STE WILLIAMS

Free whitepaper – SaaS data loss: The problem you didn’t know you had

The National Security Agency has defended its slurping of phone records and other business data on the grounds the information contained has helped it fight terrorism.

In a congressional hearing on cybersecurity and government surveillance on Tuesday, NSA Director General Keith Alexander said the NSA’s data slurping had let it avert terror attacks.

“It’s dozens of terrorist events that these have helped prevent,” Alexander said.

He said it was the NSA’s “intent” to get specific figures on the number of attacks prevent out in the next week.

The phone records were crucial for “disrupting or contributing to the disruption of terrorist attacks” both in the US and abroad, Alexander said,.

It was difficult to separate the importance of information gleaned from phone records, compared with that generated by trawling the online data of individuals, Alexander indicated. He stated that “these authorities complement each other” in reference to the NSA’s use of a variety of snooping methods.

The NSA chief’s comments follow a week of revelations about data collection and interception by the US government’s spy agencies. He was explicitly questioned by Senator Patrick Leahy about the NSA’s use of phone records in conducting investigations.

Great harm has already been done by opening this up, and the consequence is, I believe, that our security has been jeopardized. There is no doubt in my mind that we will lose capabilities as a result of this [disclosure]

Though NSA whistleblower Edward Snowden alleged he could wiretap Obama from his desk, Alexander said he knew of “no way to do that” when probed by congress.

Much of the hearing saw Alexander stress the legitimacy of the various spying programs, referring on multiple occasions to the unanimous support that the Patriot Act had received in the early 2000s. ®

Free whitepaper – Customer Success Testimonial: Recovery is Everything

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/12/nsa_snooping_terror/

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

June’s Black Tuesday patch update from Microsoft has rolled into town with five bulletins, including a solitary critical update that tackles flaws in all supported versions of Internet Explorer.

The IE update (MS13-047) grapples with 19 vulnerabilities and covers all versions of IE, from IE6 to IE10, on all supported versions of Windows, from XP to RT. It’s just the sort of thing that might be latched onto by hackers as part of drive-by-download attacks, based on malicious scripts on compromised websites, and therefore needs to be patched sooner rather than later.

The other four bulletins this week all cover lesser flaws, rated “important” by Microsoft. The most noteworthy of these is (MS13-051) which covers Microsoft Office 2003 on Windows and 2011 for Mac OS X and tackles a parsing vulnerability for the PNG graphic format that has already cropped up in a limited number of active attacks.

“The attack arrives in an Office document and is triggered when the user opens the document,” writes Wolfgang Kandek, CTO at cloud security firm Qualys. “Microsoft rates it only as ‘important’ because user interaction is required, but attackers have shown over and over that getting a user to open a file is quite straightforward.”

The remaining three “important” updates from Microsoft tackle an information disclosure vulnerability within the Windows kernel, a local privilege escalation vulnerability within the print spooler components in Windows, and a DoS problem in the TCP/IP stack of newer Windows systems. Taken altogether it’s a fairly quiet month.

Microsoft’s Patch Tuesday bulletin for June can be found here. A graphical overview from the SANS Institute’s Internet Storm Centre team can be found here.

June’s patch update from Microsoft omits to fix a recent 0-day vulnerability discovered by Google’s Tavis Ormandy. The 0-day vulnerability allows an attacker already on a Windows machine to gain admin privileges.

In related patching news, Adobe is pushing out an updated version of Flash (APSB13-16), that will be released to Google Chrome or Microsoft IE10 users via an automatic update. In other cases the cross-platform update – which covers versions of Flash Player on Windows, Macs and Linux as well as Android smartphones – will need to be applied separately.

Meanwhile server and datacentre admins would do well to pay attention to the release of a security bulletin from VMware, covering a vulnerability in handling file uploads by the vCenter Chargeback Manager that poses a remote code execution risk on unlatched systems.

Apple pushed out its own quarterly security fixes last week, with new version of Safari and Mac OS X addressing numerous critical vulnerabilities. These security updates are unrelated to the new versions of Mac OS X and Safari announced at this week’s WWDC in San Francisco, which will not be released for some time yet. ®

Free whitepaper – Cloud storage: Lower cost and increase uptime

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/12/ms_june_patch_tuesday/

Existing partners in the program include IBM, Splunk, HP, Symantec, Tibco, Lancope and LogRhythm, says NetworkWorld, while mobile device management partners include IBM, Citrix, AirWatch, Good, Mobile Iron, SAP and MaaS360.

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/12/cisco_hints_at_possible_new_security_standard/

Free whitepaper – What you need to know about cloud backup

The NSA’s much-discussed NSA’s PRISM initiative has attracted criticism galore from political activists, but now it has come up against serious opposition: a ticked-off designer offended by the poor quality of the NSA’s slideware.

The designer in question is Emiland De Cubber, whose a slideware professional who has declared the NSA “can do whatever you want with my data. But not with my eyes.”

De Cubber has a point: the PRISM slides are terrible, as typified by the one below.

He’s therefore done the NSA new deck. Here’s one example: a reconstruction of the slide above.

Emiland De Cubber’s alternative NSA slide deck

He’s even given PRISM a lovable logo and tagline.

PRISM seems much less threatening now!

It’s hard to fault De Cubber’s rework of the NSA’s deck. It’s also hard to imagine PRISM’s reported $20m budget being stretched to acquire his services: keeping up appearances may not be high on the NSA’s to-do list right now. ®

Free whitepaper – Cloud based data management

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/12/nsa_accused_of_crimes_against_slideware/

Free whitepaper – What you need to know about cloud backup

Australian online ticketing service Tickemaster has been hit by a phishing raid that has defeated Spam filters.

Several Reg readers report receiving multiple emails yesterday (Vulture South received nine), all purporting to report newly-purchased tickets.

The messages evaded Spam filters, although Gmail has since re-classified the mails as suspicious and is displaying a warning not to click on the links they contain. That’s a good thing, as the mails followed the phishing script by directing readers to places other than Ticketmaster’s real site where, one presumes, they would be asked to surrender personal details that would late be used to fleece them.

Ticketmaster has acknowledged the attack and advises recipients to delete the email. ®

Free whitepaper – Cloud based data management

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/11/ticketmaster_warns_phishers_using_tickets_as_bait/

Free whitepaper – What you need to know about cloud backup

Analysis PRISM, the top secret US National Security Agency web communications and user data collection program revealed by whistleblower Edward Snowden last Friday, and targeted on nine top US web service providers, would seem unlikely to be the total, tyrannical surveillance behemoth reporters first assumed.

That’s because its numbers, as published, just don’t add up.

The Guardian may also have missed a potentially significant scoop buried within the PRISM revelations – apparent confirmation that about the time in 2011 that Microsoft acquired Skype for $7bn, the U.S. government also acquired a back way in to the previously secure, complex and highly trusted peer-to-peer voice over IP system.

Analysis also suggests that the much more complex surveillance system that the Home Office wants installed in Britain using powers proposed in the now discredited draft Communications Data Bill (CDB) would be far more intrusive than PRISM.

PRISM intelligence collection, despite the hullabaloo, is phrased in terms of “requests” to be made to specified US service providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, and Apple. While the slides published by The Guardian do refer to “collection directly from the servers of these [companies]”, this appears to refer to links from NSA central systems to special company servers facilitating law enforcement or intelligence data queries, not to huge pipes into entire petabyte scale company databases.

The NSA has numerous other collection programs, including deep packet inspection (DPI) systems akin to those sought in the CDB. Some were planned in the late 1990s. These include the secret room installed in ATT’s internet exchange and peering point in downtown San Francisco and revealed by whistleblower Mark Klein in 2006. The San Fran secret room was fed by optical fibres spliced into most of the US west coast Internet backbone. These fed into high end DPI analysis equipment, whose output was presumed to be routed back to NSA.

The NSA also has access to global communications satellite traffic through a series of programmes and ground stations starting with ECHELON in 1968, and to global submarine cable traffic through interception points located at or near cable landing sites in the US, UK and other co-operating countries. A specially equipped nuclear submarine, the USS Jimmy Carter, carries cutting, tapping and interception systems to lie on the sea bed. The submarine has been in active service since 2005.

According to the “overview” slide, PRISM is “the SIGAD [Sigint Activity Designator] used most in NSA reporting” (emphasis in original). The PRISM collection program was also designated US-984XN, and is run by NSA’s “special source operations” office, whose logo sports a globe ensnared and held in the talons of the US eagle.

Top Secret, Special Intelligence, No Foreigners … well, except GCHQ probably

PRISM’s own widely displayed logo, a prism dispersing light into a spectrum, has been inferred by commentators to point to the separation of light carriers in optical transmission systems, and thus to hint at PRISM being associated with fibre level interception of Microsoft and other companies’ traffic. But this makes little sense, as immense cryptologic and analytic resources would have to be deployed at interception centres to decrypt and analyse SSL and other layers and to assemble messages from packets carried over divergent routes. They would cost much but deliver little actionable intelligence.

The better interpretation may be more banal. NSA’s codeword central office handed out the latest available batch of codewords, PRISM was selected, and a pretty logo designed to match.

PRISM’s reported costs are so small, it has to be mighty simple.

According to the 41 slide classified PRISM powerpoint prepared for NSA trainees and published by The Guardian, PRISM costs about $20m dollars a year. During 2012, the slides say, 24,005 NSA Sigint reports cited PRISM as a main source. The total number of such reports since the program started in 2007 is said to be 77,000.

Heavy duty sigint surveillance contractors – and the US has hundreds of them collecting and sifting the world’s communications – wouldn’t get out of bed for less than $100m. Want a decent collection system, a few bases, lots of custom signal processors, perhaps a space segment? You’re talking $$ billions. NSA’s overall budget is classified, but even excluding dedicated military services it is estimated to be more than $10bn.

In the world of global sigint, $20m is small change. The average cost of each PRISM derived report in 2012 would be $830. This average amount could be little more than agreed payments on agreed scales for the US companies to hand over agreed types of information in response to law enforcement requests, plus a contribution to maintaining specialised interface facilities.

More significantly, PRISM’s numbers are far smaller than some of the companies involved have already disclosed when revealing the number of US law enforcement or government disclosure requests they handle and pass through each year.

Microsoft says that during 2012, they processed 70,665 law enforcement and other government requests for information, mainly for United States agencies. They also admitted disclosing the content of Hotmail and other communications to law enforcement agencies in the United States in 1,544 cases.

Free whitepaper – Steps to Take Before Choosing a Business Continuity Partner

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/11/prism_numbers_not_adding_up/

Free whitepaper – Customer Success Testimonial: Recovery is Everything

Analysis A summit meeting between Chinese President Xi Jinping and US President Barack Obama last week due to tackle the issue of cyber espionage failed to result in any agreement, perhaps partially because it was overshadowed by controversy over the NSA’s controversial PRISM surveillance programme.

The meeting followed recent reports that Chinese hackers had stolen designs for more than two dozen US weapons systems as well as the latest allegations that the Chinese government was behind a series of cyberattacks on the campaigns of both Barack Obama and John McCain during the 2008 presidential election cycle. Chinese hackers allegedly gained access to campaign emails and numerous campaign files including policy position papers and travel plans, NBC News reports.

Obama officials and senior US politicians have consistently described the Chinese as the “world’s most active and persistent perpetrators of economic espionage” over recent months, claims routinely denied by Chinese officials. Both sides in what’s coming to resemble a cyber Cold War have gradually stepped up the rhetoric with Chinese officials recently claiming they held “mountains of data” about US generated cyber attacks against China.

The summit was expected to thrash out at least the beginning of an agreement on cybersecurity but in the end achieved no more than a bi-lateral agreement to phase down the consumption and production of hydrofluorocarbons (HFCs), an environmental issue. The two world leaders were also meant to be discussing North Korea and cyber-security, the main topic up for discussion highlighted in a pre-briefing.

In a press conference during the summit President Obama described talks between the two world leaders on the issue of cybersecurity as heading into “uncharted waters”, before going on to say that issues around the “NSA program” were different from issues about “theft and hacking”.

We haven’t had, yet, in-depth discussions about the cybersecurity issue. We’re speaking at the 40,000-foot level, and we’ll have more intensive discussions during this evening’s dinner. What both President Xi and I recognize is that because of these incredible advances in technology, that the issue of cybersecurity and the need for rules and common approaches to cybersecurity are going to be increasingly important as part of bilateral relationships and multilateral relationships.

In some ways, these are uncharted waters and you don’t have the kinds of protocols that have governed military issues, for example, and arms issues, where nations have a lot of experience in trying to negotiate what’s acceptable and what’s not. And it’s critical, as two of the largest economies and military powers in the world, that China and the United States arrive at a firm understanding of how we work together on these issues.

But I think it’s important, Julie, to get to the second part of your question, to distinguish between the deep concerns we have as a government around theft of intellectual property or hacking into systems that might disrupt those systems – whether it’s our financial systems, our critical infrastructure and so forth – versus some of the issues that have been raised around NSA programs.

When it comes to those cybersecurity issues like hacking or theft, those are not issues that are unique to the U.S.-China relationship. Those are issues that are of international concern. Oftentimes it’s non-state actors who are engaging in these issues as well. And we’re going to have to work very hard to build a system of defenses and protections, both in the private sector and in the public sector, even as we negotiate with other countries around setting up common rules of the road.

Greg Day, VP CTO for EMEA at FireEye, said the lack of an immediate agreement between the two leaders on cybersecurity was unsurprising – while welcoming the fact the issue was at least high on the political agenda.

“While it was certainly a good move for these two national leaders to begin talks on the subject of cybersecurity and cyber espionage, many people will undoubtedly be left feeling somewhat underwhelmed by the outcome,” Day said. “However, while a significant agreement was – perhaps unsurprisingly – not reached, it is important to maintain the lines of communication to prevent the accidental escalation of hostilities in cyberspace, especially since the level of ambiguity and misdirection is high in cyber conflicts.”

“Despite the lack of a public plan of action to reduce ongoing incidents and allegations of cyber espionage, we remain hopeful that meetings such as this will reduce the problem … Cyber conflicts are a global governance issue and [are] not a problem that can be resolved with bilateral talks between two countries. The number of countries and non-state groups with sophisticated offensive capabilities in cyberspace is growing at an alarming rate. So even if one or two countries decide to show restraint, it is difficult to see how that will result in fewer attacks on the US and other countries, given the global and highly distributed nature of the problem,” he added. ®

Free whitepaper – Steps to Take Before Choosing a Business Continuity Partner

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/11/obamaxi_presidential_summit_fails_to_make_much_progress_on_cybersecurity/

Free whitepaper – Customer Success Testimonial: Recovery is Everything

Forensic experts have testified to a military court that they traced breaches of the US government’s secret intelligence database back to Pfc Bradley Manning – who is on trial for leaking classified files to whistleblower website Wikileaks.

In written testimony, National Security Agency contractor Steven Buchanan said that computer audit logs showed that classified Intelink information was accessed by Manning in 2009 and 2010. He was traced by his username and network IP address, the court heard.

Manning is facing 21 charges, including aiding the enemy; the soldier denies the latter allegation but pleaded guilty to 10 charges of misusing and transmitting classified information.

The 25-year-old low-level intelligence analyst is into his second week before a court martial for providing more than 700,000 secret files to Wikileaks while serving in Iraq. The private first-class could face life in prison without parole if convicted.

He has defended his actions as those of a concerned citizen, claiming he released the dossier of diplomats’ sensitive memos and battlefield reports to Wikileaks to encourage debate about the US’ military and foreign policy. But the American government has claimed that his actions put lives at risk and threatened the country’s national security.

Another expert, David Shaver, also testified that large amounts of secret data were downloaded from Intelink onto Manning’s computer, but the private’s lawyer contested whether or not the prosecution could prove that Manning was the one who did the downloading.

Shaver admitted under questioning that officials didn’t know for certain that Manning was the one who conducted the searches for the data.

He also admitted that the software programmes used to get the data weren’t illegal. One of the programmes Manning was accused of illicitly adding to his computer was apparently used by everyone in the intelligence cell where he worked while another had not been outlawed by commanders.

Meanwhile, Wikileaks founder Julian Assange looks to have outstayed his welcome at the Ecuadorian embassy in London, where he has taken refuge for a year to avoid extradition to Sweden for questioning by cops investigating alleged sexual offences.

According to a report in the Independent on Sunday, Ana Alban, Ecuador’s ambassador to Britain, has been recalled for her failure to bring an amicable end to the standoff.

Alban is to be replaced with an ambassador who can bring an end to his stay, it is suggested. Ecuador is apparently desperate to figure out a friendly way to get Assange out of the embassy, where Ecuadorian sources say Blighty is quite happy to leave him alone.

At a meeting last week between Alban and Hugo Swire, the Foreign Office minister responsible for Latin America, Alban is said to have asked: “What are we going to do about the stone in the shoe?” To which Swire reportedly replied: “Not my stone, not my shoe.” ®

Free whitepaper – Steps to Take Before Choosing a Business Continuity Partner

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/11/experts_link_leaks_to_manning_computer/

Free whitepaper – What you need to know about cloud backup

Video Whistleblower Edward Snowden, who blew the lid off the US government’s massive internet surveillance project PRISM, has vanished from his Hong Kong hideout.

Word of his disappearance came as it emerged that the 29-year-old’s girlfriend is apparently a pole-dancing blogger who yesterday wrote: “Sometimes life doesn’t afford proper goodbyes.”

Snowden, a former CIA technician, leaked documents about the programme and gave interviews to reporters in a hotel in the Chinese territory – but he disappeared after checking out on Monday. He is thought to still be in Hong Kong, but his exact whereabouts are unknown.

The gutsy whistleblower, who told hacks he now fears for his life, hopes to find sanctuary in Iceland where one member of parliament has already promised to safeguard him – but it is not yet known how he will be able to use the country as a safe bolt-hole.

He chose Hong Kong as a safe haven, but one of its top politicians warned him that it was in his “best interests” to leave Hong Kong because the US has an extradition treaty that could have hauled him back home to face the music.

Regina Ip, chair of Hong Kong’s New People’s Party and former security secretary, warned that the country was “definitely not a safe harbour” for Snowden, which would be “obliged to comply with the terms of the extradition treaty”.

“It’s actually in his best interest to leave Hong Kong,” she said.

The ex-CIA bod revealed that the NSA’s snooping scheme PRISM allows spooks to request private and sensitive data from internet giants about their users’ online activities – from emails and chat logs to voice call data. America’s spymaster James Clapper has insisted PRISM is only used on foreigners, so that’s all right then.

When Snowden leaked the information to newspapers, he was working in Hawaii for Booz Allen Hamilton, a defence contractor hired for NSA work. Investigators are still scratching their heads about how the $200,000-a-year staffer managed to access information on PRISM: speaking to the Washington Post Joel Brenner, a former NSA inspector general, said a probe into the leak should focus on how the techie “had access to such a startling range of information”.

“The spy you want in an organization may not be the executive assistant to the secretary of state; it may be the guy in the bowels of the IT department because he has system-administrator privileges and because that person is also in a position to insert malware into your system to facilitate remote access,” Brenner added.

Although few details about Snowden’s private life have emerged, journalists have tracked down his parents to Pennsylvania, where they rebuffed questions. A statement from his family is expected to be issued today.

But the most eyebrow-raising glimpse into the life of the ballsy-geek-turned-deep-throat can be found on a blog titled L’s Journey, which is updated by a pole dancer named as Lindsay Mills: the 28-year-old exhibitionist circus performer and erotic dancer is understood to be his girlfriend, and is pictured in various states of undress.

She also describes life in Hawaii in purple prose; documenting the “adventures of a world-traveling, pole-dancing super hero”, it veers between erotica and a confessional diary. The couple have been together since 2009 after meeting in Japan and moved to the US island state together.

Below is a video of Miss Mills in action:

Snowden is not thought to have warned his girlfriend about his PRISM whistleblowing, which appears to have caught her by surprise. Her latest blog post, written on 10 June, stated:

For those of you that know me without my super-hero cape, you can probably understand why I’ll be refraining from blog posts for awhile. My world has opened and closed all at once. Leaving me lost at sea without a compass. Surely there will be villainous pirates, distracting mermaids, and tides of change in this new open water chapter of my journey. But at the moment all I can feel is alone. And for the first time in my life I feel strong enough to be on my own. Though I never imagined my hand would be so forced.

As I type this on my tear-streaked keyboard I’m reflecting on all the faces that have graced my path. The ones I laughed with. The ones I’ve held. The one I’ve grown to love the most. And the ones I never got to bid adieu. But sometimes life doesn’t afford proper goodbyes. In those unsure endings I find my strength, my true friends, and my heart’s song. A song that I thought had all but died away, when really it was softly singing all along. I don’t know what will happen from here. I don’t know how to feel normal. But I do know that I am loved, by myself and those around me. And no matter where my compass-less vessel will take me, that love will keep me buoyant.

For people with little tolerance for wordy bloggerese, there’s also a picture of her in just a bra and knickers while spinning a globe. One of the site’s most popular tags is “rear portaits”, which pulls up similar images.

The bespectacled whistleblower’s girlfriend is now considering closing her blog and social networking accounts after the world’s attention turned her way.

She tweeted:

To delete or not to delete. That is the question.

— Lsjourney (@lsjourneys) June 10, 2013

The blog generally focusses on stories of walking out into the wild and getting naked, or pole dancing with other circus performers.

There is however one depiction of an uncomfortable karaoke night she forced “E” to come along to, in a bid to prove to her friends that her partner actually existed. There is also a description of a fancy-dress party at which the nubile young dancer dressed up as a “super spy”.

While the apparently heartbroken poledancer has little to celebrate, aside from the lucrative book deals and photo-shoot offers that will inevitably come her way, any techie looking for a job in Hawaii has reason to be a bit happier.

Anyone looking for a sysadmin job on the islands is in luck, as Booz Allen are looking to fill a junior role in Honolulu that just opened up.

The job ad said: “Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

“Integrating the full range of consulting capabilities, Booz Allen is the one firm that helps clients solve their toughest problems, working by their side to help them achieve their missions. Booz Allen is committed to delivering results that endure.” ®

Free whitepaper – Steps to Take Before Choosing a Business Continuity Partner

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/11/nsa_surveillance_whistleblower_disappears/

Free whitepaper – Customer Success Testimonial: Recovery is Everything

The EU is pushing through a directive calling for harsher criminal penalties against convicted hackers.

The proposed rules (PDF) set a baseline sentence of two years’ imprisonment in cases where hacks are carried out with the intent to cause serious harm, involve circumventing security measures and where no attempt is made to notify website owners or other vulnerable parties about a security breach.

A draft of the paperwork was rubber-stamped last week by the EU Parliament’s Civil Liberties Committee ahead of a European Parliament vote on the plans, which is expected to take place in July.

Under the new directive, sentences would be increased to a starting point of five years’ imprisonment for cases involving attacks against critical infrastructure systems, such as power plants and transport networks.

Stricter sentences will also apply to offences linked to criminal organisations, or attacks which cause severe damage. Botnet herders and affiliated malware authors will face sentences starting at three years’ chokey, assuming the directive is accepted and incorporated into national laws. The directive allows flexibility in imposing more lenient sentences in less severe cases.

The rules cover “intentionally producing and selling tools used to commit” hacking offences while offering defences to cover penetration testing. There’s also some protections for whistleblowers.

Commentary on the directive can be found in a blog post by Sophos here. ®

Free whitepaper – Steps to Take Before Choosing a Business Continuity Partner

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/06/11/eu_cybercrime_directive/