STE WILLIAMS

Europe needs new cross-national data protection laws in order to restore trust in the data-driven economy.

That’s according to Viviane Reding, vice president of the European Commission and EU commissioner for justice.

Speaking to delegates at the European Data Protection Conference in Brussels, she said:

Trust in the data-driven economy, already in need of a boost, has been damaged. This is a source of concern because of the potential impact on growth. Collected, analysed and moved, personal data has acquired enormous economic significance. According to the Boston Consulting Group, the value of EU citizens’ data was €315 billion in 2011. It has the potential to grow to nearly €1 trillion annually in 2020.

Trust has been lost

Reding said that restoring trust and growth were both imperative and that they could be delivered at the same time through the European Union’s data protection reform. This, she said, “will restore the trust of EU citizens by putting them back in control of their data” and, secondly, will, “boost growth through opening the European Union’s market in data.”

“Trust has been lost in all these spying revelations. They are particularly damaging for the digital economy because they involve companies whose services we all use on a daily basis,” she said.

Reding acknowledged that PRISM, the US data gathering surveillance program, had a large impact on the erosion of trust but noted that:

Trust in the data driven economy began to fall long before the first NSA slides were published. The data protection reform proposed by the Commission in January 2012 provides a response to both these issues: to Europeans’ concerns about PRISM as well as the underlying lack of trust.

Using cloud computing as an example Reding said, “trust is bankable,” as she detailed how American spying revelations had left 56% of the respondents to a Cloud Security Alliance survey declaring hesitance to work with any US-based cloud service providers.

“The Information Technology and Innovation Foundation estimates that the surveillance revelations will cost the US cloud computing industry $22 to $35 billion in lost revenues over the next three years,” she said, whilst making the point that EU cloud providers, operating under a higher standard of data protection, would be able to deliver a much more compelling selling advantage.

Safeguarding data protection

Reding said that such figures highlight the need for change in European governments’ approach to data protection and she drew attention to safeguards that the Union can employ:

First, territorial scope. The Regulation makes clear that non-European companies, when offering goods and services to European consumers, will have to apply the EU data protection law in full. European rules should apply from the moment of collection to the moment of deletion of the data.

Second, international transfers. The Regulation establishes the conditions under which data can be transferred from a server in the EU to a server in the U.S. It is the transfer of data outside the EU which brings it within the reach of the NSA.

Third, enforcement. The new rules provide for tough sanctions (up to 2% of a company’s annual global turnover) to make sure that companies comply with EU law. At the moment, when confronted by a conflict between EU and foreign law, foreign companies have no reason to hesitate. In future, they will think twice.

Fourth, processors. The Regulation includes clear rules on the obligations and liabilities of cloud providers who are processors of data. As PRISM has shown, they present an avenue for those who want to access data.

Reding also made the point that current data protection regulations are overly bureaucratic in nature and need simplifying into one set of rules that would be consistently applied across the region.

She noted how a company that trades in all 28 Member States may have to navigate and comply with 28 different laws, some of which are both long and complex. In Germany, for example, their own interpretation of EU data protection law is some 60 pages in length.

[If you] take those 60 pages and multiply by 28 Member States. Then you’ll get an idea of what the term ‘regulatory complexity’ means in practice. A mountain of red-tape which has an enormous cost.

Proposals to reform data protection rules within the European Union have been debated for the last two years. Now, perhaps, an accord will be struck between Members as they look to protect citizens from unwanted surveillance.

Follow @Security_FAQs
Follow @NakedSecurity

Image of padlock courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/DEn4XRxjRLg/

Free ESG report : Seamless data management with Avere FXT

Network-polishing tech firm Riverbed is still honking away at its great Glacier front end story, with three new Whitewater cloud storage backup appliances and an operating system upgrade to WWOS v3.0.

Cloud Storage gateways are local converged server and storage appliances that provide a dedicated on-ramp to the cloud. This ramp stores and prepares data for delivery to their cloud storage destination. With the new Whitewater boxes software users get more local storage, faster data ingest and additional replication choices.

Whitewater appliances store recent data in local disk cache for fast access and shunt other data off to the cloud, deduplicating it before transmission, with Amazon’s Glacier archive featuring as a prominent destination. Many other clouds are supported as well, though:

Whitewater’s supported clouds and applications

The existing 510 and 710 products stay on Riverbed’s list and the three new Whitewater boxes are these:

• 730 – 8TB of usable cache, targeted at larger small and medium businesses
• 2030 – 16-48TB of usable cache, aimed at enterprises with medium data sets
• 3030 – with 32-96TB of usable cache this has three times the data caching capacity of the previous range-topping 3010. For enterprises with large data sets it can support backup and archive datasets of up to 14.4 petabytes in the cloud

Ten gig Ethernet support has been added so you can access the boxes faster, specifically meaning faster ingesting of data. This also means Amazon Direct Connect can be used to move datasets up to Glacier faster.

Users can pin specific backup datasets in their Whitewater appliance to guarantee recovery at local disk speed rather than slower cloud recovery speed, which, in Glacier’s case, can take hours.

Avoid squinting by clicking image to get bigger version.

A previous product range table can be found here.

The new software provides “pairwise replication that enable enterprises to replicate to an additional Whitewater appliance at a secondary location.” This means recovery from a failed Whitewater is much faster than recovering all of its data from the cloud.

WWOS 3.0 is available now, as a free upgrade to supported users. The three appliances are also available now. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/20/whitewater_rapids_speed_data_flow/

Free ESG report : Seamless data management with Avere FXT

UK police have arrested eight men after a gang fitted remote-control hardware to a Barclays bank branch computer and stole £1.3m.

Money was slurped from accounts after crooks hooked up a KVM (keyboard, video and mouse) switch and 3G dongle to a terminal in the branch, officers said.

The suspects, aged between 24 and 47, were nabbed by cops from the Metropolitan Police’s Central e-Crime Unit in a series of raids on Thursday and Friday. The Met said they had been arrested “in connection with an allegation of conspiracy to steal from Barclays Bank, and conspiracy to defraud UK banks”.

Police said that “cash, jewellery, drugs, thousands of credit cards and personal data” are were recovered in a series of raids across London and Essex.

“The arrests are the result of a long-term intelligence-led operation by the Metropolitan Police’s PeCU, in partnership with Barclays Bank, who have been investigating the theft of £1.3 million from the Swiss Cottage branch of Barclays in April 2013,” a Met Police statement explains.

Barclays reported the missing money to Scotland Yard, and a subsequent search revealed a 3G mobile internet dongle attached to a KVM switch that was connected to one of the branch computers. KVM switches, which can cost as little as £10, are used legitimately for remote working; the keyboard, video and mouse signals can be routed over the internet to another keyboard, monitor and mouse.

In this case, it seems the device was allegedly used to remotely control the compromised computer in a Barclays branch in London’s Swiss Cottage district. Bank accounts were looted shortly after an individual posing as an IT worker installed the device on 4 April, cops said.

“A male purporting to be an IT engineer had gained access to the branch, falsely stating he was there to fix computers,” the Met police statement explains. “He had then deployed the KVM device. This enabled the criminal group to remotely transfer monies to predetermined bank accounts under the control of the criminal group.”

Barclays have since been able to recover a “significant amount” of the stolen funds.

Detective Inspector Mark Raymond of the Met’s PCeU said: “These arrests were achieved working in partnership with the Virtual Task Force (VTF), an unique information sharing cyber collaboration between the PCeU and the UK Banking sector.

The detective added: “Those responsible for this offence are significant players within a sophisticated and determined organised criminal network, who used considerable technical abilities and traditional criminal know-how to infiltrate and exploit secure banking systems.”

David Emm, senior security researcher at Kaspersky Lab, commented: “KVM devices have been around for some time now. They allow the use of multiple devices through one keyboard or mouse. The successful fitting of such a device, combined with specific software, would give the hackers remote access to that particular computer and any network or information it had access to.”

Planting hardware hacking devices to enable cyber-crime is becoming something of a trend. The latest arrests come after four men appeared in court earlier this month charged with conspiracy to steal after a KVM was placed on a Santander branch in Surrey Quays, southeast London. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/20/barclays_cyber_cops_make_arrests/

Happy day, USA: When we click “Like” on Facebook, we are now constitutionally protected from getting fired!

If you’re thinking, “Well, duh, wasn’t I already?”, join the club.

In fact, at least one court had hitherto decreed that the First Amendment to the US Constitution, which (more or less) ensures the right to free speech, didn’t apply to Facebook Likes.

The case came to court after a sheriff from the state of Virginia fired six employees for supporting his opponent in an election.

Mashable’s Lorenzo Franceschi-Bicchierai reports that B.J. Roberts, the sheriff of Hampton, Virginia, had fired the employees who supported Jim Adams, his opponent in the sheriff’s election.

One of the fired employees, Former Deputy Sheriff Daniel Ray Carter, had Liked Adams’s Facebook page.

The fired employees, Facebook and the American Civil Liberties Union (ACLU) joined forces to fight the dismissals.

Together, they argued that a Facebook Like must be considered free speech, which would in turn mean that employers couldn’t legally fire employees for expressing their opinions on the network.

In the first federal ruling on the case, a federal district judge had said that a Like was “insufficient speech to merit constitutional protection”, as Mashable reports.

The judge ruled that a Facebook Like didn’t involve an “actual statement”, unlike Facebook posts, which have hitherto been granted constitutional protection.

On Wednesday, that decision got its own thumbs-down in a federal appeals court.

Judge William Traxler, who authored the decision, said that clicking Like is much the same as putting up a political sign supporting a candidate in your front yard:

“Liking a political candidate’s campaign page communicates the user’s approval of the candidate and supports the campaign by associating the user with it. … It is the Internet equivalent of displaying a political sign in one’s front yard, which the Supreme Court has held is substantive speech.”

Both the ACLU and Facebook’s legal counsel are applauding the decision.

The decision reinstates the claims of Carter, along with two other fired employees, but they haven’t yet actually won the case. If they do, they might get their jobs back, Franceschi-Bicchierai reports.

As commenters on the Mashable story have noted, Facebook Likes can be convoluted creatures. In order to continue to see posts appear in our news streams, we need to click Like, whether that aligns us with candidates we detest or news we abhor.

But regardless of why we click Like, it shouldn’t come back to haunt us. Facebook is now very much an outlet for speech that deserves protection, whether it’s to support a candidate or to follow news about, for example, cancer research.

We follow things. We Like things. We shouldn’t be punished for it.

That doesn’t mean you shouldn’t clean up your slimy Facebook trail if you post about your drunken binges or how much you hate your boss.

As far as I know, the First Amendment doesn’t cover dumb.

Good luck with the case, Mr. Carter, et al. I hope you get your jobs back.

Follow @LisaVaas

Follow @NakedSecurity

Image of suited bloke telling you to get your coat courtesy of Shutterstock.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/dbX0mcCulgM/

Serial iOS bug finder videosdebarraquito has struck again.

He found a bug in the iOS 6.1.3 lockscreen, almost as soon as that update was published (an irony, given that the main purpose of 6.1.3 was to fix various lockscreen flaws).

Now he’s made a video of himself bypassing the lock on just-released iOS 7.

(I’ve given you more than enough to find the video if you want. But I haven’t provided a direct link here. Call me an old-school wowser. I can take it.)

Lock screens have a chequered security history, with Android having its recent share of problems, too.

The main reason is complexity, one of security’s mortal enemies.

You can understand why some exceptions to a phone lock might be desirable, or even required by the regulators: the ability to call the emergency number, no matter what, for example.

Similarly, a clock is handy when the phone is locked, as well as an indication of whether there’s network service available should you want to make a call.

So some “special case” programming is needed in phone lock software, which inevitably means more to go wrong with the part that implements the actual lock.

But functionality to check whether you’ve just dialled the three digits 112, 999, 000, 911, or some other well-known emergency number, and to update a digital clock once a minute, is a far cry from the feature set implemented by the average lockscreen app on a modern smartphone.

We’re no longer content to have our phones locked: we want them locked, except for a huge raft of features.

Indeed, our terminology even reflects that: we tend to say, “My phone’s at the lock screen,” not, “My phone’s locked.”

In truth, the phone isn’t locked at all – the lockscreen app typically requires and makes extensive use of access to the network and the filing system, plus the ability to interact fully with the user.

Worse, we’re not content with just seeing general information on our lockscreens, like the latest weather and news headlines, but are happy for our “locked” phones to continue disgorge information of a more personal nature, such as posts to your Facebook wall, Tweets we’re mentioned in, and more.

And heaven forfend that we ever have to fumble with the phone lock before we are able to snap a photo!

Apple addressed these issues in iOS 7 with what it describes as a feature, but that I consider a bad idea from the start. (Call me an old-school wowser. I can take it.)

It’s called Control Center, and it flies under the banner that “some things should only be a swipe away. And now they are.”

Control Center gives you quick access to the controls and apps you always seem to need right this second. Just swipe up from any screen — including the Lock screen — to do things like switch to Airplane mode, turn Wi-Fi on or off, or adjust the brightness of your display. You can even shine a light on things with a new flashlight. Never has one swipe given you so much control.

Sadly, that one swipe, combined with some dextrous fingerwork, gives videosdebarraquito so much control that he can access your photos via a backdoor entrance.

It seems he gets from the lock screen to the control center, from there to the alarm clock, and from there, by means of some deft fingerwork – described in his video as “double click on the home button, but the second click is slightly stretched” – into your photo gallery.

Now he can do whatever you could do with your photos if the phone were unlocked: look at them, delete them, upload them and post them on social networking sites.

Let’s hope that Apple fixes this bug quickly.

In the meantime:

• Reduce the functionality available from the iOS 7 lockscreen, notably turning off access to the control center.
• Don’t take photos of a genuinely personal or private nature on your phone. (Call me an old-school wowser. I can take it.)

Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/bCSmhecaKNI/

Rehtaeh Parsons committed suicide in April at the age of 17 after allegedly having been gang-raped by four boys in 2011.

A photo of the alleged attack went viral, leading Ms. Parsons, of Nova Scotia, to reportedly suffer unremitting cyber-harassment until she took her own life.

To add grievous insult to unspeakable injury, Ms. Parsons’s image was scraped by a Facebook advertiser and used to illustrate a dating ad.

The advertisement used the title “Find Love in Canada!” and referred users to ionechat.com. The site is no longer up.

The BBC reported on Wednesday that Facebook is now apologizing for the gaffe and has banned the company responsible for the ad from the site.

A spokesman for Facebook told the BBC that the advertiser’s account has also been deleted:

This is an extremely unfortunate example of an advertiser scraping an image from the internet and using it in their ad campaign.

This is a gross violation of our ad policies and we have removed the ad and permanently deleted the advertiser’s account.

We apologise for any harm this caused.

Ms. Parsons’s father, Glen Canning, discovered the offensive ad on Wednesday and wrote about it on Thursday in a blog posting titled “Possibly the worst Facebook ad ever“.

He wrote:

Perhaps it’s not the worst ad ever but certainly it’s the worst ad I will ever see. It’s bad enough my daughter Rehtaeh died following months of torment and that her sexual assault was immortalized with a photograph, but to see an ad on Facebook using her image is beyond words. What a sickening thing to do!

One of the first people to spot the ad, if not the first, was Andrew Ennals, whose Twitter feed shows him as a Toronto-based ad writer.

According to Ennals’s tweets, the incident doesn’t sound like a mistake, given that two separate photos of Ms. Parsons showed up in consecutive ads.

Could it have been done intentionally, as a marketing gimmick? Mr. Canning is not dismissing the possibility:

Once maybe, twice has to be intentional. I quickly thought of the marketing some pop stars do before they release a new song and how it’s believed even bad press is good press—so do something outrageous. Would someone do something like this for hits on a web site? Sure they would. It happens all the time.

We might never find out whether it was intentional or a horrific mistake. Mr. Canning’s sources informed him that the ad’s registrant is in Vietnam and that the site was hosted in the US.

He has also heard that a spokesperson from the dating site has apologized for the incident, along with Facebook, which removed the ad “with un-Facebook-like speed,” he wrote.

For the apologies and for Facebook’s rapid response, he is grateful.

Mr. Canning was also kind enough to leave us all with a takeaway that we, unfortunately, in the continuing litany of news reports about cyberbullying, bears reitrating, particularly when speaking to the young people who fall prey to fates like that of Ms. Parsons:

Sadly this is the reality of life online. Once an image is out there it’s out there forever. There’s nothing anyone can do but hope those who come across it will use it respectfully.

Follow @LisaVaas

Follow @NakedSecurity

Advert images courtesy of Glen Canning

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/NsKdbqFZJTI/

Supercharge your infrastructure

Scammers are punting a strain of ransomware that puts compromised PCs to work mining Bitcoins after blocking all other activity on infected Windows computers.

A new variant of the Reveton ransomware, spotted by researchers at Malwarebytes, locks a user out of their computer before running a Bitcoin miner. This means the criminals are no longer dependent on payment of the “ransom” to make a profit – hijacking a computer by itself will yield a return for the cybercrooks.

Reveton is a widespread piece of ransomware. Typically, it falsely accuses marks of downloading images of child abuse or downloading copyright-protected content before demanding a fine to unlock computers. Payment is normally requested in the form of an voucher from an anonymous prepaid cash service, such as Ukash or Paysafecard.

Internet pondlife have previously used ransomware to peddle survey scams and fake anti-virus products (“scareware“). Viewed in this contact, co-opting PCs compromised by ramsomware into Bitcoin mining botnets is the next logical step.

Making money mining Bitcoins for practical gain involves running arrays of GPUs solving the ever more complex algorithms needed to generate Bitcoins. Of course, if it’s not your own resource that’s been turned over to number crunching, this is less of a consideration. Perhaps crooks have realized that marks are dithering when it comes to caving into ransomware demands, and there’s profit to be made mined from their indecision.

“Ransomware is most commonly spread via drive-by downloads and Reveton especially has been seen working with some of the most notorious exploit kits available today,” writes Malwarebytes researcher Adam Kujawa in a blog post on the threat.

Kujawa advises consumers to update browser software and plug-ins to guard against the most common types of threat exploited by Reveton-peddling gangs. ®

Free ESG report : Seamless data management with Avere FXT

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/19/bitcoinmining_ransomware/

PORTLAND, OREGON — September 19, 2013 — Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, today announced the availability of Tripwire IP360trade version 7.2 featuring support for IPv6 vulnerability scanning, expanded integration services and additional SCAP functionality.

“IP360 has already proven itself to be a strong product in our portfolio, and it’s a crucial component of our expanding business,” noted Rod Murchison, vice president of product management and technology alliances at Tripwire. “Tripwire is committed to investing the resources necessary to continue providing our vulnerability management customers with world-class performance, manageability and scalability.”

As IPv6 proliferates throughout networks worldwide, it is increasingly important to identify assets utilizing IPv6 in order to discover their unique vulnerabilities and configurations in order to identify and mitigate IPv6. Tripwire IP360 now supports the discovery of IPv6 capable devices as well as their vulnerabilities and configurations, allowing customers to build vulnerability management into their IPv6 deployments at the start. Key features of the new version include:

Expanded IPv6 functionality including discovery of IPv6 devices within a specific IP range.

Improvements to IP360s comprehensive SCAP configuration scanning support including CCEs, CPEs and CVEs in CyberScope reporting.

Human-readable version of HTML SCAP report.

“While SCAP capabilities are required in the federal government, a narrow approach provides only limited benefits,” said Murchison. “Tripwire’s cross-product approach to the SCAP standard has already allowed us to deliver additional capabilities at a faster pace to more customers across the product line. We fully expect SCAP to be an integral standard for Tripwire moving forward.”

For more information about IP360 please visit http://www.tripwire.com/it-security-software/enterprise-vulnerability-management/tripwire-ip360/.

About Tripwire

Tripwire is a leading global provider of risk-based security and compliance management solutions, enabling enterprises, government agencies and service providers to effectively connect security to their business. Tripwire provides the broadest set of foundational security controls including security configuration management, vulnerability management, file integrity monitoring, log and event management. Tripwire solutions deliver unprecedented visibility, business context and security business intelligence allowing extended enterprises to protect sensitive data from breaches, vulnerabilities, and threats. Learn more at www.tripwire.com or follow us @TripwireInc on Twitter.

Article source: http://www.darkreading.com/vulnerability/tripwire-announces-expanded-ipv6-support/240161568

New data from the Anti-Phishing Working Group (APWG) shows more brands are being abused than ever in phishing campaigns while mass phishing attacks are on the decline.

The volume of mass phishing attacks dropped drastically in the first half of this year, from some 123,500 unique incidents in the second half of last year to 73,000 unique events this year between January and June. But that doesn’t really mean phishing is waning, according to the Anti-Phishing Working Group (APWG), which compiled the new data.

Click here for more articles from Dark Reading.
Click here to register to attend Interop.

“It’s kind of more of the same,” says Rod Rasmussen, a co-author of the APWG report and CTO of Internet Identity. “It’s more of a statistic oddity. The state of mass phishing is really pretty steady.”

The downward trend the first half of this year is mainly due to a decline in incidents of the hacking of shared virtual servers, a method phishers employ to hack into a hosting provider’s virtual server and get hundreds of domains via a single strike. “That was down a bit last year, so it creates this downward trend in overall numbers … Those [attacks] get shut down pretty quickly because they are very ‘loud,'” Rasmussen says.

Meanwhile, some 20 percent more brands were targeted by users in the first half of this year, while PayPal remains the number one phished brand with 18 percent of the attacks. There were 720 brands abused this year, half of which were targeted one- to three times, and 80 that were abused 100+ times a month. It’s all about opportunity, according to the new APWG report.

“There are a lot more targets, so overall, it’s bad,” Rasmussen says.

Phishers are trying different methods in their attacks, says Stephen Cobb, security evangelist for ESET. “The number of people willing to commit cybercrime is not going down. My sense is that it’s going up at this point in time,” Cobb says. It’s just that the phishers, like any attackers, are moving to other methods as defenders put in place mitigation methods to thwart them, he says.

The APWG report focuses on phishing attacks on the general public and doesn’t cover spear-phishing, one of the most prolific initial attack vectors in targeted attacks today. “Because
they involve a very small number of e-mail lures, and sometimes target company-internal
systems, spear-phishing attempts are generally not reported and it is unknown how many
take place,” the report says.

Jeff LoSapio, CEO of ThreatSim, a phishing training firm, says the numbers in the APWG report are more of a short-term dip. “If you look at the different long-term statistics they have, there have been dips before,” he says. “My analysis is the problem is getting worse” because phishing remains a popular form of cybercrime, he says.

Of the nearly 54,000 phishing domains the APWG found in the first half, phishers had registered some 12,713 of them, twice as many as they had registered last year. The APWG attributes that increase to a surge in domain registrations being executed by phishers in China. Nearly 70 percent of the registered phishing domains were set up to target Chinese users, and the domain names were purchased from Chinese and U.S. registrars.

“A large portion of phishing attacks used domain registration, hosting, and payment processing companies in different countries,” says Greg Aaron, co-author of the report and president of Illumintel. “As a result, everyone ended up losing–except the phishers. It’s a reminder that timely, international cooperation in the private sector is needed in order to combat e-crime.”

Hosting providers and domain registrars with weak security or that don’t keep close tabs on their systems or registrants continue to be targeted by phishers looking for an easy mark, the report says. Nearly 30 percent of all phishing attacks in the first half of 2013 were due to mass compromises of hosting providers, for example.

The full AWPG report is available here (PDF) for download.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/vulnerability/phishers-expand-brands-shift-gears/240161569

Microsoft will be one of the first companies to adopt emerging open protocols for intelligence threat-sharing—as part of its new intel-sharing forum for incident responders.

The software giant in July announced its MAPP for Responders program for incident responders such as CERTs, government entities, and private companies that includes its own intel-sharing mechanism. The company this week said its platform will be based on the Structured Threat Information eXpression, or STIX, open specification led by Mitre for expressing and specifying threat information, as well as the Trusted Automated eXchange of Indicator Information (TAXII), a Department of Homeland Security-led protocol for transporting the information.

STIX and TAXII are aimed at helping organizations details of attacks and threats with other firms using common formats and languages. When a company hit by a cyberattack shares some details of the attack with another firm today, it typically gives them a call or shoots them an email with some intelligence on the malware or other fingerprints of the attack. It’s then up to the recipient to manually translate that information into a format it can use to automatically protect itself from falling prey to that attack.

Jerry Bryant, senior security strategist lead for Microsoft Trustworthy Computing, says Microsoft’s intel-sharing platform is a Web-based service that will automate the sharing of threat intelligence in machine-readable format. It supports the STIX and TAXII specs, but can also support other formats for sharing as well.

“We have designed this platform to integrate into existing environments acting as an interchange point between both external and internal services and data formats. The platform enables real-time information sharing, and because the data is machine-readable, organizations can choose to automatically push the data into their network protection systems,” Bryant said in a blog post this week.

Microsoft will begin the program in a “limited” beta form, he says.

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/attacks-breaches/microsoft-adopts-open-specs-for-threat-i/240161570