STE WILLIAMS

Acton, Mass., December 3, 2013 – EiQ Networks a pioneer in continuous security intelligence, today announced the release of three free security intelligence tools – FlowVue, LogVue and EventVue – that will deliver centralized log management, event monitoring and network flow analysis at no cost for up to 25 devices. These new security monitoring and analysis tools will help organizations, with limited security monitoring capabilities, meet specific log management and SIEM use cases to help kick-start an information security program.

“This game changing set of new free security monitoring and analysis tools deliver important capabilities in helping organizations begin building effective security programs.”

“Security monitoring is no longer a nice to have, but is fundamental to build an effective security program,” said Brian Mehlman, Senior Director of Product Management at EiQ Networks. “This game changing set of new free security monitoring and analysis tools deliver important capabilities in helping organizations begin building effective security programs.”

LogVue

Log management is critical to maintaining a secure network and complying with industry regulations. The challenge is to centrally collect, archive and search logs when dealing with distributed and diverse IT assets, all of them generating log data in different formats. LogVue delivers centralized log management and intelligent security search in a simple solution that is easy to install and deploy.

EventVue

IT infrastructure assets produce invaluable data in the form of event logs, but oftentimes organizations have challenges collecting and viewing the data in meaningful ways when dealing with a large number of devices and disparate information in different formats. EventVue is an easy to use centralized log viewing solution that displays events in real-time dashboards that help users optimize network infrastructure and react to potential security threats.

FlowVue

Network flow data can be extremely valuable for both IT network administration and information security purposes. FlowVue, a network flow analyzer, monitors and analyzes flow data and helps identify policy violations, security threats, usage patterns and provides valuable insight for network optimization.

To receive a free copy, simply download and install FlowVue, LogVue or EventVue from: www.eiqnetworks.com/free-tools

“Organizations continue to rely on discrete point tools, under-staffed organizations, and manual processes as the basis of their security defenses,” said Jon Oltsik, senior principal analyst at Enterprise Strategy Group. “People, process and technology are fundamental components for an effective security program and it’s imperative that companies adopt solutions that address these new enterprise security requirements.”

Recently EiQ Networks announced the release of the SecureVue Continuous Security Intelligence Platform, enabling a broad range of continuous security and compliance monitoring solutions for any security conscious organization. This new offering delivers multiple add-on modules that include log management SIEM, SANS Critical Security Control (CSC) based cyber defense assessment, and automated security configuration audit.

The SecureVue platform along with these new free security tools are part of EiQ Networks commitment to help any organization start or complete their journey towards building an effective security program while overcoming challenges around traditional SIEM and log management acquisition, operational complexities and trained cyber security professional shortages. To learn more about EiQ Networks and its offerings, please visit: www.eiqnetworks.com

About EiQ Networks:

EiQ Networks, a pioneer in simplified information security and compliance solutions and services, is transforming how organizations identify threats, mitigate risks and enable compliance. Our flagship solution, SecureVue, a continuous security intelligence platform, helps organizations proactively detects incidents, implement security best practices, and receive timely and actionable intelligence along with remediation guidance. Through a single console, SecureVue enables a unified view of an organization’s entire IT infrastructure for continuous security monitoring, critical security control assessment, configuration auditing, and compliance automation. In addition, EiQ offers SOCVue, a security monitoring software as a service (SaaS) offering, provides 24×7 security operations to organizations that require security monitoring but lack resources or on-staff expertise to implement an effective security program.

For more information, visit: http://www.eiqnetworks.com.

Article source: http://www.darkreading.com/management/eiq-networks-announces-three-new-securit/240164673

AUSTIN, December 11, 2013 – According to SailPoint’s annual Market Pulse Survey, cloud applications and mobile devices are increasing security and compliance risk at many US and UK enterprises. Alarmingly, the survey reveals that while global enterprises are embracing – and in some instances mandating – these new technologies, they do not have IT controls in place to properly manage them, putting themselves at an increased risk of fraud, theft, and privacy breaches. For example, in the last year, more than 50% of the respondents have experienced situations where terminated workers tried to access company data or applications after they left the organization. The 2013 Market Pulse Survey, conducted by independent research firm Loudhouse, is based on interviews of 400 IT decision makers at large companies in the US and UK.

According to the 2013 Market Pulse Survey, enterprise adoption of cloud and “bring your own device” (BYOD) is pervasive: 84% of enterprises use cloud-based applications to support major business processes, and 82% of respondents allow employees to use their personal devices to access company data or applications at work. Cloud technologies are considered so advantageous that 63% of enterprises now require IT decision makers to evaluate cloud applications as part of every software procurement process. However, these new technologies are glaringly absent from most companies’ security programs, with as many as 41% of respondents admitted to an inability to manage them as part of their identity and access management (IAM) strategy. And, exacerbating the problem, only 41% have a process in place to automatically remove mission-critical data from mobile devices.

“There’s no denying it, cloud and mobile technologies are becoming mainstream. But, as our survey indicates, enterprises are still ‘catching up’ to the required levels of oversight and control they need. With our survey finding that as many as 59% of mission-critical applications will be stored in the cloud by 2016, the need for better management of cloud and mobile access is only going to rise,” said Jackie Gilbert, CMO and founder of SailPoint. “Organizations need to have automated policy and controls in place to monitor and manage user access across the entire enterprise – including mobile and cloud applications – in order to minimize security and compliance risk.”

The 2013 Market Pulse Survey shows the stress IT organizations face as global enterprises attempt the difficult task of proactively managing and monitoring user access across the incredibly dynamic IT environments of today’s business world. While more than half of businesses say they are ‘very successful’ in meeting their initial IAM objectives, the widespread adoption of cloud and BYOD are creating cracks in that foundation. In this year’s survey, respondents revealed that:

57% had experienced the loss of company-owned devices containing sensitive information;

81% are concerned about business users sharing passwords across personal cloud and corporate apps to sensitive data;

46% are not confident in their ability to grant or revoke employee access to applications across their full IT infrastructure;

51% believe that its ‘just a matter of time’ before another security breach occurs;

52% admit that employees have read or seen company documents that they should not have had access to; and

45% believe that employees within their organization would be prepared to sell company data if offered the right price.

“Many organizations are struggling to manage ‘who has access to what?’ across the enterprise. And as our survey indicates, the growing adoption of cloud and mobile technologies is making the problem significantly worse. It’s pretty clear that if you’re not proactively managing cloud and mobile access today, you’re at increased risk of fraud, data theft, and security breaches,” continued Gilbert.

The 2013 SailPoint Market Pulse Survey, conducted by independent research firm Loudhouse, is based on interviews of 400 IT decision makers at companies with at least 5,000 employees. Respondents were spread evenly across the US and UK, and owned budgets of $606 million and 665 million respectively. To download the 2013 SailPoint Market Pulse Survey results, please visit: www.sailpoint.com/2013MarketPulseSurvey.

About SailPoint

As the fastest-growing, independent identity and access management (IAM) provider, SailPoint helps hundreds of the world’s largest organizations securely and effectively deliver and manage user access from any device to data and applications residing in the datacenter, on mobile devices, and in the cloud. The company’s innovative product portfolio offers customers an integrated set of core services including identity governance, provisioning, and access management delivered on-premises or from the cloud (IAM-as-a-service). For more information about SailPoint, please visit www.sailpoint.com.

Article source: http://www.darkreading.com/vulnerability/45-of-enterprises-believe-employees-are/240164675

CloudLock, the leading cloud information security provider, announced today a new line of innovation-focused projects, CloudLock Labs. As part of the release, they have also made the first offering to carry the Labs name available on the Google Apps Marketplace, GeoFence for Google Apps. Organizations can use this experimental new solution to track where their users are accessing data from, what locations users are logging in from, and any changes made by admins in their domain. As a CloudLock Labs project, GeoFence for Google Apps represents a new line of highly innovative offerings for the cloud security company, designed to respond to risks that traditional security products can or do not address.

“We envision Labs as an innovative, adventurous, and essentially customer-driven way to drive cloud security forward. Look at the news on any given day and you’ll clearly see that the number of risks and data breaches is only accelerating; we’ve introduced CloudLock Labs as part of our commitment to innovation in helping organizations meet those challenges,” said Ron Zalkind, CTO and lead researcher for CloudLock.

CloudLock is introducing GeoFence as a free offering to the CloudLock information security solution suite. As the only security vendor offering this capability, security professionals using GeoFence can quickly identify activity within their Google domain, where those users are logged in from, and what changes are occurring inside of their domains (for example, users being added to or removed from groups). This location-based awareness is designed to give administrators the ability to identify potential data theft and malicious activity before it becomes a data breach or data loss issue.

“We are encouraging security professionals to explore the GeoFence functionality to see for themselves the benefits of CloudLock’s security products,” continued Zalkind. “Being able to manage and reduce risk is at the heart of what we do, and GeoFence represents our ongoing commitment to helping organizations do so more efficiently and effectively.”

Article source: http://www.darkreading.com/management/cloudlock-labs-introduces-geofence-for-g/240164676

A 38-year-old man from the US state of Wisconsin has been sentenced to two years of federal probation and will pay a $183,000 fine for taking part in a distributed denial of service (DDoS) attack organized under the Anonymous hacktivist brand.

Eric J. Rosol, of Black Creek, Wisconsin, pleaded guilty to one misdemeanor count of accessing a protected computer, the Department of Justice said in a statement.

US Attorney Barr Grissom said on 2 December that Rosol admitted to downloading a program called Low Orbit Ion Cannon (LOIC) – a tool that Anonymous has encouraged people to download so as to flood a targeted website with enough traffic to knock it senseless.

The target in this particular operation was Kochind.com, a web page of Koch Industries, which wound up going offline for 15 minutes because of the attack.

Koch Industries is an enormous, multinational corporation based in Wichita, Kansas, that has its fingers in all sorts of pies: manufacturing, refining and distribution of petroleum, chemicals, energy, fiber, intermediates and polymers, minerals, fertilizers, pulp and paper, chemical technology equipment, ranching, finance, and commodities trading.

For their part, the billionaire brothers Charles and David Koch – principals in Koch Industries – are the US’s sugar daddies when it comes to certain political causes.

The brothers have dispensed tens of millions of dollars to groups whose mission it is to end reproductive rights, and they were a key funding source for those who attempted to kill collective bargaining rights for public sector unions in Wisconsin in 2011.

It was the union-busting that got Anonymous to fire up the anti-Koch operation.

On 27 February 2011, Anonymous asked its followers to use the LOIC to attack a Koch Industries site, quiltednorthern.com.

The next day, Anonymous asked its followers to attack Kochind.com with the LOIC.

According to IT World, Rosol and the government agreed that the losses directly resulting from the 28 February attack on Kochind.com amounted to less than $5,000.

Koch Industries, however, argued that it had hired a consulting group to protect its websites at a cost of approximately $183,000, and therein lies the price explosion for 15 minutes of downtime.

Rosol could have been facing a maximum penalty of five years in federal prison and a fine up to $250,000 on each of the two original charges: one count of conspiracy to damage a protected computer and one count of damaging a protected computer.

While he’s off the hook for prison time and will instead only be on probation for two years, Rosol’s fine is being added to a growing list of what’s considered by many to be extraordinarily harsh penalties for computer crimes.

The most recent was the conviction of Jeremy Hammond, a US hacker and political activist who was sentenced in November 2013 to 10 years in US Federal Prison for the theft of 60,000 credit card numbers and the personal information of 860,000 customers of Stratfor through the whistle-blowing website Wikileaks.

Some efforts have been made to curb the charges used in such crimes, including Representative Zoe Lofgren’s proposal of the so-called “Aaron’s Law”.

Aaron’s Law was proposed as a means of changing the Computer Fraud and Abuse Act (CFAA) and the wire fraud statute – laws that formed the basis of 13 felony counts of hacking and wire fraud brought against internet activist Aaron Swartz, who apparently took his own life in the midst of federal prosecution.

The Electronic Frontier Foundation, for its part, considers Aaron’s Law to be a good starting point, but it continues to seek a more fundamental overhaul of the CFAA, including clarification of fuzzy language such as “unauthorized” access, as well as penalties that are more proportionate to offenses.

The charges against Swartz carried the possibility of decades in prison and devastating fines, just as Rosol faced the potential of years in prison and now must pay a crippling fine for his brief participation in the DDoS attack.

Rosol’s $183,000 fine amounts to $3,050 per second of the time that he reportedly spent on the attack. Broken down another way, it translates to $12,200 per minute the targeted site was down.

Was the fine excessive? I can imagine that most hackers might find it so.

Or do those who inflict mayhem deserve such stiff penalties? Perhaps many businesses that struggle to fight off attacks including DDoSes might say that cybercriminals deserve fines similar to that which Rosol is facing.

Please share your own thoughts in the comments section below.

Follow @LisaVaas

Follow @NakedSecurity

Image of Anonymous mask courtesy of Bad Man Production / Shutterstock.com.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/X3I0cwO5pRM/

Our latest Security Threat Report is out!

It’s a free download (no registration required), and we think you’re going to love it, because it paints a fascinating picture of the evolving threat from cybercrime.

Of course, the report isn’t all doom and gloom about the Bad Guys.

It includes a range of security tips, and a section on proactive protection, entitled Staying Ahead of Today’s Most Sophisticated Attacks.

The report isn’t just about Windows and Windows malware, either.

You’ll find a wealth of information about how the cybercrooks are broadening their attack horizons to the Mac, Linux and Android platforms, too.

This is important material because it necessitates that we broaden our defensive horizons in reply.

The report also looks the technology and the underground economy behind crimeware tools such as exploit kits, botnets, click fraud, ransomware, and more.

As well as being a fascinating read, the Security Threat Report 2014 will help you to understand and to protect yourself against an enemy that is becoming ever smarter, shadier and stealthier.

What we suggest is that you grab a copy of the report, open it on-screen, and then take a listen to the short podcast below, as Sophos experts Chester Wiskniewski and John Shier talk you through it.

Their passionate and well-informed commentary will give you plenty of food for thought:

(Audio player not working? Download MP3, or listen on Soundcloud.)

By the way, if your job includes promoting better security to other people, for example through talks and articles, don’t miss the Press Kit that goes along with the Threat Report.

The Press Kit includes standlone images from the report that you can use in your own presentations; infographics you can use as supporting evidence in your own articles; and a selection of white papers for further reading:

• Dont Let Data Loss Burn a Hole in Your Budget
• Five Stages of a Web Malware Attack
• Simple Security Better Security
• The Rise of Mobile Malware
• Who’s Snooping on Your Email

Enjoy the report, and don’t be shy to let us know what you think in the comments below. (You may comment anonymously.)

Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/Ap4NzRuiaCI/

Last Thursday, Twitter announced the global availability of tailored audiences; promoted tweets that are targeted at individuals based on the websites they have visited.

It seemed like a good opportunity to explain how Twitter is going to do it, how it has been using a different technique to track the websites you visit for some time now, and how to turn it all off if you want to.

Tailored audiences

Tailored audiences is Twitter’s take on retargeting – a behavioural advertising technique that allows companies to continue advertising to somebody who has visited and then left their website (typically because they visited but didn’t buy anything).

Retargeted ads are the ones that seemingly follow you around – no matter which website you’re on, the same advert appears over and over.

In theory, behavioural advertising is good news all round because advertisers are less likely to waste time and money talking to the wrong people and consumers are more likely to see adverts for things they might actually want.

Unfortunately while consumers get a share of the upside they have the downside to themselves; in order for it all to work somebody, somewhere has to collect, store and analyse lots and lots of information about what those consumers have been doing.

For users who care about their privacy now and in the future that’s a significant downside, even when the data that’s collected is aggregated and anonymised.

The privacy situation is made worse by the online advertising community’s strong inclination towards opting users into behavioural advertising silently and with the assumption that users are OK with it.

This default opt-in approach is doubly disappointing from Twitter who has often been ahead of its rivals in adopting privacy technologies like HTTPS, Do Not Track and forward secrecy.

To make tailored audiences work, Twitter has teamed up with ten ‘ad partners’. These ad partners are well established advertising companies that already engage in things like retargeting and loyalty programs.

The ad partners will tell Twitter when a user has visited a website that’s signed up to tailored audiences so that it knows it can retarget that website’s promoted tweets to the same user when they log on to Twitter.

Fortunately Twitter has made it easy to opt out:

1. Log in to Twitter
2. Click on the Settings and help sprocket icon
3. Click Settings
4. Select Security and Privacy
5. Un-tick Promoted content.

Unusually, you can also opt out by enabling the almost-but-not-entirely useless Do Not Track function in your browser.

Neither of these measures prevents the ad companies from tracking you on 3rd party websites but they do stop the ad companies from passing the tracking data to Twitter.

The ad partners themselves maintain their own individual opt outs (which should opt you out of their entire ad networks and not just tailored audiences). Links to the ad partner opt-out pages are provided below:

• Aadara
• AdRoll
• BlueKai
• Chango
• DataXu
• Dstillery
• Lotame
• Quantcast
• ValueClick
• [x + 1]

Now, as I mentioned in my introduction, tailored audiences isn’t the only way that Twitter can track the websites you visit so let’s take a look at tailored suggestions.

Tailored suggestions

Tailored suggestions is a list of users who Twitter thinks you might like to follow that appears under ‘Who to follow’ on various pages on the micro-blogging site.

Twitter tries to work out if you should follow somebody by comparing the websites their followers visit with the websites that you go to. Although it relies on knowing which websites you visit it doesn’t use the tailored audiences ad partners to get that data.

The data for tailored suggestions is gathered entirely from the blue tweet buttons that are embedded into websites (like this one) that want to make tweeting their content a little bit easier.

This is possible because of the way that the buttons are embedded. When a browser loads a web page with an embedded tweet button it has to request the code for the tweet button from twitter.com.

That request is like any other HTTP request for any other web page and will contain a referer header (which can identify where you are) and any cookies your browser has for the twitter.com domain (which can identify who you are).

So the very act of looking at a web page with a tweet button on it can tell Twitter you are looking at that web page (this is also true of Facebook Like buttons, Pinterest Pins and all the other popular social media ‘widgets’).

Fortunately it’s just as easy to switch off tailored suggestions as it is to switch of tailored audiences:

1. Log in to Twitter
2. Click on the Settings and help sprocket icon
3. Click Settings
4. Select Security and Privacy
5. Un-tick Personalization

As with tailored audiences, Twitter will also disable tailored suggestions if you have Do Not Track enabled in your browser.

The methods described in this article for disabling tracking are the vendors’ own methods and following them should ensure that the sites affected stop tracking you but continue to operate correctly.

If you don’t trust vendors that rely on advertising dollars to manage your privacy or if you’re looking for a more comprehensive anti-tracking solution then you might prefer to manage your privacy with a browser plugin like Ghostery or Lightbeam.

Follow @MarkStockley
Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/hUFzHjBCODY/

You know how a military guy with a special briefcase was supposed to have followed the US president around, carrying what were allegedly the secret, continually changing codes needed to launch a nuclear attack?

It might as well have been filled with shredded newspaper, as Mashable’s Joe Veix puts it.

That’s because, according to a recently published paper about Permissive Action Links (PALs) – small security devices that prevent setting off nuclear weapons without the right code and the right authority – the “secret unlock” code for all US Minuteman nuclear missiles for almost 20 years during the Cold War was set to the jaw-droppingly simple code of eight zeros: 00000000.

Steven M. Bellovin, a computer science professor at Columbia, discovered how easy it would have been to set off nuclear weapons after coming across a 2004 paper by Dr. Bruce G. Blair, a former Air Force officer who manned Minuteman silos and the subsequent president of the Center for Defense Information.

Both Dr. Blair’s original paper and Bellovin’s more recent paper were cited in articles on Today I Found Out and in the Daily Mail.

In his 2004 article, Dr. Blair described a discussion about PALs he had a month earlier with Robert McNamara, the secretary of defense during the Kennedy and Johnson administrations.

McNamara confidently told Blair that yes, such locks were in fact installed on the Minuteman force and that he regarded them as essential to strict central control and preventing unauthorized launch.

The thing is, Blair told a “shocked and outraged” McNamara, the Strategic Air Command (SAC) in Omaha decided to make it easier to launch nukes by quietly setting the locks to all zeros.

During Blair’s stint as a Minuteman launch officer during the early to mid-1970s, none of those zeros had been changed.

In fact, he wrote, protocols had been set up to make sure to keep it that way. Oh, and just in case somebody forgot what the vital combination was? No problem, it was written down for the officers:

Our launch checklist in fact instructed us, the firing crew, to double-check the locking panel in our underground launch bunker to ensure that no digits other than zero had been inadvertently dialed into the panel. SAC remained far less concerned about unauthorized launches than about the potential of these safeguards to interfere with the implementation of wartime launch orders.

Blair went on to co-author a 1977 article with Garry Brewer titled “The Terrorist Threat to World Nuclear Programs” in which he argued for a more serious approach to activating the locks – locks that McNamara, as well as presidents during the relevant time, figured were already activated.

The article worked. It got attention at the top, and the locks were activated that same year.

So to sum it up, nuclear Armageddon originating in the most heavily-armed regime on the planet was an easily guessed password, written down.

Hmmm… simple passwords, written down.

I’m having the strongest sense of déjà vu. I see images of sticky notes with the numbers “123456” stuck to computer monitors.

Many of us, unfortunately, haven’t learned much since the Cold War.

Everybody – and that includes people with their fingers on the trigger of nuclear weapons – should use different, strong passwords for each website they log into or every missile they guard.

Make sure to choose strong passwords made up of at least twelve characters and containing a mix of letters, numbers and special characters.

If you’re like me, you lack the brain storage to remember them all, so consider a password manager like LastPass or KeePass.

Follow @LisaVaas

Follow @NakedSecurity

Image of missile courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/KjljfMXw7q8/

A 27-year-old man based in San Diego, California, faces prison after being charged with 31 felonies related to the publication of 10,000 explicit photographs sent in by the victims’ ex-partners.

Kevin Bollaert was arrested today for running ‘revenge porn’ website ugotposted.com and is currently being held in prison on $50,000 bail.

In a press release, Kamala D. Harris, California’s Attorney General, said:

This website published intimate photos of unsuspecting victims and turned their public humiliation and betrayal into a commodity with the potential to devastate lives. Online predators that profit from the extortion of private photos will be investigated and prosecuted for this reprehensible and illegal internet activity.

Prosecutors allege that Bollaert was running the revenge site, which has now been taken down, in conjunction with another site called changemyreputation.com.

The Attorney General’s office alleges that when Bollaert received complaints on the main website, he would then send an email directing victims to changemyreputation.com where they would be directed to pay a fee of between $299 and $350 in order to have their photos removed.

According to court documents Bollaert allegedly told investigators that he received around $900 per month in advertising revenue from the site.

PayPal records indicate that changemyreputation.com received payments totalling tens of thousands of dollars.

Unlike other revenge porn sites where photos are published anonymously, those who found their very personal images features on ugotposted.com had even more reason to get their saucy pics removed from Bollaert’s site.

According to the Attorney General, ugotposted.com required that any images posted on the site were accompanied by the subject’s full name, age, location and even a link to their Facebook profile.

According to the arrest warrant, the victims, who all appear to be female, were unsurprisingly upset that their photos and personal details had been published on ugotposted.

Legal Analyst Victoria Terry related the case of Jane Doe #6 who said that an unknown person had illegally obtained access to her email account and found nude images she had saved there.

The Jane Doe also claimed that her Facebook account was illegally accessed and that the photographs were sent to her relatives. She also claimed that her passwords for Facebook, AOL and Gmail were changed.

Far more concerning, however, is the fact that she claims that the photos, published on ugotposted without her knowledge or consent, may have been taken when she was still a minor.

A search warrant executed on ugotposted’s gmail account allowed investigators to retrieve messages sent by many alleged victims, including Jane Doe #6 who wrote:

PLEASE HELP! I am scared for my life! People are calling my work place and they obtained that information through this site! I did not give permission for anyone to put up those pictures or my personal information. I have contacted the police but these pictures need to come down! Please!

All in all, investigators discovered that over 2,000 emails had been sent to the yougotposted email account with around 50% of the messages containing the word “remove” in them.

Victims often struggle to prosecute those behind the likes of ugostposted.com, labelled ‘revenge porn’ sites because content is more often than not uploaded by jilted ex-lovers.

This is because, in the US at least, those who run the sites can sometimes claim protection under Section 230 of the Communications Decency Act which gives site owners a legal get out in respect of user-submitted content.

Bolleart’s alleged mistake in this respect was that he crossed the lines of state laws against identity theft which prohibit the posting of personally identifying information “for any unlawful purpose, including with the intent to annoy or harass.”

In a meeting with Brian Cardwell, Bollaert stated that he had now shut the site down voluntarily, saying that:

At the beginning, it was fun and entertaining, but now it’s just like ruining my life.

Perhaps realising that ugostposted.com had left victims feeling much the same, albeit minus the fun and entertainment, he said:

Yeah, I realize like this is not a good situation. I feel bad about the whole thing and like I just don’t want to do it anymore. I mean I know a lot of people are getting screwed over like on the site. Like their lives are getting ruined.

Follow @Security_FAQs
Follow @NakedSecurity

Image of heart courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/USXqRpwqM6U/

5 ways to prepare your advertising infrastructure for disaster

Exclusive IT staff at the world’s largest securities transaction clearing house are facing a rough few days after a Reg reader was inadvertently deluged with emails leaking session IDs, transfers, and account details for executives at big-name customers.

The Depository Trust Clearing Corporation (DTCC) handles the vast bulk of stock and securities transactions for the US, and last year moved more than $1.7 quadrillion in deals through its servers. When a financial asset is traded, the firm handles the paperwork at each end, and works with some of the largest banks and financial institutions in the world.

So a Reg reader, who wishes to remain anonymous, was a little surprised on Monday when he started receiving diagnostic emails from DTCC at a furious rate.

These log files detailed corporate network activity, such as Windows and Unix logon events and mail server warnings. The alerts revealed sensitive session IDs; email addresses for executives at the Bank of America, Barclays, and Deutsche Bank; IP network addresses; user rankings that identified admin accounts; the time stamps of transactions and logins; and more.

How more than 20,000 emails flooded an outsider’s webmail inbox

Our man was at home with the flu watching Lord of the Rings on loop in an effort to get to sleep (a technique he reported was eventually successful) when his iPad started to ring constantly with new email alerts.

Thinking the issue was a bug, he turned off the fondleslab, but when checking his email account a little later he noticed thousands of emails coming in from DTCC. In total he received more than 20,000 messages, some so long that Gmail had automatically cut them off.

The reader, a mature university student but with a background in ISP networking, initially thought it was a mailbomb attack, but after he checked the emails he was astonished to find they contained machine logs from DTCC servers. He checked out a handful, and found they contained a host of information that would be very useful for miscreants with a talent for social engineering or network penetration.

He first tried emailing DTCC to tell them about the problem, but got an email bounce back. Next he tried an email address of a banker found in one of the files, but the recipient misunderstood the message completely and simply emailed back asking to be removed from the reader’s mailing list.

“I got a bit twitchy when I saw lots of different bankers logging in: I’m studying Internet Crime, so I’ve been doing a lot of researching on, well, internet crimes,” he told El Reg.

As the torrent of emails continued, the reader’s feelings moved from concern to annoyance, since the spam was masking personal messages that could be important and was eating into his data plan at a frightening rate via his Gmail-linked Android phone. So he contacted El Reg about the problem to see what could be done.

‘Inadvertently sent out as a result of human error’

To its credit, DTCC did respond to the issue quite quickly. Its press flack was at her child’s birthday party, but alerted the company to the issue and the email flood has now ended.

“These messages were inadvertently sent out as a result of human error. We have confirmed that this was an isolated incident and that no other individuals received this or similar information,” the spokeswoman said in a statement.

“We have identified the situation quickly and taken steps to protect our client’s information. We are also working with the individual who received these messages to resolve any remaining issues.”

The spokeswoman couldn’t confirm the exact problem, but from the content of the emails the fault appears to lie in the configuration of an IBM QRadar Security Intelligence Platform (ironically). QRadar can send a snapshot of network activity to an admin’s email, and it appears that the reader’s address was put in by accident.

If so, this raises some intriguing questions – not least why this kind of data was being sent to a Google webmail address in the first place and why no one noticed the misdirected network traffic capture. DTCC is conducting an investigation into what went wrong and how to prevent it happening in future, but the reader has some ideas of his own.

“I know one thing, from when I worked at an ISP, if this leak happened there we’d have done a complete strip down: new user IDs, passwords (for systems and software), new host names, new IP ranges, new everything! Anything and everything that went outside the core IT staff would be pulled and set up as new, especially if it went to some random person’s email,” he suggested.

Comment

El Reg would also suggest that DTCC give this honest soul some kind of reward for his troubles. Even though it appears no passwords, certainly no plaintext ones, were leaked, some of this information could have been abused in the wrong hands; the quadrillion-dollar firm could have been facing an electronic attack, or perhaps some legal bother, if the recipient had been less civic-minded. ®

Disaster recovery protection level self-assessment

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/11/quadrillionaire_finance_house_spams_iregi_reader_with_clients_data/

5 ways to prepare your advertising infrastructure for disaster

Hundreds of authors have written to the United Nations demanding an international bill of digital rights, after leaks revealed the extent of secret state surveillance.

Writers including Cory Doctorow, Margaret Atwood and Kazuo Ishiguro have added their names to the letter, which has signatures from over 500 authors from all over the world.

The wordsmiths keep it short and sweet in the letter, which argues for the “fundamental” human right of privacy online. They clearly are holding on to the hope that the world body has some way of getting its signatories to agree to something that’s not quite in most humongo-governments’ interests… Er, good luck with that, guys.

“A person under surveillance is no longer free; a society under surveillance is no longer a democracy,” they wrote. “To maintain any validity, our democratic rights must apply in virtual as in real space.”

They accuse state agencies like the NSA of stealing private data and compromising freedom of thought and opinion by accessing online information like emails and internet searches.

The writers demand that the UN creates an international bill of digital rights and call on countries and corporations to respect those rights and governments to sign up to the bill.

The letter follows the ongoing leaks from former NSA worker Edward Snowden, who has been releasing documents to the media that suggest the government agency has been collecting data on the phone calls and internet activity of US citizens, tapping German Chancellor Angela Merkel’s mobile and generally snooping through digital means.

The allegations have spurred a host of negative reactions, even from the tech companies that often handed over the data. Earlier this week, eight of them, including Apple, Google and Microsoft, wrote to President Barack Obama calling for changes to surveillance laws to help prop up the public’s trust in the internet. ®

Disaster recovery protection level self-assessment

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/11/authors_letter_un_digital_rights/