Anonymous threatens to DDOS root Internet servers
An upcoming campaign announced by the hacking group Anonymous directed against the Internet's core address lookup system is unlikely to cause much damage, according to one security expert.
In a warning on Pastebin, Anonymous said last Thursday it would launch an action on March 31 as part of "Operation Global Blackout" that would target the root Domain Name System (DNS) servers.
Anonymous said the attack has been planned as a protest against "our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun".
The DNS translates a Web site name, such as www.idg.com, into a numerical IP (Internet Protocol) address, which is used by computers to find the Web site. Read more...
Security biz scoffs at Apple’s anti-Trojan Gatekeeper
Security watchers are expressing reservations about whitelisting security that Apple plans to integrate with OS X Mountain Lion this summer.
The security feature, dubbed Gatekeeper, restricts the installation of downloaded applications based on their source. Users can choose to accept apps from anywhere (as now) but by default Gatekeeper only lets users install programs downloaded from the Mac App Store or those digitally signed by a registered developer. More cautious users can decide to accept only applications downloaded from the Mac App Store.
The technology is designed to make it harder to trick Mac fans into installing Trojans. Apple is essentially acting to nip the problem of scareware scams and the like on Macs in the bud, before Apple-targeting malware gets out of control.
From a system security perspective that's a laudable aim but there may be less palatable consequences. Read more...
Kelihos botnet still dead, say Microsoft, Kaspersky
Contrary to reports, the Kelihos botnet has not crawled out of the grave, Microsoft said last week. But the company acknowledged that a new botnet is being assembled using a variant of the original malware.
The reappearance of a Kelihos-like army of hijacked computers shows just how difficult it is to eradicate a botnet, security experts said today.
"It's not possible in most cases," said Roel Schouwenberg, a senior researcher with Moscow-based antivirus company Kaspersky Lab, when asked whether killing a botnet was feasible. "What you're going for is disruption more than anything."
Liam O Murchu, manager of operations at Symantec's security response team, agreed and said that there was only one way to insure a botnet's death. Read more...
Windows 8, Windows Phone 8 DNA splice is on – report
Windows 8 and Microsoft's next major phone operating system will merge, if reports are correct.
Windows Phone 8, codenamed Apollo, will reuse code from Windows 8, due this year - specifically the kernel, network stacks, security and multi media. That means Windows Phone 8 will ditch the current Windows Phone 7.5 core that uses Windows Embedded Compact.
The report, here, is based on a supposed leaked Microsoft video featuring Windows Phone manager Joe Belifore. The presentation was intended for partners of Microsoft's phone BFF Nokia. The video was not posted. Read more...
Virus-slingers abuse WordPress vulns, dose punters with exploit
Malware-spreaders are hacking into vulnerable WordPress-powered sites in order to drive traffic towards pages loaded with exploits.
Hundreds of websites based on WordPress 3.2.1 have been compromised so that surfers directed to the WordPress-built sites via email links are exposed to the Phoenix exploit kit, M86 Security warns.
In order to lure users to compromised pages, the attacker has spammed out thousands of malicious emails querying an unfamiliar bill and asking recipients to click on a link. (Web security firm Websense separately warned of this spam run late last week.) Read more...
Cyber security report: All countries lag behind the bad guys
The U.S. and U.K. are relatively well prepared for cyber attacks, compared to many other developed nations, but everyone has more work to do, according to a new cyber security study from McAfee and Security & Defence Agenda (SDA).
The report, which ranks 23 countries on cyber security readiness, gives no countries the highest mark, five stars. Israel, Sweden and Finland each get four and a half stars, while eight countries, including the U.S., U.K., France and Germany, receive four stars. India, Brazil and Mexico ranked near the bottom.
No country is ahead of cyber attackers, said Phyllis Schneck, CTO of the public sector for McAfee. The bad guys are "faster and swifter" than the good guys, she said. Read more...
Enterprise gets social: Twitter-style data streams, engagement ‘apps’
Enterprise software developers are just as talented as their free-wheeling consumer-facing peers, but are shackled by the need to prioritise enterprise security over personal utility, and by the fact that IT buyers differ significantly from IT users, as 37 Signals' Jason Fried has pointed out. But a new breed of enterprise software seeks to overlay and augment crufty old systems with dynamic, user-friendly social software, and may well become a $4bn market within the next five years, according to Wells Fargo analyst Jason Maynard.
Data, not surprisingly, is both the engine behind this shift and the glue sticking it all together.
Enterprise software systems, new or old, throw off immense amounts of data, or "digital exhaust". With the rise of programmable interfaces, or APIs, getting access to that exhaust is easier than ever, but data is only useful if harnessed, made comprehensible, and turned to business value.
Unfortunately, most data is "exhaust" in the traditional sense of the word: waste. If enterprises collect data they do so in data warehouses that sit largely untapped. This is a shame given the potential of data to transform the way we work.
Enter the data stream. Read more...
How to prevent thumb drive security disasters
For such a small device, the plastic, handheld USB flash drive can cause big security headaches. Even if you have robust end-point security and establish rigid policies about employee use of these drives, employees still find a way to copy financial reports and business plans for use at home. While other security breaches are more traceable, a flash drive is more difficult to monitor, especially after the employee leaves work.
Some security professionals suggest a radical approach to locking down USB flash drives. Sean Greene, a security consultant at Evidence Solutions, advises his clients to use a clear silicone caulk and fill every USB port on every PC to prevent USB attachments. He says the only way employees can transmit sensitive business documents is by email, a method that his clients can easily monitor.
Chris Harget, a spokesperson for security vendor ActivIdentity, adds that many military organizations don't allow the drives at all, and they have resorted to gluing USB ports closed to prevent breaches.
Yet, in the modern IT climate, CIOs know they have to provide the services employees need to do their jobs, and that can include using a USB drive. For example, in a sales organization, employees often need to load PowerPoint slides, which may contain company financials, onto a USB flash drive. Read more...
Accused Kelihos botnet maker worked for two security firms
A Russian man who was accused Monday by Microsoft of creating the Kelihos botnet worked for a pair of security-related firms from 2005 to 2011, according to evidence on the Web.
In an amended complaint filed yesterday in federal court, Microsoft identified the man as Andrey Sabelnikov of St. Petersburg.
According to his LinkedIn profile, Sabelnikov worked for two Russian companies that specialize in security, including the antivirus firm Agnitum, for the last six years.
Agnitum, which is based in St. Petersburg, develops and sells a Windows antivirus product called OutPost Antivirus Pro as well as a personal firewall for Windows PCs. A company spokesman confirmed today that Sabelnikov worked for the firm from September 2005 until November 2008. Read more...
Twitter acquires antimalware company Dasient
Twitter has acquired Internet security firm Dasient, the Sunnyvale, California startup said on its blog on Monday.
Dasient, which describes itself as a cloud-based Web antimalware technology company, introduced in 2010 a service to protect advertisement networks and publishers from malicious ads.
"Over the last year, we have been very active in securing the ads and content of the some of the industry's largest ad networks and web sites," Neil Daswani, the company's co-founder and chief technology officer, said in a blog post.
Before that in 2009, the company launched its web antimalware platform, capable of scanning URLs (uniform resource locators) and websites for the presence of harmful content.
The acquisition fits with Twitter's plans to expand revenue from advertising including promoted Twitter messages and accounts. Read more...
SharePoint gods peek into colleagues’ info – poll
SharePoint admins are abusing their privileged status to sneak a peak at classified documents according to a poll that shows consistent abuse of security in Microsoft's business collaboration server.
A third of IT administrators or somebody they know with admin rights have read documents hosted in Microsoft's collaboration server that they are not meant to read.
Most popular documents eyeballed were those containing the details of their fellow employees, 34 per cent, followed by salary – 23 per cent – and 30 per cent said "other."
Ironically, the poll found the jury almost split on whether the authors of documents themselves could be trusted to control the security privilege settings on their work.
IT admins are firmly in control of setting access rights within SharePoint; 69 per cent set the permission levels that say who reads what, by individual or by group. Read more...
Smarter hypervisor use can lead to a ‘big, big change’ in security
To gain insight on the months ahead as they relate to IT attacks, malware, cloud security, and the impact of virtualization on security, we recently chatted with Simon Crosby, former CTO of Citrix Systems' data center and cloud business. Crosby recently founded a cloud security startup, Bromium, with Guarav Banga, former CTO and senior vice president at Phoenix Technologies, and Ian Pratt, chairman of Xen.org and co-founder of XenSource.
CSO Online: What do you think 2012 may bring in terms of malware?
Crosby: I think you will see, obviously, a growth. By the way, the growth path in malware is currently exponential per year. That will continue. That's obvious. I think you'll see, in the U.S. large enterprise and maybe even in the federal infrastructure, another major compromise next year. It will be incredibly bad and incredibly embarrassing. That is, to say, very succinctly, we are now in a state of ongoing national cyber espionage. It's not cyber war, but it's cyber espionage on a grand scale. That's absolutely going to carry on. However, I do think the year ahead heralds a fantastic opportunity. It will be the first time when virtualization hardware and its uses within computer systems, generally, dramatically change the odds in favor of security. Read more...
Microsoft: More secure but mission not over
In January 2002, Microsoft's Chairman Bill Gates kicked off the software maker's Trustworthy Computing Initiative with a companywide memo, telling employees that "there are many changes Microsoft needs to make as a company to ensure and keep our customers' trust at every level -- from the way we develop software, to our support efforts, to our operational and business practices."
Security problems continue to plague users and corporate customers in the software industry as a whole, but Microsoft has made great strides and set the standard in many aspects of how software should be designed, developed, secured, and supported.
Microsoft did not take the first steps on this road willingly; the software giant was pushed and prodded by hackers, security researchers, and virus writers. In 2001 the double blow of the Code Red worm and Nimda convinced Microsoft that efforts to secure its products were not working. Read more...
10 years ago today: Bill Gates kicks arse over security
Analysis Sunday marks the tenth anniversary of Bill Gates' Trustworthy computing memo, which made designing security into applications from the ground up a key priority at Microsoft for the first time.
The directive to make security a number one priority followed a period when Microsoft hack taken a sustained shellacking over the instability and insecurity of its software, especially Internet Explorer and Outlook,following the rampage of high-profile malware outbreaks such as the Love Bug, Melissa and Nimda.
The memo came after Microsoft had spent years fighting the Department of Justice's antitrust suit that centred of its Windows monopoly, in particular the bundling of IE with Windows, and two years after Redmond had begun to embrace web services with the launch of .Net.
Apple Macs were not the threat to Microsoft's desktop monopoly that they now pose but the perception of insecurity was a problem for Microsoft's ammunitions to push its servers and associated applications into the data centre, as well as its fight against Linux as a web server platform. Read more...
Wi-Fi Protected Setup easily unlocked by security flaw
Security researcher Stefan Viehböck has demonstrated a critical flaw in the Wi-Fi Protected standard that opens up routers to attack and has prompted a US-CERT Vulnerability notice.
Wi-Fi Protected Setup (WPS) is used to secure access to wireless networks and requires each router to have a unique eight-digit PIN. One mode of use allows a device to connect by just presenting that PIN, opening the way for a client to just try every available PIN. Worse still, the protocol splits the PIN into two halves which reduces the attack time to a couple of hours.
Eight digits should produce 100,000,000 possible combinations, and testing various routers Viehböck found it took an average of around two seconds to test each combination. So brute forcing should take several years unless the router was particularly responsive. Read more...