STE WILLIAMS

According to a new report, referencing leaks from Edward Snowden, the National Security Agency (NSA) has been widely monitoring international banking and credit card transactions. The agency allegedly targeted customers of Visa Inc. as well as the Society for Worldwide Interbank Financial Telecommunication (SWIFT).

According to Germany’s Der Spiegel newspaper, information leaked by former NSA contractor Snowden shows that surveillance of financial transactions was carried out by a branch of the security agency known as “Follow The Money” (FTM).

The details of all the monitored transactions were then transferred to an NSA database called “Tracfin.” Snowden claims that in 2011 that database held 180 million records of which 84% were related to credit card transactions.

Der Spiegel alleges that the NSA targeted transactions in Europe, the Middle East and Africa to:

collect, parse and ingest transactional data for priority credit card associations, focusing on priority geographic regions.

In response to that allegation the newspaper quotes a Visa spokesperson who, “ruled out the possibility that data could be taken from company-run networks,” whilst Mashable has a quote from Visa security and privacy representative Rosetta Jones:

With respect to the claims in the Der Spiegel article, we are not aware of any unauthorized access into our network. Visa takes data security seriously and, in response to any attempted intrusion, we would pursue all available remedies to the fullest extent of the law. Further, it’s Visa’s policy to only provide transaction information in response to a subpoena or other valid legal process.

The NSA also spied on SWIFT, a network used by more than 10,000 banking institutions in over 200 countries. The system, used by the banks for sending transaction data in a secure manner, was spied upon on many levels according to the Der Spiegel report. One such way in which the NSA was accessing the information was described as reading “SWIFT printer traffic from numerous banks.”

“A deep invasion of privacy”

According to the documents there seemed to be at least some concern over the collection of such financial data.

The UK’s intelligence agency, GCHQ, queried the legal issues surrounding “financial data” and its own involvement in the program saying that, “The collection, storage and sharing of politically sensitive data is a deep invasion of privacy”, and involved “bulk data” full of “rich personal information,” much of which “is not about our targets.”

Whilst this news may be further confirmation that the NSA is involved in widespread spying, it is probably not a huge revelation to many.

In fact the real surprise may be that the Tracfin database ‘only’ stored 180 million records, considering that SWIFT itself processes over 15 million transactions every day.

The whole point of having an intelligence agency is to monitor the actions of potential enemies and the money trail is often a very good starting point for any investigation. It appears that this financial monitoring was almost exclusively targeting non-US citizens anyway so few, if any, domestic laws would have been broken.

Furthermore, the US Treasury already has an agreement with SWIFT which affords it consensual access to international transaction records, as confirmed by former Homeland Security chief Juan Zarate and SWIFT’s own CEO Leornard Schrank just a couple of months ago. This agreement is further backed up by a European treaty which came into effect on August 1, 2010.

Follow @Security_FAQs
Follow @NakedSecurity

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/iwBmcnnlN6o/

Imagine that you have a jailbreak for iOS 7 up your sleeve.

All you have to do is wait a while, until iOS 7 ships, and announce your jailbreak then.

You’ll soon be enjoying the adulation of the whole jailbreaking scene, a writeup on Naked Security, and the prospect of a job/lawsuit (or both!) with/against Apple.

Or you could try for $50,000 from HP instead.

That’s just part of the prize money that’s up for grabs at the second Pwn2Own competition of the year, Mobile Pwn2Own, announced last week by HP’s Zero Day Initiative.

We covered what you might call the regular-sized Pwn2Own earlier this year, from the announcement of its $500,000 in prize money to the day by day results.

The outcome was a series of victories for the hackers, with HP ultimately paying out $480,000.

(The official rules limited the payout for a particular target to the first to pwn it, but HP ended up agreeing to pay all four of the entrants who “popped” Java, at $20k, ahem, a pop.)

The mobile competition

The Mobile Pwn2Own won’t be pitting vendor against vendor, so it isn’t a question of Android versus Windows Phone, or Safari versus Chrome, or Blackberry versus Nokia, aka Microsoft.

Instead, the prize money is divided up by attack vector, based on how you break in:

• Via physical proximity (prize: $50k)

You can use a wireless or a wired attack, using one (or, presumably, more) of Bluetooth, Wi-Fi, USB or NFC.

A successful attack “must require little or no user interaction,” so a dialog such as the one iOS 7 will soon be popping up to inhibit rogue USB connections would be a satisfactory mitigation:

Earlier in the year, of course, researchers at showed at BlackHat how a booby-trapped iPhone charger could silently hijack your USB connection given the absence of such a pop-up warning.

• Mobile web browser (prize: $40k)

Some user interaction will no doubt be allowed here – someone has to decide to browse somewhere to get started, after all – but you won’t be allowed to assume the user will agree to or click on anything else.

There is no requirement in the rules for persistence, where the exploit remains active after the browser exits.

In any attack category, all you need to is one of the following: exfiltrate (i.e. steal and send to the outside world) information you aren’t supposed to get; silently make a long distance phone call; or eavesdrop a conversation.

→ The rules don’t say if “eavesropping a conversation” applies to cellular calls only, or even only to voice. If you are planning on eavesdropping to win a prize, you probably want to check in advance whether logging an instant messaging chat would count, or whether HP wants to see you listening in to phone calls made over the cellular voice network.

• Mobile Application/Operating System (prize: $40k)

Since each device will be in its default setup and configuration, with all available patches applied, you won’t be able to rely on third party apps that might or might not have been installed by the user, no matter how prevalent they might be.

• Messaging Services (prize: $70k)

You can attack by means of any of these: Short Message Service (SMS), Multimedia Messaging Service (MMS), or Commercial Mobile Alert System (CMAS).

The rules don’t say, but with “limited user interaction” permitted, it’s probably reasonable to assume that an attack can rely on users actually reading a booby-trapped message, but not on them following any instructions given in it.

• Baseband (prize: $100k)

Loosely put, the baseband is the part of a device that makes it a phone, or at least capable of connecting to a cellular network, so this vector of attack doesn’t apply to Wi-Fi only devices.

The value of this prize presumably reflects the comparative difficulty of coming up with a method to break in via the mobile network itself, rather than via USB cable or over the internet.

Choose your weapon

One you’ve picked your attack vector, you can choose to mount the attack using any one of an eclectic list of devices:

• Nokia Lumia 1020 running Windows Phone
• Microsoft Surface RT running Windows RT
• Samsung Galaxy S4 running Android
• Apple iPhone 5 running iOS
• Apple iPad Mini running iOS
• Google Nexus 4 running Android
• Google Nexus 7 running Android
• Google Nexus 10 running Android
• BlackBerry Z10 running BlackBerry 10

Entrants in each category go in to bat in randomly chosen order, designate the device on which they wish to mount their attack, and then have 30 minutes to pwn the chosen device via their chosen method.

The first to succeed in each category wins that category’s prize – and since there are five categories but nine devices, at least four devices will remain unowned.

What we may never know, if there’s a device (or an operating system) that no-one chooses for any attack, is whether it was avoided due to a lack of interest, or due to its recognised strength.

Pwn2Own, like many security tests, is good at telling you if a product has a security weakness, but doesn’t say much about each product’s strengths.

Oh, by the way, to enter, you need to be registered as a delegate at PacSec 2013 Conference in Tokyo, Japan, which takes place from 11-13 November 2013.

Follow @duckblog

NB. Yes, the organisers have thought about the effect that demonstrating telephony-related exploits might have on the real world. Any exploit attempts that use radio waves must “be completed within the provided RF [radio frequency] isolation enclosure.”

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/O7RpUo2byBw/

For the first time in a little over four months, Microsoft published an emergency advisory and Fix it for users of its Internet Explorer web browser.

Exploitation of Internet Explorer 8 and 9 has already been witnessed in the wild. That doesn’t necessarily mean that users of Internet Explorer 6, 7, 10 and 11 are safe however.

The only unaffected Windows platforms are the server platforms that ship with IE in restricted mode by default. If you have disabled the restricted mode, these may also be vulnerable.

The flaw is being referenced as CVE-2013-3893 and when exploited successfully results in remote code execution (RCE) as the logged in user.

This is one of the reasons we frequently advise users not to run as an administrator for everyday tasks like internet browsing.

If an attacker wants to inflict more serious damage he will need to also use a elevation of privilege (EoP) exploit to gain more access to the victim PC.

There are several different ways to protect yourself until an official fix from Microsoft becomes available.

For more advanced users and corporate IT managers you can use Microsoft EMET to mitigate exploitation of this flaw as recommended in Microsoft’s advisory 2887505.

For everyday Windows users Microsoft is also providing a “Fix it” download that changes your settings to provide protection until a permanent fix is available, but this only works in 32 bit versions of Internet Explorer.

My advice for non-corporate PCs is to simply use another browser until Microsoft is able to deliver a fix. There are many choices including Firefox, Chrome, Safari and Opera.

We will keep an eye out for any updates on this vulnerability and alert our readers as soon as a permanent fix is available. Typically Microsoft will release an update as soon as possible.

Follow @chetwisniewski

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/bEl5BhXg2ck/

Supercharge your infrastructure

Stepping outside its normal Patch Tuesday cycle, Microsoft has rolled out an emergency fix to an Internet Explorer bug that was under active malware attack.

This advisory provides access to “Fix it For Me”, with a more detailed outline of the CVE-2013-3893 vulnerability here. All versions of IE 6 to 10 are affected.

As Microsoft writes, the vulnerability “exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.”

The current temporary fix is designed to prevent exploitation of the bug, with a permanent fix presumably to follow. In this TechNet post, Microsoft’s Dustin Childs writes that IE users should take further action:

• Set Internet and local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting in these zones;
• Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and local intranet security zones.

Childs notes that both of these actions “may affect usability” and suggests adding trusted sites to the Internet Explorer Trusted zone.

Since the stopgap “Fix It” patch isn’t being rolled out automatically, users have to take their courage in their own hands and download it themselves. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/17/redmond_slips_out_emergency_ie_fix/

As enterprises continue to struggle with large-scale data breaches and quiet exfiltration of sensitive information from databases, database security experts warn of the big role that misconfigured databases play in these compromises.

“Almost all the data that gets stolen every year comes out of the database one way or another . Particularly if you are going to steal a lot of data at once,” says Josh Shaul, CTO of Application Security Inc. “The reason why people are able to steal a lot of data out of databases is because nobody really bothers to secure them; breaking into databases is so ridiculously easy. There are so few organizations that actually take the security of their databases seriously.”

And among the top elements that are either ignored or mishandled are database configurations, he says. Configuration issues are myriad for database systems. They can range from insecure default settings left unaltered to changes made by administrators that leave the database open to attack.

In the first category, default accounts still remain a big problem in enterprise database settings.

“We see them all over the place,” he says. “The databases all ship with default accounts and when you install applications on your database, they install default accounts too. All those default accounts have default passwords and all those default passwords are easy to find on the internet. So if you leave them in place it’s kind of like you’re leaving a window open into the database.”

[Do you see the perimeter half empty or half full? See Is The Perimeter Really Dead?.]

Similarly, most databases come out of the box with a smorgasboard of applications installed, many of which will be unnecessary to the organization—but each enterprise has its own needs so the list of extraneous apps varies by use case.

“We all talk about surface area in security. You want to cut down the surface area and give the hacker less area to go after. Well, if you’re in the database business, your goal is to put as mu h functionality into the database out of the box as possible—you want to make it easy for people to start up their apps, get them going , give them features they want,” Shaul says. “There’s so much stuff that just gets installed by default, including lots of functionality to access the operating system through the database.”

Even when not turned on by default, many potentially dangerous database features are ticking time bombs for misconfigurations should they be flipped on. For example, Shaul calls a certain TRUST_ALLCLNTS parameter in DB2 a security knifes-switch just waiting to stick enterprises where it hurts.

“If you turn TRUST_ALLCLNTS to yes, that turns off all authentication authorization of the database. I see people turn TRUST_ALLCLNTS on,” he says. “When you put features in your software—even if they’re stupid—people use the features in the software.”

According to Roxana Bradescu, senior director of security product management for Oracle, a lot of the database misconfiguration pain felt by organizations today stem from the fact that they’re still managing database configurations manually, typically using spreadsheets to track configurations.

“That’s how most organizations do it. They have to manually compare those spreadsheets, so someone is literally comparing one spreadsheet versus another,” she says. “It’s very time consuming, error prone and its very reactive.”

Without automation simply tracking configurations is hard enough. But then there is the issue of also keeping tabs on configuration dependencies. Understanding these dependencies are important for operational resiliency and forensics analysis.

“A lot of times having these configuration dependencies also allows you very valuable analysis in forensics after a potential breach or potential exfiltration to see exactly what other things may have been compromised,” Bradescu says.

But before even automating the tracking of configurations and their dependencies, organizations have got to have some kind of baseline to compare current configurations against. Without some standards, it is impossible to tell whether a configuration is right or wrong, secure or insecure. At the moment, the industry has two big standards most commonly used to develop database configuration baselines. One, the Defense Information Systems Agency Database Security Technical Implementation Guide (DISA STIG) is “pretty heavyweight” according to Shaul, and primarily used in the government defense space. The other is a standard from the Center of Internet Security, one that’s “pretty good but not rock-solid,” according to Shaul. According to Shaul, between the two standards probably only about 10 to 15 percent of organizations have adopted something, with perhaps another ten percent of organizations with their own internal standards.

“But that leaves you with 70 to 80 percent of organizations out there that don’t have a target,” he says. “And it’s so hard to hit a target when you don’t have a target. How do you ask people to go and set up a secure database when there is no definition for what that looks like?”

Bradescu is of a similar mind, explaining that the only way to prevent database configurations from drifting into insecurity over time is by creating a gold image for databases to compare configurations against.
“You probably are going to have multiple images for different types of databases,” she says. “They may be application specific, clusters versus single instance (and so on), but you want to be able to compare that configuration against the baseline, making sure throughout the lifecycle that the configuration stays consistent.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/database/database-misconfigurations-windows-to-vu/240161424

Supercharge your infrastructure

A second Mobile Pwn2Own hacking competition, in which experts discover and exploit security flaws in handhelds for prizes, will take place at the PacSec 2013 conference in Japan in November.

For many years, the original Pwn2Own contest has been held at the CanSecWest get-together in Vancouver every March. Like its older sibling, Mobile Pwn2Own is also partially backed by funds from HP’s Zero Day Initiative: $300,000 in prize money is up for grabs. Google’s Android Security Team and BlackBerry are also sponsoring the mobile shoot-out.

The competition later this year in Japan will focus on exploiting vulnerabilities in smartphones and tablets – unlike the original which most recently has restricted itself to assaulting web browsers, Adobe Flash, Java and similar software on PCs running Windows, Mac OS X and Linux.

The Mobile Pwn2Own prize money is divided up by attack type: exactly how contestants manage to digitally break into the devices matters rather than the model or platform. Hacks relying on physical proximity – for example, by exploiting Bluetooth, Wi-Fi, USB or NFC holes – stand to win $50k. A successful attack “must require little or no user interaction”, so attacks that involve tricking recipients into clicking on OK to install dodgy apps won’t cut it in this category.

Winning clever hacks that skewer gear via a web browser are worth up to $40k. Victory can be secured by crafting code that silently makes a long-distance phone call, eavesdrops on a conversation or extracts and uploads data to a remote server.

Mobile application or operating system hacks are eligible for a contest with a prize of $40k. Attacks on this category have to work against fully patched smartphones that aren’t running third-party apps.

More money, a prize of $70k, is offered for successful attacks on messaging services, such as SMS and MMS. Limited user interaction is allowed in this category so having a user open a message for an attack to activate will probably fit within this rule. Attempts to trick users into following a link to a dodgy website are almost certainly offside.

The most financially rewarding competition – with a tasty $100K in offer – is reserved for hacks against the baseband system of a smartphone: the actual electronics that do all the heavy lifting involved in the radio communications between the mobe and the network. Hacking a phone by sending it a string of signals that confuses or compromises the baseband chipset and software is ideal, for example.

“The value of this prize presumably reflects the comparative difficulty of coming up with a method to break in via the mobile network itself, rather than via USB cable or over the internet,” notes security market watcher Paul Ducklin in a post on Sophos’s Naked Security blog.

(Of course, the sums on offer here are not much compared to the amounts of cash highly sought-after zero-days vulnerabilities fetch on private exploit markets.)

Smartphones and tablets waiting to be pwned in this year’s competition include a Nokia Lumia 1020 handset running Windows Phone 8, a Microsoft Surface RT slab running the Windows 8 kernel, a Samsung Galaxy S4 running Android, an Apple iPhone 5 and an Apple iPad Mini running iOS, a Google Nexus 10 tab running Android, and a BlackBerry Z10 phone running BlackBerry OS 10.

There’s a draw for who gets to attack the targeted platform first. Entrants have 30 minutes to compromise the chosen device via their chosen method.

The first to succeed in each category wins that category’s prize as well as the kit they successfully hacked. With five categories and nine devices it’ll be interesting to see which platform is the most thrashed and which remains unscathed.

“What we may never know, if there’s a device (or an operating system) that no-one chooses for any attack, is whether it was avoided due to a lack of interest, or due to its recognised strength,” Ducklin adds. “Pwn2Own, like many security tests, is good at telling you if a product has a security weakness, but doesn’t say much about each product’s strengths.”

The competition, limited to conference delegates, will run at the PacSec 2013 Conference in Tokyo between 11 and 13 November. ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/17/mobile_pwn2wn_2013/

Supercharge your infrastructure

Security researchers have linked the “Hackers for hire” Hidden Lynx Group with a number of high-profile attacks, including an assault on net security firm Bit9, as well as the notorious Operation Aurora assault against Google and other hi-tech firms back in 2009.

Hidden Lynx is a sophisticated hacking group based in China and made of up of between 50 to 100 individuals, according to Symantec. The hackers provide “full service” as well as “customised” cyber-espionage attacks against corporate and government targets, claims the security firm. Its favoured tactics include compromising third-party sites frequented by individuals from targeted organisations with malicious code.

Such so-called watering hole attacks are an easier way to go after marks than hacking into the websites of defence contractors, government organisations and other targets directly. The group, which has operated for more than three years, has used zero-day exploits three times since 2011 alone, says Symantec.

The researchers believe the group compromised security firm Bit9’s digital code-signing certificate as part of a stepping-stone attack ultimately aimed at defence industry customers of the net security firm’s whitelisting technology.

Hidden Lynx also has affiliations to Operation Aurora, the 2009 mass break-in to more than 30 big technology companies, including Google and Adobe, the security firm claims.

“This group has a hunger and drive that surpass other well-known groups such as APT1/Comment Crew,” Symantec concludes in a blog post that praises the group for its “technical prowess”, resourcefulness and patience in running multiple attacks.

The group’s main targets include IT firms, defence and aeronautics contractors, energy sector, finance, healthcare and governments in multiple countries including the US, Taiwan and Japan. More than half the attacks linked to the group were thrown against US organisations.

Hidden Lynx “engage in a two-pronged strategy of mass exploitation and pay-to-order targeted attacks for intellectual property using two Trojans designed specifically for each purpose”, according to Symantec. Team Moudoor, a sub-group of Hidden Lynx, distributes Moudoor, a customised version of the “Gh0st RAT” Trojan, for large-scale campaigns.

Another sub-group, Team Naid, distributes the Naid Trojan, which appears to be reserved for more limited attacks against high value targets. Naid has been linked to the Bit9 incident.

More on Hidden Lynx (whose name is derived from a string found in command-and-control server communications) is available in a whitepaper published on Tuesday (PDF). ®

Supercharge your infrastructure

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/17/chinese_hackers4hire_crew/

<!– >> headline
deck –>

12 Must-Attend Interop Events
Interop New York is just around the corner. The show is packed with informative sessions and workshops. Here are a dozen to put on your schedule

<!–>> headline
blurb –>

Register For Interop New York 2013

Article source: http://www.darkreading.com/management/interop-new-york-2013-complete-coverage/240160627

A network scanner designed from scratch by three University of Michigan researchers can scan the entire IPv4 Internet in about 45 minutes, drastically reducing the speed at which such scans can be accomplished.

Announced at last month’s USENIX Security conference, the scanner, dubbed ZMap, uses a modular approach to scanning to speed the process, the pseudo-random selection of IP addresses to avoid overwhelming small networks and validation of the responses to by a separate system to verify the results. The researchers–Zakir Durumeric, Eric Wustrow, and J. Alex Halderman–used the scanner to track protocol use on the Internet, find systems vulnerable to HTTPS weak key flaw, and discovered unadvertised services. Without fast scans of the Internet, many types of research would be infeasible, says Durumeric, a PhD candidate in computer science at the University of Michigan.

“You can imagine that if you did your scans over three months and then did all the followup processing, the Internet could have grown, in terms of the use of certain protocols, by 10 percent,” Durumeric says. “So you have a whole new degree of specificity.”

The techniques combined to create ZMap are not all new, but have not before been brought together in a single program. In the same way that the Shodan service made the results of Internet scans more accessible, the ability to quickly perform customized scans the Internet will likely result in a “golden age” of vulnerability scanning, says HD Moore, chief research officer for Rapid7, a vulnerability management firm. Rather than waiting for days or weeks for scans to complete, researchers can do a lot more with fewer resources.

“It really shrinks the size of the Internet in a way that we couldn’t do before,” Moore says. “It’s not big data anymore.”

Network scanners were originally designed to scan small networks, keeping track of the current state of the scan as it progressed. However, when scanning a network the size of the Internet, the state data can grow too large for most systems, says Durumeric. To solve that problem, some scanning projects have broken up their scans into batches, scanning a complete subnetwork before moving onto the next subnet. Yet, if the scan is done quickly, it can overwhelm the provider with requests.

[Researchers and attackers catalog vulnerable systems connected to the Internet, from videoconferencing systems set to auto-answer, to open point-of-sale servers, to poorly configured database systems. See Global Scans Reveal Internet’s Insecurities In 2012.]

ZMap solves both problems by generating pseudo-random IP addresses using a particular method, known as multiplicative group of integers, so that each address appears only once. The process is broken into a fast engine for generating and sending the packets, and an asynchronous collector that receives the packets and logs the data. The state of each connection is not kept, Durumeric says. Instead, packets are matched by putting identifying data in the unused fields of the network packet.

“Really each of these packets is the same except for where it goes, so we don’t need to go through all these same validation steps,” he says. “We just need to update a small amount of information and send it on to the next host.”

While the three researchers from the University of Michigan have shortened the time it takes to do a scan, there bandwidth required to scan the entire Internet quickly will like limit such project to academic research groups and large corporations.

“When we say we are scanning at a gigabit speed, we are using an entire gigabit connection,” he says. “Most home users have one or two megabytes.”

Rapid7’s HD Moore had already begun working with the University of Michigan on a large-scale study using scans to find Web sites, Internet-connected servers and cloud services that link back to a business’s domain to help companies find unknown or rogue assets. Certificates used with secure services, for example, include the domain of the certificate holder, providing a link that the researchers can connect back to the firm.

“They all point to identifying assets out there that you may not know belongs to your company,” Moore says.

Looking for vulnerabilities is another fertile field. There is no shortage of vulnerable systems out there, says Moore. By using fast scanning to highlight the weaknesses before they can exploited by attackers, the Internet benefits as a whole, he says. Many ISPs distribute poorly configured routers, and Rapid7 and Moore have already highlighted problems in universal plug-and-play (UPNP) devices, such as routers, as well as insecure video conferencing systems.

The net benefit of fast scanning should be that more vulnerabilities will be detected and eliminated, because attackers have already been using botnets and other techniques to scan for vulnerable services in networks. The Carna botnet and the report on its scanning results showed the possibilities of illegal scanning projects. They could adopt ZMap’s techniques for scanning, but will not benefit from the technology as much as defenders, says Moore.

However, eventually the golden age of fast scanning will end. As IPv6 becomes increasingly deployed, scanning the entire network will become impossible. Even limiting scans to known assigned IPv6 addresses and using other information to attempt to identify hosts will not narrow the field much for researchers.

“With IPv6, if it’s not a published entry somewhere, you are not going to find it,” Moore says. “You have to send almost as much traffic to identify a single subnet as the entire IPv4 Internet. So the numbers are not going to work out.”

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

Article source: http://www.darkreading.com/vulnerability/fast-scanning-to-fuel-golden-age-of-glob/240161403

Free ESG report : Seamless data management with Avere FXT

A US-based chap has invented a gadget he’s calling a USB condom.

The prophylactic dongle is advanced as protection for the largely hypothetical problem of malware injection from fake USB chargers.

Such polluted ports come in two varieties. The first got an airing at Black Hat, where researchers demonstrated a USB charger that concealed malware-injecting mini computers. The demo imagines that villains would swap genuine chargers for their fakes and when unsuspecting punters seek some electrons they’ll instead get some malware.

Similar attacks have since been imagined in the public realm, where USB charging stations are becoming more prevalent. Your correspondent’s recent traversal of the new international terminal at Los Angeles Airport, for example, was made tolerable by the presence of USB ports nestled beneath hundreds of new seats in the waiting lounge. Various commentators have wondered out loud what would happen if such installations were subverted.

Enter the USB condom, devices that work by terminating the data pins in the USB cable while allowing only the power pins to connect through,” according to the inventor.

Giving the data pins a temporary vasectomy means even the fake chargers shown at Black Hat have no chance of sending so much as a single bit into a smartphone.

The design of the ‘USB Condom’

Announced late last week, the USB condom was promised to go on sale on September 16th, but a price is yet to materialise on the website of the company concerned. ®

Free ESG report : Seamless data management with Avere FXT

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/09/17/chap_unrolls_usb_condom_to_protect_against_viruses/