STE WILLIAMS

MOUNTAIN VIEW, Calif. — Nov. 19, 2013 — NetCitadel, Inc., the pioneer in innovative threat management solutions, today announced the general availability of NetCitadel ThreatOptics trade, the industry’s first solution that applies context and intelligence to detected security events and dramatically reduces incident response times to Advanced Persistent Threats (APTs) and malware attacks.

The evolving complexity and increased frequency of malware and APTs have driven the need for next-generation Advanced Malware Detection (AMD) solutions and Security Information and Event Management (SIEM). While effective, these detection tools generate unmanageable volumes of security alerts, and make it difficult for Incident Response teams to verify, prioritize, and respond to the most urgent threats in a timely and effective manner. Traditional response processes are manual, time-consuming and error-prone, thus leaving organizations exposed. This, combined with the ongoing shortage of skilled cyber security resources, necessitates a new, more automated approach to incident response.

Now, by closing the gap between detection and response, NetCitadel ThreatOptics transforms traditionally rigid workflow and manual response capabilities into dynamic defenses capable of automatically responding to malicious attacks in real-time.

“As the law firm for ground-breaking technology and life sciences companies, Fenwick is heavily invested in making sure our infrastructure is secure,” said Kevin Moore, Director of Information Technology at Fenwick West LLP. “We recognize that a proper security posture is not just about detection, it also includes an effective analysis and response capability. NetCitadel ThreatOptics provides our security team with rich context data for efficient security response that is critical to our ongoing mission to keep our networks, servers, and end points secure.”

NetCitadel ThreatOptics is the first threat management platform of its kind, addressing the security analysis and intelligence needs of today’s Incident Response teams. NetCitadel’s analytics-driven approach uniquely adds rich context data to security events generated by devices such as FireEye, Palo Alto Networks, and HP ArcSight, and analyzes the data to facilitate rapid and intelligent decisions. In addition, ThreatOptics integrates with existing security enforcement devices, such as firewalls and web proxies, to deliver real-time responses to security events.

According to Gartner, Inc., “Security buyers that add these new detection methods will quickly find that the event of detecting malware or a compromised system itself is not deterministic for reporting on the impact of the attack. Other factors are needed to better handle the workload of new events in terms of company impact. For example, the systems and users involved, the sensitivity of the data in play, what external parties are involved, and situational attack visualization become key to quickly and accurately prioritizing events in which to dispatch investigation teams.”1

Without the proper context, it is almost impossible to prioritize events and make good security decisions. The proper context in an integrated view, however, enables security analysts to quickly verify which issues are real and which issues can safely be deprioritized.

“NetCitadel ThreatOptics solves the industry’s security alert overload problem by automatically surrounding alerts with meaningful context,” said Mike Horn, NetCitadel co-founder and CEO. “We’re pleased to help security analysts and Incident Response teams demonstrably increase their security responsiveness while leveraging existing security resources. By lowering the cost of exposure and increasing security, NetCitadel frees up more IT staffers to engage and positively impact other security priorities in the organization.”

NetCitadel ThreatOptics dynamically updates existing security devices to respond instantly to security events as they are detected. With NetCitadel, once a security event has been detected anywhere in the network, subsequent attempts to connect to the source of the infection will be blocked across the entire network proactively, eliminating widespread outbreaks of the same security threat.

About NetCitadel ThreatOptics

NetCitadel ThreatOptics leverages intelligent threat event context and patent-pending security orchestration technologies to deliver real-time responses to security events. Rich sources of security information, from systems such as Security Information and Event Management (SIEM), Advanced Malware Detection (AMD) and Intrusion Detection Systems (IDS) are seamlessly integrated to work with existing security devices, such as firewalls and web proxies. Deployed as a virtual appliance, ThreatOptics leverages security event information and, based on the information in the security event, updates existing security devices to react to those security events in real-time. By using ThreatOptics, organizations can dramatically reduce the time it takes to respond to an identified security event by enabling either a fully automated or semi-automated response. ThreatOptics uses proprietary security intelligence algorithms to help enterprises determine the severity of a security event as well as the appropriate response to that event.

Availability and Pricing

NetCitadel ThreatOptics will be generally available next month from NetCitadel as a virtual appliance. Pricing begins at approximately $50,000 and goes up based on the number of users and the size of the security infrastructure. More information on pricing and purchasing information can be found at www.netcitadel.com.

NOTE 1 – Gartner, “Advanced Targeted Attacks Influence Security Spending and Create Partnering or Acquisition Opportunities,” by Eric Ahlm and Lawrence Orans, Sept. 26, 2013.

About NetCitadel

NetCitadel is the pioneer in innovative security threat management. Recognizing the dramatic growth in cyber-attacks and the increase in targeted attacks using Advanced Persistent Threats (APTs), the company identified the need to operationalize the overwhelming volume of security data. Its threat management platform, ThreatOptics, leverages patent-pending technology to link existing network security devices with real-time security event information, resulting in an infrastructure capable of adapting to new threats instantly. Headquartered in Mountain View, Calif., the company is venture backed by NEA and other investors. For more information about NetCitadel and its solutions, call (650) 564-4285 or visit http://www.netcitadel.com.

Article source: http://www.darkreading.com/management/netcitadel-rolls-out-real-time-threat-ma/240164109

SUNNYVALE, Calif. – November 19, 2013 – Physicians, surgeons, nurses, emergency responders and other healthcare professionals commonly use their mobile devices to send diagnostics and collaborate with other specialists. And for good reason–it helps save lives. However, the practice introduces potential compliance risks for electronic protected health information (ePHI).

The latest mobile security innovation from Marble Security – Marble Messenger trade – solves this problem by enabling organizations to protect patient information on mobile devices with encryption and passwords and enforce ePHI security policies for both senders and receivers. Since it is encrypted, patient information is also protected as it traverses the Internet or a mobile network. Additional safety is provided by an auto-destruct feature that deletes the image and text after a time limit is reached.

Marble Messenger is the newest feature of the company’s Marble mobile security platform, a next generation cloud service that combines advanced mobile security management (MSM) functionality with essential mobile app management (MAM) and mobile device management (MDM) capabilities. Marble is defining the emerging mobile security category, MSM, which goes beyond MAM and MDM with advanced features like app scanning, secure browsing and real-time cyberthreat protection.

“Customers tell us that with Marble Messenger, they can continue to consult with other healthcare professionals via secure messaging while not violating HIPAA/HITECH regulations,” said Marble Security Founder and CTO David Jevans. “With the pervasive use of mobile, we are seeing interest in other sectors as well to encrypt and protect sensitive information that is routinely sent over mobile devices.”

Enterprises are starting to face the reality that traditional MDM solutions do not protect their mobile perimeter. At the same time, mobile malware and phishing attacks have more than doubled, increasing the risks to enterprises from BYOD and mobile access. Marble addresses these problems directly with the MSM capabilities in its next generation mobile security platform that includes these elements:

Marble Messenger allows encrypted messaging on mobile devices with an auto-destruct feature

Essential MDM is for organizations that have not yet deployed MDM or are looking to replace their existing MDM solution with a more secure, less expensive, all-in-one solution

Essential MAM allows corporate apps to be cataloged, pushed and deleted while providing data wiping capabilities for lost or stolen devices

Mobile App Scanning/Device Security features actively protect against malware, unauthorized data access and phishing while enforcing security policies

Secure, Hosted VPN that isolates users from network attacks like man-in-the-middle, re-directs, poisoned DNS, phishing and wireless eavesdropping

Marble mobile security platform lets administrators, via the cloud, set and enforce risk-based policies, control mobile security through dashboards and run risk analytics and compliance reports. More information about Marble mobile security platform is available at www.marblesecurity.com or by calling (408) 737-4300.

About Marble Security

Marble Security, Inc. offers a mobile security cloud service that protects against the ever-changing threats unleashed into enterprises by mobile devices. Simple to use and deploy, the Marble cloud service includes patented, adaptive protection to eliminate risks to corporate data, networks and applications. Criminals, competitors and hostile governments target enterprises and end users with an ever more sophisticated array of attacks. The BYOD workforce is particularly at risk. Marble secures enterprises from mobile workers’ access to corporate and public networks and cloud services on Android and iOS mobile devices, as well as Macs and Windows PCs, and offers more comprehensive protection than any other solution on the market.

Article source: http://www.darkreading.com/government-vertical/marble-messenger-protects-privacy-of-hea/240164110

SAN JOSE, Calif., November 19, 2013 – VSS Monitoring, a leading provider of network packet brokers (NPBs), today launched the Big Data Visibility solution, a system that closes the visibility gap into corporate data by combining network data with big data from external sources to allow analysis of that data as a single dataset – whether for performance or business intelligence applications, forensics, compliance, or security assurance. Supplementing real-time, synchronous analysis of data in motion with cost-effective asynchronous analysis of stored data, the Big Data Visibility solution scales analytics and forensics to larger datasets than they could with legacy technology. Furthermore the VSS Monitoring’s vMeshtrade architecture enables organizations to connect hundreds of packet broker nodes and gain real-time views into big data across their entire global network.

The Big Data Visibility solution is built on two new advances in the vMesh Architecture: vSpooltrade and vNetConnecttrade:

The vSpool hardware module for VSS Monitoring’s vBrokertrade chassis enables network data to be captured directly from the network infrastructure, and delivered to and analyzed synchronously or asynchronously by any network analytics, forensics and big data systems over a common storage or content platform.

vNetConnect software enables agent-free visibility into VMware and Cisco virtual switches, providing visibility into physical and virtual workloads and the associated network traffic without requiring any additional software to be installed on the hypervisor or as a virtual machine.

“There are prodigious volumes of operational and business data available within network packet streams, waiting to be fully leveraged by the fast growing ranks of Big Data analytics solutions,” said Jim Frey, vice president of research, Enterprise Management Associates. “By offering new methods for directly forwarding packet captures into Big Data architectures, VSS Monitoring is opening a new door for operational-intelligence solutions. Further, VSS has added an important extension that can restore visibility into virtualized server environments, where VM-to-VM packet communications can and do occur without ever crossing a physical network wire.”

Brings Visibility to Data in Motion

According to IDC’s 2012 Digital Universe Study, only about 3% of the potentially useful data in the digital universe is tagged and even less is analyzed. A significant gap in this missing data is the “data in motion” that is not captured by big data analytics systems. By allowing big-data applications to gain access into these network data alongside other sources of structured or unstructured data, the VSS Big Data Visibility solution closes this “big data gap” and presents a much richer view of the business’s market and organizational posture.

Big Data applications today largely lack visibility into network data in motion. While specialized network data-capture tools have long been available, those tools can analyze, store and present only that portion of a dataset suited to their purpose. Furthermore, because they are typically used in silos, they cannot effectively scale to the massive data volumes on today’s networks, have a narrow scope, and store data only in proprietary formats. This situation often leads to the use of multiple specialized tools, which increases costs and limit the broader use of the datasets.

“Big data is not just about dealing with the pure scale of data,” said Dwight DeClouette, vice president, Communications, Media and Entertainment, Hitachi Data Systems. “Service providers and enterprise customers are now looking for more comprehensive and ‘cross-domain’ insights to make informed business decisions. Hitachi Content Platform (HCP) brings to market an unmatched level of capabilities for big data, including search, storage scalability, management and protection. By adding VSS NPBs powered by vSpooltrade, end users can perform deep analysis on data in motion and gain a new level of visibility and intelligence from their own big data.”

The VSS Big Data Visibility Solution closes the gap between the network and analytics by deploying a distributed architecture that centralizes access to network data, optimizes storage and enables real-time, interactive, and batch analysis. The addition of vNetConnect enables packets from both virtual switches and physical switches to be directed into the network packet broker layer, while vSpool provides capture and delivery of those packets to analytics tools and content platforms from a single point and in an open standard format. The Big Data Visibility Solution enables multiple applications to leverage a single copy of the packaged data, thereby eliminating storage and analytics silos, optimizing and scaling the delivery of these network data:

Network data is encapsulated in open standard file format that can be directly transported to any (non-network tool) storage appliance or content platform, which do not natively support network packet ingestion. The capture files can be read by many applications.

These data files are written to disk using open and standard transport protocols onto a commodity storage appliance or content platform in addition to traditional application-specific tools.

The solution makes network traffic available in real time and asynchronously. With additional grooming and packet optimization applied to the capture, only the optimized data and metadata of interest are extracted and ingested by the big data systems.

“Riverbed is committed to providing its customers with a holistic view of data to manage application and network performance,” said Dimitri Vlachos, vice president, marketing and products at Riverbed. “By bringing together the Riverbed Cascade Shark continuous packet capture, analysis and storage appliance with VSS Monitoring’s vBrokers powered by vSpooltrade, customers are able to gain a new level of visibility, flexibility and control over their Big Data, resulting in significant ROI and enhanced intelligence about their IT and network infrastructure.”

Supports All Pillars of the Virtualized Data Center: Network, Compute, and Storage

Network packet brokers have traditionally focused on solving the visibility problem from the network perspective. Today, scalability and flexibility of network data storage is becoming a critical challenge because of the increase in data volume, variety and velocity. The “stove-pipe” nature of traditional monitoring systems also makes it difficult for organizations to query, retrieve and analyze all the data in a holistic manner. Further, these monitoring systems do not scale effectively to persistent storage systems. The VSS Big Data Visibility solution brings all three pillars of the virtualized data center together by delivering non-invasive, agent-free visibility into virtualized compute, and providing asynchronous management and control of network data under a single common storage platform.

“Big-data systems are often blind to an invaluable resource: the data that represents every transaction in any networked business,” said Martin Breslin, Founder and President, VSS Monitoring. “Bridging this gap by linking network data with big data systems, enables a comprehensive view of the information that the business needs to make the right decisions. vSpool addresses these challenges by delivering line-rate performance and advanced traffic grooming, while vNetConnect provides total visibility into network traffic from both physical and virtual hosts, and from active and stored data alike. No longer are variations in data types, interfaces between systems, network latency, or physical locations of network assets a limitation to high-quality analysis.” In addition, the “tool consolidation” and the use of commodity hardware made possible by vSpool allow for cost-effective scaling of network analytics and forensics, added Breslin.

Availability

Both products are available immediately. vNetConnecttrade software starts at $20,000, and vSpooltrade starts at $7,000. For more information please contact: [email protected]

About VSS Monitoring

VSS Monitoring is a world leader in network packet brokers (NPBs), providing a visionary, systems approach for optimizing and scaling the connectivity between network switching and the universe of network monitoring and network security tools. VSS Monitoring NPBs improve tool usage and efficiency, simplify IT operations, and greatly enhance ROI from tools. For more information, visit www.vssmonitoring.com.

###

Article source: http://www.darkreading.com/applications/vss-monitoring-delivers-network-data-to/240164111

Clearwater, Fla. – Nov. 19, 2013 – ThreatTrack Security today launched ThreatAnalyzer 5.0, solidifying the company’s malware analysis solution as the industry’s best. Featuring more than 30 new product enhancements – including improved behavioral analysis capabilities, simulated reboot countermeasures for sandbox-evading malware, and a redesigned user interface for improved workflow – ThreatAnalyzer enables cybersecurity professionals to identify malicious files to quickly eliminate those threats from their networks.

“Knowing is not enough. Threats must be eliminated,” said ThreatTrack Security CEO Julian Waits, Sr. “With more than 250 customers, ThreatAnalyzer gives enterprises and government agencies the ability to understand how an otherwise unknown malware sample will behave on their endpoints, but more importantly, it provides all the data they need to eradicate those threats from their network. ThreatAnalyzer is an essential tool cybersecurity professionals need to combat Advanced Persistent Threats (APTs), targeted attacks, Zero-days and other sophisticated malware targeting their operations.”

Automate, Analyze and Act

ThreatAnalyzer detonates executable files and URLs in a monitored environment to analyze threats and determines the risks they pose to a network. It enables users to automate the sample submission process; completely analyze any threat; and quickly act to protect sensitive data. ThreatAnalyzer streamlines a task that could take days to just two minutes or less on average.

Automate – Exponentially grow the number of malware samples processed every day, and eliminate the time-consuming, expensive and error-prone manual analysis that leaves organizations vulnerable to advanced cyber threats.

Analyze – Understand the nature of each threat targeting a network with in-depth behavioral analysis across an entire application stack that demonstrates how malware executes, system changes, network traffic generated, applications exploited and what data is targeted.

Act – Immediately begin blocking threats, alerting team members and remediating threats from a network with complete confidence that all traces of malicious code are removed and any system changes are corrected.

New ThreatAnalyzer 5.0 capabilities include:

Simulated Reboot detects malicious code that only executes after a system reboot. Through a proprietary technique, ThreatAnalyzer can now expose code otherwise undetected through most sandbox analysis.

Threat Dashboard provides high-level insight and situational awareness into the overall threat level of discovered malware, along with actionable information such as top IPs and domains associated with analyzed malware, top malicious behaviors and a world map view to quickly identify nation state threat actors.

Workflow Optimizer matches the typical scenarios that users experience on a daily basis, and offers enhancements that streamline everyday operations such as easier submission to multiple sandboxes.

API Integrator supports output in JSON as well as XML, making it easier and faster for users to integrate ThreatAnalyzer’s malware intelligence with other cyber defense solutions also in place.

Sample Saver stores the JavaScript, Flash and HTML files, as well as network traffic data that are accessed or generated by a malware sample, so they can be further analyzed and correlated offline.

Industry Leading Malware Analysis

ThreatAnalyzer provides several distinct advantages over virtual and SaaS-based analysis engines, including the ability to:

Run in a native or virtual environment to counter sandbox-evading VM-Aware malware samples.

Customize sandbox environments across a user’s entire application stack to better understand malicious behavior and more easily identify targeted attacks.

Analyze malware offline in a secure, isolated environment with no loss of functionality.

To learn more about ThreatAnalyzer 5.0 (formerly known as GFI SandBox and CWSandbox), visit www.ThreatTrackSecurity.com, call +1 855-885-5566 or send an email to [email protected].

About ThreatTrack Security Inc.

ThreatTrack Security specializes in helping organizations identify and stop Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware that are designed to evade the traditional cyber-defenses deployed by enterprises, and small and medium-sized businesses (SMBs) around the world. The company develops advanced cybersecurity solutions that analyze, detect and remediate the latest malicious threats, including its ThreatAnalyzer malware behavioral analysis sandbox, VIPRE business and consumer antivirus software, and ThreatIQ real-time threat intelligence service. Visit www.ThreatTrackSecurity.com to learn more.

Article source: http://www.darkreading.com/management/threattrack-security-introduces-threatan/240164112

Quick guide to disaster recovery in the cloud

Lavabit’s founder has claimed other secure webmail providers who threatened to shut themselves down in the wake of the NSA spying revelations had received court orders forcing them to stay up.

Ladar Levison made the claim during a recent Reddit AMA (ask-me-anything) QA chat without going into details about the alleged strong-arm tactics.

When I was deciding whether to shut down the decision really boiled down to whether users would prefer to have their emails secretly snooped, or simply lose their service altogether. Since the court prevented me from telling anyone the situation, I had to make that choice for everyone. I had to decide on behalf of everyone without the benefit of their feedback. In the end I chose to shut down.

Why didn’t I warn anyone? Because if the feds had known I was planning to shut down they would have gotten a court order requiring me to continue operating the service. If I had shut down the service after receiving such an order I would have almost certainly been charged with obstruction of justice. I’ve been told that other service providers have threatened a shut down and received such orders.

Asked to go into details, Levison responded: “I didn’t ask and my source, who shall remain nameless, didn’t tell.”

The exchange occurred in the midst of an ongoing appeal to overturn a contempt-of-court ruling against Lavabit and its owner Levison for resisting a government subpoena and search warrant that would have put the private communications of Lavabit’s 410,000 customers at direct risk of government snooping.

Levison brought down the shutters on Lavabit’s encrypted email service in August, rather than play ball with court orders that initially demanded metadata about an undisclosed user. Whistleblower Edward Snowden was among the paid-up users of Lavabit and it is widely assumed the court actions were the result of attempts by the National Security Agency (NSA) to get at Snowden through Lavabit.

Edward Snowden reportedly used the Lavabit email address [email protected] to send invites to human rights lawyers and activists to a press conference during his confinement at Moscow’s Sheremetyevo International Airport back in July.

The Feds targeted Snowden’s email provider more than a month before this in a legal action that started the day after the NSA whistleblower went public, Wired reports.

A PGP key reportedly attached to the Lavabit account suggests he’d been using the service since 2010, although security experts reckon he must have used a more secure methodology for anything sensitive.

The government’s move against Lavabit was resisted tenaciously by Levison. After much wrangling, Levison eventually handed over Lavabit’s cryptographic key in digital form, after earlier trying to satisfy a court order by printing out and handing over a copy of the key in 4-point type, a move that irked the judge handling the case.

After Lavabit resisted complying with government demands, it was held in contempt of court and fined $5,000 a day until it turned a machine-readable version of the key over.

Days after handing over the encryption key, a move that would have made it much easier for the NSA or other federal agencies to run man-in-the-middle attacks against Lavabit, Levison pulled down the shutters on the service, which he had been running for 10 years prior to its closure.

The contempt of court order become the subject of an appeal, which argues that forcing Lavabit to hand over its encryption keys violated the US Constitution’s Fourth Amendment that prohibits unreasonable searches and seizures. In the course of the latest legal exchanges, government lawyers disputed arguments by Lavabit’s lawyers (PDF) that handing over the encryption key would enable the government to spy on every user of the service, not just those that they had obtained a warrant against.

That other information not subject to the warrant was encrypted using the same set of keys is irrelevant; the only user data the court permitted the government to obtain was the data described in the pen/trap order and the search warrant. All other data would be filtered electronically, without reaching any human eye.

Government lawyers argue that “just as a business cannot prevent the execution of a search warrant by locking its front gate, an electronic communications service provider cannot thwart court-ordered electronic surveillance by refusing to provide necessary information about its systems”.

DoJ attorneys also dismissed Lavabit’s argument that disclosing its encryption keys was incompatible with offering a secure email service. Marketing a business as a “secure” service to consumers provides no legal obstacle to court orders, US government lawyers state in the conclusion to their argument (PDF).

Lavabit claims the right to ignore those courts and thwart such investigations simply by offering for sale, to the general public, encrypted email. Because there is no reason to treat a business that offers encrypted email services differently from any other business, this court should affirm the district court’s order for sanctions.

An informed discussion of the latest legal broadsides in this landmark privacy rights case can be found in a post on the Sophos Naked Security blog.

In the wake of the Lavabit shut-down, Silent Circle closed its Silent Mail email service days afterwards. The security firm, which boasts Phil Zimmermann as a co-founder, made the move with an eye on potential trouble ahead and not in response to any “subpoenas, warrants, security letters, or anything else by any government”.

Silent Circle has since allied with Lavabit’s Levison to create the Dark Mail Alliance, which aims to build an email system that provides end-to-end encryption. Jon Callas, CTO of Silent Circle and cofounder of the Dark Mail Alliance, a long time collaborator with Zimmerman stretching back to their PGP days, outlined the project in an interview with El Reg here.

Was Lavabit a house built of straw?

Cryptographer Moxie Marlinspike put together a damning critique of Lavabit’s claims which concluded that its security was little more than a “promise not to peek”. Marlinspike pitched into the Reddit AMA with Levison to take him to task for pre-takedown claims that Lavabit was “so secure even we can’t read your email”. The exchanges are recorded there and are well worth reviewing for anybody with an interest in the technical challenges ahead for anyone hoping to develop a truly secure “NSA proof” email service.

Marlinspike raised the issue because he remains concerned over how reliable any future claims Levison might make about offering bulletproof email security might be, as he explains in his opening remarks.

Yes it is completely true that there was nothing Lavabit could have done within the configuration of a standard SMTP/POP/IMAP server to be secure in the way that it advertised, without dedicated client support.

It’s not Ladar’s fault that the e-mail infrastructure doesn’t natively support end-to-end security, but I do think that we should hold him accountable for advertising that his system provided a false level of security.

When people knowingly sell snake oil, I think we should hesitate to support their future security endeavours, particularly endeavours with virtually no technical information available in advance. What if it puts users at risk all over again?

An independent take on the daunting challenges that come with putting together a secure email system can be found in guest article by Matthew Green, a cryptographer and research professor at Johns Hopkins University, in the New Yorker here. ®

The business case for a multi-tenant, cloud-based Recovery-as-a-Service solution

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/19/lavabit_analysis/

Two search giants, Google and Microsoft, have agreed on measures that should make it harder to search for child abuse images online on the open internet, while Google has made a groundbreaking move to identify and ferret out videos made by paedophiles on its YouTube service.

YouTube engineers have created new technology to identify videos made by paedophiles, according to Google Executive Chairman Eric Schmidt, whose letter about the changes was posted in the Mail Online on Sunday.

As it is, Schmidt wrote, there’s “no quick technical fix” that enables search engines to detect child sexual abuse imagery, given that computers can’t reliably differentiate innocent pictures of children at bath time and genuine abuse.

That means Google has to rely on humans to review images. Those that are determined to be illegal are given a unique digital fingerprint.

Given these unique digital fingerprints, Google can automatically identify illegal pictures.

But paedophiles are increasingly filming their crimes, Schmidt said.

To address that source of child abuse imagery, Google is now testing a new technology to identify such videos and will hopefully make it available to other internet companies and child safety organisations in the new year, he said.

But the work doesn’t stop at the open internet.

The YouTube announcement came the day before a Downing Street summit at which UK Prime Minister David Cameron was scheduled to announce that British and US law enforcement agencies will jointly target online child abuse by monitoring those who operate on the hidden internet.

A transatlantic taskforce will identify ways of targeting criminals and paedophiles who use secret encrypted networks to distribute abuse imagery.

Google and Microsoft also announced that “up to 100,000 search terms will now return no results that find illegal material”, the BBC reports.

Such searches will also trigger warnings that child abuse images are illegal.

Both companies have introduced new algorithms that will prevent Google Search and Microsoft’s Bing from delivering this type of illegal result.

According to The Guardian, Google’s Schmidt announced that a team of 200 had worked to clean Google Search of search terms that can lead to child sexual abuse images.

The restrictions will first be launched in the UK, after which they’ll be introduced to other English-speaking countries and in 158 other languages over the next 6 months.

Google is also displaying warnings at the top of search results for 13,000 queries.

UK Prime Minister David Cameron welcomed the move.

In a speech in July, the PM had announced new measures to protect children and challenged outfits such as Google, Yahoo, and Microsoft to do their part by, for one thing, adopting a blacklist of “abhorrent” search queries that leave no doubt that a searcher’s intent is malevolent.

Google communications director Peter Barron said that the changes would make it “much, much more difficult to find this content online.”

More of what Barron said, from the BBC’s coverage:

We’re agreed that child sexual imagery is a case apart, it’s illegal everywhere in the world, there’s a consensus on that. It’s absolutely right that we identify this stuff, we remove it and we report it to the authorities.

Unfortunately, Google’s and Microsoft’s efforts to strip results away from child abuse-related search terms is well-meaning but, ultimately, might amount mostly to, at best, a waste of time, effort and money and, at worst, censorship.

It is not on the open internet that paedophiles search for, and find, the images they’re after. Rather, it is on the so-called dark or hidden web where the trafficking in such images mostly occurs.

As pointed out in a recent University of Massachusetts/Amherst research paper on measuring and analysing child porn on P2P networks, such networks are the most popular mechanism for acquiring and distributing such imagery.

It is here that such images are exchanged, mostly via P2P, largely in encrypted format.

A recent report from the Child Exploitation and Online Protection Centre (CEOP) in the UK backed this up:

The commercial distribution of IIOC [indecent images of children] on the open internet is estimated to account for a very small percentage of the transactions taking place. This low level is likely to be a result of the large volume of IIOC in free circulation, particularly over P2P, and widespread awareness of the traceability of conventional payment methods.

The tendency of paedophiles to use the dark web is increasing, according to the CEOP:

The use of the hidden internet by IIOC offenders remained a key threat during 2012 with the number of UK daily users connecting to it increasing by two-thirds during the year. This represents one of the largest annual increases globally, in a non-oppressive regime.

Technologies designed to scour the dark web searching for active paedophiles are likely to yield far better results than anything that Google and Microsoft are doing with regards to search and the open internet.

One such technology is automatic search on P2P networks for query terms commonly used with child abuse content.

This type of tool was used to collect information on three US defendants, who tried to get the evidence dismissed, saying that the automated computer search amounted to warrantless search and was thereby a violation of Fourth Amendment rights against unreasonable search.

A US federal court rejected that claim last week, saying that once the alleged paedophiles had posted abuse images to a P2P network, they surrendered their rights to claim those images were private files.

It is here, in the dark web, that technology advances and court decisions such as this one from last week stand the best chance of battling child abuse.

Paedophiles live in the dark web. That’s where the battle must be waged.

Follow @LisaVaas

Follow @NakedSecurity

Image of camera lens courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/lKH5a11qKiU/

5 ways to reduce advertising network latency

Yahoo! is going to start encrypting its intra-data-center traffic and will offer a similar service as an option to webmail users next year, CEO Marissa Meyer has pledged.

“I want to reiterate what we have said in the past: Yahoo has never given access to our data centers to the NSA or to any other government agency. Ever,” she said on her Tumblr page – which is now the preferred method of corporate communications following Yahoo!‘s $1bn acquisition of the site.

“There is nothing more important to us than protecting our users’ privacy. To that end, we recently announced that we will make Yahoo Mail even more secure by introducing https (SSL – Secure Sockets Layer) encryption with a 2048-bit key across our network by January 8, 2014.”

Last month documents released by NSA whistleblower Edward Snowden claimed that the NSA and Britain’s GCHQ have been tapping into the fiber used by Google and Yahoo! to connect their data-center traffic. The scheme, dubbed MUSCULAR, operated outside the US, to stay within the remit of the national laws.

The leaked documents sent two Google engineers into an apoplexy, and the search giant has already started adding encryption to its interlinks and now Yahoo! will follow suit, albeit at a more leisurely pace. Microsoft has said it is “reviewing” such a move, but doesn’t encrypt as yet.

The Yahoo! data center streams, which carry huge amounts of user and corporate information, will be encrypted by the first quarter of next year, and Yahoo! Mail users will have the option to encrypt, although it doesn’t look at this stage as though this will be the default setting.

Furthermore, Yahoo! is going to work with co-branded partners to set up HTTPS communications links overseas. Eventually Yahoo wants to encrypt all of its services, but hasn’t given a precise timescale.

“As we have said before, we will continue to evaluate how we can protect our users’ privacy and their data. We appreciate, and certainly do not take for granted, the trust our users place in us,” Mayer concluded. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/11/18/give_us_some_time_and_well_encrypt_promises_yahoo/

Companies are increasingly moving to cloud: Over the 18 months ending June 2013, enterprises boosted their use of cloud storage by 90 percent, resulting in 45 percent more revenue for cloud service providers, according to report released by Verizon.

Yet, businesses should expect bumps ahead. Attackers will increasingly focus on finding ways to compromise companies’ cloud services to gain access to the valuable data stored in those online systems. From the attempted digital coup on Cloudflare’s infrastructure to breaches at businesses services such as social network LinkedIn and e-mail marketing firm Epsilon Data Management, attackers have already shown interest in illicitly accessing enterprise data in the cloud.

While the security of cloud provides is typically better than the average company, breaches will happen, experts say. And responding to an incident will likely be more complex for businesses when the response includes a cloud provider’s infrastructure.

“The key here is to plan ahead,” says Kristy Westphal, information security officer with Element Payment Services, a secure payment processing firm recently acquired by Vantiv. “You need to know what is in your contract, what you can get access to, and what you are on the hook for.”

At the coming Cloud Security Alliance (CSA) Congress, Westphal plans to discuss strategies for minimizing the impact of a cloud breach and smoothing incident response. As a first step, companies should begin including their cloud providers in their incident response planning, finding the appropriate contact at the firm, and discovering what resources they can expect in the event of a breach.

Companies need to know the provider’s contractual obligations, because there is often a murky line between the cloud provider’s responsibilities for and the customer’s responsibilities, says Dave Dalva, vice president in the risk consulting practice at Stroz Friedberg.

In addition, companies should be familiar with the provider’s technologies, such as what mechanisms the cloud firm has for logging, he says. In multi-tenant cloud environments, separating the logs of one client from another may be difficult. Businesses should also find out if the provider will preserve data and hard drives for later forensics, and whether that is even possible in the cloud environment.

You need to make the lines of responsibility very clear, Dalva says.

“It may be very easy, or it may be very hard, but getting an appreciation for that stuff up front will make life a lot easier in the event of a breach,” he says.

[What attacks are most likely against cloud computing environments? Here’s a look — and some advice. See How Cybercriminals Attack The Cloud.]

Before moving to the cloud, company management should discuss incident response with the cloud provider. Executives and IT managers should ask whether the cloud service provider offers enough assurances to protect data and respond to breaches, says Dave Anderson, senior director of marketing at Voltage Security, a data-encryption provider.

“Do you trust your cloud provider to securely or properly manage the data you are throwing up into the cloud? If the cloud providers are saying that we are not going to provide that level of end-to-end data protection for you, then it’s up to you to do it,” he says.

The response will also depend on the type of cloud service that a company uses: platform-as-a-service (PaaS) and software-as-a-service (SaaS) will differ from infrastructure-as-a-service, such as Amazon EC2, because of the number of differences between cloud providers, says Element’s Westphal.

The most important step for companies is to practice incident response exercises and include the cloud provider in the session, she says. IT managers should know who the point of contact is at the cloud service provider and who is responsible for contacting cloud providers.

“You need to know who the players are–who would be involved and that they know what their roles are, so they are not trying to solve someone else’s issue,” Westphal says. “You can’t buy that kind of preparation. The more prepared you are, the better off you will be.”

While cloud providers may not provide much in terms of supporting incident response activities, that changing, says Stroz Friedberg’s Dalva.

“There is an opportunity for cloud providers that do do all the security stuff, and we are starting to see more effort to help clients with that,” he says.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/services/enterprises-should-practice-for-cloud-se/240164073

Hacktivist group Anonymous has been using a flaw in Adobe Systems’ software to launch a year-long campaign against U.S. government computers, according to an FBI memo.

The memo, which was obtained and reported exclusively by news agency Reuters, states that Anonymous was able to create multiple “back doors” to government systems, enabling the group to return repeatedly to steal sensitive data as recently as last month.

The campaign is continuing, and the memo, distributed last Thursday, warns agencies to check their systems for possible compromises. The U.S. Army, Department of Energy, and Department of Health and Human Services are among the agencies that have been hacked, according to the Reuters report.

According to an internal email from Energy Secretary Ernest Moniz’ chief of staff, Kevin Knobloch, the stolen data included personal information on at least 104,000 employees, contractors, family members, and others associated with the Department of Energy, along with information on almost 20,000 bank accounts, Reuters reports.

Officials linked the attacks to the case of Lauri Love, a British resident indicted Oct. 28 for allegedly hacking into multiple U.S. government agencies via a vulnerability in Adobe’s ColdFusion software, which is used to build websites.

Have a comment on this story? Please click “Add a Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/perimeter/anonymous-conducting-breach-campaign-on/240164075

A local police department in Swansea, Massachusetts, has paid cybercrooks behind the CryptoLocker ransomware attack to decrypt files locked up by the malware on police computer systems, according to local press reports.

The police department spokesman claimed that the infection had been mopped up and their systems secured, with no personal information stolen.

He went on to insist “we were never compromised”, despite the malware having infected their systems.

The department shelled out $750 (about £450) for the decryption key to retrieve its files, using Bitcoins to complete the transaction.

There are two clear problems here.

The first is that the local police department’s IT is obviously not sufficiently well-run.

Assuming the infection got in via an infected email rather than a drive-by exploit on a legitimate site (or even worse, that it was installed by a bot already active on a machine), it’s not too embarrassing that someone on the staff was tricked into running the malware on their system.

While this threat has been making headlines for several weeks, and education around avoiding opening suspicious attachments going on for considerably longer, sometimes a well-crafted piece of social engineering can take in the most cautious of users.

But even making all these allowances, in a business setting, and particularly in an environment like a police department where data privacy and integrity is vitally important, there seem to be some pretty basic failings here.

From an integrity point of view, any files which are so important they are worth paying good money to retrieve should be regularly and routinely backed up to a secure location. So, if something like CryptoLocker does destroy your local copies, you can always restore at least fairly recent versions once the infection has been cleaned out.

Even when there are good backups in place, it would seem prudent for users to be logged in with minimal rights, and for important documents to be writeable only when they are actually being worked on.

Even though local police departments may have limited IT needs, restricted budgets and few properly trained IT staff, these are fairly basic requirements.

The second dimension is more of a moral one. The advice of Naked Security, the FBI, the UK’s National Crime Agency and many others has been not to give in to crooks by paying this ransom.

Sure, there will be cases where something deeply personal or otherwise irreplaceable has been encrypted and people will be willing to pay for its return, but there should be nothing like this on a police system, at least not without proper backups.

If the files in question were vital evidence in a major case, they will have lost all value anyway, thanks to having been on computer systems that were altered by unknown third parties – the chain of evidence has been broken.

Even if the files were hugely important and still usable, most taxpayers would be less than happy to know that the police they were funding were passing on their cash to a gang of international criminals.

The only reason this type of attack succeeds is because people are willing to pay up. If no-one ever paid, there would be no ransomware.

That’s a major reason why the standard advice is not to pay, along with the fact that when dealing with crooks, you never know if you’ll actually get what you pay for.

It’s a pretty hard demand to make of anyone, and all but impossible to insist on for everybody, but it has to start somewhere; someone has to set a good example for others to follow.

If we can’t rely on the people enforcing our laws to stand up to criminals, then we’re in trouble.

Follow @VirusBtn
Follow @NakedSecurity

Image of cut-out letters courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/XFth2djm9tw/