STE WILLIAMS

A series of attacks against online-gaming services has raised awareness of the ability of certain Internet protocols to be used as a vector for denial-of-service attacks.

In late December and continuing into January, a group of Internet vandals with an apparent vendetta against a single gamer took down online gaming services using an simple amplification attack. By requesting a large list of previous requesters from a vulnerable network time protocol (NTP) server and substituting the target’s IP address as the source of the request, the attackers amplified the volume of the attack by a factor of more than 5,500, says Liam O Murchu, manager of security response for Symantec’s North American operations.

“So you can send just one short command to the NTP service, and the service will send a list of all computers that have attached to that server to the victim, and that is where you get the amplification,” he says. “But the problem with these sorts of attacks is that it is not the victim that has to patch their service, it is the middle man who is running the outdated service that needs to upgrade.”

Security experts have kicked off an initiative to raise awareness of the owners of misconfigured servers running the network time protocol, or NTP, to update their systems following a series of attacks by a group of Internet vandals against online-gaming services. The Open NTP project, for example, allows the general public to scan their NTP servers to see if they allow the monlist command, which the attackers abused to amplify their attacks.

Yet, the problem is not restricted to just NTP. Domain name service (DNS) servers that allow anyone to use them, known as open resolvers, are more commonly abused in amplification attacks. In March 2013, such an attack created a record-breaking amount of traffic to inundate anti-spam service Spamhaus.

[What attacks are most likely against cloud computing environments? Here’s a look — and some advice. See How Cybercriminals Attack The Cloud.]

In fact, any protocol that asymmetrically responds to a small request with a larger response could be utilized to create a distributed denial-of-service attack. While the capabilities that are abused to produce amplification can be sought out, most exist for a good reason and so it is difficult to triage abusable services until they are actually targeted, says Shawn Marck, CEO of Black Lotus, a denial-of-service mitigation provider.

“It wasn’t a vulnerability until someone exploited it–it was a feature,” he says. “But it boils down to any protocol that allows you to make a small request and elicit a large response allows amplification–unless it is TCP.”

Internet communications based on the transmission control protocol (TCP) have a built-in security check: The communication has to be acknowledged by the original sender, essentially making source-address spoofing impossible. Some services that rely on the fire-and-forget communications protocol, known as the user datagram protocol (UDP), first establish a session using TCP and then revert to a stream of communications using UDP. Online gaming and Internet telephony commonly use this technique, Marck says.

Defending against amplification attacks is fairly straightforward, says John Graham-Cumming, a programmer with CloudFlare, a provider of Web security and DDoS mitigation services. NTP attacks can be simply filtered out at the edge of the network before they get to the target. Amplification attacks based on DNS are more difficult, however, since companies want valid DNS queries to arrive at their destination.

“The larger problem with DNS amplification for someone like CloudFlare is that we have to be able to receive DNS packets,” he says. “For DNS, it is the nature of our business, we have to be able to receive unsolicited DNS requests.”

By focusing efforts on filtering out DNS responses, the problem become quite tractable, Graham-Cumming says.

For the Internet at large, however, the problem of amplification is not one that is easily solved. Two approaches have emerged: Patching each service vulnerable to amplification and requiring service providers to filter out requests from their networks that contain a spoofed source address. While the more general solution would be for Internet service providers to block outgoing packets that contain source addresses outside of their networks, the capability would add costs to their operations, and most ISPs are already running lean, Graham-Cumming says.

It’s a matter of incentives, he adds. While spoofing and DNS amplification do not typically impact the Internet service provider, the cost of the solution does. Such external costs to the company, like a company polluting a river, often need government intervention to provide the incentive to do right, Graham-Cumming says.

“It is not a problem for you, it is a problem for the Internet as a whole, just like polluting a river is not a problem for the polluter but for everyone downstream,” he says. “But I think for the network providers, it is probably better for them to do this on their own, rather than having the government come in.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/vulnerability/no-easy-solution-to-stop-amplification-a/240165528

Key Considerations for your Platform as a Service Strategy

Officials in Germany have warned that large networks of hijacked, hacker-controlled PCs – aka botnets – have harvested 16 million email address and password combinations for websites and other online services.

The (German Office of Information Security) BSI said cops and security researchers have been closely following armies of computers that have been infected by malware to spy on users and send spam. The investigators found the machines had gathered a vast collection of email addresses and passwords for mail accounts, social networking websites and all sorts of services: the sensitive credentials were lifted wholesale from infected systems and phishing emails sent from the botnets’ drones.

The BSI and Deutsche Telekom have this week set up a German-language site where users can check their email addresses against the miscreants’ database.

Should a user’s address be found in the collection, they’ll be told to scan their systems for malware, install anti-malware tools, and change their passwords – particularly where a single password was shared for multiple accounts. Frustratingly, the BSI did not reveal the malware powering the botnets, but has published an otherwise extensive FAQ (in German).

Even without the aid of malware and botnet heists, many users are leaving themselves dangerously vulnerable to account theft from the use of poor password choices. Easily-guessed terms such as “password” and “123456” were found to still be the most popular choices for log-in credentials. ®

The Benefits and Significance of Private Platform as a Service

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2014/01/22/germany_blames_botnet_for_theft_of_16_million_accounts/

Key Considerations for your Platform as a Service Strategy

UK gamers believer they’re bumping into that country’s mandatory ISP-level smut filters, courtesy of a filename that accidentally red-flags the purience-punting grumble-blockers.

Courtesy of this Reddit thread, it seems that users trying to download upgrades to the game League of Legends are stalling when they reach files called VarusExpirationTimer.luaobj and XerathMageChainsExtended.luaobj. Both of the files include the sequence s-e-x in the filename: not so much a “false positive” as a “true positive by accident” combined with an extreme case of don’t-even-mention-the-word Victorian morality.

The Guardian notes that the filters are currently only used by a minority of people: those that have ordered a new service since the law came into effect, and who said “yes” to filtering when they signed up.

If it is the porn filter catching the files, it seems to The Register that Riot Games could shoulder some small amount of the blame, because the issue has arisen before. Here is one forum thread from 2013 in which the same file was getting stuck, and users didn’t know why; and another from 2012.

Alternatively, the problem could have nothing to do with the UK filter, but rather reside back at Riot Games: for some reason, in heavy update traffic, its servers stall on those files in particular. The Register has sought comment from Riot Games on the issue.

The Register also wonders what would happen if Microsoft or Oracle were to accidentally slip a sequence of letters into a filename that upset a smut-filter. If that were to happen for a zero-day emergency patch, it wouldn’t be a small number of gamers that hit the ceiling… ®

The Benefits and Significance of Private Platform as a Service

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2014/01/22/puritanical_purience_punting_puts_game_patch_in_sinbin/

Organized and politically-motivated are changing their methods, finding new, less direct methods of launching targeted attacks on enterprises and government agencies, according to a report issued today.

The report, issued today by threat intelligence company CrowdStrike, offers a detailed look at the motivations, methods, and practices of five organized cyber attack groups — including the Syrian Electronic Army as well as groups in China, Iran, and Russia — during 2013.

The methods of these politicially-motivated groups are changing, according to the report. While targeted attacks historically have begun with phishing attacks directly on members of the targeted organization, more sophisticated groups are now using more indirect methods — attacking third parties and collecting information from targeted users by infecting their favorite websites.

Using specific examples from recent attacks, the CrowdStrike report illustrates recent shifts in attacker strategy, such as the trend toward making targeted attacks by infiltrating a trusted third party. The report outlines details of exploits by the SEA — a group that CrowdStrike calls Deadeye Jackal — in which critical user data was extracted through the breach of third-party communications platforms and applications, such as Truecaller, TangoME, and Viber Media Inc.

“Expect to see adversaries targeting third-party vendors [in 2014] in an attempt to compromise the ultimate target,” the report states. “[Third-party vendors often have less-robust security than their larger customers, and their networks offer an avenue through which those customers can be compromised.”

Similarly, many organized cyber groups have changed their methods for tricking users into downloading malware, CrowdStrike says. While many attackers traditionally have sought to infect the user through by sending a fake email — sometimes called a phishing attack — some organized groups are now using strategic Web compromises (SWC), the company reports.

SWCs — sometimes called “watering holes” — are legitimate websites that have been infected by an attacker in order to steal the personal data of those who frequent the site. For example, an attacker looking to collect data on political officials might infect the site of a conference or event that is attended by those officials.

“Where these groups used a lot of spear phishing in the past, we have seen many more SWCs in the last year,” says Dmitri Alperovitch, co-founder and CTO of CrowdStrike. SWCs are harder to detect and remediate than phishing attacks, and it’s harder to identify who launched them, he notes.

SWCs played key roles in recent attacks by organized Chinese hacker groups on the U.S. Department of Labor and the Council on Foreign Relations, the CrowdStrike report says.

Organized attackers often find that an indirect route to a target is easier than a direct attack, according to CrowdStrike. A China-based group that CrowdStrike has dubbed Emissary Panda is focusing much of its attention on compromising the systems of foreign embassies, rather than going after government systems in their home country. Similarly, a China-based group that CrowdStrike calls Numbered Panda has been conducting spear phishing attacks under the guise of the G20 Summit, an event which attracts top government officials from most of the world’s top industrialized nations.

“Targeted intrusion operators like to leverage major events in their operations,” the report states. In 2014, organized groups will likely build phishing attacks and SWCs around events such as the Winter Olympics, the World Cup, the G20 Summit, and upcoming national elections in Egypt, Iraq, Tunisia, and Turkey, CrowdStrike warns.

One group that targeted national elections in 2013 was an organized cel in Iran that CrowdStrike calls Magic Kitten. The group attempted to affect the outcome of Iran’s elections through a series of attacks targeting political dissidents and those supporting Iranian political opposition, according to the report. The group’s preferred attack vector is spear phishing, accompanied by malicious Word documents and image files, which enabled the attackers to retrieve information about victims’ computers, do keylogging, file execution, voice recording, and file exfiltration.

CrowdStrike, which is currently monitoring more than 50 groups of cyber attackers in countries all over the world, predicts that such politically-motivated groups will continue to evolve their tactics to avoid detection and take advantage of vulnerabilities in new technologies, such as the emerging generic top-level domains (gTLDs) that are scheduled to go into operation in 2014.

“These gTLDs will be used by adversaries to support more effective phishing attacks,” the report says. “CrowdStrike also expects new vulnerabilities to be discovered and exploited in network-facing software with regard to handling gTLD hostnames.”

“One of the things we tried to do with this report is to look forward at potential future attacks, rather than just looking back at the year,” Alperovitch says. “With good threat intelligence, every organization should be able to do predictive analytics based on its history and the history of security events. If you know what your attacker did last year, you can get a sense for what he might do this year.”

Have a comment on this story? Please click “Add a Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/attacks-breaches/politically-motivated-cyber-attackers-ad/240165539

Nearly 30 security vulnerabilities so far have been found in products using a popular ICS/SCADA communications protocol, prompting about half of the affected vendors to patch their products and at least one vendor to pull its affected software off the market and urge its customers to instead install another of its products.

The findings by researchers Adam Crain and Chris Sistrunk of potentially dangerous bugs in ICS/SCADA products running the so-called DNP3 protocol used for “master” host systems to communicate with equipment at power plant substations could be easily exploited by an attacker to disrupt parts of the power grid by crashing the master system so it can no longer monitor and control the SCADA network at a substation or substations. The attacks would entail sending malformed DNP3 response packets back to the master host system by exploiting flaws in the way software using DNP3 is written and deployed.

Cooper Power Systems, which was notified by the researchers of an improper input validation flaw in its Cybectec DNP3 Master OPC Server software, discontinued the server product rather than patch it, and is urging its customers to use its SMP Gateway product — which doesn’t carry the flaw — as a replacement. The bug could allow an attacker to crash the system and ultimately disrupt the process it was running.

Crain and Sistrunk last week at the S4x14 conference in Miami disclosed new details on the so-called Project Robus research that they quietly began in April of last year. The researchers have been using Crain’s homegrown fuzzing tool for DNP3 implementations, and so far have reported some 28 flaws, resulting in 16 security advisories from the ICS-CERT and related vendor patches. Only two products that the researchers have tested have not had DNP3 flaws, and the researchers are awaiting word on nearly a dozen additional bugs that they have reported.

Some 75 percent of North American power facilities run DNP3, which was developed in 1993. The protocol is used for “master” servers to communicate with remote terminal units in electric substations, gas pumping plants for gas pipelines, and water utilities, for instance. That includes monitoring voltage or water levels, for instance.

Sistrunk, an engineer with an electric utility, a few months ago decided to try out Crain’s open-source DNP3 fuzzer in his lab. “I tested it on a few things I have access to that had DNP3, and they broke. So I said, ‘timeout,’ we need to have a pow-wow and talk about what we’re going to do because this is pretty big,” says Sistrunk, who conducted the DNP3 research independently of his utility company, which he ask not be named.

An attacker could exploit these bugs and take down a remote site such that the utility would have no visibility or control over it anymore, says Dale Peterson, founder and CEO of Digital Bond, an ICS/SCADA consultancy that hosts the S4 Conference. “What it really means is that someone can go to an unmanned facility and take out the visibility of the entire SCADA system … There’s no need to go to the control center. They can pick [a power substation] in the middle of nowhere, go and break in, hook something up, and the whole thing goes down,” Peterson says.

Sistrunk and Crain said that they also have found 90 or so DNP3 devices exposed on the public Internet. “The majority are misconfigured … this is the [tip] of the iceberg. How many are on the Net that don’t say anything?” said Crain, who is CEO of Automatak and the principal author of the Open DNP3 stack.

The exposed equipment is yet another example of the millions of public Internet-facing equipment found vulnerable and wide open to attack. Project SHINE, which has been gathering data on SCADA/ICS devices from SHODAN for a year and a half, has identified more than 1 million unique IP addresses to date, and 2,000- to 8,000 new devices each day. According to Bob Radvanovsky, one of the Project SHINE researchers, the devices contain buffer overflows, misconfigurations, and cross-site scripting flaws, among other vulnerabilities.

[A global Internet-scanning project focused on finding SCADA/ICS equipment and systems accessible via the public Internet is discovering some 2,000 to 8,000 new exposed devices each day. See Project SHINE’ Illuminates Sad State Of SCADA/ICS Security On The Net .]

The good news is that patching DNP3-based systems doesn’t come with the baggage and risk of patching a PLC or other plant-floor system, where patching comes with risk of shutting down critical systems if a newly patched system goes awry. “It wouldn’t be that much of a headache. I think that’s an important point: we’re not talking about the systems in the substations. We’re talking about the master servers,” says Ralph Langner, founder of Langner Communications, an ICS/SCADA consultancy. “It’s like average IT equipment running a Microsoft OS.”

And it’s a relatively small number of “master” systems that are set up with redundant systems so that taking one down doesn’t take down an entire plant, notes Digital Bond’s Peterson. “I would expect to see something like this being patched. There’s no excuse not to … I expect over the next year or two a large percentage will apply the patches.”

Next Page: Patch Missteps

Article source: http://www.darkreading.com/vulnerability/power-utility-substations-at-risk/240165567

5 DNS security risks that keep you up at night

Ailing BlackBerry has received a new vote of confidence from the US Department of Defense, which has reaffirmed its commitment to the Canadian firm’s platform for a major mobile communications initiative due to launch this year.

According to a press release issued by the DoD’s Defense Information Systems Agency (DISA) last week, some 80,000 BlackBerry devices will be part of the Pentagon’s new Mobility Implementation Plan, version 1.0 of which will begin rolling out on January 31. The plan lists the equipment that can be used by military personnel for official business.

That makes BlackBerry far and away the leading supplier of mobile devices for DoD staffers. By comparison, iPad 3 and 4, iPhone 4S and 5, Samsung 10.1 tablets and 3S phones, and Motorola RAZR handsets only account for 1,800 devices under the plan.

Waterloo, Ontario-based BlackBerry has long touted its US government bona fides as one of its top selling points, even as the popularity of BlackBerry devices in the private sector has waned.

Last May, it announced that its new BlackBerry 10 OS had been approved for use by the DoD, which has long supported the earlier BlackBerry 7 platform. And in August it received the Pentagon’s coveted “Authority to Operate” designation, making BlackBerry Enterprise Service 10 the only mobile device management software that’s been authorized for use on DoD networks.

The first phase of the Pentagon’s new mobility effort will start the phased rollout of mobile device management capabilities for DoD devices, including managed lists of approved devices and supported cellular networks, plus support for DoD public key infrastructure (PKI).

It will also see the launch of a new mobile app store for DoD applications, including enterprise email, a global address list, and help desk applications. The program supports 16 mobile applications so far and more than 90 more are in the process of being vetted for deployment.

“The mobility program is not business as usual for IT procurements,” DISA’s release claims. “DISA is working to create a secure  adaptive mobile environment necessary incorporate the steady advancement of technology, including application development, changing security architecture requirements, and continuous enhancement of equipment.”

Whatever the Pentagon’s goals, however, the announcement came as music to the ears of long-suffering BlackBerry shareholders. The company’s stock price climbed as much as 10 per cent to reach $10 on Tuesday, after languishing at below $9 – and often well below – for the past several months. ®

The Benefits and Significance of Private Platform as a Service

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2014/01/21/blackberry_dod_mobility_win/

Key Considerations for your Platform as a Service Strategy

Another week, and yet another successful compromise of Microsoft’s servers by the so-called Syrian Electronic Army. And this time it’s Redmond’s revamped Office blog that got vandalized.

All your blogs are belong to us

“A targeted cyberattack temporarily affected the Microsoft Office blog and the account was reset,” a spokesperson told El Reg in a statement.

“We can confirm that no customer information was compromised. Microsoft continues to take a number of actions to protect our employees and accounts against this industry-wide issue.”

Microsoft relaunched the Office blog on Monday, but in a series of Twitter postings the self-styled Syrian Electronic Army (SEA) mocked Redmond’s attempts to keep the dastardly defacers at bay: “Changing the CMS [content management system] will not help if your employees are hacked and they don’t know about it.”

It’s a highly embarrassing development for Microsoft. Last week the SEA successfully got into two official Microsoft Twitter accounts and one blog, and a few days later Redmond was forced to admit that some of its staff email accounts had also been taken over.

The SEA has made Microsoft a target because it claims Redmond is selling user data from Hotmail and Outlook to the US government for monitoring purposes. Microsoft has denied this, although it was named as a participant in the NSA’s PRISM massive internet surveillance operation in leaked documents from whistleblower Edward Snowden.

This latest hack is another embarrassment for a company that has been making much of its advanced computer security capabilities. In November the Windows giant trumpeted its new Digital Crimes Unit facility, a CSI-style center designed to map cybercrooks around the world and stop them in realtime.

While Microsoft has had some success in tracking down and eliminating armies of hackered-controlled hijacked PCs (aka botnets), it might be an idea if Redmond spent a little more time putting its own house in order and allocated some resources to knocking back the SEA.

The hacking group started out going after media outlets and caused a brief stock-market rollback after broadcasting the report of an explosion at the White House on AP’s Twitter feed. Rival hacktivist group Anonymous claimed to have targeted the SEA, but this latest attack suggests that the SEA is still out there cracking passwords. ®

The Benefits and Significance of Private Platform as a Service

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2014/01/21/syrian_electronic_army_successfully_hacks_microsoft_blogs_yet_again/

Key Considerations for your Platform as a Service Strategy

The Ben Gurion University security researchers who tangled with Samsung over its KitKat security implementation have posted a follow-up, in which they demonstrate how a malicious app could bypass some VPN protections in Android.

Back in December, the university’s Cyber Security Labs stated that Samsung’s Knox implementation was insecure, but last week the mobe-maker and Google agreed that the problem lies in Android rather than being specific to one handset vendor.

The researchers now say that in a related vulnerability, they have used a malicious app to redirect a user’s VPN connection to a server which is then able to capture user traffic. As the researchers state:

“This vulnerability enables malicious apps to bypass active VPN configuration (no ROOT permissions required) and redirect secure data communications to a different network address. These communications are captured in CLEAR TEXT (no encryption), leaving the information completely exposed. This redirection can take place while leaving the user completely oblivious, believing the data is encrypted and secure.”

The vulnerability is demonstrated in the video below.

Youtube Video

The researchers haven’t published the code for their exploit, but say they have notified Google of the vulnerability and will provide more detail once the problem has been patched.

While the vulnerability provides deep access to user communications that are supposed to be protected, it’s important to note that it can only be exploited if a user can be tricked into installing a malicious application.

Also, SSL / TLS traffic remains encrypted: it can be captured, but not in plain text.

At this stage, the researchers have only tested their attack on Android 4.3 KitKat. ®

The Benefits and Significance of Private Platform as a Service

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2014/01/22/israeli_android_researchers_demo_vpn_vulnerability/

The Road to Enterprise PaaS

A widespread DNS outage hit China on Tuesday‪, leaving millions of surfers adrift.‬

DNS issues in China between 7am and 9am GMT left millions of domains inaccessible. Two-thirds of China’s DNS (Domain Name System) infrastructure was blighted by the incident, which stemmed from a cache poisoning attack.

Chinese netizens were left unable to visit websites or use social media and instant messaging services as a result of the screw-up, the Hong Kong-based South China Morning Post reports.

The snafu, which affected China’s root servers, meant all queries resolve to the IP address 65.49.2.178. A fix was implemented around two hours after the snag first surfaced.

All China’s generic top-level domain names were affected. Services provided by local internet giants such as search engine Baidu and social-media portal Sina.com were rendered unavailable to locals unless they accessed them through virtual private network (VPN) technology.

DNS servers provide a lookup function that converts domain names, such “www.baidu.com,” into a numerical IP address understood by routers and servers.

The cause of the problem, which might take up to 12 hours to be fully resolved, was not immediately clear, with an attack by hackers being at least one of the possible reasons.

DNSPod, a DNS provider that describes itself as the largest in the country, handling three million domains, put out an update on Twitter blaming an attack without going into details.

More coverage of the incident can be found in a story by the Wall Street Journal here. ®

The Benefits and Significance of Private Platform as a Service

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2014/01/21/china_dns_poisoning_attack/

Who: iSEC Partners, a proven full-service security consulting firm, today announced in collaboration with the Electronic Frontier Foundation (EFF) and DEF CON that together they will be kicking off a brand-new security technology conference, TrustyCon. The event will prioritize and refocus trust in technology and technology companies, during a time of cynicism and contempt towards consumer security and privacy.

When and Where: February 27, 2014 from 9:30 AM to 5:00 PM PT at AMC Metreon (135 4th St #3000, San Francisco). The conference will be held in Theater 15.

What: Following opening remarks from iSEC Partners co-founder Alex Stamos, a full program of panels of security experts and a keynote speaker will tackle the future of trust in technology.

The primary agenda includes Microsoft and CloudFlare as sponsors and confirmed speakers and panelists such as:

Alex Stamos, Chief Technology Officer, Artemis

Jeff Moss, Founder, DEF CON and Black Hat

Marcia Hofmann, Privacy Attorney

Mikko Hypponen, Chief Research Officer, F-Secure

Chris Palmer, Software Security Engineer, Google

Christopher Soghoian, Principal Technologist, American Civil Liberties Union

Why: Reuters has reported that the RSA Corporation entered into a $10M contract with the NSA to include a backdoored algorithm in their widely used commercial cryptography library. The disclosure of this deal has affected the trust individuals and companies place in the government and technology companies and has struck a chord among businesses and consumers. It raises concern regarding the ways the industry may profit from relationships with the government and whether international clients can trust their security providers.

TrustyCon serves as a call-to-action to companies to design their technology and businesses to be secure and trustworthy.

Get Involved: Tickets and event details are available here: www.trustycon.org. Sponsorships are currently available for the event. For more details and to learn more, email [email protected].

Contact: Aparna Aswani

SutherlandGold Group for iSec Partners

[email protected]

About iSEC Partners

iSEC Partners, a part of information assurance company, NCC Group plc, since October 2010, is a full-service security consulting firm that provides penetration testing, secure systems development, security education and software design verification. iSEC Partners’ security assessments leverage our extensive knowledge of current security vulnerabilities, penetration techniques and software development best practices to enable customers to secure their applications against ever-present threats on the Internet.

Primary emphasis is placed upon helping software developers build safe, reliable code. Areas of research interest include application attack and defense, web services, operating system security, privacy, storage network security and malicious application analysis.

About NCC

NCC Group (LSE: NCC.L) NCC Group provides 45,000 organizations worldwide with IT assurance through escrow, verification, security software testing, audit and website performance solutions. NCC Group is the only data escrow provider able to draw on this market-leading technical expertise and ensure that your Registry Data Escrow is stored under the highest levels of security at all times.

Through these services NCC Group gives customers the confidence that their business critical information, systems, networks, websites, and software are protected, secure, compliant and effective.

Article source: http://www.darkreading.com/privacy/isec-partners-eff-and-def-con-announce-t/240165513