the events normalization level. The reports used the field “Attacker Asset ID” but this field was not used by some collectors. Only “Device Asset ID” was available. Solution? Again we had to change the queries and look for “Attacker Asset IDORDevice Asset ID“.

Those are two good examples to prove that there is NO SIEM solution that could be implementd out-of-the-box! Don’t trust vendors. Choose the solution that will match most of your requirements but expect to take time to deploy it!

Categorías: Bundle Security blogs

Secrecy and Privacy

Security blogs - Mié, 06/26/2013 - 15:35

Interesting article on the history of, and the relationship between, secrecy and privacy

As a matter of historical analysis, the relationship between secrecy and privacy can be stated in an axiom: the defense of privacy follows, and never precedes, the emergence of new technologies for the exposure of secrets. In other words, the case for privacy always comes too late. The horse is out of the barn. The post office has opened your mail. Your photograph is on Facebook. Google already knows that, notwithstanding your demographic, you hate kale.schneier
Categorías: Bundle Security blogs

41st Parameter Reveals Top Five Cyber Crime Threats Facing Global Financial Institutions

Security blogs - Mié, 06/26/2013 - 14:43
Report includes insights and expert advice to fighting mobile vulnerabilities, malware, DDoS, industrialized fraud, and more(author unknown)
Categorías: Bundle Security blogs

Raytheon BBN Technologies Chief Scientist Stephen Kent Inducted Into Internet Hall Of Fame

Security blogs - Mié, 06/26/2013 - 14:40
Kent developed the world's first Transmission Control Protocol (TCP) end-to-end encryption system(author unknown)
Categorías: Bundle Security blogs

WhiteHat Security Grants Patent Licenses To Cenzic

Security blogs - Mié, 06/26/2013 - 14:38
Agreement also grants WhiteHat a patent license from Cenzic(author unknown)
Categorías: Bundle Security blogs