Final post

Looking back through my blogs I would have to say I had a variety of topics like physical security, cybercrime law and contingency planning to name a few. My selection of topics were generally what caught my interest at the time if I couldn't find anything to relate to the current week's material.

I admit there we some subjects that I couldn't pass up since I felt they will be something to really consider in the future like being able to take control of certain automotive systems with a cell phone. Another one that was interesting was how a supposedly closed system for the U.S. drone fleet had what seemed to be key logger software uploaded on the system.

I liked the piece about McAfee developing security tools to run at the processor level with Intel as well as the one about a phone hack that would use the accelerometer in a smart phone to determine the keystrokes from nearby computers.

I don't think it mattered just what topic anyone wanted to address for their weekly blog just as long as they were researching current trends and forming an opinion on what they read. It is interesting to see who tends to go outside the box in their analysis as it make the read more interesting.

IT certifications

As discussed in class,  there are a multitude of certifications that an IT professional can acquire. While there are governing bodies for these certifications such as ISC2 for CISSP certification, some do not measure up to others.

It is my opinion that a national standard, at a minimum, across all disciplines be established so that all IT workers have an opportunity to be call a true "professional". What I mean is that a network engineer should have a requisite number of certifications to be considered an engineer, otherwise they are still considered a network administrator.

Everyone knows that a certification doesn't mean much if the job the individual is "certified" in can't be done. That is why there should be other requirements put in place that must be met before a full certification is granted such as time doing the job.

This would not only help standardize the general knowledge base of IT professionals, but also justify higher salaries.

Phone hack logs keystrokes from nearby computers

Matt Liebowitz reported on Security News Daily dated 21 Oct 2011 that if there's a smartphone resting somewhere near your computer right now, it could be logging everything you type into your desktop keyboard and sending that information back to a hacker.

Students at Georgia Tech's School of Computing conducted a proof-of-concept hack to demonstrate how, by tapping into a smartphone's accelerometer, which measures the vibrations of the device, they were able to infer what a target was typing on a keyboard placed near the phone with up to 80 percent accuracy.

The hack works by detecting pairs of keystrokes, rather than individual keys. The researchers used the word "Canoe" as an example. Typed, the word canoe can be broken down into four pairs of keystrokes, C-A, A-N, N-O and O-E.

"Those pairs then translate into the detection system's code as follows: Left-Left-Near, Left-Right-Far, Right-Right-Far and Right-Left, Far…This code is then compared to the preloaded dictionary and yields 'canoe' as the statistically probable typed word," the researchers said.

The method takes some work, and would require the targeted phone to download a specific application to allow the attackers to turn on the keylogger. But, as seen in millions of Internet scams everyday, it isn't difficult to convince someone on the Internet to click a link. And once the keylogger is activated, the technology hidden inside the new generation of smartphones makes the attack that much easier.

My take on this is we don't have to worry about this type of vulnerability just yet. I think that this would depend on the proficiency of the typist for it to work. How would it fair with a hunt and peck typist? It also doesn't mention how close the phone would have to be to the keyboard to detect the vibrations. What happens if you have a keyboard from Apple or a soft touch keyboard where you don't hear the clatter of the keys when typing? What about picking up sound from other nearby systems?

I also don't see how this is much different than placing a standard cell phone in a diagnostic mode where it is constantly transmitting everything that the microphone picks up. This would serve the same purpose and negate the need to transmit the information later.

Kaspersky Lab calls on IT decision makers to participate in a study of IT security risks and challenges

I found this article on News Blaze and decided to Blog about it since we are covering it in class.

Abingdon, UK, 28 October 2011 – Kaspersky Lab, a leading developer of secure content and threat management solutions, has joined forces with The Bathwick Group, a strategic research and consulting company, to discover how companies are using IT to respond to changing business needs. 

Kaspersky Lab created an online questionnaire called "Be Ready Assessment" for companies to complete and then receive a personalized evaluation of their security risks. In return for completing the questionnaire, companies will receive an instant, personalised evaluation of their IT security risks.

 This ‘Be Ready Report’ will provide information on security priorities and potential areas of focus along with suggested next steps and quick wins to help the company prepare for the threats that lie ahead. Participating companies will also benefit from free early access to the full research report and personalised peer comparisons.

I think this is just a way of marketing ploy for their products. It says that they have empiracal data from hundreds of assessments to draw from. I would still be cautious of this since the Be Ready assessment is still depending on someone at your company filling it out and an expert is not gathering the data. Assuming that the person filling out the assessment has the expertise, why would you do one of these then?

It could prove a benefit if you have an inexperienced person like in our case study doing the analysis just so that nothing ins missed and a way forward is determined. I would also think that some best practices or benchmarks could be gathered from this report to help sell the recommended controls to management so that risks are mitigated accordingly.

In conclusion, it could go either way whether this would prove a benefit for your organization.






http://newsblaze.com/story/2011102807000500001.we/topstory.html

Security tools that run at the processor level

I couldn't believe the article Focus 2011: McAfee unveils Deep Defender and Deep Command security platforms by Shaun Nichols posted on http://www.v3.co.uk/v3-uk/news/2118121/focus-2011-mcafee-unveils-deep-defender-deep-command-security-platforms at first.

McAfee is working with Intel to provide security tools to run at the processor level that will detect rootkit infections and attacks that can't be detected by security tools installed on the operating system. McAfee co-president Todd Gebhart was quoted that there are things coming that will get below the operating system.

The rest of the article broke down what each piece will do. Deep Defender looks to be a host intrusion detection system as it will monitor system activity and take security actions based on behavior. Deep Command will allow administrators to remotely access systems even when powered down.

Enderle Group principal analyst Rob Enderle said, "The interesting thing is that it is a primary virtual machine and it points the way to what is going to happen in the future with servers."

What will prove interesting is how they will keep it updated. Will it be through firmware updates? We all know how badly those can go sometimes.I would hope that they would design it so that the primary virtual machine has a backup stored in a protected area so the machine can be recovered if the primary goes bad.

Curious that this speculation had nothing to back it up in the article. What is McAfee seeing that would warrant the development of a processor-based security suite? What kind of security issues that this may present?  The saying that the most secure computer is the one that is shut off will no longer be the case.

U.S. drone fleet days numbered?

According to Noah Shachtman in his article 'Computer Virus Hits U.S. Drone Fleet" posted in the Danger Room on the Wired web site, a computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.

Although it is reported that it has yet to affect missioncapabilities, it is a persistent virus that keeps coming back. To get rid of it, they had to do a complete wipe and reload of the affected system. This effectively could take down the fleet for a period of time that could be capitalized on by insurgents.

It was even mentioned that video feeds from drones were found on Iraqi insurgent's laptops because the feeds are not encrypted. One would assume that is is because the risk associated with intercepting a live feed is relatively low. However, given enough footage or data gathered, an analyst could determine commonalities between missions and anticipate the next course of action to counteract it which would make the drone fleet ineffectual in my opinion.

Does your automotive system need protected from malware?

According to Business Wire in the report "McAfee Report on Automotive Systems Finds Prevalent Lack of Security in Today’s Vehicles", it would seem that your vehicle could be susceptible.
The new report from McAfee examines risks associated with cybercriminal activity including:

• Remotely unlock and start car via cell phone
• Disable car remotely
• Track a driver’s location, activities and routines
• Steal personal data from a Bluetooth system
• Disrupt navigation systems
• Disable emergency assistance     

Most of the features that come in automobiles are supposed to be making the driving experience more palatable for driver, yet it is also opening vulnerabilities to the same systems that are supposed to help. Can you imagine how many cars that may be stolen if you can unlock and start the vehicle with a cell phone? While disabling a vehicle remotely may help the police recover your vehicle, what happens if this is done with vehicle in motion?

How many consumers are aware that these issues exist? What are the automobile manufacturers doing to secure these systems? What would really prove interesting is how your car would get its updates.

Reference: http://www.businesswire.com/news/home/20110906007207/en/McAfee-Report-Automotive-Systems-Finds-Prevalent-Lack