STE WILLIAMS

Seoul to train 5,000 infosec pros

Agentless Backup is Not a Myth

The South Korean government is planning to train up 5,000 information security experts to address the growing threat from Pyongyang and a shortage of home-grown talent.

The science and technology ministry said that the shortfall of information security professionals in the country currently numbers 1,749, rising to an expected 2,144 next year, according to Wall Street Journal.


The government will therefore be co-ordinating an ambitious attempt to train up thousands of experts over the next couple of years to bulk out staff numbers of just 200 at present.

The ministry is apparently also forecasting that information security-related industry will be worth 10 trillion won (£5.9bn) by 2017 – double its current value.

Seoul has come under increasingly frequent and serious online attacks of late with defence minister Kim Kwan-jin claiming last month that its northern neighbour has a 3,000-strong army of highly trained hackers.

North Korea was blamed for attack back in March which disrupted the networks and websites of several broadcasters and banks.

Then, on the anniversary of the start of the Korean War on 25 June, DDoS and defacement attacks were launched at several high profile sites including the presidential Blue House, the prime minister’s office and some media companies.

Security vendor Symantec has attributed both to the “DarkSeoul” gang, a hacking group in operation for the past four years, although it claimed attribution to Norks was still difficult.

“Symantec expects the DarkSeoul attacks to continue and, regardless of whether the gang is working on behalf of North Korea or not, the attacks are both politically motivated and have the necessary financial support to continue acts of cyber-sabotage on organisations in South Korea,” it added in a blog post. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/09/south_korea_trains_5000_security_pros/

EMC gobbles access-control biz Aveksa? Computer says… yes

Agentless Backup is Not a Myth

EMC has acquired privately held Aveksa, which touts identity and access management technology to modest-sized businesses.

Financial terms of the deal, announced on Monday, were undisclosed. Aveksa – headquartered in Massachusetts but runs an office in Blighty’s capital – develops gear that allows companies to control access to particular applications: rights can be granted to groups or individuals without the need for a large corporate IT structure.


EMC’s existing RSA Security division provides similar technology alongside its core login tokens and associated technology for remote access to corporate applications and emails.

RSA’s offerings are much better known in the industry so what Aveksa adds to the party is a “unified dashboard to manage, control, and deliver access, while consistently enforcing identity and access policies across the enterprise and cloud”, we’re told.

A product shake-up of some sort seems likely even though EMC is keen to stress that technology from RSA and Aveksa will be complementary. “Aveksa and RSA together will align insight from roles, processes, and security-oriented big data to help enable better visibility, prioritization, detection and response to risk and real-time threats,” the bit-bucket overlord said. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/09/emc_buys_identity_management_firm/

Snowden’s Australian “revelations” are old news

Agentless Backup is Not a Myth

Edward Snowden’s leaks have alerted the world to a serious issue: the extent of government spying in societies that supposed themselves to be free. That does not, however, mean that every word he says to Glenn Greenwald is news.

Behind the start-struck reposting of whatever passes from Snowden to Greenwald is a lot of stuff that was already either on the record, or at least strongly suspected.


For example, there’s this story in the Sydney Morning Herald, “Snowden reveals Australia’s links to US spy web”.

A replay of an article in O Globo, the SMH piece tells us that Snowden has revealed that Pine Gap – more properly called the Joint Defence Facility Pine Gap – Darwin’s Shoal Bay Receiving Station, the Defence Satellite Communications Facility at Geraldton, and Canberra’s HMAS Harman communications facility.

“The US Australian Joint Defence Facility at Pine Gap near Alice Springs and three Australian Signals Directorate facilities: the Shoal Bay Receiving Station near Darwin, the Australian Defence Satellite Communications Facility at Geraldton and the naval communications station HMAS Harman outside Canberra are among contributors to the NSA’s collection program”, the newspaper states.

The problem Vulture South has with this wide-eyedness is simple: in three out of four of the above cases, the co-operation between Australia and the USA was well-known, and the facilities were already named as having an association with the National Security Agency.

Those three facilities are:

  • Pine Gap (discussed in detail by ex-NSA spook David Rosenberg in his 2011 book Inside Pine Gap: the spy who came in from the desert;
  • Shoal Bay and Geraldton, among a group of facilities associated by then DSD director Martin Brady in 1999 as sources of cooperative collection with the NSA in this article reposted from The Age.

Only HMAS Harman wasn’t already named in the press as an NSA source facility – and given its nature, it hardly rates as news. As for Pine Gap, the facility’s association with signals intelligence has been accepted for decades, not least thanks to the Midnight Oil 1982 song “The Power and the Passion‘s lyric “Flat chat, Pine Gap, in every home a Big Mac.”

Vulture South has followed Snowden’s story with interest, but also with growing irritation at what seems to be a stage-managed process: the leaker adds another “revelation”, Glenn Greenwald publishes it without checking whether it represents new information, and a thousand outlets churn the story without troubling Google. ®

Ensure Ease of Recovery with Asigra’s Agentless Software

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/09/pine_gap_is_an_nsa_station_write_the_book/

HP storage: more possible backdoors

Cloud storage: Lower cost and increase uptime

Technion, the blogger who recently turned up an undocumented back door in HP’s StoreOnce, has turned up similar issues in other HP products – publicised on support forums by the company, but unnoticed at the time.

According to his trawling of various HP support forums, he has told The Register there appear to be company support backdoors in the company’s StoreVirtual SAN products, based on the LeftHand operating system.


The hardware used to include a hard-reset button to set the factory defaults but this was removed as a security measure (that is, so insiders couldn’t give themselves admin privileges to hardware they shouldn’t access by resetting it). However, the solution seems to Technion no better: administrative password recovery is now carried out remotely by HP support.

That suggests the devices include an HP-accessible support account has been incorporated into the LeftHand 9.0 and higher code – and the accounts have existed since as far back as 2009.

As has been demonstrated many times over, any remotely-accessible login provides a potential attack vector, should the userid and password be discovered by attackers.

Both the support forum posts Technion identified (and contacted HP about) are unequivocal: lost admin passwords are resettable by HP. One, from November 2011, states: “You will need to call support and they can get into the backed and reset it for you. 1-800-633-3600 ‘Lefthand Solutions’”. The other, posted by a LeftHand product manager in 2009, states: “Call support. They can reset the password remotely.”

The Register contacted HP last week, and has today received this response: “HP takes seriously its responsibility of maintaining current security policies as a top priority for our customers. We are aware of a potential HP StoreVirtual security issue, and are actively working on a fix for our customers. Further information will be shared as soon as it is available.” ®

Magic Quadrant for Enterprise Backup/Recovery

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/09/hp_storage_more_possible_backdoors/

Snowden: US and Israel did create Stuxnet attack code

Agentless Backup is Not a Myth

NSA whistleblower Edward Snowden has confirmed that the Stuxnet malware used to attack Iranian nuclear facilities was created as part of a joint operation between the Israelis and the NSA’s Foreign Affairs Directorate (FAD).

“The NSA and Israel cowrote it,” he told Der Spiegel in an email interview conducted before he publicly outed himself as the NSA mole. Snowden is currently in Russia and a “free man” according to Vladimir Putin – as long as there are no further NSA leaks.


The Stuxnet code, which has been deployed since 2005, is thought to be the first malware aimed specifically at damaging specific physical infrastructure*, and was inserted into the computer networks of the Iranian nuclear fuel factory in Natanz shortly after it opened.

Early variants attempted to contaminate uranium supplies by interfering with the flow of gas to the fuel being processed, potentially causing explosive results in the processing factory. Later a more advanced variant attacked the centrifuges themselves, burning out motors by rapidly starting and stopping the units and contaminating fuel production, although it may actually have encouraged the Iranians.

Last year an unnamed US official said that Stuxnet was part of a program called Operation Olympic Games, started under President Bush and continued under the current administration, aimed at slowing down the Iranian nuclear effort without having to resort to risky airstrikes. General James Cartwright, a former vice-chairman of the Joint Chiefs of Staff, is currently under investigation by the US government for allegedly leaking details of Operation Olympic Games.

Don’t trust Europe or multinationals

Such international efforts are coordinated by the NSA’s Foreign Affairs Directorate (FAD), Snowden said.

The FAD has full cooperation with its so-called “Five Eye partners,” in the UK, Australia, New Zealand, and Canada, and these agencies are even better or worse (depending on your viewpoint) at collecting data. Typically, these countries practice “full take,” Snowden said, scooping every bit of data and storing it for later perusal.

“As a general rule, so long as you have any choice at all, you should never route through or peer with the UK under any circumstances,” he said. “Their fibers are radioactive, and even the Queen’s selfies to the pool boy get logged.”

Other European countries also work closely with the NSA, he said, describing the organization as “in bed together with the Germans.” Other countries don’t ask where the NSA’s data comes from, and the US returns that favor, to give politicians plausible deniability in the event of source disclosure, he explained.

Multinational companies also play the game, Snowden said, and cooperate with the NSA to enable the slurping of their customer’s data, although a few (unnamed) firms don’t submit their data to NSA inspection. “The NSA considers the identities of telecom collaborators to be the jewels in their crown of omniscience,” he said

“As a general rule, US-based multinationals should not be trusted until they prove otherwise,” he said. “This is sad, because they have the capability to provide the best and most trusted services in the world if they actually desire to do so.”

*Bootnote

There are unconfirmed reports that the CIA was using dodgy software as far back as the 1980s to cause problems with its then–enemy number one, the Soviet Union.

According to National Security Council staffer Thomas Reed, the CIA got wind that the Soviets were trying to steal industrial-control software for a new gas pipeline from a Canadian supplier. He claims the CIA installed a trojan into the Canadian firm’s software and allowed it to be purloined by the KGB.

“The pipeline software that was to run the pumps, turbines and valves was programmed to go haywire, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to the pipeline joints and welds,” he said. “The result was the most monumental non-nuclear explosion and fire ever seen from space.”

The report has never been officially confirmed, although the CIA has said that it introduced numerous dodgy technologies to the Soviets, including that “flawed turbines were installed on a gas pipeline.”

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/08/snowden_us_israel_stuxnet/

15 MILLION dodgy login attempts spaffed all over Nintendo loyalists

Agentless Backup is Not a Myth

Hackers broke into 24,000 Club Nintendo accounts after pummelling the loyalty-reward website in a month-long assault.

The games console titan revealed that the sustained brute-force attack exposed the names, addresses, phone numbers and other personal details of thousands of its customers.


Nintendo has reset a number of passwords as a first step towards resolving the problem. Hackers began probing Ninty’s network on 9 June, but their volleys were only detected nearly a month later – on 2 July.

An investigation subsequently uncovered evidence of more than 23,926 unauthorised but successful logins. Nearly 15.5 million logins were attempted during the cyber-battering, The Japan Times reports.

Club Nintendo allows players to gain points by purchasing games or consoles. These points can be redeemed for goods such as CDs, and it is likely that this is what motivated the attack. The console maker is promising to beef up security in the wake of the assault, one among a growing list of security incidents involving video gaming firms.

A Nintendo representative told gaming news site Computer and Video Games that only users in the Wii maker’s home turf of Japan were affected.

Last week games publisher Ubisoft announced that in had fallen victim to a hack attack, prompting a decision to force a reset of customers’ uPlay passwords. Neither the Ubisoft nor the Nintendo breaches involved financial records.

Both were on a much smaller scale than the infamous PlayStation Network breach of April 2011, which led to the suspected compromise of 77 million accounts. PSN was taken offline for more than a month to sort out the resulting mess, the worst of its kind in history. ®

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/08/nintendo_brute_force_attack/

US public hate Snowden

Agentless Backup is Not a Myth

The American public is turning against NSA leaker Edward Snowden, with increasing numbers of people now believing he was wrong to reveal details of secret US government surveillance, a survey has found.

But you shouldn’t feel too sad for the geeky whistleblower, because sexpot Russian spy Anna Chapman has said she would happily have his babies.


Snowden is still hiding out in a Moscow airport, evading the attentions of US spooks who want to drag him back to the States to face espionage charges.

Yougov has conducted regular polls of public opinion ever since the PRISM story broke, surveying 1,000 people to gauge the mood of the nation. When Snowden first told the world about the NSA’s spooky digital surveillance tool, American public opinion was evenly split between those who thought he had done the right thing and those who thought he should be strung up.

Now the Snowden haters are in the ascendancy, with 43 percent of Americans saying they have an unfavourable view of the whistleblower, and 36 percent in favour. On June 17, just after the PRISM story broke, 40 percent agreed with Snowden’s actions and 39 percent disagreed.

Increasing numbers of people also want to see him face trial, up to 34 percent from 27 percent just after the first reports about the leak.

Older people are particularly angry at the former IT worker, with 57 percent holding a negative view of him.

But despite being angry about the PRISM leaks, Americans are still nervous about NSA spooks.

Yougov said:

“Despite the changing opinion of Snowden, Americans remain opposed to the NSA’s activities. By 55% to 28%, they say the surveillance was an unnecessary intrusion into American lives. They remain divided on whether the surveillance has prevented terrorist attacks. And they continue to believe that the NSA, despite its claims to the contrary, has listened in on the conversations of Americans.”

He may be unpopular at home, but Snowden should take some comfort from a few fruity tweets from the world’s sexiest spy, Anna Chapman, who shot to fame for being the only member of a Russian spy ring unmasked in 2010 who was even passably attractive. El Reg’s favourite spook was thrown out of America along with nine other Russian agents when she was exposed as deep cover femme fatale who planned to seduce a senator and pump him dry (of secrets).

Since being packed off back to the motherland, she has carved out a career as a lingerie model and even tried to get a gig designing outfits for cosmonauts. Now she’s hoping to draw Edward Snowden into her honeypot.

She sent the following tweets last week:

She was then contacted by an account called @NSA, which is a fake account taking the mickey out of the American spooks, to which she replied:

There’s no word on what Snowden’s poledancing blogger girlfriend Lindsay Mills has to say about Chapman’s attempt to steal her man. Your humble reporter recently had the unenviable task of rooting through her blog, which showed her love for turgid prose was matched only by her passion for skimpy outfits.

The page, L’s Journey, has now been taken down and its author has gone to ground. Before Snowden disappeared, it featured interminable personal reminiscences written in painfully prolix blogger-ese. Oh, and dozens of images of images of the exhibitionist dancer prancing around in her underwear or simply wearing nothing at all.

The fugitive Snowden is probably not prioritising his romantic affairs at the moment, however, as he seeks to stay out of the clutches of the US government.

Meanwhile in old Blighty, privacy advocates have submitted complaints to the Investigatory Powers Tribunal, the oversight body tasked with making sure that cops, spooks and others do not abuse their powers to conduct surveillance on UK citizens. The campaigners say that Snowden’s revelations show that British spooks have cooperated with American ones to evade restrictions on what information they are allowed to collect on their own citizens. ®

Agentless Backup is Not a Myth

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/08/chin_up_edward_snowden_the_american_public_hates_you_but_sexy_spy_anna_chapman_loves_you/

The Three Amigos offer sanctuary to cornered NSA leaker Snowden

Agentless Backup is Not a Myth

NSA contractor-turned-surveillance-whistleblower Edward Snowden has been offered asylum in three Latin American countries.

Support for Snowden among a coalition of left-leaning governments in Latin America has hardened after a high-profile incident last week when an aircraft carrying Bolivian President Evo Morales was obliged to make an unscheduled stop in Vienna after France, Portugal and Spain denied the flight permission to fly through their respective airspaces.


The European countries were acting on suspicions that Snowden might have hitched a ride on the Bolivian president’s private jet, which was returning from an energy conference in Moscow.

Bolivian officials denounced the search of the presidential jet as an infringement on Bolivia’s sovereignty and even compared it to an abduction or a hijacking, in statements preceding an emergency meeting of the Union of South American Nations (UNASUR) on July 4 to discuss the issue.

Nicaragua, Venezuela and Bolivia all said they would grant asylum to Snowden. Venezuela remains Snowden’s most likely prospect since Ecuador cooled on his application. A bid to grant him Icelandic citizenship received a knockback from politicians in Iceland last week.

Even if one of these Spanish-speaking South American countries come through then Snowden is still left with the tricky business of reaching Latin America without traveling through the airspace of either the US or one of its allies.

As if his asylum worries weren’t enough, Snowden received an unsolicited marriage proposal from former spy Anna Chapman last week. However, Russian authorities appear to be keen to see him on his way after he turned down an offer from Russian president Vladimir Putin for asylum, on the grounds that it came with the condition that he abandon any plans to leak further material on the US’s extensive and controversial eavesdropping programmes.

Alexei Pushkov, chairman of the Russian parliament’s foreign affairs committee, said: “Asylum for Snowden in Venezuela would be the best solution,” in a social media update, The Guardian reports.

The whistleblower travelled from Hong Kong to Moscow on 23 June and has since been in legal limbo without a valid passport or travel document. US authorities cancelled Snowden’s passport shortly before his departure from Hong Kong at around the same time an extradition request was filed. Snowden faces charges of espionage and theft of government property in the US.

Snowden is supposedly stranded in the transit area of Moscow’s Sheremetyevo airport, where he’s mysteriously escaped anyone spotting him for more than two weeks. Some suspect he’s actually in an FSB safe house, while the Daily Mail (never a fan of asylum seekers) speculates that Snowden is actually staying in a nearby luxury hotel. ®

Agentless Backup is Not a Myth

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/08/snowden_asylum_offers/

Chinese mobe fandroids: Got a virus? Better blame the government

Agentless Backup is Not a Myth

The variety of mobile malware in China has skyrocketed 2,500 per cent since 2011, with more than 160,000 samples logged last year.

China’s National Computer Network Emergency Response Technical Team logged 162,981 mobile malware instances in 2012, 25 times as many as in 2011, China Daily reports. As elsewhere, the vast majority (82.5 per cent) of these nasties targeted Android devices.

Many of these malicious applications were distributed through unofficial app stores or other online forums, Zhou Yonglin, a department head at NCNERTT, told a national conference on network security.

China’s NCNERTT also found that more than 16,388 Chinese websites had been hacked in 2012, up 6.1 per cent year-on-year. More than 52,000 malware-infected websites were detected last year. Astonishingly, this figure includes more than 3,000 government websites. ®

Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/08/android_malware_epidemic_hits_china/

Microsoft offloads heap of critical fixes in ‘ugly’ Patch Tuesday

SaaS data loss: The problem you didn’t know you had

Microsoft is planning a high-impact edition of Patch Tuesday with seven bulletins this month – six of which cover critical flaws.

The less-than-magnificent seven cover all supported versions of Windows and every version of MS Office, as well as updates for Lync, Silverlight, Visual Studio and .NET. Internet Explorer, from IE6 on Windows XP to IE10 on Windows 8, and also on Windows RT, needs patching because of a critical vulnerability.


“This is one of the uglier releases we’ve seen from Microsoft this year,” notes Paul Henry, security and forensic analyst at security tools firm Lumension. “To say that all Microsoft products are affected and everything is affected critically is not an understatement. It’s difficult to prioritize one or two because all the bulletins are significant this Patch Tuesday.”

Details, as usual, have been withheld until the release of security updates next week but we do know that all six of the bulletins cover remote code injection risks – the worst class of vulnerability.

“It’s going to be a busy month for security teams everywhere,” said Ross Barrett, senior manager of security engineering at Rapid7. “Three of the bulletins roughly match the profile of the issue Google’s Tavis Ormandy disclosed back in May, and given the publicity that got, I’d expect it to be patched in this round.”

Ormandy’s discovery involved a memory management problem in the win32k.sys component of Windows (CVE-2013-3660).

Wolfgang Kandek, CTO at cloud security firm Qualys, said that the IE vulnerabilities, together with the a remote code execution flaw in Windows, Office and Lync, need prioritising during the upcoming security triage process.

Lumension’s Henry also noted that July’s batch will bring the total of critical bulletins so far during 2013 to 22. This represents a faster run rate than 2012, during which Redmond’s security gnomes released 34 critical bulletins in total. ®

Cloud storage: Lower cost and increase uptime

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/07/05/ms_july_2013_patch_tuesday_prealert/