STE WILLIAMS

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

America’s NSA had established 50,000-strong botnet by the middle of 2012 using malware infections, according to the latest Edward Snowden leaks.

Dutch newspaper NRC Handelsblad reports that the elite NSA TAO (Tailored Access Operations) hacking squad had used malware to establish a zombie army with tentacles all across the world.

The malware serves as a sleeper agent on compromised PCs, waiting months or longer before it activates and begins harvesting data. This stolen information is covertly fed into the NSA’s voracious data processing apparatus. The malware (or “implants” in the lexicon of the NSA) is slung onto compromised machines using Computer Network Exploitation, or hacking, tactics.

The methodology of the attacks carried out by the NSA is probably similar to the Belgacom hack blamed on GCHQ, which used fake LinkedIn and Slashdot pages to serve malicious code to targeted system engineers at the Belgian telco. The malware variant featuring in the latest NSA leaks is unknown, although we do know it established backdoor access to systems in Brazil, one of the countries that has been most vocal in complaining about US cyber-espionage antics, and Mexico. Similar malware-based tactics have reportedly been a feature of the NSA’s playbook for 15 years since 1998.

Previous leaks from Edward Snowden have revealed the detailed methodology for the NSA’s deployment of malware, so the latest leaks only really put one operation under the microscope rather than helping to uncover a previously unknown tactic. The latest leak illustrates that state-sponsored cyber espionage is far from the sole preserve of the Chinese, who are routinely blamed for so-called Advanced Persistent Threat-style attacks featuring custom malware and phishing. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/25/nsa_botnet/

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Security researchers have discovered a rare strain of AutoCAD malware that opens up compromised machines to secondary exploits.

ACM/SHENZ-A poses as a legitimate component of AutoCAD software for computer-aided design (CAD). But analysis by security researchers at Trend Micro has revealed that the malicious file opens up systems to exploits, specifically those targeting old vulnerabilities. The .FAS file that’s the carrier of the malware packs a malicious script.

The malware first creates a user account with administrative rights on the system before creating network shares for all drives on an infected computer. It then opens up four system ports (137-139, and port 445), communication channels associated with the Server Message Block (SMB) protocol that provides file, print and share functionality between nodes on Windows networks. The tactic thwarts restrictions on Windows networks applied by sysadmins designed to frustrate common types of hack attacks.

“By opening the ports, exploits that target SMB can successfully run on affected systems, provided that the relevant vulnerabilities have not yet been patched,” explains Anthony Joe Melgarejo, a threat response engineer at Trend Micro, in a blog post about the attack. “Security bulletins that cover the SMB vulnerabilities include MS10-020 and MS11-043.”

“The decision to create an account with administrator privilege is a strategic one.  Without the said account, the attacker will have to crack passwords for existing accounts or remotely create one — processes that can be difficult and time-consuming. With the admin account, the attacker can easily steal all the files in those drives and plant other information-stealing malware.”

As Trend Micro notes, AutoCAD malware is rare but not unprecedented. For example an AutoCAD virus surfacedin 2009. More worryingly an AutoCAD worm that appeared last year was blamed by security firm ESET for the theft of tens of thousands of drawings. ESET reckoned the malware, which it dubbed ACAD/Medre-A, lifted blueprints and sent them to email accounts located in China.

Business in Peru were the main victims of that attack, which seemed to be motivated by industrial espionage. Although the hackers behind the attack were using internet resources in China as drop-sites it doesn’t necessarily follow that they were Chinese. Chinese authorities, ESET and Autodesk (he creator of AutoCAD) teamed up to thwart the ploy by blocking email accounts that were acting as conduits for stolen files.

The malware unearthed by Trend is different from last year’s worm and has a slightly different purpose.

“Yep, ’tis different,” explained Rik Ferguson, global VP of security research at Trend Micro. “The one mentioned by ESET was siphoning off AutoCAD documents by sending them out of affected machines by email. This new malware actually carries out system level activities on the affected machine, creating the admin account, enabling protocols and significantly weakening the security of the affected system by leaving it open to further exploitation.”

The latest attack relies in part in tricking users into opening malicious attachment of a type – unlike executable, screen saver and doctored PDF files – rarely associated with malware.

“The primary advantage of AutoCAD malware may well be that users do not expect this type of document to be malicious; users should be careful about all document types and not just those that are ‘well-known’ to contain malware,” Trend’s Melgarejo advises.

Rootnote

A .FAS File Extension refers to a “Compiled Fast-Load AutoLISP File” a type of executable often used for creating macros that automate common processes within AutoCAD.

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/25/rare_autocad_malware/

DALLAS, Nov. 25, 2013 /PRNewswire/ — Trend Micro (TYO: 4704; TSE: 4704), a global pioneer in security software and solutions, today announced its partnership with the International Telecommunication Union (ITU), the United Nations’ specialized agency for information and communication technologies, in support of its Global Cybersecurity Agenda. This relationship will better equip ITU’s 193 Member States, as well as more than 700 private-sector entities and academic institutions, with the latest information to fight cyber threats globally. The collaboration was commemorated at ITU Telecom World 2013 in Bangkok, Nov. 19-22.

Through this partnership, Trend Micro will provide institutional expertise and research to the ITU, in addition to resources from the company’s Internet Safety for Kids Families initiative. This includes global threat reports, access to a worldwide network of TrendLabs researchers and threat alert updates.

“This partnership reinforces Trend Micro’s mission and commitment to making the world safe for exchanging digital information,” said Raimund Genes, CTO, Trend Micro. “We look forward to further contributing to global cybersecurity and are proud to have earned the trust of ITU to be at the forefront of suppressing dangerous online activity. Our open and ongoing exchange of research, resources and technology will play an important role in helping ITU inform key stakeholders about current and future cyber threats that can impact their respective constituencies.”

Trend Micro and ITU will distribute co-branded information to key influencers and audiences on a regular basis. Alerts will be activated as needed in real-time via ESCAPE, ITU’s secure communication portal that disseminates important information, including details about global implications and mitigation procedures for high-impact threat incidents.

“As part of our emphasis on connecting the world through a seamless communications system, it is important to make sure that cyber threats don’t undermine our cause,” said ITU Secretary-General Hamadoun I. Toure. “By making the latest research and resources available, Trend Micro is supporting our vision by providing expertise and resources to help people avoid being victimized by criminal and irresponsible online behavior. They are well equipped to provide our leadership base with necessary information to protect citizens.”

About Trend Micro

Trend Micro Incorporated a global leader in security software, rated number one in server security (IDC, 2013), strives to make the world safe for exchanging digital information. Built on 25 years of experience, our solutions for consumers, businesses and governments provide layered data security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem.

All of our solutions are powered by cloud-based global threat intelligence, the Trend Micro(TM) Smart Protection Network(TM) infrastructure, and are supported by over 1,200 threat experts around the globe. For more information, visit TrendMicro.com.

About ITU

ITU is the leading United Nations agency for information and communication technology. For nearly 150 years, ITU has coordinated the shared global use of the radio spectrum, promoted international cooperation in assigning satellite orbits, worked to improve communication infrastructure in the developing world, and established the worldwide standards that foster seamless interconnection of a vast range of communications systems. From broadband networks to new-generation wireless technologies, aeronautical and maritime navigation, radio astronomy, satellite-based meteorology and converging fixed-mobile phone, Internet and broadcasting technologies, ITU is committed to connecting the world. www.itu.int

Article source: http://www.darkreading.com/trend-micro-partners-with-united-nations/240164254

Tettnang, Germany — November 25, 2013 – Just in time for the holiday shopping season, security expert Avira announced today the release of Avira Savings Advisor – a free browser add-on that helps shoppers find the best prices and the most trustworthy e-commerce sites to buy online.

The Avira Savings Advisor add-on extension works with any browser–Chrome, Firefox, Safari and Internet Explorer–and can be installed for free by going to http://www.avira.com/en/Avira-Sparberater-Landing-Page.

How it works is Avira Savings Advisor scans whatever product you are looking at on a web page and, if it finds better prices for that product at reputable stores elsewhere on the Web, it displays them in a red ribbon at the top of your screen. (see screen shots above)

In addition to finding the best deals, Avira Savings Advisor also protects shoppers from potential fraud or disappointment by checking the website for security vulnerabilities and evaluating the merchant for trustworthiness, return policies, and other shopper-friendly attributes. In all, Avira Savings Advisor checks more than a dozen variables including:

– Positive average of user reviews

– Presence of email and telephone support contacts

– Certificates and Trust-marks (e.g. Bizrate, NexTag Trusted Seller, etc.)

– Encrypted payment systems and at least two trusted payment options (e.g. major credit card PayPal)

– Stated return policies

– Stated shipping and delivery costs

– Company history (more than 1 year active in business)

– Positive credit score (via Creditreform Check)

“We recently came across some survey results which said that 50% of shoppers can’t tell how to evaluate the trustworthiness of online shops. That prompted us to develop a tool in time to help shoppers for Black Friday and Cyber Monday,” said Travis Witteveen, CEO of Avira. “We wanted to offer people something really useful for the busy online shopping season and beyond, so we collected some of our security wisdom and Internet know-how and packaged it into a simple-to-use browser add-on that is optimized for both safe online shopping and finding the best deals.”

Links

Install the free Avira Savings Advisor add-on for any browser: http://www.avira.com/en/Avira-Sparberater-Landing-Page

Join the Avira community on Facebook: www.facebook.com/avira

Learn about Avira’s other award-winning antivirus products: http://www.avira.com

About Avira

More than 100 million consumers and small businesses depend upon Avira’s security expertise and award-winning antivirus software, making the company the number-two market share leader globally. Avira is ranked #1 in technology innovation according to ABI Research; recommended by Consumer Reports for its free antivirus software; cited by OPSWAT as the #1 fastest-growing antivirus vendor in 2012 and the #2 largest vendor worldwide in 2011; and has received a nearly unbroken string of Virus Bulletin VB100 awards for the past decade.

Avira provides IT-security protection to computers, smartphones, servers and networks, delivered as both software and cloud-based services. Visit www.avira.com.

Article source: http://www.darkreading.com/perimeter/avira-launches-savings-advisor-browser-a/240164230

OVERLAND PARK, KS–(Nov 25, 2013) – LockPath, a provider of innovative governance, risk management and compliance (GRC) solutions, today announced a strategic partnership with Satisnet, a leading international IT security reseller based out of London. Under the agreement, Satisnet will make LockPath’s solutions available to organizations in Europe, the Middle East and Africa (EMEA).

“Satisnet has established itself as a reputable provider of IT security services in the European market, and we’re thrilled to announce this partnership,” said Chris Caldwell, CEO of LockPath. “Working with Satisnet will allow us to help even more customers achieve a comprehensive view of their security risk and GRC posture, enabling them to make decisions quickly and proactively.”

Satisnet provides security information and event management (SIEM) solutions that help organizations assess their security risk posture, focusing on technologies such as vulnerability patch management, SIEM, advanced threat analysis, incident response, and GRC. By integrating solutions with customers’ existing solution stacks, the company helps lower costs and negate the expense of managing point solutions.

Satisnet has seen significant growth since its inception as an IT security integrator in 2004, establishing a strong professional reputation across multiple market sectors including local government, FTSE 250, and financial and charitable organizations. The reseller is currently evolving its Risk SIEM practice, and in the next phase, will tie SIEM information to business application data and big data with the help of LockPath’s Keylight GRC platform.

“Satisnet has established high-level partnerships since its founding, and we’re excited to continue this tradition through our partnership with LockPath,” said John McCann, managing director of Satisnet. “Through LockPath’s Keylight platform, we can provide customers even stronger transparency needed to assess and respond to enterprise security threats.”

This agreement builds on LockPath’s existing relationships with resellers and partners such as FishNet, Accuvant, BT, and Secure Digital Solutions. To learn more, please visit http://lockpath.com/partners/.

About Satisnet

Founded in 2001, Satisnet Ltd is a leading UK IT security reseller dedicated to providing the highest level of customer care and technical support. At Satisnet we work closely with our customers to streamline patch management, improve web optimization, develop log and event management and achieve PCI compliance. Our portfolio of products and services has been developed with what we believe to be the best solutions to solve your web, email, infrastructure, security, compliance, vulnerability and network or virtualization issues. With our dynamic approach to IT security we are able to offer our customers a solution set that we know will be ideally suited to their environment.

About LockPath

LockPath brings a flexible, pragmatic approach to governance, risk management, compliance and security programs. Its solutions help organizations gain a deeper understanding of their security and risk posture while reducing their audit fatigue by aligning people with their processes and the enabling technology. LockPath provides the platform to efficiently manage and harvest meaningful data from GRC activities, including regulatory compliance, policy life cycle, information security risk data, incidents, disaster recovery plans, third party assessments and internal audits. LockPath is headquartered in Kansas City. Visit LockPath.com to learn more.

Article source: http://www.darkreading.com/management/satisnet-to-resell-lockpaths-grc-it-sec/240164255

Twitter is the latest high-traffic social networking site to announce that it has added an extra layer of protection known as forward secrecy to its web servers.

“But wait,” you may be saying. “Didn’t Twitter implement an Always use HTTPS option back in 2011?”

Indeed it did, and that was important because it allowed you to ensure that all your traffic to and from Twitter enjoyed the protection of the padlock in your browser’s address bar.

It might seem slightly odd to be so fussy about encrypting every Tweet while it’s being uploaded, when most users’ intention is to have Twitter shout those selfsame Tweets as far, as wide and as soon as possible.

But secure HTTP, better known as HTTPS, is surprisingly important for any web service that lets you login up front and then stay logged in indefinitely.

That’s because your logged-in status is usually dealt with by a session cookie that is transmitted in the HTTP traffic.

A session cookie is a random string of data that a server sends to your browser as a sort of temporary ID, and that your browser sends back, in the headers of any future requests to that server, to assert that ID.

In short, the server uses the session cookie to recognise that’s it’s you coming back for more.

Without a session cookie, you’d need to login every time you loaded or refreshed a page from the relevant site, which would quickly become tiresome.

Your session cookie can’t be guessed by an attacker, because it consists of many bytes of random data generated uniquely for your session.

But without HTTPS to encrypt the cookie between your browser and the server, an attacker could sniff your traffic, extract the cookie and use it to masquerade as you.

So that’s why Twitter added Always use HTTPS.

→ Three years ago, a freely-available tool called Firesheep was published that allowed even completely non-technical users to sniff session cookies, for example at coffee shops with shared Wi-Fi connections, and use those stolen cookies to publish Tweets or Facebook postings in other people’s names.

Now, of course, there’s a new game in town, which goes a lot further than just sniffing your unencrypted session cookies in order to send embarrassing Tweets from your account.

As we now know, widespread surveillance and monitoring of what we do online means that third parties – from intelligence organisations and the private sector all the way to cybercrime gangs – are sniffing and keeping giant stashes of our internet traffic, just in case.

And although that traffic may be illegible now, thanks to HTTPS encryption, what about tomorrow, or next year, or even next decade?

What if the decryption keys fall into the wrong hands, through fair means or foul, such as: by coercion; due to a legal warrant; or because of a data breach?

Forward secrecy is a way of side-stepping that problem by using temporary encryption keys that are discarded after a short time, such as minutes, hours or days.

Incidentally, techniques for forward secrecy online were supported from the earliest days of HTTPS, but weren’t widely implemented because of extra processing load on the server.

Very greatly simplified, if not actually oversimplified, that’s because plain HTTPS only requires the server to send you a public key to which it has a matching private key, allowing the server to use the same public-private keypair over and over again.

HTTPS with forward secrecy, however, requires the server to send you a public key that is unique to your session, so that the corresponding private key can be destroyed after use.

Generating a keypair for every connection is much costlier that generating one for each server.

→ That’s how the forward secrecy is achieved: once the decryption keys from your session are destroyed, any copies of the encrypted data are effectively “nailed down” into an eternally-encrypted state, like a padlock to which you’ve lost the key.

If this sounds strangely familiar, that’s because it’s how the CryptoLocker ransomware claims to work: the crooks produce a one-off keypair for each victim, and warn you that if you haven’t paid after 72 hours, they delete your private key, and that’s that for your data.

(They’re lying. They practice forward dishonesty, and will sell you your key after more than 72 hours. For a lot more money.)

Of course, as the CryptoLocker private key shenanigans remind us, HTTPS forward secrecy depends on both ends doing the right thing.

It depends on your browser requesting the relevant cryptographic support in the first place; it depends on the server agreeing to provide that support; and it depends on the server doing the right thing by not retaining (or losing) the so-called “ephemeral” key.

But how you keep track of those possibilities is an article for another time!

Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/31v8bsTEQbg/

Last week, we wrote about how a UK blogger named DoctorBeet became suspicious that his LG Smart TV was phoning home with more information about his use of the TV than he might have liked.

Some investigation with Wireshark followed – that’s a free, powerful and highly recommended network packet sniffer – and his suspicions were confirmed.

Even after he expressly turned off the clumsily but unambiguously named “Collection of watching info” option, his TV continued to send back information (or to steal it, if you want to call a specialised earth lifting leverage tool a spade) that any reasonable person would consider none of the TV maker’s business.

LG’s initial response, reports DoctorBeet, was pretty much to disown all resposibility for the firmware in its device:

The advice we have been given is that unfortunately as you accepted the Terms and Conditions on your TV, your concerns would be best directed to the retailer. We understand you feel you should have been made aware of these T’s and C’s at the point of sale, and for obvious reasons LG are unable to pass comment on their actions.

When in doubt, blame the merchant!

If you think that is the worst excuse you’ve ever heard for a privacy breach, you’re not alone.

In fact, LG itself must have thought so (or the company decided to take a second opinion from another lawyer), because it soon changed its tune, sending our good friend and former Naked Security colleague Graham Cluley a PR statement that beat a different drum:

At LG, we are always aiming to improve our Smart TV experience. Recently, it has been brought to our attention that there is an issue related to viewing information allegedly being gathered without consent. Our customers’ privacy is a very important part of the Smart TV experience so we began an immediate investigation into these claims. Here’s what we found:

Information such as channel, TV platform, broadcast source, etc. that is collected by certain LG Smart TVs is not personal but viewing information. This information is collected as part of the Smart TV platform to deliver more relevant advertisements and to offer recommendations to viewers based on what other LG Smart TV owners are watching. We have verified that even when this function is turned off by the viewers, it continues to transmit viewing information although the data is not retained by the server. A firmware update is being prepared for immediate rollout that will correct this problem on all affected LG Smart TVs so when this feature is disabled, no data will be transmitted.

It has also been reported that the names of media files stored on external drives such as USB flash devices are being collected by LG Smart TVs. While the file names are not stored, the transmission of such file names was part of a new feature being readied to search for data from the internet (metadata) related to the program being watched in order to deliver a better viewing experience. This feature, however, was never fully implemented and no personal data was ever collected or retained. This feature will also be removed from affected LG Smart TVs with the firmware update.

LG regrets any concerns these reports may have caused and will continue to strive to meet the expectations of all our customers and the public. We hope this update clears up any confusion.

Graham already did a blow-by-blow dissection of this statement, and he wasn’t impressed.

You shouldn’t be, either.

The elevator pitch/lift summary is simple:

• The “collection of watching info” option collects viewing information, which LG defines as “not personal”, so stop moaning.
• LG collects that data even when you tell it not to, but it doesn’t actually do anything with it, so stop moaning.
• OK, so LG will alter the software so it tells the truth about collecting the info.
• OK, LG also collects data off your own storage devices, like filenames, but that was just a coding error, so stop moaning.
• OK, so LG will alter the software to remove the code that wasn’t supposed to have been released in the first place.
• LG is sorry if you somehow got confused and formed the opinion that it was helping itself to data that it shouldn’t have.

We wondered over the weekend why the statement sent to Graham wasn’t more widely circulated by LG.

We didn’t receive a copy, for example, and most stories covering this isasue ended up linking to Graham’s article, presumably lacking a primary source of their own.

We now seem to know why: LG must have been a bit less than sure of its facts, and has changed its tune again since telling Graham that this whole thing was really just a pile of confusion.

Its official on-line statement is different in an intriguing but subtle way.

LG told Graham that it collected viewing info “as part of the Smart TV platform to deliver more relevant advertisements,” but apparently it doesn’t do that.

In fact, says LG’s new statement, the company unequivocally if ungrammatically states that it “does not, or has ever, engaged in targeted advertisement using information collected from LG Smart TV owners.”

Clear as mud.

With a second blogger confirming and extending DoctorBeet’s findings, I wouldn’t be surprised if LG has a fourth go at explanining itself.

We’ll have to wait and see whether LG’s next statement starts with the words, “Dear customers, we made a mistake and we apologise,” or with, “Dear Information Commissioner’s Office…”

What do you think?

Would a proper apology still do the trick, or is it too late for that now?

Follow @duckblog

Image of old school TV courtesy of Shutterstock. The static on the TV picture is inspired by the Happy Hour Virus, imagined in the era before NTSC.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/dAh-HzOiEgo/

Don’t want the entire Facebook-using and -abusing population to see your friends list?

You can always change the setting to private – a setting labeled, for some strange reason, “only me”, chosen in response to the “who can see your friends list?” setting.

Fat lot of good it will do you, though.

Irene Abezgauz, a vice president of product management at the security software company Quotium, has discovered a way for any casual visitor, stranger, stalker or troll to see friend lists that their users have set to be private, and that includes any friends who’ve also set their lists to be private.

To access anybody’s friend list, all someone has to do is to create a fake Facebook account and send a friend request to his or her target.

Even if the targeted Facebook user doesn’t respond to the friend request, they’ll get to see a list of his or her friends, courtesy of Facebook’s People You May Know feature.

According to VentureBeat, Abezgauz revealed the vulnerability at the recent AppSec USA 2013 security conference in New York.

Abezgauz told VentureBeat that Facebook’s playing fast and loose with this on-again, off-again approach to privacy:

It’s all about privacy and people trusting that Facebook is making the best effort to protect the privacy of users. … It’s not about protecting the privacy of users as long as it stays out of the way of Facebook growing and expanding.

Facebook’s People You May Know feature, introduced in 2008, helps people discover new connections, be they long-forgotten school chums or colleagues.

It both helps people to build out their Facebook networks and enables Facebook to build a treasure trove of valuable data about us and the people with whom we associate.

(That daisy-chaining analysis, of course, enables people like NSA agents to pull the communications of innocent people into far-reaching surveillance dragnets that snare friends of friends of actual targets, as was shown in recently revealed documents from whistleblower Edward Snowden.)

To exploit the privacy hole, an attacker creates a new user account on Facebook and sends a friend request to the victim.

Even if the intended victim declines the request, Facebook begins to suggest to the attacker people he or she may know, with the option of clicking a “see all” button for convenience.

The people suggested in that list are friends of the target who received the friend request, even when the friends list of the victim is set to private and the other suggested users also have their friends list set to private.

When Abezgauz brought the privacy issue to Facebook’s attention, it replied that No, everything’s fine, given that you don’t know if the suggested friends represent someone’s complete friend list:

If you don’t have friends on Facebook and send a friend request to someone who’s chosen to hide their complete friend list from their timeline, you may see some friend suggestions that are also friends of theirs. But you have no way of knowing if the suggestions you see represent someone’s complete friend list.

But Abezgauz writes that research has shown that most of the friends list – which often includes hundreds of friends – is available to the attacker.

“In any case,” the researcher said, “even a partial friends list is a violation of user-chosen privacy controls.”

I checked with Facebook to see if private friend lists were still being pushed into People You May Know feeds. A spokesperson got back to me, and it doesn’t look like Facebook is planning to change anything any time soon:

Our policies explain that changing the visibility of people on your friend list controls how they appear on your Timeline, and that your friends may be visible on other parts of the site, such as in News Feed, Search and on other people’s Timelines. This behavior is something we’ll continue to evaluate to make sure we’re providing clarity.

Is Facebook privacy only an illusion, designed to lull us into sharing more than we would if we knew what the company really did with our data?

I agree with Abezgauz on this issue: Facebook has no right to siphon our friends off of a list putatively set to be private.

Hands off, Facebook, and please, fix this privacy hole.

Follow @LisaVaas

Follow @NakedSecurity

Screenshot courtesy of Flickr user FactoryJoe.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/pbLWO8fzwXQ/

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

The soaring price of BitCoin has prompted the cybercrooks behind the infamous CryptoLocker malware to reduce the levy they impose on victims from 2 BTC to 0.5 BTC.

The reduced price scam was spotted in variants of the malware, which encrypts personal files on infected Windows PCs, spotted earlier this week by security firm F-Secure.

Sean Sullivan, a security researcher with the Finnish security company, writes that the unknown crooks behind the scam are simply following regular business practices ultimately geared at maximising the return from their nefarious activities.

The price of Bitcoin has been wildly volatile lately. And that type of commodity volatility affects Bitcoin’s ability to act as a currency because prices are quickly driven out of whack. Even for ransomware such as CryptoLocker.

As previously reported, Cryptolocker encrypts the contents of a hard drive and connected local area drive using asymmetric cryptography before demanding payment for a private key need to unlock the data. Victims are typically told they need to pay the ransom within 72 hours if they ever want to see their data again. More recently, an ancillary service has sprung up that allows the retrieval of data at a higher price beyond the 72 hours deadline. Victims are required to upload an encrypted file in order for the service to match it with a key – during which time a “Pac-Man” animation is displayed, F-secure notes.

The value of Bitcoin has rocketed since the scam surfaced in September, so that what started out as a demand for $300 was costing victims $1,400 earlier this week; a price many victims might well balk at paying.

CryptoLocker normally arrives in email as an executable file disguised as a PDF, packed into a .zip attachment. A spam run targeting millions of UK consumers prompted a warning from the UK National Crime Agency last week. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/25/cryptolocker_varmints_lower_decryption_price/

5 ways to prepare your advertising infrastructure for disaster

Facebook supremo Mark Zuckerberg – whose company is routinely criticised for its dubious data-mining practices – has attacked the US government for being secretive about its online spying activities.

“I think the government really blew it on this one. And I honestly think that they’re continuing to blow it in some ways and I hope that they become more transparent in that part of it,” he told ABC News.

Zuck argued that a balance was needed to allow American citizens to live in a safe country where they are protected by spooks while, at the same time, being kept in the loop about mass surveillance – something the Facebook chief arguably knows a thing or two about.

“In terms of doing the right things and also being clear and telling people about what you’re doing,” the flame-haired, sneaker-wearing billionaire said in reference to the NSA/PRISM scandal that was leaked by master blabbermouth and erstwhile US government IT contractor Edward Snowden.

Zuckerberg said during the TV interview that he was continuing to lobby for more visas for highly skilled workers to keep them Stateside. He described the immigration issue in the US as “one of the biggest civil rights issues of our time”.

He added: “There are 11 million undocumented people living in this country.”

When quizzed about the view held by some in the US that those individuals are breaking the law, Zuck disagreed and said many immigrants without the right paperwork wanted to “contribute”.

“The future of our economy is a knowledge economy. And that means that getting the most talented people into this country is the most important thing that we can do to make sure that the companies of tomorrow are founded here,” he said. ®

Disaster recovery protection level self-assessment

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/25/zuckerberg_says_us_government_blew_it_on_mass_surveillance/