STE WILLIAMS

Disaster recovery protection level self-assessment

A Washington-backed peer-to-peer site designed to push holes through China’s Great Firewall has managed to accrue nearly 10,000 followers in the past fortnight.

Lantern was not built specifically for China, but such is the appetite for unfettered internet access in the People’s Republic that around three-quarters of its users come from the Middle Kingdom.

The new service, which promises access to sites like Facebook and Twitter which bring “light to corruption and justice”, works like a P2P network, relying on some of its users offer the chance for others to jump onto their virtual private network connection to the open internet.

A video explaining the service had the following:

Lantern is a safe and secure free software that gives people internet access in places where access is denied. It’s software that circumvents government censorship. When you install Lantern on your computer you provide a new escape route for getting information in and out of censored countries. You’re giving people a way out; a way to communicate, a way to mobilise.

Although most of Tor’s public access points and an increasing number of VPN services are banned in China, Global Voices gives the distributed P2P-style Lantern a greater chance of success.

However, one user @zuihulu cautioned that its “stability and speed” are still not as good as commercial VPNs, while another, @YaxueCao, reminded followers that it “only offers you an open door, it won’t protect you from surveillance”.

The threat of China’s shadowy internet police infiltrating the network grows greater the more popular it gets, although they will be powerless to stop it spreading outside the Great Firewall.

The service itself has seen a huge spike in traffic over the past couple of weeks, jumping from the low hundreds to around 10,000 users, according to the South China Morning Post, which spoke to one of the developers behind the project.

Adam Fisk, president of Brave New Software, the non-profit that developed Lantern, was apparently one of the men behind popular P2P platform LimeWire.

His new project has been given US$2.2 million (£1.3m) in seed funding by the US State Department, according to the paper.

Confounding optimism that president Xi Jinping would usher in a new era of more relaxed attitudes to online censorship, Beijing has been taking an increasingly hard line on web freedoms.

Despite Google exec president Eric Schmidt’s prediction that global censorship could end in a decade, China’s Supreme Court recently clarified that popular tweets spreading “online rumours” could land the sender with up to three years in jail. ®

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/06/lantern_censorship_china_great_firewall/

Disaster recovery protection level self-assessment

Reporting on telcos’ role in communications interception is getting very, very, silly.

Back in July, Australian media “discovered” an agreement between Australia’s dominant carrier Telstra and the USA’s Federal Bureau of Investigation and Department of Justice to snoop submarine cable traffic. As we demonstrated at the time, the agreement is business as usual: foreign carriers that want to land a cable in the USA have to sign such agreements in order to do business. Such agreements are not carte blanche to snoop, but a guarantee foreign carriers will allow “Lawful US process” to be applied as signatories will be required to “provide technical or other assistance to facilitate such Electronic Surveillance.”

What we now know about the NSA is that the extent of that surveillance may be rather greater than had previously been imagined. That’s not good, but doesn’t change the fact reports Telstra had given up our secrets were looking at the agreements through the darkest-imaginable lenses.

Which brings us to today’s “revelations”, touted by Fairfax media as ”Telstra’s data ‘vacuum’.

The guts of the story are as follows:

• Telstra deals with a Melbourne company called Newgen Systems that is the sole supplier of Gigamon kit in Australia
• Gigamon’s products “are designed to find not just a needle in a haystack, but bits of needles in many haystacks.
• Gigamon kit is spookware
• Telstra also uses Splunk products
• Splunk is spookware

Before we go on, let’s note that a tiny bit of Googling undertaken by Vulture South’s Richard Chirgwin came up with this auto-downlading slide deck dated 2007 and titled “Gigamon Training for Telstra”, by way of pointing out that Gigamon’s been chatting to Telstra for quite a while without ever upsetting anyone before. And also to show that there’s not much revelatory on offer.

Let’s now deal with each element of the story in turn

Newgen Systems is a shadowy funnel for spookware

The time-honoured way for US companies to enter Australia is to find someone who already knows its products and set them up as a distributor/reseller. The aim of this ploy is to find a big customer – nearly always a telco or bank – that will provide enough revenue for the first distributor/reseller to survive and grow. Newgen looks like just such a distributor/reseller. That is the only Gigamon distributor/reseller in Australia is unremarkable: Australia does not have a huge prospect pool for Gigamon kit

Gigamon’s products “are designed to find not just a needle in a haystack, but bits of needles in many haystacks

So what?

Carriers operate networks. If they didn’t monitor them extensively, we’d be worse off than if they did! That the tools they use harvest lots of data about network traffic should not be news to anyone. Fairfax at least acknowledge that Telstra has an obligation to collect lots of data to facilitate lawful interception, but should also acknowledge that attacks on networks can be very sophisticated. Finding fragments of needles is a very useful thing to do if you’re trying to defend a network on which millions of people rely for phone calls and internet access

Gigamon’s products are spookware

No they are not. That they gather a lot of data that spooks could find interesting cannot be denied. That they gather a lot of data network administrators find interesting cannot be denied. That they gather a lot of data marketers keen to understand usage patterns newspaper web sites would find interesting cannot be denied. OMG! Fairfax is SPYING on readers of its websites!

Telstra uses Splunk products

Yes it does. It evaluated it back in back in 2009. Splunk, by the way, shows up in shadowy places like conferences where its “booths” offer a “sales presence” it uses to “find new customers” ! Damning evidence, we know.

Splunk is spookware

Puh-lease. Yes, Splunk can analyse all manner of activity. But again, it can be used by spooks in the same way that any other log file analysis tool can be used by spooks.

And let’s not forget that just about every piece of technology Telstra and every other business uses to operate produces log files. And those files can be analysed to produce information on who did what, when and where. Customers. Partners. Staff. Records about all of them are being created by every router, every server, every firewall.

And they’re all sitting there waiting to be analysed by someone unscrupulous – maybe even a journalist – who will use them to prove a point. ®

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/05/shock_revelation_telstra_manages_its_networks/

Disaster recovery protection level self-assessment

Microsoft is planning to release at least five critical fixes in next week’s Patch Tuesday monthly security update.

The company said that the planned patch release will include fixes for critical remote code execution flaws in versions of Windows, Office, and Internet Explorer, as well as Microsoft Exchange Server.

Among the products which will be impacted by the critical updates are Windows 8 and 8.1, Windows 7, and Windows XP. The Internet Explorer updates will address flaws in versions 6 through 11 of the web browser. Windows Server 2012, 2010, 2008, and 2003 will also see updates, as will the Windows 8 RT tablet build.

Also addressed in the update will be critical flaws for Office 2013, 2010, 2007, and 2003. Microsoft warned that if exploited, the vulnerabilities could allow an attacker to remotely execute code without user notification.

In addition to the five critical security fixes, Redmond is planning to release six bulletins to address less-severe “important” security risks. Those patches will include updates for remote code execution, elevation of privilege and information disclosure flaws, as well as issues that could allow an attacker to bypass security features in Office. The notification does not mention any security updates for OS X versions of Office this month.

For Microsoft Lync, the Patch Tuesday update will bring fixes for important issues in both Lync 2010 and 2013.

The company said that the December edition of Patch Tuesday, the final scheduled security release of the year, will be released on December 10. The company usually posts detailed descriptions of the patched flaws, as well as suggested prioritizing for the updates, when it makes the security bulletins available to users and administrators.

Adobe has also set aside the second Tuesday of the year for its scheduled security updates, though the company has yet to give word on any upcoming patch releases. ®

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/06/five_critical_fixes_on_the_way_for_patch_tuesday/

Disaster recovery protection level self-assessment

The US Federal Trade Commission (FTC) has announced a clampdown on an Android developer accused of covertly harvesting and selling user locational data.

The FTC said that it has reached a settlement with Goldenshores Technologies, a US developer behind the “Brightest Flashlight” mobile application, a free download which the FTC said had been installed on “tens of millions” of Android devices.

According to the FTC, the Brightest Flashlight application not only provided users with a handy light, but also collected data on their location and device ID. The collected information was then sold to third-party advertisers.

When the developers did notify users about the application’s activities, the FTC said, information was inaccurately displayed or a user’s preferences not to have their data shared were ignored. Additionally, the commission charged that Brightest Flashlight would track and transmit user information even before users had the chance to read the EULA and accept or decline the terms of the agreement.

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” said FTC consumer protection bureau director Jessica Rich.

“But this flashlight app left them in the dark about how their information was going to be used.”

Under the terms of the deal, the FTC said that Goldenshores will be barred from covertly collecting information about users and transmitting without consent. Further, the company will be required to fully disclose how it handles user information and obtain permission before handling any user data.

The US government is hardly in much of a position to shame the private sector over the covert collection of user data. Earlier this week the Washington Post reported that the NSA may be maintaining an archive which tracks the mobile activity of billions of people around the world as part of an effort to monitor terrorist activities.

That system, which authorities have contended is not illegal, is able to track user movements across multiple access points and identify when a device is likely being used by an associate or an accomplice of a suspected criminal. ®

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/12/06/ftc_torches_android_flashlight_app_for_spying_on_users/

Symantec has quietly shuttered two service offerings under its Managed Security Services umbrella — its firewall and endpoint services.

In what the security giant describes as a consolidation of its existing managed security services, Symantec said it had terminated its Managed Firewall Service and its Managed Endpoint Protection service this summer.

Symantec didn’t make a public announcement of the change-up. The company said it discontinued the two services on July 1, and at that time contacted its customers and partners of the services. “Symantec MSS Managed Firewall and Managed Endpoint Protection were discontinued for sale and have not been available since July 1, 2013. We communicated the changes to impacted customers and partners in July,” the company said in a statement in response to a Dark Reading inquiry about the possible sun-setting of the services.

“Symantec Managed Security Services (MSS) is a key component of Symantec’s Information Security portfolio and we are committed to our MSS offerings moving forward,” the company said. “As we align with our new offering strategy and efforts to streamline our product range to provide fewer, more integrated solutions for our customers, Symantec made the decision to retire the Managed Firewall and Managed Endpoint Protection service offerings from its Managed Protection Services portfolio. This decision does not include Intrusion Detection/Prevention solutions nor impact MSS Security Monitoring. Existing customers will have use of the retired Managed Firewall and Managed Endpoint Protection services until the end of their annual service period. We are firmly committed to helping our partners and customers successfully navigate this process.”

Symantec’s Managed Security Services Web page currently lists three offerings: Security Monitoring Service, Intrusion Detection/Prevention Solution with Sourcefire, and its DeepSight Intelligence Services.

The move appears to be a standard business decision, says Mike Rothman, president of Securosis. “It’s a necessary pruning process as they focus their business. That means some offerings won’t meet the threshold for installed base, growth, and/or strategic value to the bigger story, and are therefore either sold off if possible or shut down,” Rothman says. “Standard stuff for companies doing a strategic review.”

Word of this latest service offering retirement comes on the heels of Symantec’s announcement last week that it was dropping its cloud-based backup and recovery service, Backup Exec.cloud. Meanwhile, Symantec’s president of products and services Francis deSouza left the company earlier this month to take the helm as president of Illumina. Symantec’s products and services leadership team currently reports to Symantec president and CEO Steve Bennett.

J.J. Thompson, managing director and CEO of Rook Security, an Indianapolis-based security process integration provider, says this could indicate signs of trouble for other Symantec managed security services. “I find it interesting that Symantec continues to pull key components of its security offering. First it was security consulting services, now they are moving onto their MSS, shortly after killing cloud backup. Our shared clients are very concerned with the message this sends — is Symantec able to sustain their MSS offering or are they having to cut off their foot to save their leg?”

He contends that the move by Symantec won’t better integrate its services. “They’re pulling a key component of security program management out of their client portfolio, for clients who selected Symantec as a ‘full service’ security partner,” Thompson says. “It’s becoming more clear to end user companies that where some of these traditional brands succeeded in the past, they are not able to keep up with more agile competitors who have business models that fit in line with today’s strategic business drivers.”

Meantime, the MSS global market is looking healthy going forward, according to new data from Transparency Market Research: it’s estimated to grow at a compound annual growth rate of 15.4 percent through 2019. The MSS market worldwide was valued at $9.24 billion in 2012, the research firm says.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/management/symantec-drops-managed-firewall-managed/240164467

MILPITAS, Calif., December 5, 2013–FireEye, Inc. (NASDAQ: FEYE), the leader in stopping today’s advanced cyber attacks, today announced FireEye’s Oculustrade platform for small and midsize businesses (SMB). Oculus for SMB combines technology, services, and threat expertise in a solution specially tailored to small and midsized businesses. Leveraging the industry’s leading advanced threat prevention platforms for Web, email, and mobile, Oculus for SMB enables simple and scalable security. The solution includes state-of-the-art continuous monitoring to help address the comprehensive advanced security needs of this large and critical business segment. Today, FireEye has hundreds of SMB customers across multiple verticals including finance, manufacturing, and retail.

“For years, FireEye has provided unprecedented protection to the enterprise, but there’s no question that small and medium-sized businesses have as much need for effective information security technology as large companies,” explained Charles Kolodgy, research vice president of security products at International Data Corporation (IDC).

“Cybercriminals target small organizations who, consequently, require an effective solution to protect their businesses.”

This offering opens a major market opportunity for advanced threat management. According to the U.S. Small Business Administration, SMBs represent 99% of U.S. businesses. And in 2012, Verizon reported that 77% of cyber attacks targeted small businesses. IDC reports that SMB spending on security technology continues to show strong growth and is predicted to exceed $5.6 billion in 2015.[1]

FireEye Oculus for SMB includes:

Web threat protection: With the FireEye NX series platform, SMBs can stop Web-based attacks that traditional and next-generation firewalls (NGFW), IPS, AV, and Web gateways miss. The NX series protects against zero-day Web exploits and multi-protocol callbacks to keep sensitive data and systems safe.

Email threat protection: SMBs can leverage cloud-based or the on-premise EX series platform to protect against today’s advanced email attacks.

Mobile threat protection: SMBs can leverage a cloud-based platform to address threats targeting mobile devices and help ensure that mobile apps are safe to use.

Oculus for SMB also provides Oculus Continuous Monitoring to help ensure that constrained security resources do not hinder an organization’s ability to counter targeted threats. Capabilities include:

Continuous Monitoring: FireEye threat intelligence augments customer IT teams to proactively recognize advanced persistent threat (APT) attacks.

Cybercon Reports: Vertical-specific threat information provides a more comprehensive view of the landscape so SMBs are better prepared to manage risk in their specific threat environment.

Health Check: Alerts notify customers when their deployments fail remote health checks to ensure uninterrupted protection against advanced threats.

“FireEye is putting virtual machine technology into the hands of SMBs,” said Manish Gupta, FireEye senior vice president of products. “With the FireEye solution, SMBs obtain a simple and scalable security solution for advanced threats to safeguard corporate assets and drive down business risks. SMBs will enjoy unmatched advanced threat protection solution with continuous monitoring to augment their limited resources.”

“With FireEye, we don’t have to worry about malicious threats to our systems — and we can now proactively block malware from reaching desktops,” said Wade Jones, CIO and senior vice president, Citizens National Bank of Texas.

The new SMB offering gives more than 500 FireEye channel partners the opportunity to expand their sales portfolio.

“The new commercial offerings from FireEye open up whole new markets for us to target,” said Barrie Desmond, group marketing director with Exclusive Networks. “Smaller organizations with high-value assets face the same threats as larger enterprises. Now we have a FireEye solution to help protect them.”

About FireEye, Inc.

FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 1,300 customers across more than 40 countries, including over 100 of the Fortune 500.

Article source: http://www.darkreading.com/management/fireeye-announces-availability-of-oculus/240164486

REDMOND, Wash., Dec. 5, 2013 /PRNewswire/ — The Microsoft Digital Crimes Unit today announced it has successfully disrupted a rampant botnet in collaboration with Europol’s European Cybercrime Centre (EC3), the Federal Bureau of Investigation (FBI) and leaders in the technology industry, including A10 Networks Inc. The Sirefef botnet, also known as ZeroAccess, is responsible for infecting more than 2 million computers, specifically targeting search results on Google, Bing and Yahoo search engines, and is estimated to cost online advertisers $2.7 million each month. Today’s action is expected to significantly disrupt the botnet’s operation, increasing the cost and risk for cybercriminals to continue doing business and preventing victims’ computers from committing fraudulent schemes.

(Logo: http://photos.prnewswire.com/prnh/20000822/MSFTLOGO)

This is Microsoft’s first botnet action since the Nov. 14 unveiling of its new Cybercrime Center — a center of excellence for advancing the global fight against cybercrime — and marks the company’s eighth botnet operation in the past three years. Similar to Microsoft’s Citadel botnet case, the ZeroAccess case is part of an extensive cooperative effort with international law enforcement and industry partners to dismantle cybercriminal networks and ensure that people worldwide can use their computing devices and services with confidence.

“This operation marks an important step in coordinated actions that are initiated by private companies and, at the same time, enable law enforcement agencies around Europe to identify and investigate the criminal organizations and networks behind these dangerous botnets that use malicious software to gain illicit profits,” said Troels Oerting, head of the EC3. “EC3 added its expertise, information communications technology infrastructure and analytic capability, as well as provided the platform for high-level cooperation between cybercrime units in five European countries and Microsoft.”

Due to its botnet architecture, ZeroAccess is one of the most robust and durable botnets in operation today and was built to be resilient to disruption efforts, relying on a peer-to-peer infrastructure that allows cybercriminals to remotely control the botnet from tens of thousands of different computers. ZeroAccess is used to commit a slew of crimes, including search hijacking, which “hijacks”

people’s search results and redirects people to sites they had not intended or requested to go to in order to steal the money generated by their ad clicks.

ZeroAccess also commits click fraud, which occurs when advertisers pay for clicks that are not the result of legitimate, interested human users’ clicks, but are the result of automated Web traffic and other criminal activity.

Research by the University of California, San Diego shows that as of October 2013, 1.9 million computers were infected with ZeroAccess, and Microsoft determined there were more than 800,000 ZeroAccess-infected computers active on the Internet on any given day.

“The coordinated action taken by our partners was instrumental in the disruption of ZeroAccess; these efforts will stop victims’ computers from being used for fraud and help us identify the computers that need to be cleaned of the infection,” said David Finn, executive director and associate general counsel of the Microsoft Digital Crimes Unit. “Microsoft is committed to working collaboratively — with our customers, partners, academic experts and law enforcement — to combat cybercrime. And we’ll do everything we can to protect computer users from the sinister activities and criminal networks that victimize innocent people and businesses around the world.”

Last week, Microsoft filed a civil suit against the cybercriminals operating the ZeroAccess botnet and received authorization from the U.S. District Court for the Western District of Texas to simultaneously block incoming and outgoing communications between computers located in the U.S. and the 18 identified Internet Protocol (IP) addresses being used to commit the fraudulent schemes. In addition, Microsoft took over control of 49 domains associated with the ZeroAccess botnet. A10 Networks provided Microsoft with advanced technology to support the disruptive action.

As Microsoft executed the order filed in its civil case, Europol coordinated a multijurisdictional criminal action targeting the 18 IP addresses located in Europe. Specifically, Europol worked with Latvia, Luxembourg, Switzerland, the Netherlands and Germany to execute search warrants and seizures on computer servers associated with the fraudulent IP addresses located in Europe.

This is the second time in six months that Microsoft and law enforcement have worked together to successfully disrupt a prevalent botnet. It demonstrates the value coordinated operations have against cybercriminal enterprises.

“If the hacker community has not yet taken notice, today’s disruption of the ZeroAccess botnet is another example of the power of public-private partnerships,” FBI Executive Assistant Director Richard McFeely said. “It demonstrates our commitment to expand coordination with companies like Microsoft and our foreign law enforcement partners — in this case, Europol — to shut down malicious cyberattacks and hold cybercriminals accountable for exploiting our citizens’ and businesses’ computers.”

Microsoft and its partners do not expect to fully eliminate the ZeroAccess botnet due to the complexity of the threat. However, Microsoft expects that this action will significantly disrupt the botnet’s operation. Microsoft is working with ecosystem partners around the world to notify people if their computers are infected and will make this information available through its Cyber Threat Intelligence Program (C-TIP). ZeroAccess is very sophisticated malware, blocking attempts to remove it, and Microsoft therefore recommends that people visit http://support.microsoft.com/botnets for detailed instructions on how to remove this threat. Because Microsoft found that the ZeroAccess malware disables security features on infected computers, leaving the computer susceptible to secondary infections, it is critical that victims rid their computers of ZeroAccess by using malware removal or antivirus software as quickly as possible. Europol is also providing information on its website about botnets to educate the public on how to protect themselves.

More information about today’s news and the coordinated action against ZeroAccess is available at http://www.microsoft.com/en-us/news/presskits/dcu.

Legal documentation in the case can be found at http://www.botnetlegalnotice.com/ZeroAccess.

About Europol

EC3 is the focal point in the EU’s fight against cybercrime, contributing to faster reactions in the event of online crimes. It will support Member States and the European Union’s institutions in building operational and analytical capacity for investigations and cooperation with international partners. EC3 officially commenced its activities on 1 January 2013, and it aims to become the focal point in the EU’s fight against cybercrime, through building operational and analytical capacity for investigations and cooperation with international partners in the pursuit of an EU free from cybercrime. The European Cybercrime Centre is hosted by Europol; the European law enforcement agency in The Hague, The Netherlands, and thus EC3 can draw on Europol’s existing infrastructure and law enforcement network.

About FBI

As an intelligence-driven and a threat-focused national security organization with both intelligence and law enforcement responsibilities, the mission of the FBI is to protect and defend the United States against terrorist and foreign intelligence threats, including cyber-based attacks and high-technology crimes; to uphold and enforce the criminal laws of the United States; and to provide leadership and criminal justice services to federal, state, municipal, and international agencies and partners.

About A10 Networks

A10 Networks was founded in Q4 2004 with a mission to provide innovative networking and security solutions. A10 Networks makes high-performance products that help organizations accelerate, optimize and secure their applications. A10 Networks is headquartered in Silicon Valley with offices in the United States, United Kingdom, France, The Netherlands, Germany, Spain, Brazil, Japan, China, Korea, Taiwan, Hong Kong, Singapore and Malaysia. For more information, visit:

http://www.a10networks.com.

About Microsoft

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Article source: http://www.darkreading.com/end-user/microsoft-the-fbi-europol-and-industry-p/240164485

SEATTLE and NEW YORK, DECEMBER 5, 2013 – F5 Networks (NASDAQ: FFIV) and Verizon Enterprise Solutions announced today that F5 technologies provide network traffic and security management services for the new Verizon Cloud. The F5 BIG-IP product suite allows enterprises using Verizon Cloud to keep business-critical applications fast, secure, and available. As part of its mission to radically improve the enterprise cloud, Verizon continues to leverage enterprise-grade technologies to provide clients with the consistent performance, user control, and flexibility not found in other generic public clouds.

Verizon embedded F5’s comprehensive suite of application services into Verizon Cloud Compute, its new infrastructure-as-a-service (IaaS) platform. As part of this solution, F5’s BIG-IP Global Traffic Managertrade connects isolated environments and intelligently directs users to the best-performing data center to maintain high application performance. In addition, Verizon Cloud utilizes the advanced capabilities of BIG-IP Access Policy Manager that allow for consistent deployment and enforcement of the policies governing security. These capabilities enable enterprises to confidently take advantage of the benefits Verizon Cloud has to offer.

With network functions virtualization (NFV) and BIG-IP solutions, enterprises using Verizon Cloud can maintain consolidated security credentials to access business applications and networks globally. This use of NFV demonstrates the core vision of the Verizon cloud, allowing clients to deploy best-of-breed, enterprise-ready virtual appliances that provide high levels of security, configurability, and flexibility to meet their demanding enterprise workloads.

“Verizon Cloud provides the availability, performance, and security enterprises demand from cloud services, and F5 is core to delivering those,” said John Considine, CTO at Verizon Terremark. “F5 was able to provision the components to support the dynamic scale and software-deployed management Verizon Cloud required to meet the needs of businesses adopting cloud today.”

“Helping customers effectively, securely, and efficiently combine application services and cloud environments–regardless of the specific makeup of their infrastructures–is a top priority for us,” said Karl Triebes, EVP of Product Development and CTO at F5. “Verizon Cloud demonstrates how organizations can use flexible, enterprise-class technologies to seamlessly and safely extend their applications to the cloud. With F5’s Software Defined Application Servicestrade, customers like Verizon can easily configure how optimization, security, and availability services are employed, tailoring environments to meet the needs of their business and cloud initiatives.”

Companies interested in Verizon Cloud can sign up to be a beta customer through the Verizon Enterprise Solutions website.

ABOUT F5

F5 (NASDAQ: FFIV) provides solutions for an application world. F5 helps organizations seamlessly scale cloud, data center, and software defined networking (SDN) deployments to successfully deliver applications to anyone, anywhere, at any time. F5 solutions broaden the reach of IT through an open, extensible framework and a rich partner ecosystem of leading technology and data center orchestration vendors. This approach lets customers pursue the infrastructure model that best fits their needs over time. The world’s largest businesses, service providers, government entities, and consumer brands rely on F5 to stay ahead of cloud, security, and mobility trends. For more information, go to f5.com.

You can also follow @f5networks on Twitter or visit us on Facebook for more information about F5, its partners, and technology. For a complete listing of F5 community sites, please visit www.f5.com/news-press-events/web-media/community.html.

F5, BIG-IP, Access Policy Manager, Global Traffic Manager, and Software Defined Application Services are trademarks or service marks of F5 Networks, Inc., in the U.S. and other countries. All other product and company names herein may be trademarks of their respective owners.

ABOUT VERIZON

Verizon Communications Inc. (NYSE, Nasdaq: VZ), headquartered in New York, is a global leader in delivering broadband and other wireless and wireline communications services to consumer, business, government and wholesale customers. Verizon Wireless operates America’s most reliable wireless network, with more than 100 million retail connections nationwide. Verizon also provides converged communications, information and entertainment services over America’s most advanced fiber-optic network, and delivers integrated business solutions to customers in more than 150 countries. A Dow 30 company with nearly $116 billion in 2012 revenues, Verizon employs a diverse workforce of 180,900. For more information, visit about.verizon.com.

Verizon Enterprise Solutions Online News Center: News releases, blog posts, media contacts and other information are available in Verizon Enterprise Solutions’ online News Center at http://www.verizonenterprise.com/about/news. News from Verizon Enterprise Solutions is also available through an RSS feed at http://www.verizonenterprise.com/rss-options/.

Article source: http://www.darkreading.com/applications/f5-networks-provides-enterprise-grade-ap/240164487

San Jose, CA, December 4 , 2013 – Zscaler, the global security cloud for the mobile enterprise, today announced it had completed a transparent migration of its worldwide cloud infrastructure to enable 2048-bit SSL traffic inspection, upgrading its SSL processing capacity 2,500 percent. Zscaler is unique as a cloud security provider that enables SSL-2048 bit scanning through a high-performance proxy.

In order to strengthen encryption standards, the Certification Authority/Browser (CA/B) Forum and the National Institute of Standards and Technology have mandated the switch from 1024-bit RSA keys to 2048-bit RSA keys for SSL traffic, effective January 1, 2014. This improved standard will require five times greater performance for Web servers and proxies. As a result, organizations relying on appliance-based security will be challenged with time-consuming and complex hardware and infrastructure upgrades to scale capacity.

“As SSL encryption increases in complexity and is widely adopted by Web services, organizations will be challenged to obtain complete visibility into network traffic to ensure security and compliance,” said Amit Sinha, CTO, Zscaler. “Advanced threats callbacks may try to leverage SSL tunnels to escape detection or employees may try to leak data through encrypted lines, but Zscaler provides total visibility into 2048-bit SSL traffic, without the cost and complexity of manually upgrading traditional security appliances.”

Read more about SSL 2048-bit encryption at the Zscaler Security Cloud blog: http://blog.zscaler.com/are-you-resolved-inspect-ssl-2048-2014

About Zscaler

Zscaler is transforming enterprise security with the world’s largest security cloud built from the ground up to safely enable users doing business beyond the corporate network. Zscaler’s security cloud processes over 12 billion transactions a day with near-zero latency to instantly secure over 10 million users in 180 countries, with no hardware or software required. More than 3,500 global enterprises are using Zscaler today to simplify their IT operations, consolidate point security products, and securely enable their business for mobility, cloud and social media. For more information, visit us at www.zscaler.com.

Article source: http://www.darkreading.com/authentication/zscaler-upgrade-delivers-high-speed-2048/240164488

JP Morgan Chase is the latest financial institution to own up to a data breach.

According to reports, the breach affected 2% of the customers of one of the bank’s payment card products.

That doesn’t sound such a big deal until you realise that the breach happened against a product called UCARD, of which it seems that 25,000,000 have been issued.

That makes it a pretty big breach when measured in absolute terms, with JP Morgan Chase having to contact 465,000 customers to warn them what has just happened.

Except that it looks as though it hasn’t “just happened”.

JP Morgan Chase’s own sites don’t seem to be saying, but stories already published seem to agree that the breach happened in July 2013; the bank realised in September 2013; and the notification has only followed now, in December 2013.

If, like me, you’re not from the USA, you might never have heard of UCARD – and, like me, you might have struggled to find out anything about it if you tried searching in the obvious places, such as jpmorgan.com, chase.com and jpmorganchase.com.

Not only will you find nothing about the breach, you won’t even find a mention of UCARD:

There’s a site called ucard.chase.com, but it seems to be for people who not only know what UCARD is, but actually already have one:

(One positive thing to report: at least the main page uses HTTPS, thus inviting you to login from a secure page to a secure page, though it doesn’t yet seem to offer forward secrecy.)

All we’ve been able to work out so far is that the UCARD CENTER website shown above seems to have been renamed from EBT ACCOUNT, and EBT stands for Electronic Benefit Transfer, which is pretty much what it sounds like – a way to get paid your food stamps and benefit cheques.

Briefly put, UCARD is welfare done digitally.

Of course, without an obvious official statement from JP Morgan Chase itself, we can only report what others are reporting, which seems to boil down to this:

• Data breach happened in July.
• Noticed and reported to relevant authorities in September.
• Reported to affected customers in December.
• Close to half-a-million cardholders affected.
• Still not sure what data was stolen.
• Most data stored encrypted.
• Some personal data exposed in unencrypted temporary files.
• Only the UCARD product affected.
• Law enforcement investigating.
• Affected customers get 12 months’ free credit monitoring.

Most of this, sadly, is a script you could probably have written yourself, through familiarity with all-too-many previous breach stories.

Sting in the tail

The sting in the tail – and the big lesson to take away in this case – is the issue of unencrypted temporary files.

Reuters suggests that the unencrypted data “appeared in plain text in files the computers use to log activity,” and that is probably a data leakage risk that affects many companies.

Financial transactions need scrupulous auditing, and that means keeping an accurate record somewhere of what happened, and when.

But logging can be a security risk as well as a benefit – you should be encrypting personally identifiable data both at rest (when it is written to disk) and on the move (as it flows across the network).

If you’re logging sensitive data, don’t wait until it reaches its final destination before encrypting it.

Public key cryptography makes it comparatively easy to protect logging data from snoopers and thieves in an end-to-end fashion, thus ensuring that it is encrypted everywhere along the way.

→ By the way, the potential for data leakage via temporary files is one reason why we recommend you use FDE, or Full Disk Encrpytion, for your laptop or mobile device, rather than just encrypting your home directory. If everything is encrypted, you don’t have to worry that one or two odd or out-of-the-way files might not be.

Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/OoNRCHKikWo/