Posts Tagged With ‘security&8217

Cybereason’s Continuous Monitoring Platform for Detecting Security Attacks Comes Out of Stealth Mode

Natasha Lomas reporting for TechCrunch on Cybereason exiting stealth mode with their new platform for detecting potential security attacks:

Cybereason has built a pro-active security platform for enterprises to continuously monitor systems with the aim of detecting hacker actions and intentions as they attempt to prepare their data heist, and thus give businesses the opportunity to cut hack attacks off long before hackers have the chance to carry off their corporate crown jewels.

So Cybereason’s platform is not looking to detect malware per se, but rather the tell-tale signatures of malicious operations, whatever they might be — such as an incongruous sequence of program installations on multiple machines in a network that perhaps don’t fit the user profile, or other subtly unusual activities.

“Malware can be a part of a malicious operation [but] we’re really looking at a series of things that a hacker or hacking operation would do to accomplish their end goal,” says Taper. “We’re looking for minute traces [of hacker activity]… to uncover the operation and stop it in its tracks.”

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

Director of National Intelligence James Clapper Suggests Journalists Reporting on Snowden Disclosures are “Accomplices” to a Crime

Boing Boing on Director of National Intelligence, James Clapper’s assertion that journalists are considered accomplices to a crime:

If this is the official stance of the US government, it is downright chilling.

Clapper is engaged in the same treatment of journalists that the Justice Department allegedly repudiated just months ago.

During his opening statement to the committee, Clapper said, “Snowden claims that he’s won and that his mission has accomplished. If that is so, I call on him and his accomplices to facilitate the return of the remaining stolen documents.” Mashable then reported a DNI spokesman said Clapper meant “anyone who is assisting Edward Snowden further harm our nation through the unauthorized disclosure of stolen documents.” The spokesman would not elaborate further.

“Assisting…through unauthorized disclosure” sounds an awful lot like publishing, which is what not only Glenn Greenwald, Laura Poitras and Barton Gellman have done, but dozens of reporters and editors at the Washington Post, Guardian, New York Times, Pro Publica, and NBC News.

The intelligence community, embarrassed and unprepared for the unprecedented trove of disclosures provided by Edward Snowden, is treading dangerous territory if they are truly suggesting journalists can be considered accomplices for merely reporting newsworthy information. In their eyes, every bit of information should remain classified under the guise of “national security” so they can continue to develop suspicious programs capable of further intrusions on Americans privacy, all without our knowledge because, well, terrorists.

Americans need to get off their collective apathetic asses and start taking action against these obvious civil liberties intrusions before it’s too late. Otherwise, don’t be surprised when you wake up and realize you’re in that dystopian world you’ve seen in so many movies, and thought to yourself, “this will never happen in America.”

Angry Birds and other “Leaky Apps” Being Targeted by NSA for Collection of Personal Data

The Guardian on the NSA collecting personal data from “leaky apps” like Angry Birds:

The data pouring onto communication networks from the new generation of iPhone and Android apps ranges from phone model and screen size to personal details such as age, gender and location. Some apps, the documents state, can share users’ most sensitive information such as sexual orientation – and one app recorded in the material even sends specific sexual preferences such as whether or not the user may be a swinger.

Many smartphone owners will be unaware of the full extent this information is being shared across the internet, and even the most sophisticated would be unlikely to realise that all of it is available for the spy agencies to collect.

I’m fairly certain Angry Birds isn’t leaking your sexual preference, however there are plenty of other apps that may very well be disclosing information you would otherwise like to keep private.

The Angry Birds revelation isn’t the most interesting tidbit in the latest Snowden disclosure.

One slide from a May 2010 NSA presentation on getting data from smartphones – breathlessly titled “Golden Nugget!” – sets out the agency’s “perfect scenario”: “Target uploading photo to a social media site taken with a mobile device. What can we get?”

The question is answered in the notes to the slide: from that event alone, the agency said it could obtain a “possible image”, email selector, phone, buddy lists, and “a host of other social working data as well as location”.

In practice, most major social media sites, such as Facebook and Twitter, strip photos of identifying location metadata (known as EXIF data) before publication. However, depending on when this is done during upload, such data may still, briefly, be available for collection by the agencies as it travels across the networks.

Even if the EXIF data is stripped from a photo prior to publication, as long as the associated data is uploaded to a social media site then the NSA has the ability to intercept, collect, store, and analyze the data.

Put another way, even if the Twitter app removes the EXIF data before transmitting the picture and tweet to Twitter, if you have location posting enabled then the NSA will still be able to capture that information. If you have location visibility disabled, this substantially minimizes NSA’s capabilities to collect otherwise private information.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

FixMeStick for Mac is a Bootable Anti-Malware USB Stick for Scanning and Remediation

Geeky Gadgets on a new Kickstarter fund for FixMeStick, a USB thumb drive designed to scan and remediate Mac OS X malware infections:

FixMeStick for Mac is the plug-in and plug-out device that anyone can use to remove hard to detect malware from Apple computers and it is a bootable USB utility that makes virus removal easy, and won’t harm your Mac in the process.

The recent Flashback virus infected around 1% of the world’s Macs and if you would like an easy way to check your Mac is clean the FixMeStick for Mac might be worth more investigation.

Interesting solution to the multi-faceted malware problem end points face today.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

Snowden Calls Proven Liar Mike Rogers’ Allegations of Russian Assistance Absurd

The New Yorker on proven liar, House Intelligence Committee chairman Mike Rogers’ allegation that Edward Snowden was aided by the Russians:

Snowden, in a rare interview that he conducted by encrypted means from Moscow, denied the allegations outright, stressing that he “clearly and unambiguously acted alone, with no assistance from anyone, much less a government.” He added, “It won’t stick…. Because it’s clearly false, and the American people are smarter than politicians think they are.”

If he was a Russian spy, Snowden asked, “Why Hong Kong?” And why, then, was he “stuck in the airport forever” when he reached Moscow? (He spent forty days in the transit zone of Sheremetyevo International Airport.) “Spies get treated better than that.”

CISSP Certification Exam Adding New Question Types in 2014

INFOSEC Institute on ISC2 adding new types of questions to the CISSP certification exam:

So you’re thinking of earning your CISSP. Wouldn’t you like to see some sample questions from the legendary CISSP test? There has been a lot written about sample CISSP exam questions in the traditional four-answer, one-right format.

However, starting in 2014, the CISSP exam will start to contain two additional types of questions: “drag and drop” and “hotspot.”

I am so glad I won’t be taking that test again.

House Intelligence Committee Chairman Mike Rogers Heads to TV to Spread Blatant Lies about Snowden’s Motives for Whistle-blowing

NBC News Politics on comments House Intelligence Committee Chairman Mike Rogers made during an interview to be aired Sunday on Meet the Press:

In an interview to be aired Sunday on NBC’s Meet the Press, Rogers said that rather Snowden being a crusader for Americans’ privacy, “the vast majority” of what Snowden stole “had nothing to do with privacy. Our Army, Navy, Air Force, Marines have been incredibly harmed by the data that he has taken with him and we believe now is in the hands of nation states.”

The Michigan Republican added that there are still “certain questions that we have to get answered” about who helped Snowden remove data from the NSA and later make it public in newspapers in the United States and Britain.

“He was stealing information that had to do with how we operate overseas to collect information to keep Americans safe…. And some of the things he did were beyond his technical capabilities” — a fact which Rogers said “raises more questions. How he arranged travel before he left. How he was ready to go, he had a go bag, if you will.”

Rogers added that he believes “there’s a reason he ended up in the hands, the loving arms, of an FSB (Russian security service) agent in Moscow. I don’t think that’s a coincidence….I don’t think it was a gee-whiz luck event that he ended up in Moscow under the handling of the FSB.”

What an utter joke. I don’t even know where to begin.

That has got to be one of the weakest arguments I have ever read about Snowden and his motivation for blowing the whistle on NSA activities. If Mike Rogers, who has a penchant for lying about anything he dislikes, truly believes Snowden had help from the Russians in copying sensitive documents off of NSA file servers then the U.S. intelligence apparatus has more to be concerned with than the mere disclosure of secrets.

How would Mike Rogers, a Congressman who has absolutely no clue about technology, have any clue about what technical capabilities Snowden wields, much less how easy it is to copy data from file servers to USB thumb drives if you are a systems administrator?

It’s not like this is rocket science: to move necessary operating system and security patches from the internet to other networks, USB drives are a necessity, and the only personnel authorized to use them are those with elevated privileges so they can perform their job functions. This is expressly why Snowden was able to do what he did; his position of trust allowed him special access, and he abused it in the pursuit of whistle-blowing.

I suggest the questions Mike Rogers, as the ostensible House Intelligence Committee Chairman, should be focused on getting answers to are the following:

  1. Why is the NSA violating the privacy of American citizens when these programs have been proven ineffective?
  2. Why has the NSA failed to provide straightforward answers to questions to Congress so they do not have to seek the consultation of private citizens to understand the context of the Snowden disclosures?
  3. Why has the Director of National Intelligence James Clapper been allowed to lie to Congress without any repercussions whatsoever?
  4. Why does the intelligence apparatus always get a free pass from illegal behavior while ordinary citizens who are not doing anything illegal get terrorized with false accusations and threats of long-term incarceration for seemingly petty charges?

Lastly, it is rather apparent Representative Rogers forgot it was the United States government who revoked Snowden’s passport while he was mid-air, which left him stranded in a Russian airport for weeks before finally being granted temporary asylum in Russia.

How we, as Americans, allow ourselves to be represented by blatant liars like Mike Rogers is unfathomable. Of course, President Obama remains one of the worst acts of lying in recent history, campaigning against everything he has done while in office. People like these two – which admittedly is the majority of our elected officials – need to be voted off the island and removed from office forever.

It is time for our government to get back to being one of the people, working for the people, rather than one only interested in maintaining the status quo and pushing the boundaries of constitutionally acceptable behavior because terrorism.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

Banking Security Disaster Waiting to Happen As Most ATM’s Are Still Running Windows XP

Bloomberg Businessweek on the banking industry’s failure to upgrade ATM’s to Windows XP:

When ATMs were introduced more than 40 years ago, they were considered advanced technology. Today, not so much. There are 420,000 ATMs in the U.S., and on April 8, a deadline looms for nearly all of them that underscores how sluggishly the nation’s cash delivery system moves forward. That’s the day Microsoft (MSFT) cuts off tech support for Windows XP, meaning that ATMs running the software will no longer receive regular security patches and won’t be in compliance with industry standards. Most machines that get upgraded will shift to Windows 7, an operating system that became available in October 2009. (Some companies get a bit of a reprieve: For ATMs using a stripped-down version of XP known as Windows XP Embedded, which is less susceptible to viruses, Microsoft support lasts until early 2016.)

This is why a solid defense-in-depth strategy is vitally important. Using a defensive tool like application whitelisting can prevent most of the more dangerous types of malware from executing, and monitors RAM for buffer overflow-type exploits, even if the operating system has unpatched vulnerabilities.

The chances of the banks having employed a solid endpoint protection strategy for their ATM’s is pretty low.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

Malware Authors Abusing Chrome’s Extension Auto-Update Feature to Silently Install Adware

Ars Technica on malware authors buying chrome extensions to infect them with their virulent code:

A first-hand account of this, which was first spotted by OMGChrome, was given by Amit Agarwal, developer of the “Add to Feedly” extension. One morning, Agarwal got an e-mail offering “4 figures” for the sale of his Chrome extension. The extension was only about an hour’s worth of work, so Agarwal agreed to the deal, the money was sent over PayPal, and he transferred ownership of the extension to another Google account. A month later, the new extension owners released their first (and so far only) update, which injected adware on all webpages and started redirecting links. Chrome’s extension auto-update mechanism silently pushed out the update to all 30,000 Add to Feedly users, and the ad revenue likely started rolling in. While Agarwal had no idea what the buyer’s intention was when the deal was made, he later learned that he ended up selling his users to the wolves. The buyer was not after the Chrome extension, they were just looking for an easy attack vector in the extension’s user base.

With the good comes the bad.

The Chrome auto-update feature for extensions is generally viewed as a positive move for security. But unfortunately, there will always be unscrupulous people looking to abuse the system for a multitude of reasons, especially if it can make them a quick buck. It’s an unfortunate part of how the world, and the security world in particular, works.

Staying away from unnecessary Chrome extensions, and plugins in general, is the best prevention to this kind of attack.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.

Obama Announces “Changes” That Do Absolutely Nothing to Curb Unnecessary, Overly Broad Data Collection on U.S. Citizens

The New York Times on a speech by Obama earlier today announcing changes to NSA’s bulk collection of U.S. citizen’s data:

“The most interesting part of this speech was not how the president weighed individual privacy against the N.S.A.,” said Fred H. Cate, the director of the Center of Applied Cybersecurity Research at Indiana University, “but that he said little about what to do about the agency’s practice of vacuuming up everything it can get its hands on.”

Professor Cate, who also advises the Department of Homeland Security on cyber issues, noted that Mr. Obama “took a report that had 46 recommendations, and touched on three or four of them.”

In fact, he did more than that: Mr. Obama reminded the country that it was not only the government that was monitoring users of the web, it was also companies like Apple, Facebook, Twitter and Yahoo that had complained so loudly, as members of an industry group called Reform Government Surveillance.

Is anyone really surprised President Obama would try and equate the unnecessary, unwarranted, and undesired NSA encroachment upon civil liberties through bulk data collection in just about every way imaginable, with American citizens handing over information to corporations like Apple, Facebook, and Twitter in exchange for services rendered?

Yes, the President of the United States of America believes the American public is so stupid that we are unable to see through his – and the out of control intelligence apparatus’ – subterfuge.

This post is part of the thread: Security – an ongoing story on this site. View the thread timeline for more context on this post.