STE WILLIAMS

VERO BEACH, Fla. – Sept. 24, 2013 – SpectorSoft, the leading provider of insider threat detection solutions, today announced the availability of Spector 360 Recon. Built on the proven Spector 360 employee digital activity monitoring platform, this first-of-its-kind solution is an insider-threat detection and early-warning system that alerts organizations when policy violations, fraud, data theft, and illegal and inappropriate activities are taking place. Spector 360 Recon performs continuous surveillance of employee digital activities, encrypts the recorded data and stores it in a “black box” on users’ local PCs and Macs. Organizations can appoint appropriate personnel to unlock and review this intelligence and make decisions on when to access it based on early-warning alerts. The ability to examine employee activity intelligence following an alert allows organizations to quickly mitigate insider-driven security and policy risks. The ability to restrict access to this intelligence allows them to avoid intruding on the privacy of employees who are not engaged in high-risk activities.

“Privacy-rights advocates clamor for the elimination of any employee monitoring in the workplace, but security and risk professionals know that without the ability to detect and analyze high-risk behaviors they will never be able to defend their organizations against the insider threat,” said Michael Osterman, Principal, Osterman Research. “Organizations that need to protect themselves against data breaches and fraud without intruding on employees’ privacy will have to adopt solutions that provide a balance between security and privacy.”

Spector 360 Recon allows customers to record, store and encrypt employees’ activity data on their local PCs and Macs, detects suspicious activities and then generates early-warning alerts. If it is determined that a threat exists, customers can quickly and easily decide who should have access to the data, unlock it, review it and then take action to neutralize threats. Spector 360 Recon also allows customers to delete all stored information after a predetermined time, further preserving the privacy of employees who have not given their organizations reason to believe they are a threat.

“Employees are a company’s greatest asset, and data is its biggest target. Organizations are striving to achieve maximum security, but want to respect privacy out of respect for their employees,” said Jason Judge, CEO, SpectorSoft. “SpectorSoft has helped its customers achieve security goals for more than a decade. We’re confident that Spector 360 Recon will continue to safeguard data while helping maintain a work environment where employees feel respected and trusted.”

Based on the proven Spector 360 platform, Spector 360 Recon offers enterprises a wide range of features and benefits that strengthen security while providing the maximum degree of privacy:

Early Warning: Alerts based on keywords that are detected in email and instant messaging (IM), files copied to USB, files uploaded via FTP, and applications in use serve as a powerful early-warning system for signs of corporate fraud and other insider threats, as well as for violations of company policies.

Local Storage: Recording and storing data on employees’ PCs and Macs eliminates bandwidth, performance and storage burdens on customers’ networks, while ensuring that the data is securely logged in a “black box” for 30 days, in the event it is needed.

Role-based Access: Customers can determine who within their organization will have the ability to unlock and review employee activity intelligence, and can enforce those decisions through permissions set within the solution.

Comprehensive Intelligence: Granular recording of all user activity, coupled with video-like screen captures, provides absolute proof of any and all security and compliance violations.

Policy Enforcement: The option to have automated notifications sent to employees violating security and compliance policies improves awareness and makes it easier for them to comply with corporate standards.

Spector 360 Recon is available now. For more information visit: www.spector360recon.com

About SpectorSoft

SpectorSoft is the leader in computer and mobile device User Activity Monitoring and analysis software. SpectorSoft has helped more than 36,000 businesses, government organizations, schools, and law enforcement agencies improve how they address security and achieve compliance across communication and computing OSs and devices. SpectorSoft solutions review security risk, audit compliance mandates, protect assets and reputation, ensure adherence to Acceptable Use Policies, and optimize productivity and efficiency. For more information, visit www.spectorsoft.com.

Article source: http://www.darkreading.com/end-user/spectorsoft-provides-comprehensive-insid/240161748

NEW YORK, Sept. 24, 2013 /PRNewswire-USNewswire/ — OWASP AppSec USA (www.appsecusa.org), the premier security conference for Builders, Breakers and Defenders, has announced additional confirmed speakers for AppSec USA 2013. AppSec USA is OWASP’s annual North American conference, attracting thousands of security professionals from around the world for two days of training and two days of panels, networking, a career fair, an expo and other special competitions and technical events. The conference will be held November 18-21, at the Marriott Marquis, in Times Square, New York City.

(Logo: http://photos.prnewswire.com/prnh/20130924/DC85794LOGO)

“We are excited to unveil this final roster of over 100 speakers,” said Sarah Baso, Executive Director, OWASP. “With the addition of speakers from the New York Times, Oracle, HP, Bloomberg and Symantec, along with participants from Adobe, Mozilla, Twitter, Slashdot, VentureBeat, Consumer Reports, MITRE, NIST, UBS, Mandiant, and Accenture, we look forward to an event that appeals to both senior-level practitioners and people just starting their career in application security.”

Confirmed

● Rajiv Pant
CTO
New York Times
Panel: CyberSecurity the Media: All the News That’s Fit to Protect?

● Daniel Miessler
Principal Security Architect
HP
Panel: Wireless the BYOD World: Securing a Complex Situation

● Jason Rouse Pravir Chandra
Security Architects
Bloomberg LP
Panel: Wireless the BYOD World: Securing a Complex Situation
Panel: Ready-Fire-Aim

● Dylan Tweney
Executive Editor
VentureBeat
Panel: CyberSecurity the Media: All the News That’s Fit to Protect?

● Dawn-Marie Hutchinson
Sr. Manager IT Security
Urban Outfitters, Inc.
Panel: Women in Application Security

● Gary Phillips
Senior Director, RD
Symantec
Panel: Women in Application Security

For the complete schedule, please visit: http://www.appsecusa.org.

Established in 2004, AppSec USA is the marquee North American conference from the OWASP Foundation Inc., a global, non-profit community focused on improving software security. Now in its ninth year, AppSec USA 2013 will include a Capture-The-Flag (CTF) competition, a Career Fair, 3K race benefiting ScriptEd, lockpick village and holiday food drive with YouGiveGoods, along with extensive hands-on training and an exhibition hall.

Sponsors and other supporters of AppSec USA 2013 include HP, Adobe, Aspect Security, Arxan, AsTech Consulting, eLearnSecurity, F5 Networks, Mozilla, NetSPI, Qualys, Parasoft, Quotium, Sonatype, WhiteHat, Slashdot, Trustwave, ISC(2), ADP, Twitter, among many more.

Attendees: Register before October 15th and save $200. For ore information, visit www.appsecusa.org.

About OWASP Foundation

The Open Web Application Security Project (OWASP) is dedicated to making application security visible by empowering individuals and organizations to make informed decisions about true software security risks. As a 501(c)(3) not-for-profit worldwide charitable organization, OWASP does not endorse or recommend commercial products or services. Instead, we allow our community to remain vendor-neutral with the collective wisdom of the best individual minds in software security worldwide.

For more information, visit: www.owasp.org. Follow us on Twitter at: @appsecusa

Article source: http://www.darkreading.com/applications/owasp-foundation-new-york-times-cto-seni/240161802

Egham, UK, 25 September, 2013 — The perceived level of maturity attached to organizations’ privacy activities has decreased since 2011, as many organizations deem their existing privacy activities to be inadequate, according to a survey by Gartner, Inc. The survey found that 43% of organizations have a comprehensive privacy management program in place, while 7% admitted to “doing the bare minimum” regarding privacy laws.

“More than a third of organizations still ‘consider privacy aspects in an ad hoc fashion’ and it is surprising that so many companies are saying that they are not conducting privacy impact assessments before major projects. Sixty-two percent do not scan websites and applications, or conduct an organization-wide privacy audit every year. Organizations must put these activities on their to-do list for 2014,” said Carsten Casper, research vice president at Gartner.

These results are based on 221 respondent organizations surveyed in April and May 2013 in the U.S., Canada, the U.K. and Germany that are responsible for privacy, IT risk management, information security, business continuity or regulatory compliance activities.

“Organizations continue to invest more in privacy due to ongoing public attention and a number of new or anticipated legal requirements,” said Mr. Casper. “They also show that previous investments have not always paid off and that organizations need to refocus their privacy efforts if they want to raise the maturity level of their privacy programs back to that of 2011.”

Mr. Casper added that many organizations are looking to boost their privacy activities through increased staffing and budgets to initiate comprehensive privacy programs to deal with cloud, mobile, big data and social computing challenges. Creating the right staffing model is crucial to the long-term success of privacy programs and central to that is the role of a privacy officer.

“Gartner’s consistent observation is that privacy programs are only successful if someone is driving them. Almost 90% of organizations now have at least one person responsible for privacy. However, having privacy programs that are owned by this individual is still not the norm,” said Mr. Casper. “Only 66% of survey respondents said they have a defined privacy officer role – although the number is as high as 85% in Germany and similar countries where this role is a legal requirement.”

Mr. Casper added that a privacy officer should have broad expertise and solid relationship management and communication skills, because they must monitor a variety of (sometimes conflicting) business and IT requirements and collaborate with different internal and external business functions. In larger organizations, privacy officers will not only require a budget and a team, their success is also dependent on support from senior management.

Fortunately, it seems that the need to address privacy concerns more decisively is already being reflected in the amount of investment by organizations. Thirty two percent of survey respondents said that their organizations have increased privacy-related staff from 2012 to 2013 — the most significant increase since Gartner started its privacy surveys in 2008.

Once the right team is in place, businesses must prioritize privacy programs as the number one objective. This will enable effective monitoring of privacy-related performance and allow suitable adjustments processes and technologies, particularly for data masking, encryption, data storage and document retention.

The handling of personal information for employees, customers and citizens tops the list of requirements respondents believe should be included in a privacy program. Some organizations — concerned about violating domestic privacy laws and the risk to their reputations — do not store personal data in locations where it can be seized by foreign authorities or is at great risk from cyber attacks. However, central global storage of personal data is becoming increasingly widespread. For the first time this year, more organizations stored their customer data in a central global place rather than in a regional or local data center, which was the dominant model previously.

The survey found that 38% of organizations transform personal data before transmitting it abroad (with masking, encryption or similar), thus keeping sensitive data local, while allowing some functionality abroad. This is the preferred option compared to domestic storage (29 percent), remote storage with only local access (27 percent) and with a focus on legal protection (22 percent).

“When storing and accessing personal data, organizations face a number of options. They can store data locally or in a low-cost country, allow access to domestic or remote staff, use a provider for application management or for infrastructure management, or implement legal and technical controls, such as data masking, tokenization and encryption,” said Mr. Casper. “There is no right or wrong answer. Organizations have to decide which type of risk they want to mitigate, how much money they want to spend and how much residual risk they are willing to accept.”

Privacy trends and strategies will be discussed in more detail at Gartner Symposium/ITxpo 2013.

About Gartner Symposium/ITxpo

Gartner Symposium/ITxpo is the world’s most important gathering of CIOs and senior IT executives. This event delivers independent and objective content with the authority and weight of the world’s leading IT research and advisory organization, and provides access to the latest solutions from key technology providers. Gartner’s annual Symposium/ITxpo events are key components of attendees’ annual planning efforts. IT executives rely on Gartner Symposium/ITxpo to gain insight into how their organizations can use IT to address business challenges and improve operational efficiency.

Additional information for Gartner Symposium/ITxpo 2013 in Orlando, October 6-10, is available at www.gartner.com/us/symposium. Members of the media can register for the event by contacting Christy Pettey at [email protected].

Additional information from the event will be shared on Twitter at http://twitter.com/Gartner_inc and using #GartnerSym.

Upcoming dates and locations for Gartner Symposium/ITxpo 2013 include:

October 6-10, Orlando, Florida: www.gartner.com/us/symposium

October 15-17, Tokyo, Japan: www.gartner.com/jp/symposium

October 21-24, Goa, India: www.gartner.com/in/symposium

October 28-31, Gold Coast, Australia: www.gartner.com/au/symposium

November 4-7, Sao Paulo, Brazil: www.gartner.com/br/symposium

November 10-14, Barcelona, Spain: www.gartner.com/eu/symposium

About Gartner

Gartner, Inc. (NYSE: IT) is the world’s leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for its clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, Gartner is a valuable partner in more than 13,000 distinct organizations. Through the resources of Gartner Research, Gartner Executive Programs, Gartner Consulting and Gartner Events, Gartner works with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, USA, and has 5,500 associates, including 1,402 research analysts and consultants, and clients in 85 countries. For more information, visit www.gartner.com.

Article source: http://www.darkreading.com/privacy/gartner-survey-says-many-organizations-f/240161803

CSA EMEA 2013 – Edinburgh, Scotland – September 24, 2013 – The Cloud Security Alliance (CSA) Big Data Working Group today announced the release of Big Data Analytics for Security Intelligence. The new research report details how the landscape of security analytics is changing with the introduction and widespread use of new tools and opportunities for leveraging large quantities of structured and unstructured data. The initial report also outlines some of the fundamental differences from traditional analytics and highlights possible research directions in Big Data security.

“The goal of Big Data analytics for security is to obtain actionable intelligence in real time,” said Alvaro Cardenas, industry expert and lead author of the report “Although Big Data analytics holds significant promise, there are a number of challenges that must be overcome to realize its true potential. We have only just begun, but are anxious to move forward in helping the industry understand its potential with new research directions in Big Data security.”

In addition to looking at the differences between traditional analytics and Big Data analytics, the report also discusses the impact of Big Data analytics on security, includes examples of Big Data usage in security contexts (network security, advanced persistent threats, enterprise event analytics and netflow monitoring to identify botnets), outlines a platform for experimentation on anti-virus telemetry data, and proposes a series of open questions about the role of Big Data in security analytics. To access a full copy of the report visit: https://cloudsecurityalliance.org/download/big-data-analytics-for-security-intelligence/.

In conjunction with the release of Big Data Analytics for Security Intelligence, the CSA will also hold a dedicated session to discuss the research report at CSA Congress EMEA being held this week in Edinburgh, Scotland. Wilco van Ginkel, co-chair of the CSA Big Data Working Group and head of Enterprise Strategy at Verizon Enterprise Solutions will lead the “Big Data Working Group” session, which will focus on the report findings, along with a number of other relevant topics including the diversity of challenges facing enterprises surrounding Big Data analytics, a review of the Top 10 Big Data and Security and Privacy Challenges, and an investigation into the best practices to overcome the toughest Big Data challenges.

The CSA Big Data Working Group, chaired by Sreeranga Rajan, Director, Software Systems at Fujitsu

Laboratories of America and co-chaired by Neel Sundaresan, Senior Director and Head of eBay Research Labs at eBay and van Ginkel is focused on taking industry ownership in addressing the world’s immediate urgency for collaborative research and solutions on Big Data topics. The group is specifically working to address the security and privacy issues magnified today by the velocity, volume, and variety of Big Data, such as large-scale cloud infrastructures, diversity of data sources and formats, streaming nature of data acquisition and high volume inter-cloud migration. The group consists of more than 30 CSA member companies in collaboration to provide industry guidance and best practices for Big Data security. Companies and individuals interested in learning more or joining the group can visit:

https://cloudsecurityalliance.org/research/big-data/.

Tweet This: @cloudsa releases #BigData Analytics for Security Intelligence; how new tools are changing the #security landscape. http://bit.ly/11KEUaB

About Cloud Security Alliance

The Cloud Security Alliance is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing. The Cloud Security Alliance is led by a broad coalition of industry practitioners, corporations, associations and other key stakeholders. For further information, visit us at cloudsecurityalliance.org, and follow us on Twitter @cloudsa.

Article source: http://www.darkreading.com/mobile/csa-releases-new-big-data-report/240161766

I make yogurt, the made-up yogurt maker said, and I run a nice little yogurt shop in Brooklyn.

So what happens? Lousy Yelp reviews!

My reputation – no, the reputation of an entire yogurt-making dynasty! – is at stake.

Please, reputation management company, can you help?

Oh, yes, representatives from some leading New York Search Engine Optimization (SEO) companies told the undercover agent from the office of New York Attorney General Eric T. Schneiderman, we sure can!

Did the helpful SEO companies come up with suggestions for better yogurt recipes? Non-stale toppings? No.

Instead, they offered to astroturf consumer review websites like Yelp.com, Google Local, and Citysearch.com, sprinkling bogusly ecstatic, yogurt-themed reviews, if the dragnet hadn’t in fact snapped shut just about then.

A.G. Schneiderman announced on Monday that the yogurt ploy snagged 19 companies that have agreed to stop manufacturing puff reviews for businesses and to pay more than $350,000 in penalties.

The year-long undercover operation – codenamed “Operation Clean Turf” – into astroturfing found that companies have “flooded” the internet with fake consumer reviews.

The A.G.’s office found that astroturfing has grown sophisticated: many of the companies use techniques to hide their identities, such as cooking up phony online profiles on review sites and paying freelance writers from as far away as the Philippines, Bangladesh and Eastern Europe $1 to $10 per review.

By producing fake reviews, these companies violated multiple state laws against false advertising and engaged in illegal and deceptive business practices, the office says.

But just who, exactly, cares about the victimless crime of lying about how great somebody’s frogurt shop is?

It may be suffering with a lowercase “S”, but victims of less-than-honest consumer reviews get bamboozled, and that’s not right.

The said bamboozled consumers do things like get sucked into patronizing, say, a company such as US Coachways, one of the companies snared in Operation Clean Turf.

Theirs is a classic case of astroturfing.

The bus service, based in the New York borough of Staten Island, is not highly rated on Yelp, to put it mildly.

So instead of actually, like, improving service, management decided instead to astroturf.

Not only did they solicit freelancers from oDesk.com and Fiverr.com to write fictional reviews, they also urged employees to pose as customers to pump up their one-star status.

According to the A.G., they even offered $50 gift certificates to customers in exchange for positive reviews, without the customers disclosing the gift in their reviews.

Beyond paying for reviews, the investigation found that SEO companies are now using advanced IP spoofing – in other words, using a forged source IP address, they conceal the identity of the sender or impersonate another computing system.

Consumer-review sites, are hip to such tricks, with Yelp being the most aggressive in combating the ruse, the A.G. said.

But whatever Yelp et al. do to filter out astroturfers, astroturfers rise to the challenge.

One SEO company required that its freelancers have an established Yelp account, more than 3 months old, with more than 15 reviews (at least half unfiltered), and 10 Yelp “friends,” in order to skirt Yelp’s advanced review filter, Schneiderman’s statement says.

Here’s one example of an SEO company’s ad for freelancers that his office uncovered:

We need a person that can post multiple positive reviews on major REVIEW sites. Example: Google Maps, Yelp, CitySearch. Must be from different IP addresses… So you must be able to have multiple IPs. The reviews will be only few sentences long. Need to have some understanding on how Yelp filters works. Previous experience is a plus…just apply –)we are a marketing company.

And here’s another one, from a nightclub in New York City that was looking for people to post the reviews “without getting flagged”:

Need Review Posters for Yelp, Citysearch, Google

Hello…We need someone to post 1-2 reviews daily on sites like: Yelp, Google reviews, Citysearch and any other similar sites. We will supply the text/review. You must be able to post these without getting flagged. This will be a long term assignment that will last at least 3 months. You are bidding per week. We are offering $1.00 dollar for every post. Thank you

Why go to all this botheration and fraud?

Because it’s worth it. Reviews matter, big time.

The A.G.’s office referred to a 2011 Harvard Business School study that estimated that a one-star rating increase on Yelp translated to an increase of 5% to 9% in revenues for a restaurant.

The law also referred to Cornell research that found that a one-star swing in a hotel’s online ratings at sites like Travelocity and TripAdvisor is tied, on average, to an 11% sway in room rates.

The A.G.’s office also put a number on the proliferation of puff, pointing to a Gartner projection that holds that by 2014, between 10% and 15% of social media reviews will be utter smoke and mirrors.

Check out the A.G.’s statement for the list of businesses that got caught in this dragnet.

If you have been, are now, or will ever be a patron of shops that purvey wigs, dental care, laser hair removal, medical massage, plastic surgery, teeth whitening, or, well, pretty much anything that’s reviewable, one assumes, you might want to sniff around rave reviews a bit more skeptically before shelling out your hard-earning money, thinking you’re in for a treat.

But if you want to rave about this or other Naked Security articles in the comments section below, please, be my guest!

I, for one, welcome the enthusiastic ravings of all readers, be they figments of my imagination or legitimate, IP-unique humans.

Follow @LisaVaas

Follow @NakedSecurity

Images of yoghurt and fake sign courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/ftkmqaEeI_g/

Yahoo announced in June 2013 that it was going to recycle inactive email addresses by giving them to other users who wanted them.

Addresses and Yahoo IDs that had been inactive for at least a year would be reset, in the hope of allowing someone with an awkward address, such as johnsmith4737, the opportunity to grab something far more desirable, like plain johnsmith.

About a month ago the company began to inform successful users of their new email addresses, and set up a $1.99 watchlist for those who wanted to monitor up to five IDs and receive notification if they became available.

Security experts and other critics raised concerns about Yahoo’s plan at the time.

Yahoo, however, was keen to downplay security concerns, saying:

To ensure that these accounts are recycled safely and securely, we’re doing several things. We will have a 30-day period between deactivation and before we recycle these IDs for new users. During this time, we’ll send bounce-back emails alerting senders that the deactivated account no longer exists. We will also unsubscribe these accounts from commercial emails such as newsletters and email alerts, among others. Upon deactivation, we will send notification for these potentially recycled accounts to merchants, e-commerce sites, financial institutions, social networks, email providers and other online properties.

Unfortunately, however, some new owners of recycled accounts have nevertheless received messages of a sensitive nature.

InformationWeek, for example, has reported the cases of three users who received messages intended for the previous owners of their accounts.

At the outset, they received spam, but soon afterwards started to receive messages that contained PII – that’s “Personally Identifiable Information”, grist to the mill of identity thieves.

Tom Jenkins, an IT security professional, said he had received emails that contained account details and much more:

I can gain access to their Pandora account, but I won’t. I can gain access to their Facebook account, but I won’t. I know their name, address and phone number. I know where their child goes to school, I know the last four digits of their social security number. I know they had an eye doctor’s appointment last week and I was just invited to their friend’s wedding.

Other users of recycled accounts were sent emails about recent purchases, court information, and even funeral information.

Dylan Casey, senior director of Consumer Platforms at Yahoo, played down the extent of the problem, saying that:

We take the security and privacy of our users very seriously. We have heard from a very small number of users who have received emails through other third parties which were intended for the previous account holder.

Casey also added that Yahoo is continuing to encourage companies to implement its Require-Recipient-Valid-Since (RRVS) email header system in order to minimise such occurrences in the future.

Yahoo’s hope is that more companies will add the RRVS header to password reset and other sensitive emails so that Yahoo can check the age of the email account before delivering the message to the account holder.

If the account ages don’t match the email would be bounced back to the sender who would then be expected to make contact via other channels.

For now, I recommend logging into your Yahoo account every six months or so in order to ensure that you retain control over it.

This could be especially important if you signed up to sit on your own or company name, or if you use the account as a backup for password resets.

Follow @Security_FAQs

Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/d8nkd0OwQ6A/

Supercharge your infrastructure

Telstra is preparing to get proactive with malware, announcing that it will be implementing a DNS-based blocker to prevent customer systems from contact known command-and-control servers.

The “malware suppression” tool will will be introduced at no cost for fixed, mobile and NBN customers using domestic broadband and Telstra Business Broadband services.

The service is using a command-and-control address list sourced from an unnamed Californian partner, and the carrier maintains that it won’t be recording users’ browsing history.

However, there seems to be a little confusion between different arms of the carrier as to how the malware suppression service works. Here’s how the promotional blog post discusses the technology:

“Because the malware suppression technology only observes DNS queries and not internet traffic, no internet search history, browsing data or any other customer data is recorded, retained or sent to a third party.”

(Vulture South notes that the last time we looked, DNS queries travelled over the Internet. We therefore conclude that Telstra is trying to reassure customers that the content of their browsing is not examined.)

In its support QA, the carrier states:

“We do not retain a record of legitimate DNS queries made by your computer and those legitimate queries will be unaffected by the new malware suppression” (emphasis added).

As the same page notes, if the carrier has reason to query (sorry) a DNS query, it will fire off a query to California:

“At times, the DNS server may notice a pattern of queries from a number of different users which looks suspicious (for example, why would a real user try to go to a domain like qwe54fggty.dyndns.biz?). In this case, information about the suspicious target domain might be sent to our partner in California to examine whether the domain is a botnet or command control server.”

However, it states, in requesting that a domain be examined by its blacklist supplier, it will not pass on any information to identify the user or users trying to contact that domain.

In response to The Register’s questions, a Telstra spokesperson provided this statement:

“We are introducing malware suppression technology to the Telstra BigPond Network to help improve safety and security of the internet for our customers. We have developed the upgrade to our network with a technology partner, a firm based in the United States. The malware suppression technology does not look at any content our customers are sending or receiving, rather it prevents our customer’s computers from being controlled by Command and Control servers. The malware suppression service being deployed on the Telstra BigPond Network works on DNS queries only going to verified Command and Control servers.”

Which is likely to be all very well and good, until some poor sap finds their IP address lives on a server also occupied by a CC server. Such a scenario is not beyond the realms of possibility: in may 2013 Australia’s de facto internet filter blocked access to hundreds of sites when the intention was to block just one. Telstra must be hoping its un-named source of CC systems doesn’t make the same mistake. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/18/telstra_to_dnsblock_botnet_ccs/

Supercharge your infrastructure

Linux supremo Linus Torvalds has jokingly admitted US spooks approached him to put a backdoor in his open-source operating system.

During a question-and-answer ‪session ‬at ‪the LinuxCon gathering in New Orleans this week‪, Torvalds ‬and his fellow kernel programmers ‪w‬ere‪ asked by moderator Ric Wheeler whether America’s g-men leaned on the Finn to compromise Linux’s security, allowing spies to infiltrate computers.

Torvalds replied with a firm “no” while nodding his head to say yes, a response greeted with laughter fr‪o‬m the audience. He quickly followed up by repeating “no” while shaking his head in the negative.

South Korean Red Hat developer Tejun Heo, sitting alongside the kernel boss, quipped: “Not that I can talk about.” A video of the QA session is below – the short exchange about US spooks starts at the 24-minute mark.

Rumours of backdoors and other forms of hidden access routes in Microsoft Windows, Linux and security protection products have circulated in infosec circles for years. Fresh revelations from NSA whistleblower Edward Snowden that US and UK intelligence have subverted key technologies have reopened the debate.

These blockbuster claims from Snowden suggest that the NSA can crack TLS/SSL-encrypted connections, the widespread crypto securing HTTPS websites and virtual private networks (VPNs). Spooks can compromise these supposedly secure communications by gaining access to the root certificates and encryption keys, exploiting backdoors in equipment and algorithms, or otherwise allowing the signals boys and girls to run man-in-the-middle attacks on encrypted traffic flowing through the world’s fibre optic cables.

The NSA’s highly classified Bullrun programme relies, at least in part, on collaboration with unnamed technology companies.

Firsthand evidence from a former engineer at Microsoft sheds light on how the feds theoretically go about asking for special favours: Peter Biddle, an ex-Microsoft programmer who worked extensively on BitLocker – the company’s full-disk encryption tool – claimed he was informally approached by g-men to add a backdoor to the product.

But he said he rebuffed the government agencies. The pressure on Biddle came primarily from FBI agents who said they needed a skeleton key, of sorts, to easily break the crypto on suspects’ computers in child-abuse investigations, allowing the locked-up data to be examined.

Meanwhile, Nico Sell, founder of the pro-privacy self-destructing-messages app Wickr, said she had been informally approached by an FBI agent about placing a law-enforcement backdoor in her software.

It seems that developers are informally sounded out about the possibility of placing secret access to spooks in their technology before the discussion goes any further on the technical details and requirements. Once a programmer snubs the feds, the g-men back off, it’s believed.

In light of these revelations, worried netizens have become far more paranoid about the possibility of backdoors in the technology they use and this paranoia extends to both closed-source and open-source software.

Earlier this month Torvalds rejected a petition calling for his kernel to turf out an Intel processor instruction called RdRand, which is used in the generation of cryptographically secure random numbers. It was feared Chipzilla had deliberately weakened that operation under the influence of US spooks to produce cryptographically weak values, ones that can be predicted by intelligence agents to smash encryption.

The fiery Finn dismissed the petition as technically clueless.

El Reg reckons his response to a question about backdoors at LinuxCon was intended as a joke – but just because you’re not paranoid that doesn’t mean they aren’t out to get you, after all. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/19/linux_backdoor_intrigue/

Supercharge your infrastructure

A “low risk” Mac Trojan seemingly linked to the Syrian Electronic Army has surfaced on the web.

The Mac-specific Trojan comes disguised as a picture of a kissing couple. If opened, it creates a back door on compromised Apple computers.

“This appears to be a targeted attack, though the method of delivery is not yet known,” a blog post by Lysa Myers of Mac security specialists Intego explains. “So, while this has been affecting users in the wild, the overall threat level appears to be low.”

The Trojan is an application disguised as a picture file – the .app file-extension is not visible by default. Possible delivery mechanisms include as an attachment to emails or from a compromised website frequented by targets.

If installed, the Trojan opens a back door that phones home to a command-and-control server. This server is currently down.

However, during testing, Intego was able to connect to the CC server, which collected system information before downloading an image file depicting the eagle-themed coat of arms of the Syrian Electronic Army, a notorious bunch of hacktivists loyal to the Bashar Assad’s regime.

The SEA is best known for hijacking the Twitter feeds of Western media organisations using phishing to push propaganda messages but it has also engaged in website defacement and DNS redirection-style attacks, such as a recent assault against the New York Times website.

Malware attacks, including spyware flung at the computers of human right activists, have long been a feature of the wider Syrian civil war but have not been a tactic favoured by the SEA, at least up till now.

The SEA has yet to comment on the attack one way or another. It would be naive to assume the malware is the work of the hacktivists simply because it includes a logo referring to the SEA and for this and other reasons the authorship of the malware remains unclear. ®

Bootnote

Asked directly whether the SEA had anything to do with creating the trojan the group denied any involvement. A representative of the prolific hackers told El Reg:

“No, it’s not associated with us.”

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/19/mac_trojan/

Supercharge your infrastructure

Hackers have taken to crowdfunding in a bid to raise a bounty to hack the iPhone 5S fingerprint scanner.

The IsTouchIDHackedYet.com site has so far received cash offers exceeding $3,250 – and 7.13 Bitcoins, which is a shade over $900 at current exchange rates – from more than 30 people prepared to chip in to offer a “reward to the first person who can reliably and repeatedly break into an iPhone 5S by lifting prints (like from a beer mug)”.

The kitty also includes offers to supply bottles of wine, whisky and – in one case – an “under the door tool” (we’re not sure what that is either).

It’s the sort of thing that might be dreamt up at a boozy post-hacker-con pool party at DefCon in Vegas, except in this case the wheeze is being lubricated through Twitter instead of tequila. The beer mug reference is a bit of a giveaway in explaining the sensibility of the contest.

Linked terms and conditions from the IsTouchIDHackedYet.com site refer to Twitter updates outlining what might be required to win the prize, if not how to go about collecting it.

“All I ask is a video of the process from print, lift, reproduction and successful unlock with reproduced print. I’ll put money on this,” explains Nick DePetrillo, one of the Twitter users behind the istouchidhackedyet.com site – which was set up by Robert David Graham, who describes himself as a “cyber-insecurity expert”.

“Satisfactory video evidence of the print enrollment, lift, reproduction and successful application of the print without locking out will do,” he adds.

Apple’s decision to bundle a fingerprint scanner with the iPhone 5S, due out on Friday, has excited a great deal of security commentary. Fingerprint authentication has been bundled with laptops and handheld computers for years, of course, but the inclusion of the “Touch ID” fingerprint authentication in the iPhone 5S propels it into the mainstream – or perhaps more to the point, into the pockets of corporate big wigs (CEs, directors etc).

That means the technology is directly relevant to corporate CISOs and, by extension, intriguing to hacker types, which helps explain the appearance of a “Capture the Flag”-style Jesus phone hacking competition.

There is no word as yet on whether using classic techniques – such as Gummi bears – to defeat fingerprint scanners will earn bonus points in this particular competition. ®

5 ways to prepare your advertising infrastructure for disaster

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/19/iphone5s_fingerprint_crack_bounty/