New iPhone SMS Threat No Reason To Panic
You may have heard that researcher Charlie Miller has released details about a vulnerability that allows an attacker to take over an iPhone remotely with a SMS message. Now everyone is rushing to offer homegrown advice on how to fix the problem. But I'm going to offer a different point of view.
Corporate Patch Management Lags In Maturity
If one of the most important disciplines necessary for keeping systems secure is a systematic vulnerability management program, why have so few organizations reached a decent level of maturity in their patch management efforts?
Pwnie Awards Bring Fame And Shame
The third annual Pwnie Awards at Black Hat in Las Vegas, hosted by Alex Sotirov, Dino Dai Zovi, HD Moore, Halvar Flake, and Rich, celebrated the highs and lows in the security industry. As Dino said, "First we reward for great work, then we shame."
Black Hat, Day One: Rationalizing And Reinforcing My Pessimistic World View
When I arrived in Las Vegas, I already smoldered and grumbled about the facts that online trust mechanisms are untrustworthy, and that browsers' fundamental weaknesses persist despite the fact that better browsers would make an incalculable impact on overall Web security. Yesterday's sessions simply added more kindling to the fire.
Small Businesses Should Move To Shared Storage Sooner
With the cost of direct attached storage (DAS) dropping and the capacity that it can deliver for those dollars increasing, you would think that the demand for shared storage is dwindling. Reality is that shared storage is on the rise and the biggest reason for its growth has little to do with storage management or even data protection. Those are nice side benefits, however the real motivator is server virtualization.
Metasploit Meterpreter For Mac Coming Soon
Meterpreter is by far one of the most powerful and most advanced payloads included in the Metasploit Framework. It's been the joy of penetration testers and the bane of incident responders and until now, it's only been a payload targeted at Windows systems, while Mac users have dodged a bullet. But that won't be the case for much longer, as demonstrated by Dino Dai Zovi in a 20-minute breakout session at Black Hat today titled "Macsploitation with Meterpreter."
UPDATE: BlackHat, Kinda: 'Real' Black Hats Hack Security Experts
UPDATE: The rumor here is that the attacks did indeed happen, but the significance of it is actually quite small--not worth paying attention to, since attention is clearly what the attackers are seeking. More to come.
BlackHat, Kinda: Yesterday a hacking group released details (http://sh0dan.org/zf05.txt) of a number of successful attacks they conducted, apparently with the principal purpose of embarrassing some of the security industry's most wel
Obama Administration Going Soft On Cybersecurity
Viruses, botnets with international botmasters, denial-of-service attacks on government properties, cyberbullying, and the increasing threat of identity theft plague every resident, from child to adult, regardless of whether they are actually ever online -- U.S. cybersecurity has been little more than a bad joke.
Unifying The Infrastructure
We've spent the last several entries discussing the unification of storage and there is one aspect of unification that I have not discussed; unifying the infrastructure. I do currently have a series of videos currently running with Information Week on FCoE so in this entry I'll just touc
Close To Half Of SMBs Defenseless Against Cybercrime: Panda
44% of U.S. small and midsized businesses have suffered at least one incident of cybercrime, according to a study just out from Panda Security. And considering how spotty, inconsistent and just plain missing SMB defenses are, it's a wonder the figure isn't any higher than it is.
Congress Taking Steps To Secure Electric Grid
So the theory goes: one strategic Electromagnetic Pulse explosion (EMP) detonation over the mid-west United States could cripple the power grid, and even stop most electronic devices from a car's ignition to medical devices to radios and TVs to PCs from functioning. So what, if anything, are we doing about it?
6,000 New Malware Threats A Day: McAfee
Think you've seen explosive growth in the number of threats your business faces? Think again. New figures from McAfee indicate that the malware makers have put their creations on a growth curve aimed at flooding cyberspace with cybertraps, as many as 6,000 new ones a day. Every day. All year long (so far).
Malware Counts: Uncomfortably Numb
McAfee's security research group Avert Labs shows a more than doubling of malware from the first half of 2009 compared with the same period in 2008: that's 1.2 million unique malware applications up from about 500,000 in 2008. With the numbers now reaching the millions in a six-month period -- does virus and malware counting really provide us any value anymore?
The BlackBerry 'Trojan Horse'
Research In Motion's announcement that users in the United Arab Emirates (UAE) who installed an update on their BlackBerrys ended up with a surveillance application raises some key questions.
The Encryption Gap
Things that make us say "hmmm" include these stats: The percentage of respondents to our 2009 Strategic Security Survey who rated encrytion as effective in reducing risk dropped from 57% in 2008 to 48% in 2009. Use of disk, file, and backup media encryption ALL fell year over year by at least five percentage points. Backup encryption usage is down 10 points.
The last few entries we have been covering aspects of unified storage. The bottom line is that unified storage has it's place and many organizations can benefit by having these systems, but where does this leave storage platforms that essentially do one thing and do it well?
Little URLs Becoming Bigger Spammer Target
URL-shrinking services such as TinyURL.com, bit.ly, and cli.gs are convenient for turning long addresses into short ones. They're also convenient for helping spammers and malware makers hide their identities and guide unwary clickers astray.
Data Breach Laws Drive IR, Preparation Is Key
Fellow Dark Reading blogger Gadi Evron had an interesting take on the relationship between incident response and forensics in his post "Incident Response Is Not Forensics." I agree with him for the most part, but I don't think forensics is the most common course of action depending on who is responding to the incident.
The Forgotten Part Of Storage Unification
The focus of storage unification has for the most part been protocols. Leveraging a NAS to also serve up a SAN protocol (fibre or iSCSI) and as I discussed in my last entry there is definitely a place for that. The forgotten part of storage unification however is unifying all the storage that already exists in the data center; this is typically done through a form of storage virtualization.
Defensible Network Architecture Ideal For Incident Response
In my last blog, I talked about how incident response is more than just preparing your first responders by training them and providing them with the tools. Your network and systems need to set up in preparation, too, so that you have the information you need when handling an incident. It wasn't until yesterday that I remembered what I think is one of the best models of network design that fits the mold of what I mean by having your environment ready for an incident.
Incident Response Is Not Forensics
Professionals who handle computer security incident response traditionally have also been charged with forensics. They find the evidence of wrongdoing, and preserve it in a court-approved fashion. This best practice is a good one, even when saving data for law enforcement is not a necessity or a priority.
Do You Need Unified Storage?
As discussed in our last entry, unified storage is all the rage right now in the storage industry; it is essentiality the combining of NAS with a block protocol, like iSCSI or traditional fibre channel. The question is however do you need unified storage?
SonicWall Adds Ambitious Anti-Spam Tools To SMB Firewalls
Firewall company SonicWALL has added high-level anti-spam features to the features and services integrated in its Unified Threat Management Firewalls, aiming to block spam at the network gateway, as well as at remote or mobile locations using the company's firewalls.
Incident Response Prep Extends Beyond Tools, Training
Whenever you read information on how to perform forensics and incident response, there is a preparation phase that comes before anything else. Preparation steps cover how to prepare for dealing with an incident in your environment -- but what about making sure your environment is ready for an incident?
The Security 'Unconference' In Vegas
Most of the security action happening later this month will be in Vegas' Caesars Palace and the Riviera Hotel, where Black Hat USA and Defcon will convene. But at a rented house at a thus-far undisclosed location a few miles off of the Las Vegas Strip, a handful of hackers will host SecurityBSides, a homegrown "unconference" alternative to the more structured format of Black Hat.
Cisco Says Hackers Going Corporate
Partnerships are usually not something associated with hackers, but a growing number of them are pooling their resources to make their tricks more effective. In addition, the crooks are keeping up on current events and instantly developing new ruses based on them. Those are a few of the findings Cisco outlined in its midyear security report.
Browser Security Takes Center Stage This Patch Tuesday
Microsoft today issued a Security Advisory about a previously undisclosed vulnerability in Office Web Components Spreadsheet ActiveX control (OWC 10 and OWC11). The flaw is exploitable without any user interaction required, and attacks are underway.
What Is Unified Storage?
What started as a whisper has now become a roar. All of a sudden every storage vendor you talk to has Unified Storage and all of a sudden you MUST have it. All of which begs the question, what is unified storage and do you need it?
Internet Explorer Hit With 1-2 Punch Of Zero-Day Attacks
It's Monday: Do you know what Web browser your users are running? If it's Internet Explorer, don't look now, but for two weeks in a row, IE has taken two jabs straight to the face with ActiveX zero-day exploits that let attackers stomp all over users who are tricked into clicking on a malicious link or get redirected from a compromised site. Browser alternatives starting to look a little more enticing?
Target Requires Driver's License Scan For Restricted Items
Sure, I traded my smoking habit for a Nicorette gum habit, but does that mean I should be forced to have my driver's license physically swiped through the register to buy an age restricted item? I don't think so, but retailing giant Target certainly does.
DDoS Cyberwarfare Hurts Us All
A distributed denial of service (DDoS) attack has been in the news in recent days due to attacks against the U.S. government -- with fingers pointed at North Korea. But people forget a few basic truths people when it comes to information warfare (or cyberwarfare) and DDoS attacks.
Where To Start With SSD
Solid State Disk is a mature, stable technology poised for widespread adoption in enterprises of all sizes. It solves performance and power issues that mechanical drives can not. Most data center managers, large and small, have an eye on this technology but are not exactly sure where to start with SSD.
Hacking And Exploit Site Milw0rm Closes Its Doors
Milw0rm is by far one of the best-known public sites to get the latest proof-of-concept exploit code. Or at least it was until it closed its doors today. The closing comes as a shock to the security community given that milw0rm had become a valuable resource for proof-of-concept and weaponized exploit code, demonstration videos, and papers on all areas of information security.
ActiveX Bug Could Open Doors For Bigger, Badder Confickers
The latest ActiveX vulnerability could create big problems in the form of big opportunities for hackers. How big? The Conficker worm exploited a vulnerability that was long-patched, taking advantage of unpatched computers. The new vulnerability hasn't been patched yet. You do the math.
Trojans Now 70% Of New Security Threats
Nearly three-quarters of malware is now comprised of Trojans, according to a new report from PandaLabs. The security company's figures for the quarter ending this past June showed that 70% of new malware was Trojans. There's a reason for this: Trojans work, and Trojans work because so many computers (and their users, and the businesses that use them) don't take even the most basic precautions against them.
Placing Former Employees On Legal Hold
Legal hold is a term used to set aside certain data to make sure it is not altered while a legal case is being settled. One of those situations is employee termination. The chances are there for the employee to file a wrongful termination lawsuit and for the data center that means placing exiting employees' data on legal hold.
Zero-Day Hits Microsoft DirectShow
Microsoft today issued an advisory to its customers warning them that a new vulnerability in Microsoft Video ActiveX Control affecting Windows XP and Windows Server 2003 is currently being actively exploited. The software vendor has issued a work-around.
Kantara Initiative: Another Effort To Get Identity 2.0 Out Of The Gate
We've been saying for a while now that better identity management -- more so than secure Web app coding or even more secure browsers -- could fuel a quantum leap in Web security. The "Identity 2.0" community can be credited with wonderful research and truly significant advancements in identity management technology. In many ways, we're poised for an identity revolution. However, the efforts have been hampered by a lack of public awareness, a lack of interoperable standards, usability concerns, a
Would Your Users Take The Bait?
Military leaders would never send their troops into war without preparing them for the threats they'd be facing on the battleground. Likewise, you shouldn't let your users go about their daily activities without educating them about the dangers they face when opening an e-mail or clicking on a link returned from a seemingly innocuous Google query.
The Only Two Reliable Cloud Security Controls
It seems that we in the information technology profession are just as fickle as the fashionistas strutting around Milan or New York. While we aren't quite as locked to a seasonal schedule, we do have a tendency to fawn over the latest technology advances as if they were changing colors or hem lengths. Some are new, some are old, some are incredibly useful, and others are completely frivolous, but we can't deny their ability to enter and steer our collective consciousness -- at least until the ne