Monday, March 08, 2010
Critical Log Review Checklist
Tuesday, December 29, 2009
The random channel hopping algorithm cracked
The channel-hopping crack comes as the collective is completing the compilation of a rainbow table that allows them to decrypt calls as they happen. The table works because GSM encryption uses A5/1, a decades-old algorithm with known weaknesses. The table - a 2-terabyte list of known results that allows cryptographers to deduce the unique key that encrypts a given conversation - was developed by volunteers around the globe using giant clusters of computers and gaming consoles.
Saturday, December 12, 2009
Point-of-sale (POS) terminals - Treasure for RAM scrapers
Verizon employees recently found the malware on the POS server of an unnamed resort and casino that had an unusually high number of customers who had suffered credit card fraud. The malware was sophisticated enough to log only payment card data rather than dumping the entire contents of memory. That was crucial to ensuring the malware didn't create server slowdowns that would tip off administrators.
The RAM scraper dumped the data onto the server's hard drive. The perpetrators visited at regular intervals through a backdoor on the machine to collect the booty.Its not a new attack but rapidly getting on top of the hackers' chart.
Friday, December 11, 2009
Pushing the limits of Privacy!
Imagine being able to see everything your friends buy with a credit card as they do it. This not only tells you what kind of things they’re actually into (rather than someone just saying they like something), but also other information like how cheap they are, as well as where they actually are at a given time. There is actually a lot of data tied into the transactions we make, and Blippy takes that and makes it social.Hope the folks in security world concur that this will result in more identify theft cases than ever before.
Tuesday, December 01, 2009
Northrop Grumman to join universities to address Internet security issues
Northrop is a major provider of cybersecurity support for U.S. defense and intelligence, and to civil governments in the U.S. and elsewhere. Brammer said the collaboration will speed up research with ideas that can be incorporated in contracts coming up soon as well as explore pro-active ways to protect information in the public and private sectors.
Thursday, September 24, 2009
Swarm Intelligence: deploying new defense modeled after ants
Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat. As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.Good direction but not sure if 3000 ants will be sufficient to crawl 1 trillion URLs on the web in near future.
Monday, September 21, 2009
Using AI for monitoring "abnormal behavior"
According to the official website for Project Indect, which began this year, its main objectives include "to develop a platform for the registration and exchange of operational data, acquisition of multimedia content, intelligent processing of all information and automatic detection of threats and recognition of abnormal behaviour or violence".
It talks of the "construction of agents assigned to continuous and automatic monitoring of public resources such as: web sites, discussion forums, usenet groups, file servers, p2p [peer-to-peer] networks as well as individual computer systems, building an internet-based intelligence gathering system, both active and passive".
Wednesday, September 16, 2009
Chat-in-the-Middle attack
During the live chat session, the fraudster behind the attack presents himself as a representative of the bank's fraud department and attempts to dupe customers who are online into divulging sensitive information - such as answers to secret questions that are used for online customer authentication. This attack is currently targeting a single U.S.-based financial institution.
Sunday, September 13, 2009
Credit info unlock using info on driver's license
Under the federal Fair Credit Reporting Act, a car dealer must always get your permission to look at your credit report. He or she can get that permission in writing—when you sign a release or a loan application—or by implication, without your signature, if there is a “legitimate business need.”Now, it further states that test drives do not constitute a legitimate business need but only when consumer is actually initiating the purchase or lease of a vehicle qualify as business that possibly involves a need to check credit but since technological solution is available, hope someone reviews metrics such as how many reports were pulled vs. how many vehicles were sold by a dealership.
Thursday, September 10, 2009
Net worth on the black market
I tried the tool when I was initially briefed on it a few months ago and was surveyed about my gender and age range; online assets (including credit card and bank account data, brokerage accounts, e-mail accounts, and social network accounts) and an estimated value of all that information; whether I use security software; how cautious I am when online; and how much I think my information is worth.Can one calculate how much "risk" is added (or net worth increased on black market) in the process of gathering Users' financial (credit card and bank and brokerage accounts) and personal (e-mail and social network accounts) info. For a User, if it throws a low number ($10), would it mean that the probability of his/her identity theft is low?
Intelligent Information Privacy Management Symposium
This symposium takes a transdisciplinary approach in its exploration of privacy management by drawing from the key areas of Law, Computer Science, Artificial Intelligence, and Business. It will focus on the need to develop effective information privacy management frameworks, tools and techniques by addressing the underlying tension between transparency and disclosure in the privacy versus business strategy arenas.The organizing committee is seeking three kinds of contributions: Issues papers, Position papers, and Technical papers. If anyone interested in coauthoring, please contact me. (The deadline seems tight though -- October 2, 2009).
Monday, September 07, 2009
Most common high risk vulnerabilities
• Make sure all user-supplied data is properly sanitised before returning it to the browser or storing it in a database.
• Organisations should switch from a persistent authentication method to a transient authentication method to help prevent cross-request forgery attacks.
• An account lockout mechanism should be in place, to lock out accounts permanently or temporarily, to help prevent attackers from being able to brute force user accounts.
Wednesday, September 02, 2009
How behavioral advertising is a threat?
Many Web users are unaware of all the information that's being collected about them, especially by ad networks engaged in targeted or behavioral advertising.Don't take me wrong - I respect consumers' privacy - but how big the threat is if the data is used for analysis only and not disclosed to or read by a human. Forcing Web sites to get opt-in permission before tracking user behavior would definitely help but as a consumer, how many of us pay attention to what we are opting in before clicking the check box.
---
The groups recommended that consumers should be able to obtain the information collected by behavioral advertising vendors, and should be able to challenge the data held about them.
Tuesday, September 01, 2009
Utilizing Risk Management for Managing Change
Wherever risks arise from, we can all agree there are a plethora of risks already present and more apparently forthcoming. Effective leadership requires choreographing change to address the upside and downside risks and the vulnerabilities inherent to both. This is especially true around IT risks since companies are ever more dependent upon the lift IT brings via automation of key business processes, linking to customers and suppliers, and ever-increasing, mandated compliance reporting.
Monday, August 31, 2009
Difference between IT Risk and Information Risk
IT Risks should have a focus on technology, while Information Risks should not. By clearly positioning the two as different, it is easier to delineate responsibilities when partnering with the business on managing risks. Knowing who owns what always increases your chances of being successful. IT risks given their technology orientation, will rightfully so land more on the plate of IT professionals plate to manage vs. the business. Information Risks should accordingly land more so on the business side.
I, being an Information Risk evangelist, would like to add a few points to Mark's well defined theory. Since IT started evolving, the focus had been on protecting the infrastruture, application, and other assets that store company's information. It was the era, when the term IT Risk Management was in very common and popular use. But as Information Governance started to get recognition as the subset of Corporate Governance, Board started to pay attention to Information Risk. In reality, the Board is accountable for ensuring that Businesses protect the Information and this shift in accountability has given rise to Information Risk (a subset of Operational Risk), which encompasses all the controls a company needs to implement to protect its information.
Sunday, August 30, 2009
Burglars & Social Networks
In support of the report, an experiment was conducted to see how many U.K. social media users would accept a "friend" invitation from a complete stranger. Of 100 "friend" or "follow" requests issued to strangers selected at random, 13 percent were accepted on Facebook and 92 percent on Twitter, without any checks. This reaction could result in a complete stranger potentially being able to learn about a person’s interests, location, and movements in and out of their home.Gosh, its going to be busy season for burglars.
Cracking WPA encryption in a minute
The earlier attack, developed by researchers Martin Beck and Erik Tews, worked on a smaller range of WPA devices and took between 12 and 15 minutes to work. Both attacks work only on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. They do not work on newer WPA 2 devices or on WPA systems that use the stronger Advanced Encryption Standard (AES) algorithm.
But Computer scientists in Japan say they've developed a way to break the WPA encryption system used in wireless routers in about one minute. The attack gives hackers a way to read encrypted traffic sent between computers and certain types of routers that use the WPA (Wi-Fi Protected Access) encryption system.
Wednesday, August 26, 2009
Another code theft
He said that he had inadvertently downloaded a portion of [Company’s] proprietary code while trying to take files of open source software — programs that are not proprietary and can be used freely by anyone. He said he had not used the [Company's] code at his new job or distributed it to anyone else, and the criminal complaint offers no evidence that he has.
Why he downloaded the open source software from Goldman, rather than getting it elsewhere, and how he could at the same time have inadvertently downloaded some of the firm’s most confidential software, is not yet clear.
Sunday, August 23, 2009
Removing the shield of anonymity
Tracing the origins of messages--a key task for tracking spam and other kinds of Internet attack--involved reconstructing relationships between account IDs and the hosts from which users connected to the e-mail service. To do this, the researchers clumped together all the IDs accessed from different hosts over a certain time period. The HostTracker software then combed through this data to resolve any conflicts. For example, sometimes more than one user appeared to originate from the same IP address or a single user had multiple ID addresses during overlapping periods of time.
Saturday, August 22, 2009
Highly Predictive Blacklisting
In the same way that Amazon can recommend a book by comparing your past reading habits to many other individuals, it is possible to predict how you will be targeted by malicious internet activity by comparing your history of attacks with other webusers.
The Irvine team have tested their algorithm on a dataset of 1 month's worth of logs consisting of 100s of millions of security logs from 100s of networks. The team claims that the strike rate of its predictive blacklists is up to 70 per cent better than the state-of-the-art systems and that further improvements are well within reach.
My take - Amazon.com can recommend books because the Users (readers) have a specific taste and reading interest but in case of attackers - I do not think its as easy to draw the pattern, except the fact that professional hackers circle around the sites and databases with customer PIIs (Personally Identifiable Information).