I found this article on News Blaze and decided to Blog about it since we are covering it in class.
Abingdon, UK, 28 October 2011 – Kaspersky Lab, a leading developer of secure content and threat management solutions, has joined forces with The Bathwick Group, a strategic research and consulting company, to discover how companies are using IT to respond to changing business needs.
Kaspersky Lab created an online questionnaire called "Be Ready Assessment" for companies to complete and then receive a personalized evaluation of their security risks. In return for completing the questionnaire, companies will receive an instant, personalised evaluation of their IT security risks.
This ‘Be Ready Report’ will provide information on security priorities and potential areas of focus along with suggested next steps and quick wins to help the company prepare for the threats that lie ahead. Participating companies will also benefit from free early access to the full research report and personalised peer comparisons.
I think this is just a way of marketing ploy for their products. It says that they have empiracal data from hundreds of assessments to draw from. I would still be cautious of this since the Be Ready assessment is still depending on someone at your company filling it out and an expert is not gathering the data. Assuming that the person filling out the assessment has the expertise, why would you do one of these then?
It could prove a benefit if you have an inexperienced person like in our case study doing the analysis just so that nothing ins missed and a way forward is determined. I would also think that some best practices or benchmarks could be gathered from this report to help sell the recommended controls to management so that risks are mitigated accordingly.
In conclusion, it could go either way whether this would prove a benefit for your organization.
http://newsblaze.com/story/2011102807000500001.we/topstory.html
Saturday, October 29, 2011
Wednesday, October 19, 2011
Security tools that run at the processor level
I couldn't believe the article Focus 2011: McAfee unveils Deep Defender and Deep Command security platforms by Shaun Nichols posted on http://www.v3.co.uk/v3-uk/news/2118121/focus-2011-mcafee-unveils-deep-defender-deep-command-security-platforms at first.
McAfee is working with Intel to provide security tools to run at the processor level that will detect rootkit infections and attacks that can't be detected by security tools installed on the operating system. McAfee co-president Todd Gebhart was quoted that there are things coming that will get below the operating system.
The rest of the article broke down what each piece will do. Deep Defender looks to be a host intrusion detection system as it will monitor system activity and take security actions based on behavior. Deep Command will allow administrators to remotely access systems even when powered down.
Enderle Group principal analyst Rob Enderle said, "The interesting thing is that it is a primary virtual machine and it points the way to what is going to happen in the future with servers."
What will prove interesting is how they will keep it updated. Will it be through firmware updates? We all know how badly those can go sometimes.I would hope that they would design it so that the primary virtual machine has a backup stored in a protected area so the machine can be recovered if the primary goes bad.
Curious that this speculation had nothing to back it up in the article. What is McAfee seeing that would warrant the development of a processor-based security suite? What kind of security issues that this may present? The saying that the most secure computer is the one that is shut off will no longer be the case.
McAfee is working with Intel to provide security tools to run at the processor level that will detect rootkit infections and attacks that can't be detected by security tools installed on the operating system. McAfee co-president Todd Gebhart was quoted that there are things coming that will get below the operating system.
The rest of the article broke down what each piece will do. Deep Defender looks to be a host intrusion detection system as it will monitor system activity and take security actions based on behavior. Deep Command will allow administrators to remotely access systems even when powered down.
Enderle Group principal analyst Rob Enderle said, "The interesting thing is that it is a primary virtual machine and it points the way to what is going to happen in the future with servers."
What will prove interesting is how they will keep it updated. Will it be through firmware updates? We all know how badly those can go sometimes.I would hope that they would design it so that the primary virtual machine has a backup stored in a protected area so the machine can be recovered if the primary goes bad.
Curious that this speculation had nothing to back it up in the article. What is McAfee seeing that would warrant the development of a processor-based security suite? What kind of security issues that this may present? The saying that the most secure computer is the one that is shut off will no longer be the case.
Monday, October 10, 2011
U.S. drone fleet days numbered?
According to Noah Shachtman in his article 'Computer Virus Hits U.S. Drone Fleet" posted in the Danger Room on the Wired web site, a computer virus has infected the cockpits of America’s Predator and Reaper drones, logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other warzones.
Although it is reported that it has yet to affect missioncapabilities, it is a persistent virus that keeps coming back. To get rid of it, they had to do a complete wipe and reload of the affected system. This effectively could take down the fleet for a period of time that could be capitalized on by insurgents.
It was even mentioned that video feeds from drones were found on Iraqi insurgent's laptops because the feeds are not encrypted. One would assume that is is because the risk associated with intercepting a live feed is relatively low. However, given enough footage or data gathered, an analyst could determine commonalities between missions and anticipate the next course of action to counteract it which would make the drone fleet ineffectual in my opinion.
Although it is reported that it has yet to affect missioncapabilities, it is a persistent virus that keeps coming back. To get rid of it, they had to do a complete wipe and reload of the affected system. This effectively could take down the fleet for a period of time that could be capitalized on by insurgents.
It was even mentioned that video feeds from drones were found on Iraqi insurgent's laptops because the feeds are not encrypted. One would assume that is is because the risk associated with intercepting a live feed is relatively low. However, given enough footage or data gathered, an analyst could determine commonalities between missions and anticipate the next course of action to counteract it which would make the drone fleet ineffectual in my opinion.
Does your automotive system need protected from malware?
According to Business Wire in the report "McAfee Report on Automotive Systems Finds Prevalent Lack of Security in Today’s Vehicles", it would seem that your vehicle could be susceptible.
The new report from McAfee examines risks associated with cybercriminal activity including:
The new report from McAfee examines risks associated with cybercriminal activity including:
- Remotely unlock and start car via cell phone
- Disable car remotely
- Track a driver’s location, activities and routines
- Steal personal data from a Bluetooth system
- Disrupt navigation systems
- Disable emergency assistance
Most of the features that come in automobiles are supposed to be making the driving experience more palatable for driver, yet it is also opening vulnerabilities to the same systems that are supposed to help. Can you imagine how many cars that may be stolen if you can unlock and start the vehicle with a cell phone? While disabling a vehicle remotely may help the police recover your vehicle, what happens if this is done with vehicle in motion?
How many consumers are aware that these issues exist? What are the automobile manufacturers doing to secure these systems? What would really prove interesting is how your car would get its updates.
Saturday, October 1, 2011
Online Financial transaction concerns warranted?
Sean Gallagher's article posted on ARS TECHNICA web site reported that a hacking tool which decrypts secure Web requests to sites using the Transport Layer Security 1.0 protocol and SSL 3.0, allowing a person or program to hijack sessions with financial websites and other services has been developed and dubbed BEAST.
It is a man-in-the-middle approach that injects segments of plain text sent by the target's browser into the encrypted request stream to determine the shared key. The code can be injected into the user's browser through JavaScript associated with a malicious advertisement distributed through a Web ad service or an IFRAME in a linkjacked site, ad, or other scripted elements on a webpage. http://arstechnica.com/business/news/2011/09/new-javascript-hacking-tool-can-intercept-paypal-other-secure-sessions.ars
In its current iteration, BEAST would require at least a half-hour to decrypt requests. If your average transaction is only mere minutes, is this vulnerability something that should receive immediate attention? I suppose this is just the price we all have to pay for the convenience of utilizing services that companies like PayPal give us.
Looking through my settings for IE9 shows TLS 1.1 and 1.2 disabled by default. I've read in other comments to this article that enabling these will not make a difference if the server that you are connected to only supports TLS 1.0. It is unclear if implementing the new standards will prevent this attack.
This goes back to what has been drilled into my head since starting my degree concentration. Staying current on patch management and current security threats. Maybe receiving this kind of attention is what this needs. It will force the adoption of the newer standards to plug holes since what was considered risk accepted. If the customer doesn't feel secure, will they continue to use your service? It is all about the money, isn't it?
It is a man-in-the-middle approach that injects segments of plain text sent by the target's browser into the encrypted request stream to determine the shared key. The code can be injected into the user's browser through JavaScript associated with a malicious advertisement distributed through a Web ad service or an IFRAME in a linkjacked site, ad, or other scripted elements on a webpage. http://arstechnica.com/business/news/2011/09/new-javascript-hacking-tool-can-intercept-paypal-other-secure-sessions.ars
In its current iteration, BEAST would require at least a half-hour to decrypt requests. If your average transaction is only mere minutes, is this vulnerability something that should receive immediate attention? I suppose this is just the price we all have to pay for the convenience of utilizing services that companies like PayPal give us.
Looking through my settings for IE9 shows TLS 1.1 and 1.2 disabled by default. I've read in other comments to this article that enabling these will not make a difference if the server that you are connected to only supports TLS 1.0. It is unclear if implementing the new standards will prevent this attack.
This goes back to what has been drilled into my head since starting my degree concentration. Staying current on patch management and current security threats. Maybe receiving this kind of attention is what this needs. It will force the adoption of the newer standards to plug holes since what was considered risk accepted. If the customer doesn't feel secure, will they continue to use your service? It is all about the money, isn't it?
Subscribe to:
Posts (Atom)