STE WILLIAMS

Supercharge your infrastructure

Stepping outside its normal Patch Tuesday cycle, Microsoft has rolled out an emergency fix to an Internet Explorer bug that was under active malware attack.

This advisory provides access to “Fix it For Me”, with a more detailed outline of the CVE-2013-3893 vulnerability here. All versions of IE 6 to 10 are affected.

As Microsoft writes, the vulnerability “exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”

The current temporary fix is designed to prevent exploitation of the bug, with a permanent fix presumably to follow. In this TechNet post, Microsoft’s Dustin Childs writes that IE users should take further action:

• Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones;
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones.

Childs notes that both of these actions “may affect usability” and suggests adding trusted sites to the Internet Explorer Trusted zone.

Since the stopgap “Fix It” patch isn’t being rolled out automatically, users have to take their courage in their own hands and download it themselves. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/17/redmond_slips_out_emergency_ie_fix/

Supercharge your infrastructure

Infamous Chinese hacktivist group Honker Union has shortlisted a whopping 270 Japanese targets for attack today – the anniversary of the Manchurian Incident, which was the precursor to the Japanese invasion of China.

The group singled out Japan’s Ministry of Foreign Affairs, the Prime Minister’s Office and other ministries, agencies, local government and media organisations on a bulletin board notice seen by NHK.

The Chinese hacktivists have previous when it comes to launching online attacks against Japanese targets.

Around the same time last year, they launched DDoS attacks on at least 19 government sites including the Defence ministry and Internal Affairs and Communications ministry, and defaced others – including the web site of the Supreme Court – with the Chinese flag.

Around 300 sites were shortlisted last year with over 4,000 individuals posting messages about planned attacks on Chinese chat site YY.

Although last year’s September 18th anniversary had even more impact as Tokyo had just purchased the disputed Senkaku islands, much to China’s anger, the date remains a contentious one between the two countries.

The Manuchrian, or Mukden, Incident of 18 September 1931 saw Japan attempt to blow up a railway line it owned near Mukden in northern China.

The Imperial army then used the incident as an excuse to invade and occupy the region, leading to widespread international condemnation and Japan’s withdrawal from the League of Nations.

Chinese hacktivists aren’t only focusing their ire outwards, however.

It emerged this week that some cyber miscreants had hacked the local government web site of Shaoxing, Zhejiang province, and defaced it with screenshots of traditional Mooncakes depicted anti-Communist Party slogans.

Mooncakes are commonly eaten during the mid-Autumn festival in China, usually with a message of “longevity” and “harmony” baked into the top.

However, these cakes apparently had the rather more controversial: “Bite to Death the CCP”, “Overthrow CCP”, “Bitterly Hate CCP”, and “Get Lost, CCP”. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/18/honker_union_270_japan_targets_manchurian_incident/

Supercharge your infrastructure

People who access the internet through the anonymizing Tor network are much more likely to be up to no good than are typical internet users, according to a study by online reputation–tracking firm Iovation.

The company announced on Tuesday that 30.2 per cent of the transactions it logged as coming from the Tor network during the month of August were fraudulent, compared to a 1 per cent fraud rate for internet transactions as a whole.

Tor disguises the source of internet connections by shuttling them through hard-to-follow network routes and assigning them IP addresses at random from a pool distributed around the globe. While it’s not too hard to tell whether a connection is coming from Tor, it’s extremely difficult to know just who is behind any given connection, or even where in the world they are located.

For that reason, while Tor has often been used for political activism, whistleblowing, and other risky but laudable activities, it is also home to a shady underworld of less-praiseworthy dealings, ranging from drug trafficking to child pornography. The online black market Silk Road conducts its business entirely over Tor.

Online criminals have recently begun experimenting with using Tor as a cover for other kinds of internet traffic, as well. The number of clients accessing the network on a daily basis doubled in August when the Mevade.A botnent began using Tor to route its command and control data.

Little wonder, then, that Iovation found that nearly a third of all Tor transactions were suspect – and the company isn’t just talking about sales on Silk Road, either.

“Transactions simply means any online action at one of our customer sites like online purchases, account registrations, credit applications, logins, wire transfers, comments, etc,” Scott Olson, Iovation’s VP of product, told The Reg via email. “Any interaction where fraud or abuse are of concern to our subscribers.”

Iovation’s ReputationManager 360 service can’t identify individual Tor users, but it can spot traffic that originates from known Tor IP addresses, called “exit nodes.” To conduct its study, it analyzed 240 million transactions conducted in August 2013 and compared the fraud rate of Tor traffic to that of the whole.

Iovation is making the ability to identify Tor traffic generally available to its ReputationManager 360 customers at no charge beginning on Tuesday.

“Tor in itself isn’t a bad service,” Olson told El Reg. “It can be used for positive things as well as fraudulent things. For our clients, they are concerned with mitigating risk and in this case, Tor is disproportionately associated with a much higher fraud rate for online purchases, account applications, logins (through account takeovers), etc.”

Iovation isn’t the first to identify this problem. As recently as August, the head of Russia’s Federal Security Service said he would like to block Tor traffic at the national level as part of the country’s anti-terrorism efforts.

Although blocking all Tor traffic would be challenging, blocking traffic that re-enters the mainstream internet via Tor exit nodes is comparatively easy. Wikipedia prevents editing by Tor users, for example, and if Tor’s reputation for being rife with bad actors grows, more sites may choose to do the same. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/18/study_finds_onethird_of_all_tor_traffic_is_fraudulent/

Supercharge your infrastructure

Phil Collins’ actress daughter is the celebrity most likely to give your equipment a nasty virus, security firm McAfee has warned.

Its annual McAfee Most Dangerous Celebrities^TM study warned clicking on search links after Googling Lily Collins could flood your system with malware.

The second most infectious celeb is Sk8r Boi singer (or should that be singr?) Avril Lavigne, followed by Sandra Bullock. The only man on there is Jon Hamm, the famously well-endowed star of Mad Men.

McAfee also found that searches for female celebrities’ names carry more malware than those for the male stars.

Searching for a celebrity name along with terms like “free app download” and “nude pictures” is basically a recipe for an infection, McAfee warned.

“Today’s consumers often are completely unaware of security risks when searching for celebrity and entertainment news, images and videos online, sacrificing safety for immediacy,” said Paula Greve, director of web security research at McAfee. “Cybercriminals prey on consumers’ addiction to breaking news and leverage this behavior to lead them to unsafe sites that can severely infect their computers and devices and steal personal data.”

And before you ask: no, we’ve not heard of Lily Collins either. She’s the played the lead in The Mortal Instruments: City of Bones, apparently. We’re not going to Google her to find out. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/18/phil_collins_daughter_will_give_you_a_virus/

Email delivery: Hate phishing emails? You’ll love DMARC

Microsoft says one of the big selling points for Windows Phone is that some customers like the idea of using its software everywhere.

Redmond imagines customers keen on messaging will run Exchange on Windows Server and then use Outlook or a modern email app under Windows 8 on a PC or fondleslab, and Windows Phone 8 for mobile email, with Office 365 lurking in the background for added flexibility. Folks who chose this route will, Redmond reckons, enjoy optimally integrated goodness and a consistent user experience everywhere.

When you’ve got a hammer, the saying goes, everything looks like a nail. And when you’re Microsoft, Microsoft looks like the answer to everything. In reality plenty of products carve out niches doing certain things exceptionally well, with BlackBerry’s secure messaging services being a fine example of specialisation in action. One of the reasons BlackBerry is still drawing breath is that it can point to a wall covered in certificates signed by the US Department of Defence and its global brethren and attesting to just how securely it can move data.

Microsoft’s wall bears many similar plaques for other products, but fewer nails have besmirched the plaster on the section reserved for mobile phone certificates.

That’s now changed. Microsoft has announced that Windows Phone 8 has earned the good secret keeping seal of approval by picking up the FIPS 140-2 accreditation that means the US National Institute of Standards attests to the operating system’s cryptography features being sufficient for “Sensitive, but Unclassified” communications.

Securing the FIPS 140-2 accreditation means Redmond can sell Windows Phone 8 to the US Federal Government, which is usually keen to favour local companies.

And the rest of us? Redmond’s sales reps will surely be talking up Windows 8’s “government grade security” any day now in an effort to make sure smartmobe buyers concerned by the state of BlackBerry’s balance sheet understand the alternatives. BlackBerrry also posseses the FIPS 140-2 certificate, but can still outgun Redmond as its new kit is certified to run on Department of Defence networks. ®

5 ways to reduce advertising network latency

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/18/microsoft_puts_something_hard_and_sensitive_in_your_pocket/

Supercharge your infrastructure

Firefox maker Mozilla has pushed out a new version of its web browser in which multiple security vulnerabilities have been fixed – and seven of them are rated as critical.

Firefox 24, released on Tuesday, grapples with a total of 17 exploitable flaws: the most dangerous of the squashed bugs, which could have allowed an attacker to remotely execute code or install software on a victim’s computer, are:

• A garbage collection bug
• Memory corruption when scrolling a page
• Buffer overflow with multi-column, lists, and floats
• Use-after-free with select element
• Use-after-free in Animation Manager during stylesheet cloning
• Integer overflow in ANGLE library
• Miscellaneous memory safety hazards

The other 10 bugs are rated highly or moderately threatening. More details can be found on Mozilla’s security advisory page here.

Firefox 24 is available in Windows, Mac OS X, Linux and Android flavours. The Android version of the cross-platform update includes WebRTC support for video calling. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/18/firefox_24_update/

Supercharge your infrastructure

The NSA doesn’t only hoover up your emails, web surfing habits and phone call metadata – they also harvest your credit card records and banking transactions.

The latest leaks from whistleblower Edward Snowden reveal that the NSA is monitoring international banking and credit card transactions that pass through the Society for Worldwide Interbank Financial Telecommunication (SWIFT) as well as the systems of several companies, including Visa. Anyone who has tried to transfer money between two countries will know that the SWIFT network is used by more than 8,000 banking institutions in over 200 countries to “securely” send their customers’ transaction information.

According to the leaked documents, the aptly named “Follow The Money” ¹ NSA team takes a lead in monitoring international financial transactions, German news magazine Der Spiegel reports.

These monitored transactions end up as entries in an NSA database called “Tracfin”, which held 180 million records in 2011, according to revelations from Snowden. The majority of these records (84 per cent) covered credit card transactions, captured under a programme called “Dishfire”, according to the documents seen by the German paper.

Only 180 million records? How abstemious…

SWIFT processes over 15 million transactions every day, so the real surprise in the latest revelation is that the Tracfin database only stores 180 million records. The US Treasury, a separate branch of the US government, already has an openly known information-sharing agreement where the US can issue subpoenas to Brussels-based SWIFT for information about international transactions by suspected terrorists. More details on the Terrorist Finance Tracking Program can be found on the US Treasury website.

Foreign targets

According to the documents seen by the paper, the NSA’s financial records database targets transactions in Europe, the Middle East and Africa and is designed to track terrorism-related financial transactions. The spying operation targets non-US citizens and so is less legally contentious than the dragnet surveillance of Verizon call record metadata – which was yesterday defended by a Foreign Intelligence Surveillance Court judge as being “authorized under the 2001 law known as the Patriot Act” – or the PRISM web surveillance programme, to quote just two examples.

Deal or no deal?

The latest revelations do, however, raise questions about whether core systems at Visa and SWIFT were compromised by the US’s signals intelligence agency or whether they acquiesced to its demands.

In a statement, Visa told Der Spiegel that “we are not aware of any unauthorised access to our network” adding “Visa’s policy to only provide transaction information in response to a subpoena or other valid legal process”.

According to the documents, NSA spied on SWIFT, using “multiple techniques”. Tactics apparently included reading SWIFT printer traffic from numerous banks.

The documents also revealed that even close allies of the NSA within the intelligence community had apparently expressed reservations about widespread spying on financial records.

Der Spiegel noted that memos within the leaked documents, purportedly from British intelligence agency GCHQ, had cautioned that:

…the collection and sharing of “politically sensitive” [financial transaction] data is a highly invasive measure since it includes “bulk data – rich personal information. A lot of it is not about our targets.”

SWIFT and Visa were earlier named alongside Petrobas as targets of NSA spying by a Brazilian TV programme earlier this month.

A follow-up analysis by Spiegel Online, written by filmmaker turned Snowden collaborator Laura Poitras and others, can be found here. ®

Bootnote

¹ Watergate whistleblower “Deep Throat” famously told Bob Woodward and Carl Bernstein, the Washington Post reporters investigating the Watergate scandal that brought down the Nixon administration, to “follow the money” to unearth links between the burglars and the administration. Deep Throat was identified as former FBI associate director Mark Felt after he outed himself in 2005.

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/18/nsa_banking_cybersnooping/

“Complexity is the worst enemy of security.” Bruce Schneier said that in relation to the challenge of securing increasingly complex IT environments, but the same can be said of information security solutions themselves. As security professionals, we love to be in control and to have every available knob and dial at our disposal. Yet the more complex a security system is, the less likely we are to take full advantage of available features, to apply policies consistently, and to avoid configuration mistakes.

Have you ever opted to delay or avoid deploying a security feature because it just required too much time to configure properly? HIPS is a technology that provides valuable protection against new strains of malware for workstations and servers. Some HIPS implementations require just the check of a box to toggle them on, while others require weeks or months of tuning and testing. The latter provide more fine-grained control and perhaps even better security… if you use them. Potential doesn’t stop attacks; deployed solutions do.

Complexity can also rear its ugly head when trying to consistently apply security policies across systems. Data loss prevention (DLP) is all the rage these days, but applying rules uniformly across workstations, servers, mobile devices, email systems, and network gateways can be a nightmare. Multiple systems, each with their own management consoles, policy definitions, and terminology conspire against consistent results. Integrated single vendor solutions, long the targets of security professionals’ disdain, may be worth reconsidering if they can ensure consistency and require less of your team’s attention.

Simplicity also helps to avoid configuration mistakes. Firewalls and IDS systems are classic examples where rule sets and configuration options quickly become so elaborate that errors are virtually inevitable. This argues for both simplifying the rules where possible — fewer IDS rules that can be more carefully tuned and monitored may be more effective than a more comprehensive set — and for seeking out network security solutions with simple, uncluttered interfaces that make it easy to keep track of everything you need to manage.

Easy management, push-button configuration, and product integration have not historically been the “holy trinity” of security. Demands for greater control and vendor diversity have pushed simplicity to the background. But with growing complexity contributing to mistakes, inconsistencies, and protection capabilities sitting on a shelf, it may be time to rethink the approach. Perhaps it’s time to keep information security simple.

Article source: http://www.darkreading.com/sophoslabs-insights/the-new-kiss-rule-keep-information-secur/240161794

CHICAGO — (ISC)2 Congress 2013 — If security professionals want to take their craft in new directions, then they need to stop thinking in old ways, experts said in a panel here Tuesday.

In a panel, entitled “Cyber Security — Where the Industry Is Headed Next Year and Beyond,” seven industry leaders said security is sometimes stuck in a continuous loop because professionals continue to make the same mistakes and sometimes have trouble thinking in new ways.

Five examples of bad habits that security pros need to break, according to the panel:

1. Treating IT security as something that’s separate from the business
“We need to stop approaching security as something technical that users and executives can’t understand,” said Spencer Wilcox, security strategist at Excelon. “Sell your executives on your security program — gamify it, and make it interesting to your executives and your users.”

“Be aware of what’s happening at the business level,” said Tony Vargas, technical leader for engineering at Cisco Systems. “Don’t separate yourself from it.”

2. Saying “no”
“Too often, security as seen as an obstacle to the business, instead of an enabler,” Vargas said. “You need to get people involved, make them part of the solution, rather than seeing security as something that’s in the way.”

“We need to stop saying ‘no’ and start asking ‘why,'” said Erin Jacobs, founding partner at Urbane Security. “Most of the time, when users try to go around security, it’s because they’re just trying to get their work done. We need to help them with what they’re doing, rather than telling them what they can’t do.”

3. Preaching to the choir
“We go to these conferences, and it’s security people talking to other security people about how important security is,” observed Javvad Malik, a security analyst at 451 Research. “It’s become a sort of echo chamber. We need to get out and talk to the people who really need to understand the message.”

“Business has been following an institutionalized view of risk management for years, and that view doesn’t include IT security,” noted Forrest Foster, chief security architect at Cisco. “We need to get into the business schools and talk about IT security risk.”

Confusing security and compliance
“Too many security professionals are moving away from doing real security and are doing more in compliance,” said Malik. “We don’t need more auditors.”

“Some security pros have become glorified security assessors and auditors,” Jacobs said. “What’s ironic is that a lot of them are not necessarily qualified for that job.”

Failing to reach out to students and young professionals
“There is a dire shortage of infosec talent out there, and it’s hurting all of us,” said Dan Waddell, solution lead for the global public sector at Grant Thornton. “We need to build a pipeline of young people we can hire.”

“We need to get ourselves and our security message into schools,” said James McQuiggan, a member of the security team at Siemens Energy. “Anyone over the age of 35 today is a digital immigrant. Those who are younger, who grew up on the Internet, are the digital natives. We need to get our message of security to those people early.”

Have a comment on this story? Please click “Add a Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/risk/five-habits-it-security-professionals-ne/240161795

LAFAYETTE, IN. – SEPTEMBER 23, 2013 – Emerging Threats, a world-leading provider of commercial and open source threat intelligence, today announced that Sentinel Intrusion Prevention Systems (http://www.networkcloaking.com) owned by Econet.com, Inc., a leading provider of IT security solutions, has entered into an OEM agreement to provide its customers an exclusive version of its popular Sentinel Intrusion Prevention System featuring the Emerging Threats ETProtrade Ruleset. This unique version of the Sentinel IPStrade is an “out of the box” solution for organizations that chose to implement the ETPro Ruleset. Unlike other IDS/IPS solutions, this exclusive version of Sentinel IPS delivers complete protection without the traditional investment in time, personnel, and equipment.

The comprehensive ETPro Ruleset will run on the Sentinel IPS proprietary engine, enabling users to protect their networks from malicious external traffic. Combining the Sentinel IPS and the ETPro Ruleset, users can install and implement a fully managed highly effective IPS solution from start to finish in minutes.

Daily rule updates of the ETPro Ruleset will be seamlessly handled via remote managed services from Sentinel IPS support through a monthly subscription, giving users the most up to date malware protection. The units will be co-branded with the Sentinel IPS logo and “Powered by Emerging Threats” on the front bezel.

The Sentinel IPS appliance is easily implemented with a remote management system that seamlessly configures the unit and then monitors, updates, and upgrades the system. For a low fixed monthly fee Sentinel IPS will deliver a 24×7 fully managed solution that will monitor, update, upgrade and support the Sentinel IPS appliance. Highly scalable, the Sentinel IPS appliance is an ideal IPS solution for organizations of any size. The Sentinel IPS comes in three hardware options with the same level of managed service:

Premium – 1U rackmount unit with gigabit NICs

Advanced – bypass functionality, fail-open NICs and higher performance hardware

Ultra – 1U rackmount hardware with enterprise-level performance

“The Sentinel IPS was designed as a unique turnkey solution, making it a truly easy to implement and integrate a solution with high value for the price,” said David Lissberger, president and CEO of Econet.com, Inc. “Security of any kind comes with inconveniences, and IT security is no exception. Combining the Sentinel IPS with the ETPro Ruleset, we can deliver a fully managed and affordable state-of-the-art IPS systems allowing customers to leverage Emerging Threats’ expertise in threat intelligence with multiple options to meet their needs, including High Availability Formats that provide continuous IPS protection.”

The ETPro Ruleset is platform-agnostic, and integrates seamlessly into Intrusion Detection or Prevention Systems (IDS/IPS). Based on years of threat intelligence collection, the ETPro Ruleset offers unsurpassed malware protection. Unlike other vendors, the ETPro Ruleset is a complete standalone product featuring full CnC malware protection and is updated daily to ensure the latest protection from malware threats.

“We have a close relationship with Econet.com that started with Emerging Threats participating in a collaborative network security initiative based on Sentinel’s proprietary Collective Intelligence Network Securitytrade platform (CINS),” said Ken Gramley, CEO of Emerging Threats Pro, LLC. “The Sentinel IPS has evolved into an extremely attractive solution, offering of a comprehensive, easy-to-deploy managed IPS that breaks down the barriers of complicated IT security implementations. Our ETPro Ruleset was an ideal fit, since it is easily and seamlessly ingested into the Sentinel IPS engine, enabling Econet.com to bring to market cutting-edge technology in a turnkey, remotely managed solution. In addition, we are pleased that Econet.com has co-branded their sleek looking appliance with us to create strong brand recognition within the IT security community.”

About Emerging Threats

Emerging Threats is a world-leading provider of commercial and open source threat intelligence. Founded in 2003 as a cyber security research community, Emerging Threats has become the de facto standard in network-based malware threat detection. The company’s ETOpen Ruleset, ETProtrade Ruleset, and IQRisktrade suite of threat intelligence are platform agnostic for easy integration with Suricata, SNORT, and other network intrusion protection and detection systems. With ETPro Ruleset, organizations can achieve the highest standards of malicious threat detection with world-class support and research for extended vulnerability coverage. ETPro Ruleset is ideal for enterprises, government agencies, financial institutions, SMBs, higher education, and service providers. For more information, please visit http://www.emergingthreats.net.

Article source: http://www.darkreading.com/intrusion-prevention/econetcom-signs-oem-agreement-with-emerg/240161797