STE WILLIAMS

Up to 50 million customers of the Amazon-funded daily deals site LivingSocial are getting an apologetic email from CEO Tim O’Shaughnessy explaining that their information may have been stolen.

“LivingSocial recently experienced a cyber-attack on our computer systems that resulted in unauthorized access to some customer data from our servers. We are actively working with law enforcement to investigate this issue,” he writes in an email received by El Reg.

“The information accessed includes names, email addresses, date of birth for some users, and encrypted passwords – technically ‘hashed’ and ‘salted’ passwords. We never store passwords in plain text.”

At this stage, the company is saying that all credit card details for customers, and the financial accounts of operators that LivingSocial does deals with, are stored on a separate database and that this hasn’t been hacked.

Users are being asked to change their passwords and to ignore any emails claiming to be from LivingSocial that ask for financial information. Although the email doesn’t mention it, if your LivingSocial password was used for any other online accounts, then you’d be advised to change those, too.

It’s a nasty bit of Friday news for LivingSocial, which is facing a tough time convincing some that digital coupon-clipping is a viable business. Rival Groupon is clearing out its management team trying after seeing its stock price plummet post-IPO, and Amazon must be wondering if it’s going to get a return on the considerable investment it has made in LivingSocial. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/04/26/livingsocial_hacking_attack/

ATT is pushing into home automation and security with Digital Life, a new service rolling out across 15 cities, which should carve out yet another niche for the US telecom giant.

The initial sell for Digital Life is security, but the upsell is home automation, all managed through an ATT website and an ATT hub connected over customers’ existing broadband with a cellular backup. The intention is to make ATT the default option when it comes to the Internet of Things.

The trials took place in Dallas and Atlanta last year, but this year the service launches across 13 other cities too, and will be available in ATT’s high street stores as well as online. The service goes live today in Austin, Boulder, Chicago, Denver, Houston, Los Angeles, Miami, Philadelphia, Riverside (California), San Francisco, Seattle, St Louis, and parts of New York and New Jersey.

Customers pay an upfront installation fee ($150 security, $250 to add some automation) and a monthly fee ($30 or $40 respectively) with additional options such as water detection (to spot leaks) and additional cameras (to nab the chap stealing milk from the doorstep).

But it’s really about getting an ATT hub installed, so when the customer starts adding more connected things (we’re expecting 50 billion of them, or even 100 billion if one believes Microsoft) then those connected things will naturally end up routed their the ATT hub even if they’re not connected over the ATT network.

ATT is far from alone in hoping to become the default routing point. Smart electricity meters are packing Zigbee these days, along with routing aspirations, though some claim that the Internet of Things will be better served if each Thing has its own backhauled connection – such as that proposed by the White Space crowd, lurking in the background and mesh-ready at 915MHz.

The architecture of the Internet of Things will be critical to its adoption and our ability to control it. A customer-site hub, even one owned by ATT, could let homeowners control the flow of information from appliances, assuming one trusts ATT to manage that flow.

But that’s for the future. In monitored alarms ATT will have to go up against established players such as ADT, which dominates the monitored-security business. To combat that, ATT will likely promote the home-automation and future-proofing side of its offering, which is future-proofed as long as that future involves letting ATT manage one’s Digital Life. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/04/26/at_t_digital_life/

Infosec 2013 The UK government is hit by more than 33,000 pieces of malicious email a day, ranging from casual phishing to targeted espionage attacks.

Chloe Smith, minister for political and constitutional reform at the Cabinet Office, told delegates at the Infosecurity Europe conference on Wednesday that despite this onslaught cyber security represents an opportunity, as well as a threat, for UK plc.

“The UK has a history of being innovators in technology and in technical areas such as cryptography which is maintained to this day in our universities,” Smith said.

“We know how to implement this as our ongoing strengths here underpin our cutting-edge position in areas such as online commerce and banking. Undeniably, there is massive growth potential for UK businesses and innovators to do very well in the cyber security sector.”

There are around 2,380 UK companies in the cyber security sector, which equates to 21 per cent of all UK security companies. Information security firms have opened up 26,000 jobs, with collective sales estimated at £3.8bn – bringing in revenues from exports of £800m.

“Cyber security global growth is forecast over the next four years to be over twice that of the security sector as a whole, as economic constraints bite in traditional defence and security markets,” said Smith. “This is a growth sector and one which we should encourage and nurture.”

To promote the security sector, the UK’s Department of Business, Innovation and Skills has joined up with IT trade group Intellect to launch the Cyber Growth Partnership as a way of promoting further growth in the UK’s higher technology sector, and in particular helping start-ups and SMEs.

Smith went on to outline the threats the UK government itself faces, calling for collaboration between government agencies and private business in combating private and state-sponsored cyber-espionage, fraud and online disruption.

“On average over 33,000 malicious emails are blocked at the Gateway to the Government Secure Intranet every month,” Smith said. “These are likely to contain – or link to – sophisticated malware, often sent by highly capable cyber criminals and state-sponsored groups. A far greater number of malicious emails and spam, but less sophisticated emails and spam are blocked each month.”

Big as these numbers may seem, industry is by far the biggest victim of cyber threats, according to Smith. The UK government is launching security guidance and a voucher scheme for small businesses through the Technology Strategy Board. The voucher provides companies with a grant to work with outside consultants. The cyber security element of this scheme will fund 100 companies with Innovation Vouchers of up to £5,000 each.

The scheme is part of broader plans to make the UK one of the most secure places in the world to do online business and to make the UK more resilient to cyber-attacks.

“£650 million of investment over four years has been put in place in one of the tightest fiscal environments government has ever seen. This underlines the importance we place on cyber security,” Smith said.

Christopher Boyd, senior threat researcher at ThreatTrack Security, welcomed the voucher scheme as well as its support of university research programmes in cyber-security. “The government’s commitment to investing in cyber security research and skills in the UK is commendable,” Boyd said.

“Organisations including central government, large and small businesses and academia can only benefit from better insight into cyber security challenges, and the same market intelligence will only help breed the next generation of security countermeasures.”

Boyd continued: “The innovation voucher scheme is a prime example of this, helping small businesses to engage with UK security solution providers to develop bespoke and innovative solutions to emerging security problems.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/04/25/security_blitz_uk_business_op/

Infosec 2013 Trusteer is expanding from its speciality of providing transaction protection security to financial institutions with an enterprise-level product designed to guard against zero-day exploits and social engineering.

Unpatched application vulnerabilities in widely deployed endpoint applications (such as web browsers) can be given an extra line of defence using Trusteer Apex. Adobe Acrobat, Flash, Java and Microsoft Office can also be backstopped using the software. Apex is designed to defend against both malicious web pages and dodgy attachments in spear-phishing emails.

The technology works by associating what an application is doing with the application state. For example, Apex can detect that Internet Explorer is legitimately writing a new executable file to the file system during a software update.

If something appears to be going awry, Apex will automatically stop applications from performing sensitive operations while in an unknown application state.

This sounds a bit like app whitelisting from the likes of Bit9, but Trusteer reckons its approach is easier to manage and deploy.

Dana Tamir, director of product at Trusteer, said that the “controls we have today, which typically try to blacklist bad behaviour, are not able to stop APTs. Application control is stronger but there are management issues in complex enterprise environments.”

Apex features data exfiltration prevention (technology that prevents the extraction of data from compromised machines) as well as application exploit prevention.

Tamir added that Apex offered “stateful application control” that looked at the memory state and kernel process in play when a PDF file is opened, for example.

She said that Java exploits accounted for 98 per cent of the attacks blocked during trials of the technology. This covered not only browser-based hack attacks but malicious email attachments received by Microsoft Outlook clients, among other vectors.

Trusteer’s Apex package is one of many similar products unveiled at Infosecurity Europe that have been touted as a means to thwart Advanced Persistent Attacks (i.e. state sponsored cyber-espionage).

Trusteer’s Rapport transaction security technology is used by more than 150 financial institutions around the world to detect and block fraudulent transactions. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/04/24/trusteer_anti_apt/

Infosec 2013 Tibetan political campaigners targeted by mysterious smartphone-spying software. Eastern European governments’ mobiles allegedly snooped on by state-sponsored hackers. Malware feared injected into gadgets during customs inspections.

You’ve seen these headlines. And according to Kaspersky Lab’s senior malware analyst Denis Maslennikov, there will be more of the same.

In March, Tibetan activists were hit by a highly targeted form of Android malware that accessed their contacts, call logs, text messages, location data, and other information.

Maslennikov, speaking to El Reg, reckons this is nothing new in Android world: he said state-sponsored hackers, in a separate and earlier espionage campaign, infected droid-powered gadgets used by governments in Eastern Europe and beyond – in a spying operation codenamed Red October. Circumstantial evidence to back this claim is laid out in greater detail in this blog post by Kaspersky.

The AndroidOS-Chuli-A Trojan thrown against Tibetan protestors was “not that sophisticated for Android malware”, according to Maslennikov, who explained that by targeting smartphones, spies could swipe contact information from the device and its SIM card that would be hard to obtain with other techniques.

Maslennikov described last month’s Tibetan attack as a shape of things to come, rather than a one-off. Infiltration attempts using combinations of social engineering skills, zero-day vulnerabilities and exploits are more and more likely.

Meanwhile, the commercial FinFisher (AKA FinSpy) application, produced by Anglo-German firm Gamma International and marketed as a “lawful interception” suite, allows cops and spooks to infiltrate and monitor computers used by suspected criminals. It has reportedly been bought by state agencies in the Middle East and Southeast Asia to spy on human rights activists and other targets.

A recent report by security researchers from Privacy International details the discovery of a mobile phone version of FinSpy. This features GPS tracking, the ability to snoop on spoken conversations taking place close to the hacked handset, and the power to lift text messages from compromised smartphones.

Today, state-backed cyber-spies will “try to attack everything”, according to Maslennikov, who said that Mac computers were penetrated in order to snoop on Tibetan and Uyghur political activists. And it’s been widely suspected that smartphones passing through Chinese customs sometimes come out the other side with unwelcome extras.

“High-level attackers will target everything possible,” he added. “We must protect all kinds of devices. Please don’t think your smartphone or tablet is safer than your PC.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/04/24/kaspersky_mobile_malware_infosec/

Brits are taking serious security risks by continuing to use the same password for multiple websites, communications watchdog Ofcom warned today.

Worse still, the regulator – which published a report today based on a survey of 1,805 people aged 16 and over – found that a staggering one in four (26 per cent) UK adults used birthdays or names as passwords for access to online services.

Ofcom said that more than half (55 per cent) of its respondents confessed that they used the same password for most, if not all, websites. The watchdog noted that many had difficulties memorising passwords – a quarter of those surveyed said they had problems doing so. This could provide an explanation as

The same report found that adults were spending more time online with an average of 19 websites visited and 16.8 hours spent on the internet each week compared with 15.1 hours in 2011.

Meanwhile, more oldies are adopting social networking sites. Last year, 64 per cent of adults said they had a profile on Facebook or other social networks. The average number of a respondent’s “friends” on such sites was said to be 237.

Ofcom noted:

This growth has been driven by users aged 55-64, 35 per cent of whom now have profiles, compared to 24 per cent in 2011. There has been no significant growth among any other age group since 2011.

But trust in Facebook et al has plummeted, the watchdog said. It found that 43 per cent of respondents using social networks were wary of what they read and viewed on such sites. That compares with 35 per cent in 2011.

“This attitude is shown across almost all age groups,” said Ofcom.

Interestingly, three in four (75 per cent) smartphone users said they used a screen lock on their mobile devices, while 50 per cent said they had pin protection for their SIM card.

Elsewhere in its report, Ofcom noted that one in seven Brits did not have internet connections at home and had no plans to gain access to the service in the next 12 months.

The watchdog said:

This level of non-use is unchanged since 2011 (15 per cent in both 2011 and 2012). Those over 65 are the most likely not to have home access to the internet (56 per cent of 65-74s and 28 per cent of 75+ currently have internet access, compared to 79 per cent of all adults) and are more likely to say they do not intend to get access (38 per cent for 65-74s and 67 per cent among over-75s).

The reasons most often cited for not intending to get the internet continue to be ‘lack of interest’ (85 per cent), followed by cost (23 per cent) and reasons relating to ownership / availability, for example not having a computer (19 per cent).

Ofcom added in its report that adult internet users were increasingly adopting security methods with 62 per cent of respondents stating they had protected their Wi-Fi connections. But many Brits continue to expose themselves to having their online accounts hacked.

“While our research shows that some people are still taking security risks online, they clearly feel these are outweighed by the benefits that the internet brings,” said Ofcom director of research James Thickett. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/04/24/ofcom_online_passwords_security_risk/

A group calling itself the Syrian Electronic Army is claiming that it successfully hacked the official Twitter account of the Associated Press and is responsible for a tweet that briefly wiped billions off the Dow Jones Industrial Average on Tuesday.

The tweet, issued from AP’s main account, warned that there had been two explosions in the White House, one of which had injured Barrack Obama. The Dow dropped over 140 points on the news, before rebounding minutes later after the administration denied the story.

“The president is fine,” said White House spokesman Jay Carney at Tuesday afternoon’s press briefing. “I was just with him.”

AP has since confirmed that its account had been hacked. It has disabled its Twitter accounts for the time being and is warning people to disregard the earlier tweet and to be on their guard against further false messages.

The Syrian Electronic Army, a group of hackers who support the embattled president Assad in the long-running Syrian civil war, claimed responsibility for the attack. Over the last few days it has been targeting the Twitter accounts of Western media organizations and using them to spread misinformation and malware.

“AP Twitter feed was hacked today by the Syrian Electronic Army. SEA published a false news about an explosion in the whitehouse and Obama got injured. This small tweet created some chaos in the United States in addition to a decline in some U.S. stocks,” the group said on their website.

This isn’t the first time the stock market has got its panties in a bunch over misinformation released online. In 2008, Apple lost over 5 per cent of its value following a false report that Steve Jobs had suffered a heart attack.

But the speed of Tuesday’s drop has caused some to point the finger at the shadowy world of high-frequency traders (HFT), who now account for over 60 per cent of US stock market buy and sell orders. HFT systems will place millions of orders at a time to gain pennies from arbitrage on stock prices, and this type of trading is particularly vulnerable to spoofing.

“High-frequency traders cancel their orders on even one little tweet. They provide so much liquidity and don’t have obligations like market makers did in the past. We need other participants to make sure this kind of volatility doesn’t happen and we don’t [have them] anymore,” Dennis Dick, proprietary trader at Bright Trading LLC, told Reuters. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/04/23/hacked_ap_tweet_dow_decline/

Spooks carrying out state-sponsored cyber-espionage were responsible for one in five data breaches last year, researchers have claimed.

New statistics contained in Verizon’s Data Breach Investigation Report 2012 found that 19 per cent of all attacks were carried out by agents acting on behalf of their government. Researchers recorded more cyber-espionage incidents than ever before, although the majority of attacks were carried out by criminals looking to make money.

Bosses will be comforted by the finding that “external actors” were responsible for the majority of data breaches, with 92 per cent of all incidents involving an attack from someone working outside the the organisation.

Researchers examined more than 47,000 security incidents and 621 confirmed data breaches affecting international organisations from 27 countries, including government agencies, financial institutions and defence contractors. Since the first report was compiled nine years ago, boffins have pored over more than 2,500 data breaches.

The report, which was released today and covers 2012, said: “State-affiliated groups rise to the number two spot for the 2012 dataset … We saw a dip in financially motivated cases against small organizations in our dataset, and that dip allows other trends to become more pronounced. Furthermore, our own investigations comprised more espionage cases than any previous year.”

Financial organisations suffered the most attacks, accounting for 37 per cent of recorded data breaches. Just over half (52 per cent) of all breaches involved “some sort of hacking” while 76 per cent of “network intrusions involved exploiting weak or stolen credentials” – which basically means someone didn’t set up a decent password.

Some 21 percent of the attacks were carried out by state-affiliated hackers on espionage missions, 96 percent of which could be tracked back to China.

Organised crime was responsible for 55 percent of all breaches, with the majority of attacks coming from the US or Eastern Europe.

The report added: “More than half of all external breaches tie to organized criminal groups. This reflects the high prevalence of illicit activities associated with threat actors of this ilk, such as spamming, scamming, payment fraud, account takeovers and identity theft. For professional criminals, the “why” is simple and consistent—money . As economic and social activities continue to go online, criminals will follow in order to exploit the soaring amount of data that can all too easily be converted to cash.”

Jason Hart, cloud solutions veep at SafeNet, said the data demanded a new way of thinking about security.

He said: “Verizon can always be relied on to lift the lid on hackers’ motives and this new batch of data is shocking. While data breaches seem rampant, these results could trigger a real sea change in data protection strategies. Embracing a secure breach strategy renders lost or stolen worthless to the attacker, making the only serious mitigation of the threat to sensitive data held by enterprises and governments.” ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/04/23/spies_verizon_security/

Infosec 2013 Experts on both sides of the vendor-customer divide in the UK and a US cryptographer are at odds over whether or not security training is a waste of time.

American crypto guru Bruce Schneier says the fact that “we still have trouble teaching people to wash their hands” means the dosh splurged on staff training is likely better spent teaching developers to make more effective prevention tools.

The chief infosec officer at Rupert Murdoch’s News International, on the other hand, says a combination of training, “soft skills” and security kit can help organisations protect themselves.

Whether it makes sense to invest in training enterprise users to avoid security pratfalls has been a recurring topic at security recent conferences, such as RSA USA. Schneier, for one, reckons that “training users in security is generally a waste of time, and that the money can be spent better elsewhere”, such as security design.

‘Computer security is an abstract benefit that gets in the way of enjoying the internet’

Schneier draws an analogy between security awareness training and health education advice.

“We are forever trying to train people to have healthier lifestyles: eat better, exercise more, whatever,” Schneier writes in a wonderfully entertaining blog post.

“And people are forever ignoring the lessons. One basic reason is psychological: we just aren’t very good at trading off immediate gratification for long-term benefit. A healthier you is an abstract eventually; sitting in front of the television all afternoon with a McDonald’s Super Monster Meal sounds really good right now.”

“Similarly, computer security is an abstract benefit that gets in the way of enjoying the internet. Good practices might protect me from a theoretical attack at some time in the future, but they’re a lot of bother right now and I have more fun things to think about. This is the same trick Facebook uses to get people to give away their privacy; no one reads through new privacy policies; it’s much easier to just click “OK” and start chatting with your friends. In short: security is never salient.”

Schneier expands his ideas by looking at areas where awareness training or education initiatives work (driving, HIV prevention) and where they fail (training the general public to wash their hands, make drug decisions at a pharmacy, food safety).

He summarises the obstacles in the path of effective security training. “The threats change constantly, the likelihood of failure is low, and there is enough complexity that it’s hard for people to understand how to connect their behavior to eventual outcomes. So they turn to folk remedies that, while simple, don’t really address the threats.

“We should stop trying to teach expertise, and pick a few simple metaphors of security and train people to make decisions using those metaphors,” Schneier concludes, adding that another problem is that “computer security is often only as strong as the weakest link”.

“We should be designing systems that won’t let users choose lousy passwords and don’t care what links a user clicks on. We should be designing systems that conform to their folk beliefs of security, rather than forcing them to learn new ones.”

Security awareness education isn’t so much a waste of time as misdirected, according to Schneier. “We should be spending money on security training for developers. These are people who can be taught expertise in a fast-changing environment, and this is a situation where raising the average behavior increases the security of the overall system,” Schneier concludes.

NI security chief: ‘Techies tend to be more arrogant, perhaps more vulnerable…’

But Amar Singh, CISO of publisher News International and chair of the London Chapter ISACA Security Group, disagreed with Schneier’s assessment, describing security awareness training as a process of finding the “right balance between technology and people”.

“You can’t just say don’t open PDFs. Users must have ability to report spear phishing – and inform technical staff. I make the point of being known by people and not living in an ivory tower,” Singh said.

Conventional wisdom might suggest that the less able in any organisation are most in need in security awareness truing. However Singh said that the problem often lies elsewhere. “Techies tend to be more arrogant, and perhaps more vulnerable as a result,” he told El Reg.

“Security preparedness is a mixture of soft skills mixed with technical tools,” Singh concluded.

One of the firms providing technical tools in the area, PhishMe, will be talking about how what organisations can do to train their staff on how to recognise phishing scams and how to prevent them more generally at this year’s Infosecurity Europe show. PhishMe a provider of phishing awareness training is demonstrating its PhishMe Spear Phishing Simulator and its chief exec is making a presentation entitled Make your employees Mal-AWARE: How to implement a scalable behaviour modification program.

PhishMe’s chief executive officer and founder, Rohyt Belani, has been on the opposing side with Schneir and others during recent industry debates about security awareness training, something it prefers to refer as a “behaviour modification programme”.

Belani believes that educating staff on cyber security helps minimise the risk of employees falling victim to an attack. Office workers are receiving as many as 10 phishing emails every day. PhishMe throws simulated attacks at enterprise workers, providing a short (less than five minutes training video or clip) while recording metrics of the results of the exercise.

The bad grammar, mass mailed messages and random attacks that characterised phishing up to a few years ago have been replaced by far more plausible targeted attacks, sometimes put together after research and reconnaissance. “Training can limit damage if attacks occur,” Belani explained.

With six simulations the number of workers falling for phishing attacks, such as opening dodgy links, can be reduced down to 7 per cent. Further training sessions (which are not disciplinary in nature) can reduce this figure down to 3 per cent. “Behaviour modification training is not full proof but it offers an effective risk management approach,” he concluded. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/04/23/security_awareness_training/

The ability to identify common patterns in real-world attacks makes crowd-sourcing threat intelligence extremely useful, according to a study from security tools firm Imperva.

The report arrives just as a privacy row rages over the new Cyber Intelligence Sharing and Protection Act (CISPA) law in the US.

But the head of the security firm said the legislation could create several problems, not least of which was the equivalent of sticking a giant ‘Hack Me’ sign on the government’s info stores.

The US cybersecurity bill, which passed through the US House of Representatives last week, would allow the US government to share “cyber threat intelligence” with private-sector entities. Crucially, the proposed law would also allow the firms to share their customers’ web traffic information – among other things – with the Feds.

CISPA’s critics also argue that the law would create a mechanism for private businesses to share intelligence with government, including private data, without judicial oversight. Privacy activists are concerned that the risks of this massive trawling exercise more than outweigh security benefits. The bill has not yet passed through the Senate.

Amichai Shulman, CTO at Imperva, said that the policy would theoretically create more repositories of data for government to analyse but warned that the gathering of threat data would be accompanied by the potential risk of hacker attacks against the newly established info hubs. Shulman also spoke of the possibility of bureaucratic creep (ie, data on info hubs being used for purposes other than security analysis, Big Data number crunching) and said the info hubs were a potential target for attack.

While Shulman didn’t comment on the bill as it stands, he did insist that more information sharing needs to happen in order for defenders to stay abreast of security threats and that government involvement was a “broadly positive” development.

Stopping these assaults shouldn’t be rocket science

Imperva’s latest Hacker Intelligence Initiative report shows businesses can reduce risk by identifying and blocking attackers targeting multiple sources. The study analysed real-world attack traffic against 60 web applications between January and March 2013 to identify common attack patterns. Businesses can reduce the risk of successful attacks against their organisations by identifying and blocking attack sources, payloads and tools that are prevalent in targeting multiple websites.

The security firm said these attack sources – which can best be identified by analysing crowd-sourced attack data from a broader community – made up a disproportionate amount of the overall traffic against corporates.

Imperva researchers analysed the behaviour of the most common web application attacks (SQL injection, remote and local file inclusion, and comment spam attacks) over time and across targets, cross-referencing this data with the three most prevalent attack characteristics (attack source, payload, and tool), against known attack signatures.

The study – which covered data from the first three months of 2013 – revealed that several attacks are responsible for a disproportionate amount of attack traffic. Attacks targeted SQL injection attacks and RFI attacks were particularly prominent in the treat landscape.

Imperva argues that crowd sourcing and sharing information about attacks improves collective protection against large-scale attacks. Identifying a “noisy” attack source – an attacker, payload or tool that repeatedly attacks – is important.

“Our report shows that businesses can greatly reduce the number of successful attacks against their organisations by identifying and blocking attack sources that are known to target multiple sites or applications,” Shulman explained.

The full Imperva report, Get What You Give: The Value of Shared Threat Intelligence, can be found here.

The security tools firm launched the survey at the same time as it announced the addition of ThreatRadar Community Defense, a crowd-sourced threat intelligence service, to its SecureSphere 10.0 Web application firewall (WAF) platform. The service is designed to aggregate and validate attack data from WAFs to protect against hackers, automated clients, and zero-day attacks.

Shulman compared the service to the sharing of anti-malware intelligence between security researchers. He said Imperva’s service would create “actionable intelligence” broader than just IP addresses linked to attacks, providing early warnings about a spate of RFI-style attacks, for example. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2013/04/23/information_sharing_double_edged_sword/