STE WILLIAMS

Supercharge your infrastructure

John McAfee, the wild man of security software, has unveiled plans for a cheap gadget for decentralised networking that he claims can keep users safe from the prying eyes of government.

The D-Central, which McAfee hopes to produce within six months, would cost around $100, the San Jose Mercury News reports.

Technically we seem to be talking about a $100 router for building small, disconnected private networks – a “darknet” that fits in the pocket. Details are a bit thin on the ground but will be pulled together through a new business called Future Tense (which doesn’t appear to have its own website as yet).

McAfee, last seen in a tongue-in-cheek video showing how to uninstall the eponymous antivirus software using a handgun, outlined his latest plans during a talk at the C2SV Technology Conference + Music Festival in San Jose, California, on Saturday.

Steve Wozniak, co-founder of Apple, was in the audience for McAfee’s presentation. His apparently unimpressed reaction to what he was hearing can be seen here. ®

* See McAfee takes time off blogging to concentrate on being chased by police… Yes, he did. Shoe polish. Yes. Really.

5 ways to reduce advertising network latency

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/01/mcafee_antinsa_gizmo/

Supercharge your infrastructure

An as-yet-unpatched zero-day vulnerability affecting Internet Explorer is being abused much more widely than analysts had previously suspected.

The vulnerability first came to public attention last week with the Operation DeputyDog attacks against targets in Japan, as first reported by net security firm FireEye.

Websense, FireEye and AlienVault have since reported more malware-flinging campaigns exploiting this vulnerability. Several groups are using an exploit that takes advantage of security bugs in Microsoft’s flagship browser software to attack financial institutions and government agencies in various countries in the far East, using various Trojans and similar strains of malware.

AlienVault discovered a version of the exploit hosted on a subdomain of Taiwan’s Government e-Procurement System.

“When users visit the main webpage a Javascript code will redirect them to the exploit page if it is the first time they visit the page,” the security firm warns.

Websense warned that a variety of hack-for-hire groups are exploiting the recently discovered “zero-day” vulnerability in Microsoft Internet Explorer to steal vital data from companies in the Asia Pacific region. These attacks are far more widespread than previously thought.

FireEye adds that various groups are involved in these attacks, even though in at least some cases they are using the same infrastructure but using it to push different malware, such as the PoisonIvy remote access trojan (RAT), and not the DeputyDog malware associated with the attacks against Japanese targets that first set off the alarm bells.

“Since we first reported on Operation DeputyDog, at least three other Advanced Persistent Threat (APT) campaigns known as Web2Crew, Taidoor, and th3bug have made use of the same exploit to deliver their own payloads to their own targets,” write FireEye researchers Ned Moran and Nart Villeneuve in a blog post.

“It is not uncommon for APT groups to hand-off exploits to others, who are lower on the zero-day food chain – especially after the exploit becomes publicly available. Thus, while the exploit may be the same, the APT groups using them are not otherwise related.”

“In addition, APT campaigns may reuse existing infrastructure for new attacks. There have been reports that the use of CVE-2013-3893 may have begun in July; however, this determination appears to be based solely on the fact that the CnC infrastructure used in DeputyDog had been previously used by the attackers. We have found no indication that the attackers used CVE-2013-3893 prior to August 23, 2013.”

In related news, Rapid7 has added Internet Explorer exploit CVE-2013-3893 to Metasploit, allowing penetration testers and sysadmins to inspect systems for exposure to the vulnerability. But from the latest developments it appears it has gone mainstream.

Carl Leonard, senior security research manager EMEA at Websense, commented: “Websense estimates that close to 70 per cent of Windows-based PCs are vulnerable to this exploit. Given the huge attack surface, the actors behind these campaigns are racing to target companies before a patch becomes available.”

“In addition, we anticipate that as more information of this zero day comes to light, the exploit will be weaponised and packaged into exploit kits rapidly, greatly increasing the number of attackers with access to this exploit,” he added.

Websense advises sysadmins to install the Microsoft FixIt workaround as a safeguard against attack, pending the availability of a more complete patch from Microsoft. This will hopefully be available for the next edition of Patch Tuesday (8 October). ®

5 ways to reduce advertising network latency

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/10/01/ie_0day_widely_exploited/

Coming out of its annual conference last week, Oracle made it clear that it’s moving to stave off big data vendors’ plays for its core database business. Part of that strategy was a visible launch of an in-memory database processing option that Larry Ellison said speeds “query processing by orders of magnitude” and doubles transaction processing rates. But what of security? Often big performance gains can bring with them equally big headaches, but at this point many database security experts say that in-memory functionality won’t add too many unique security threats to the enterprise environment.

“I do not foresee any new attack vectors on in-memory databases,” says Adrian Lane, analyst and CTO for Securosis. “I believe the motivation is to counter some of the loss of business to customers that are adopting in-memory flavors of big data.”

[Your organization’s been breached. Now what? See Establishing The New Normal After A Breach.]

In some ways, Oracle’s strategy could actually help organizations minimize risk while still reaping comparable performance to big data storage models that may not be as much of a known commodity as the traditional relational database management system. According to an InformationWeek Reports analysis written by Lane earlier this year, big data security is very much different than relational database security due to the “distributed architecture that poses a unique challenge.”

According to Josh Shaul, CTO of database security vendor Application Security Inc., the added option of in-memory caching shouldn’t change the database model enough to shift any security paradigms.

“I’m speculating that the in-memory 12c database won’t have much of a different security profile than your typical disk-based system,” Shaul says.

A vocal critic of Oracle’s security missteps in the past, Shaul says that Oracle “did a lot of good work” in developing additional security features to Oracle Database 12c.

“Hopefully all of those security features will be present when you run 12c in-memory,” he says. “The performance numbers Oracle is touting will be very attractive to many of their clients that struggle to work with massive quantities of data — it’d be great to see those performance problems solved in a secure environment.”

While it is still too early to know where exactly security researchers might set their sights to pick apart the new option, Imperva CTO Amichai Shulman says that beyond the “usual number of bugs” that can be found in complex software like 12c, the new in-memory functionality could potentially pile on additional risk of denial-of-service (DoS).

“I think that from a security perspective, the added risk introduced by such an offering is of DoS due to fast, uncontrolled memory consumption,” Shulman says.

But enterprises should remember not to be complacent about those “usual” bugs — they’re probably lurking there in this first iteration of the new feature, says Slavik Markovich, vice president and CTO of database security for McAfee.

“Whenever a company introduces a big new something, they introduce also a lot of security issues with it,” says Markovich, explaining that security always comes second to functionality. “Just as recently as the release of Oracle 12c, they introduced a lot of features, and while introducing these great features, they also introduce security issues. I’ve already personally seen 10 new zero-day vulnerabilities that could really compromise your database that are being reported to Oracle now.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/database/only-ho-hum-security-holes-ahead-for-in-/240162010

Costa Mesa, Calif., Oct. 1, 2013 — Experian, the leading global information services company, today announced a definitive agreement to acquire 41st Parameter, the market leader in device identification technology and web fraud detection. 41st Parameter will strengthen Experian’s global web fraud detection and risk-based identity authentication capabilities.

Consumers around the world are increasingly reliant on a variety of Internet-connected devices for everything from banking to shopping to entertainment and media. Creating relevant on-line customer experiences and preventing fraud are large and growing business challenges. 41st Parameter’s patented device identification technology enables clients and their consumers to interact on the web effectively and securely, recognizing consumers to reduce fraud losses.

“This acquisition is part of our commitment to provide the most complete set of fraud detection and identity authentication capabilities on the market today,” said Joy Griffiths, global managing director, Experian Decision Analytics. “We are pleased to incorporate 41st Parameter’s web fraud detection to enable our clients to make real-time security decisions that improve their business profits.”

Businesses use 41st Parameter products to enhance efficiency and improve the customer experience through an approach known as “risk-based authentication.” Risk-based authentication is a method of applying varying levels of stringency to authentication processes based on the likelihood that access to a given system could result in it being compromised. This allows businesses to apply the right level of security for each activity, instead of using the same approach regardless of the value and risk associated with each transaction.

“In today’s digital world, organizations need to recognize the devices used by their customers in order to provide a safe and effective experience,” said Alan Naumann, President and CEO of 41st Parameter. “I am excited that by combining our team with Experian we can together deliver very unique and effective solutions to our mutual clients around the world.”

41st Parameter sets itself apart from other products in the cyber security market with superior device intelligence and by reducing fraud detection errors known as “false positives” which result in customer frustration and lost sales. Typical uses include detecting fraudulent activity when a new account is opened, determining the risk associated with a Card Not Present (CNP) online transaction, and protecting consumers from fraudulent attempts of account takeover.

41st Parameter was founded in 2004. With offices located in the Silicon Valley in California, Arizona, UK, and Tokyo, 41st Parameter helps the world’s leading financial institutions, eCommerce merchants, online travel provides and digital media organization more effectively and more securely serve their digital consumers.

“From day one, our vision was to set our company apart from other businesses in the cyber security market with superior device intelligence,” said Ori Eisen, Chairman and Founder of 41st Parameter. “As a market leader, I am pleased that we are now joining Experian to continue our quest in helping safeguard and protect companies from web-based fraud threats.”

About Experian

Experian is the leading global information services company, providing data and analytical tools to clients around the world. The Group helps businesses to manage credit risk, prevent fraud, target marketing offers and automate decision making. Experian also helps individuals to check their credit report and credit score, and protect against identity theft.

Experian plc is listed on the London Stock Exchange (EXPN) and is a constituent of the FTSE 100 index. Total revenue for the year ended March 31, 2013, was US$4.7 billion. Experian employs approximately 17,000 people in 40 countries and has its corporate headquarters in Dublin, Ireland, with operational headquarters in Nottingham, UK; California, US; and So Paulo, Brazil.

For more information, visit http://www.experianplc.com.

Article source: http://www.darkreading.com/end-user/experian-to-acquire-device-identificatio/240162061

BURLINGTON, Mass., (October 1, 2013) – Arbor Networks, Inc., a leading provider of DDoS and advanced threat protection solutions for enterprise and service provider networks, today announced major scalability and performance improvements as well as the introduction of “Flex Licensing” options to Peakflow SP, the de facto standard for network intelligence and infrastructure availability.

“With the Peakflow SP 6.0 release, we’re giving customers the performance, scalability and the flexibility they require to secure distributed and complex network environments. For example, for the first time, customers have the option to deploy the Peakflow SP solution on Arbor hardware, virtual machines or both. Flex Licensing will allow our customers to cost effectively deploy the Peakflow SP solution pervasively across their network – from the peering/transit edge, to the core backbone, to the customer edge – vastly improving their traffic visibility and advanced threat protection,” said Arbor Networks President Colin Doherty.

“Arbor has been a key player in the service provider market for a decade, largely due to the success of the Peakflow SP platform. This release shows why Arbor has been able to maintain a leadership position for so long. They have never stopped innovating or listening to their customers,” said Jeff Wilson, principal analyst with Infonetics Research.

Peakflow SP Solution

Many of the world’s leading service providers and largest enterprise network operators rely on Arbor’s Peakflow SP platform to proactively help fend off advanced threats such as botnets and volumetric and application-layer DDoS attacks, thereby strengthening the availability and quality of their services.

Arbor’s Peakflow SP platform includes two main components, Peakflow SP and the Threat Management System (TMS). Peakflow SP combines network-wide anomaly detection and traffic engineering with TMS’s carrier-class threat management that automatically detects and surgically removes only attack traffic while maintaining other business traffic. The Peakflow SP platform also powers many of the world’s leading cloud-based DDoS managed security services.

New features and benefits of the Peakflow SP 6.0 release:

Flexible Licensing and Virtual Deployments

Independent platform and software licenses, support for virtual machines.

Lower capex cost, less expensive purchase and expansions, less hardware required.

Faster deployments and upgrades and lower total cost of ownership.

Scalability Performance Improvements

5X increase in the number of routers supported per Arbor flow collector and per Peakflow SP deployment, enabling customers to expand to customer edges of their network.

3X increase in NetFlow collection (Flows Per Second), enabling greater visibility and threat detection.

2X increase in number of managed objects, enabling customers to manage more customers per deployment.

5X increase in number of users, increases reach of managed DDoS Protection services.

Attack Mitigation Improvements

A new TMS 2300 which is software upgradeable from 1Gbps to 10Gbps of mitigation capacity.

New attack counter measures and enhanced Cloud Signalingtrade functionality “cloud signaling.”

Up to 4 TB of total mitigation capacity per deployment.

About Arbor Networks

Arbor Networks, Inc. helps secure the world’s largest enterprise and service provider networks from DDoS attacks and advanced threats. Arbor is the world’s leading provider of DDoS protection in the enterprise, carrier and mobile market segments, according to Infonetics Research. Arbor’s advanced threat solutions deliver comprehensive network visibility through a combination of packet capture and NetFlow technology, enabling the rapid detection and mitigation of malware and malicious insiders. Arbor also delivers market leading analytics for dynamic incident response, historical analysis, visualization and forensics. Arbor strives to be a “force multiplier”, making network and security teams the experts. Our goal is to provide a richer picture into networks and more security context – so customers can solve problems faster and help reduce the risk to their business.

To learn more about Arbor products and services, please visit our website at arbornetworks.com. Arbor’s research, analysis and insight, together with data from the ATLAS global threat intelligence system, can be found at the ATLAS Threat Portal.

Article source: http://www.darkreading.com/perimeter/arbor-networks-strengthens-network-intel/240162045

Popular fiction usually dictates that the primary cyber foe of big business is a young, nerdish and exceedingly smart computer hacker, with a grudge against practically anyone and everyone. It may be this particular cliched (and false) stereotype of a hacker that many business analysts and executives have in turn used as justification for testing the defenses of their organization in a particular way. While some may supplement this image of a hacker with concrete bunkers filled with uniformed cyber warriors if they feel worthy of state-initiated attacks, it is a sad fact that many of the methodologies currently employed by organizations to evaluate the tiered defenses of their organization are tired and dated.

The reality of the situation is that organizations are much more likely to be breached through fairly average malware than through the deliberate and chained exploitation of system vulnerabilities. That’s not to say that “classic” hacking isn’t a problem, but the scale of the threat today is like battling mosquitoes while ignoring the lion gnawing at your arm.

Modern penetration testing methodologies continue to follow a very predictable pattern and, in practically every assessment I’ve ever been involved in or overseen for the last decade, has yielded vulnerabilities that were critical in nature. While these vulnerabilities are flagged for remediation and are often fixed within days of identification, the organization is still left to battle a barrage of social engineering attacks designed to install malware upon victim devices and to serve as jump points into other sectors of the business.

In recent years organizations have increased the number and sophistication of the defensive layers they use to battle malware-based intrusion. In general, these defenses have improved the security stature of those organizations that make the investment. However, the increased need for roaming user support, BYOD, encrypted communications, and third-party app markets, has in turn exposed those same organizations to new kinds of attack vectors for which they have little appreciation of the dynamics of the threat, nor the ability to quantify the status of their recently deployed anti-malware defenses.

It has become necessary for penetration testing methodologies to better reflect the true nature of the threat and to replicate the methods used by an attacker. In particular, penetration testers need to now incorporate malware and malware-specific delivery techniques into their testing routine.

As trivial as it may seem, including malware into a penetration test or security assessment is not a simple task. The variety of delivery vectors and the effort needed to stage an attack is something that few penetration testers have had to involve themselves with in the past. There’s also the complexity of crafting malware-based payloads that not only report back their successes, but also provide for rapid cleanup after an engagement is over.

That said, it would be remiss of security consultants or ethical hackers to not test the robustness and capability of their client’s networks to counter malware-based threat vectors. The choice to not employ malware for lateral movement and compromise within the client’s network may be a reflection of inadequate scoping or a poor understanding of the modern threat spectrum.

Regardless, the onus is upon the security consultants themselves to duplicate the means and capability of a modern hacker – and, by foregoing malware, they are playing to outdated threats and past stereotypes.

— Gunter Ollmann, CTO, IOActive Inc.

Article source: http://www.darkreading.com/attacks-breaches/penetration-testing-with-honest-to-goodn/240162078

Bellevue, WA (October 1, 2013) – On the 10th anniversary of the National Cyber Security Awareness Month, the Online Trust Alliance (OTA) today announced a three-part initiative to advance industry self-regulatory efforts addressing security and privacy issues that affect consumers and businesses worldwide.

Networks of malicious malware – known as botnets and fraudulent ads are at the center of online privacy and security concerns. The explosive rise in botnets is estimated to have compromised one in 10 home-based computers. Concurrently, international cybercriminals are increasingly using malicious and fraudulent advertising, known as malvertising to compromise users’ privacy, bank accounts and to facilitate identify theft. In just the past twelve months, OTA estimates over one-billion malicious ad impressions were served to unsuspecting consumers as they surf the web. Counter-measures introduced by OTA today to combat this problem include:

• Botnet Remediation Removal Best Practices

• Fraudulent Advertising Customer Risk Framework

• Customer On-Boarding Best Practices for Hosters and Cloud Service Providers

OTA was recognized by the White House last year and recently re-appointed by the Federal Communications Commission to the Communications Security, Reliability and Interoperability Council, OTA as a leading convener of multi-stakeholder efforts. OTA works across the ecosystem with commerce sites, advertisers, hosters, ISPs, financial instructions, and security vendors to provide prescriptive advice to help neutralize botnets, stem the spread of malicious and fraudulent advertising, and help cloud service providers identify fraudulent businesses.

“It is critical that we implement technical safeguards, but also equip business and internet intermediaries with the tools needed to help stem the tide of cybercrime,” said Craig Spiezle, executive director and president OTA. “By implementing these practices, consumers, businesses, and industry will mutually benefit. Businesses who fail to adopt are unnecessarily putting consumers at risk.”

“We have a shared responsibility to help prevent, detect, and remediate the spread of botnets. Collaboration among ISPs, the security community, OS providers, banking and commerce sites is a key to fighting these threats. It is critical for users to keep their software applications up-to-date including protection from malicious downloads and dubious apps,” said John Scarrow, general manager of online safety service at Microsoft.

“One ‘bad actor’ can hurt an ESP’s or hoster’s overall reputation and adversely affect the reputation of other customers using the same infrastructure. Having a solid vetting process in place can obviously help minimize the risk to an organization’s reputation,” said James Koons, chief privacy officer at Listrak. “Being on the front lines we have learned vetting is a great opportunity to detect fraud while enhancing client relationships. OTA’s New Account Risk Framework is an excellent tool for any organization and underscores the value of collaboration and data sharing.”

Recognizing that over one billion malicious ad impressions were served this past year, the OTA Advertising Security Working Group has been working with publishers, ad networks, and advertisers. Based on their analysis upwards of 60% of malvertising is attributed to cybercriminals merely masquerading as legitimate advertisers or agencies inserting malicious and fraudulent ads. These prescriptive guidelines will make a significant dent into the threats which are undermining the trust and integrity of online advertising.

“Protecting the integrity of online advertising is critical to the industry and the vitality of the internet. The combination of malvertising, click fraud, and ads from fraudulent companies is undermining consumer trust, which in turn undermines marketing effectiveness. We call on our partners and fellow ad networks to adopt these best practices to help stem the tide of fraudulent and malicious advertising,” said Paul Harrison, co-founder and chief technology officer at Simpli.fi. “We applaud OTA’s leadership to help protect consumers’ data, identity and privacy from abuse.”

These documents and additional resources are available at https://otalliance.org/resources. OTA will be hosting webinars providing prescriptive advice to enhance consumer protection and online trust.

Thursday, October 3, 9 AM PDT – Noon EST

On-Boarding Best Practices for Ad Networks, Hosters Cloud Service Providers

https://cc.readytalk.com/r/qg2gdfyhikcyeom

Friday, October 4, 9 AM PDT / Noon EST

Anti-Botnet Remediation Best Practices

https://cc.readytalk.com/r/6xwcmo5v6ceveom

Article source: http://www.darkreading.com/privacy/online-trust-alliance-embraces-national/240162062

HD Moore’s Internet-scanning projects are epic: the renowned researcher has exposed major holes in embedded devices, home routers, and corporate videoconferencing systems, and other equipment on the public Internet that is open to abuse by bad guys. But even with the groundbreaking findings by Moore and by other researchers of these sitting-duck systems, for the most part the devices remain exposed and unfixed.

Moore and his counterparts hope all that will change with the help of a newly formed community Internet-scanning initiative called Project Sonar, which was announced this week by Rapid7, where Moore serves as chief research officer. The goal of Project Sonar, which also includes the University of Michigan, is for researchers to share their data and help educate vendors whose products are discovered via the scans — and ultimately, to raise public awareness of the vulnerability of this Internet-facing equipment.

“The more [who] are involved, the easier it will be to do research in the future,” says Moore, who is also the creator of Metasploit. “It doesn’t make sense to stop this kind of work. We need to know what’s out there” exposed, he says.

But Moore says progress in fixing the vulnerable Internet devices accessible via these open-systems scanners has been frustrating. “The depressing thing from my point of view is we identify vulnerabilities and shiny new bugs … But things get worse in the infrastructure,” he says. He says the state of security in UPnP devices remains poor. Moore revealed earlier this year that his scans had uncovered 40- 50 million networked devices in harm’s way via flaws in the pervasive Universal Plug and Play (UPnP) protocol that’s enabled by default in most printers, routers, network-attached storage, IP cameras, media players, smart TVs, and even video game consoles.

The situation isn’t much better for Internet-facing servers and workstations, even after Moore and researcher Dan Farmer earlier this year found were vulnerable to major flaws in the Intelligent Platform Management Interface (IPMI) protocol and the Baseboard Management Controllers (BMC) packaged with most servers for remote management purposes.

The underlying theme with many of these and other exposed devices on the public-facing Internet is default backdoor-type access by the vendors for internal ease of access and use, including default passwords, as well as customers either unaware or not understanding the looming dangers of the holes sitting exposed on the Internet.

Getting ‘Abuse’ For Helping
One of the biggest challenges faced by Moore and other researchers who conduct Internet scanning research is the abuse complaints waged against them. “People don’t like being scanned, and complain to our ISP. Most people can’t scan the Internet because their ISP would quickly just cancel their account rather than put up with the abuse complaints. In many ways, this is a good thing, because that’s how they shut down hackers and viruses, but it has the side effect of shutting down good white-hat research like this,” says Robert Graham, CEO at Errata Security, who has built his own open-source tool for the task called Masscan.

Project Sonar is expected to attract more security researchers into scanning the Net for vulnerable equipment as well. “White hat researchers have been secretive about their scans in the past. Now they can come out of the closet about it,” Graham says.

Moore says Project Sonar should help provide a more unified and official front for this type of research going forward. “There is safety and power in numbers,” he says. And having security companies, universities and other respected organizations behind it will help the image of this type of research, Moore says, which is often misunderstood.

Vendors with exposed products also will benefit, he says, with data on their market share as well as inventory of some of their older equipment, for instance, he says. “They may not realize that the IPS product they shipped six years ago” is still being sold out there, for example, Moore says.

The University of Michigan, which recently released Zmap, a tool that can survey the entire IPv4 Internet space in less than an hour, will host Project Sonar’s data.

[A network scanner designed from scratch by three University of Michigan researchers can scan the entire IPv4 Internet in about 45 minutes, drastically reducing the speed at which such scans can be accomplished. See Fast Scanning To Fuel ‘Golden Age’ Of Global Flaw Finding.]

“Rapid7 Labs believes the only way to make meaningful progress is through data sharing and collaboration across the security community as a whole. As a result, we launched Project Sonar at DerbyCon 3.0 and urged the community to get involved with the research and analysis effort. To make this easier, we highlighted various free tools and shared a huge amount of our own research data for analysis,” blogged security researcher Mark Schloesser, who also included information on the open-source tools for scanning as well as best practices.

Errata Security’s Graham, meanwhile, says he hopes the community model will encourage white-hat research of Internet-facing vulnerabilities to keep this research alive. “So far, we’ve been extremely open about our scans, blogging about them, announcing them, disclosing summaries of the results, adding people to our ‘exclude’ list, and so forth,” Graham said in an email interview. “But in the future, we may have to go to the dark side — by which I mean the same dodgy ISPs that spammers, scammers, and hackers use. We’d still be open about it, of course, it’s just that the source will appear less legitimate.”

Among the big takeaways from his Masscan port scans is that exposed home routers and access points are rampant, Graham says. “My message is home users is this: that device you bought to connect you to the Internet? I give it a 70% chance I can hack it — easily. Sure, some are secure, it’s just that most aren’t. And more expensive or ‘feature rich’ or ‘secure’ devices from more ‘reputable’ vendors are no different in this respect than any other vendor/device,” he says.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/vulnerability/researchers-unite-to-scanallthethings/240162079

It’s important to consider the benefits that an awareness month can bring as a whole. When you think about some of the wildly successful awareness months, National Breast Cancer Awareness Month comes to mind. There are fundraising walks. Delta Airlines repaints some of its planes pink in honor of the month. There are events throughout the country and a good portion of the world. There is nothing otherwise special about the month, except as it serves as a rallying cry for people to take action.

Now, as the 10th anniversary of National Cyber Security Awareness Month (NCSAM) begins today, it’s time to take advantage of the benefits that it similar offers. While it might not be a standard practice to normally devote attention to information security, security awareness practitioners can now contend that extra corporate attention should be placed on your efforts.

It is a good time to let rally extra support from management to put on events, get permission to set up awareness booths, pass out literature, get space on corporate intranet sites, send out extra messages to the staff, etc. NCSAM is a catalyst to get extra attention for your programs, which is another way of saying that you get more awareness of your awareness campaign.

If you have already started planning, try to make the most of it. If you haven’t yet put something together, now is the time to try to get started. If you are short on resources, we put together an NCSAM Support Package that provides a turnkey NCSAM program.

While it is not likely that anyone will be repainting an airplane to support our cause, there is still a lot of support to be had. Take advantage of the momentum. More important, make sure that you keep the momentum going after the month is over.

Ira Winkler is president of Secure Mentem

Article source: http://www.darkreading.com/attacks-breaches/make-the-most-out-of-national-cyber-secu/240162081

A startup founded by a DDoS defense pioneer has launched a new service that acts as a backup to your existing DDoS prevention service.

Distributed denial-of-service (DDoS) attacks have changed dramatically in the past decade since Barrett Lyon, who helped establish the DDoS mitigation market, and other security experts were fighting mainly extortionist attackers holding machines for ransom. Lyon, founder and CTO of a new startup called Defense.net, says his firm is filling a new requirement for “re-insurance” in DDoS defenses in the face of more powerful and pervasive attacks.

Defense.net offers a new service called SWAT that is at the ready when an organization’s primary DDoS service provider is hit and overwhelmed by concurrent attacks on multiple customers, for example. The startup says SWAT sits on standby in case of a major and widespread DDoS event, such as the wave of attacks recently waged on U.S. financial institutions.

“We stand behind whatever primary DDoS [service] you have. We configure with you network so that in the event they go down, within eight seconds, you can go to us during those hours your primary vendor is down,” says Chris Risley, CEO of Defense.net. Risley says the SWAT service provides ten times the capacity per customer as other DDoS service vendors provide, noting that regulators and banks are worried about more industry-wide DDoS attacks overwhelming their existing DDoS defenses.

Lyon says SWAT in theory could serve as a first line of DDoS defense. “But that’s not where we’re focusing,” he says. “This is a big re-insurance opportunity, and our investors have backed us to pursue it.”

Defense.net’s Risley says his firm expects hacktivists in the fourth quarter of this year to exploit newly discovered flaws in the intelligent platform management interface (IPMI) found in Web servers. These flaws include exploitable privilege escalation, shell injection, and buffer overflow.

And government-sponsored attackers are getting more sophisticated toolkits for their attacks, which is also raising the risks, he says. “We think these attacks are going to continue to grow,” Risley says.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/attacks-breaches/when-your-ddos-defense-service-fails/240162096