God defend me from my friends – from my enemies I can defend myself
by Michael Smith
A private intelligence company has been engaged by police in Australia to secretly monitor internet and email use by activist and protest groups, according to a report.
The company was hired by Victorian Police, the Australian Federal Police and the federal Attorney-General's department to monitor and report on the internet activities of anti-war campaigners, animal rights activists, environmental campaigners, and other protest groups.
The Melbourne-based firm has for the past five years monitored websites, online chat rooms, social networking sites, email lists and bulletin boards, so says the report, and has gathered intelligence on planned protests and other activities, and even though many, if not even the majority, of those on the watch list have broken no laws.
Welcome to the fascist Dominion of Australia. Then again, it would appear that the mother country, Britain, is headed the same way, with the security services running roughshod over all civil liberties possible. Is this a sign of things to come?
This private intelligence company has also prepared threat assessments and intelligence reports for government agencies that included material from media reports, speeches, academic journals and publicly available company data, but no private correspondence, so it is claimed, was monitored.
As to the latter I would, personally, be very dubious. If they go as far as they have gone the chances are that they may have gone further still but that this is more secret than other things.
The company was not named at the request of its management for fear extremists may target the firm.
The news comes a month after Victorian police were found to have targeted community and activist groups in a long-running covert operation.
So much for the claims of freedom and liberties in Australia. If that is freedom and liberty then I would not want to see what happens should they change tack.
There is one difference between Australia and the UK and that is that in Australia it seems to be easier to find out those things that the services are up to compared to the UK. In the latter place the law and the culture of secrecy makes getting such information very difficult indeed, despite of the “Freedom of Information Act” and if they can claim that they are monitoring suspected terrorists then, well, no chance of getting info and anything that ends up leaked and then published could get one killed.
© M Smith (Veshengro), November 2008
God defend me from my friends – from my enemies I can defend myself
By Michael Smith
Because of a law that requires all “online publications” to be registered and licensed, a law which has already in effect since 2001, all Blogs in Italy could theoretically be against the law. Many Blogs will face closure.
The law requiring all “online publications, to be registered in advance did not seem to bother anyone in 2001 – I mean how many Blogs were there in those days. In Italy a license is required to follow the calling of a journalist, whether in normal publications of on the Internet.
Now an Italian judge more or less declared the Internet and all Internet activity illegal for Italians. Obviously his Lavazza did not agree with him that morning.
When this law came into effect originally no one really bothered and the Italian media was generally happy about this as it could mean that online publications would be restricted to a level that was manageable.
All publications were required to register in Italy and be licensed and hence no one really was too concerned about this also being applied to online publications of which there were not all that many in those days.
With Blogs now the scene has changed. The number of Bloggers in Italy, as elsewhere, has skyrocketed and Bloggers, like everywhere, also in Italy reported and report material that many newspapers are not willing to publish.
The entire thing did not seem to be a problem until recently when now already the seciond Blogger in Italy is on trial because of violation of the law that requires the registration and licensing of an online publication.
The story begins back in May, when a judge in Modica (in Sicily) found local historian and author Carlo Ruta guilty of the crime of "stampa clandestina" – or publishing a "clandestine" newspaper – in respect of his Blog. The judge ruled that since the Blog had a headline it an online newspaper, and hence brought it within remit of the law.
The penalties for this crime are not to be laughed at either. It is a fine of 250 Euros (this is not directly much) or a prison sentence of up to two years. The Blogger in question was fined and ordered to take down his site, which has now been replaced by a blank page, headed "Site under construction", and a link directing surfers to his new site. While this is hardly serious stuff and one should think that the Italian authorities had more to worry about than Blogger (how about the Mafia for a change?) with the exception that this Blogger now has a criminal record, and his original site has disappeared.
The offence has its origins in 1948, when in apparent contradiction of Article 21 of the Italian Constitution guaranteeing the right to free expression, a law was passed requiring publishers to register officially before setting up a new publication. The intention, in the immediate aftermath of Fascism, may have been to regulate partisan and extremist publications. The effect was to introduce into Italian society a highly centrist and bureaucratic approach to freedom of the Press.
In an attempt, supposedly, to fight against Fascism Italy contravened its own constitution and made fascist laws. Brilliant.
A further twist to this tale took place in 2001, with the realisation that existing laws were inadequate to deal with the internet. Instead of liberalising, the Italian Government sought to bring the internet into the same framework as traditional print media. Law 62, passed in March 2001, introduces the concept of "stampa clandestina" to the internet, and this now makes most Blogs a clandestine publication. Doh?
Maybe, as regards to Blogger Carlo Ruta it must be noted that in his Blog he wrote about the connections between the Mafia and members of the government. Always a problematic subject in Italy and one that has gotten many a journalist killed by now.
Now Italian Bloggers are up in arms at a court ruling early this year that suggests almost all Italian Blogs are illegal. And in November 2008, a senior Italian politician took this entire thing just one step further, by suggesting and warning that most Internet activity is likely to be against the law. Pardon?
Since the first incident in May, a Calabrian journalist and Blogger, Antonino Monteleone, has also fallen foul of local magistrates, suggesting that the link between the Mafia issue is a very valid one. In other words it is the judges, in the pay of the Mafia (now there is a surprise – NOT) and/or the politicians that are in the same category, that use laws as it suits them to sielence those that dig too deep into the relations between the Mob and the government, whether local or central.
Nevertheless this is still something that must be watched for we never know how the European Union suddenly will stand to this and the fast that under some laws any online journal, any Blogs, could be considered a clandestine newspaper.
As a little side note: It would appear that the Minesweeper programs of many of the local authorities in the UK, for instance, single out every independent Blog to be blocked, such as those that are on the Blogger platform, and others. This means that local government employees, in most instances in Britain, cannot access Blogs, not even for the case of reading the news there. Censorship?!? Yes, it is.
© M Smith (Veshengro), November 2008
by Michael Smith
Cybercrime is evolving more and more. The lone hacker who steals and resells credit card numbers is being replaced by a well-structured business model. The game is no longer simply about hacking for fame, but rather about creating a business where you have frequent customers who buy your stolen product. In addition to that there is the “Fraud as a Service” model as well where criminals can hire the services of the hacking Mafia to do their dirty business.
Cybercrime activities on the Internet are booming as never before.
In 2006, vulnerabilities were being sold online to the highest bidder. In 2007, software packages that provided various ways of attacking websites and stealing valuable data were sold by professional hackers. These toolkits started to contain multiple exploits for new vulnerabilities and became more sophisticated, including update mechanisms for new software flaws and Trojans that adapt to the country of the victim. By the first quarter of 2008 criminals began to log into their "data supplier" and could download any information need for their illegal activities.
Now the situation has gotten even worse. Cybercrime companies that work much like real-world companies are starting to appear and are steadily growing, thanks to the profits they turn. Forget individual hackers or groups of hackers with common goals. Hierarchical cybercrime organizations where each cybercriminal has his or her own role and reward system is what you and your company should be worried about. Targeted attacks against financial institutions, enterprises, and governmental agencies, coupled with excellent management of stolen data, makes these "businesses" highly successful, and makes any organization using the Internet vulnerable.
The employee structure that these cybercrime companies employ is very similar to that of the Mafia. In both cases, there is a "boss" who operates as a business entrepreneur and doesn't commit the crimes himself, with an "underboss" who manages the operation, sometimes providing the tools needed for attacks. In the Mafia, several "capos" operate beneath the underboss as lieutenants leading their own section of the operation with their own soldiers, and in cybercrime, "campaign managers" lead their own attacks to steal data with their "affiliation networks." The stolen data are sold by "resellers," similar to the Mafia's "associates." Since these individuals did not partake in the actual cybercrime, they know nothing about the original attacks. They do, however, know about "replacement rules" (for example, stolen credit cards that have been reported) and other company-specific policies, just like the sales representatives you talk to in your average store.
Commodities (stolen credit cards and bank accounts) are priced low, while prime articles (stolen healthcare related information, single sign-on login credentials for organizations, e-mail, and FTP accounts) are much more expensive. Not too long ago, credit card numbers and bank accounts with PINs were selling for $100 or more each, but prices have since dropped to $10-20 per item.
Successful attacks can cause long-term damage to the company's victim: loss of valuable data, loss of IP, loss of productivity, impact on profits or stock price, brand damage, law suits, and class actions. Finjan suggests deploying innovative security solutions (such as real-time content inspection) designed to detect and handle recent threats. These solutions analyze and understand what the code intends to do before it does it, without relying on signature updates or databases of classified URLs, therefore assuring that malicious content will not enter the network, even if its origin is a highly trusted site. It's not a surprising suggestion, given that Finjan offers such products, but that said, the company's 21-page report is an informative read, although you'll have to fill out a survey to gain access to it.
It is a dangerous world out there but that should not stop us from doing our things on the Net, including doing business. We must, however, use street sense, a kind of cybersense and become savvy to what may be a trap. Above all we must secure our own PCs (and companies must secure their networks and websites). The unsecured PCs and networks are what spread a lot of the Trojans and malware about, in addition to compromised websites and spoof sites.
Having recently been at the RSA Europe 2008 I have learned from many of the experts as to the things that are going on out there in cyberland and it can, I know, be very worrying indeed.
However, protection softeware (and hardware) is available and in the case of good software this is often available for free even, such as BitDefender, ThreatFire, and other programs, that there is no excuse for anyone not to have such software on his or her PC. The most important thing, however, that users seem to forget is to actually keep their software updated. Many people that I have dealings with when i ask them as to anti-virus and anti-malware software on their computers are totally oblivious to the fact that it is no good to have the program still in the same state as it was when the machine was purchased. Your protection is only as good as your latest update. Hence, update all of the programs in your defensive arsenal once a day at least. If the programs have an auto-function, as does BitDefender and TreatFire of checking at regular intervals throughout the day when online then have that enabled. Thus your protevction is always as up-to-date as the program's latest visit to it mother ship.
Now, let's be careful out there and have our shields up at all times.
© M Smith (Veshengro), November 2008
By Greg Day, Security Analyst, McAfee International Ltd
Earlier this year, McAfee asked 50 people from ten countries around the world to spend a whole month living with spam with the aim of understanding what the impact of 30 days of unprotected surfing would be. During this time, the brave participants in the SPAM (Spammed Persistently All Month) Experiment were encouraged to break all the rules they had come to abide by in order to protect themselves from the deluge of junk mail that invades so many inboxes today – entering their email addressed on web forms, not ticking boxes to say that their email address can be shared with “select” partners, and generally taking the risks that we have come to learn to avoid. Each participant was invited to blog about their experiences to really show the impact spam has on individuals and how it influences the way they use the Internet. These blogs can be read online at: http://www.mcafeespamexperiment.com/.
Spam has been around for 30 years now and we’ve grown use to the irritating messages that can at times outnumber the valid ones in our inboxes. Whether they’re offering incredible deals on credit cards, telling us we can earn big money just by giving our bank account details or promising to cure just about any medical ailment with a range of magical pills and potions, spam messages hit pretty much all of us at one time or another and although spam filtering technologies have come a long way, so too have spamming techniques so this remains one of those subjects guaranteed to get anyone hot under the collar from time to time. However, part of the problem with spam is that we see it as annoyance but don’t really have a view of the impact beyond its ability to irritate and outside of security labs, it’s rare that anyone lets it run wild in order to understand the consequences. However, spam is known to be more than just a pest - as well as its less alarming ability to annoy, spam doesn’t always come from the person you think is sending it, will do all it can to can to evade detection and can carry malware.
There is some debate over who sent the first spam message, but it is thought by many to an email from a member of the DEC marketing team, sent in 1978. Since then, things have changed considerably. Exploding use of email created a very clear channel for messages to be communicated and gave rise to the use of email as a marketing tool – and a very cost efficient one. While many large organisations have very clear policies regarding the distribution of marketing emails, there are many spammers – far from legitimate – who know that if they send an email out to thousands of people then one or two may well take the bait and earn them some money, and with email being so cheap there is a clear route to a strong return on investment. However, not everyone sending out spam messages has something valid to sell. Spam has proved a valuable tool for cybercriminals who can use social engineering techniques to trick unsuspecting recipients into parting with their hard-earned money, whether that’s just through a scam or by offering goods that don’t exist. A good example of this type of spam is the well-known “419 scam” or “Nigerian scam” which tries to present a business opportunity in order to convince recipients that they will receive a significant sum of money, often millions of dollars, if they pay a smaller amount up front. The stories from these tricksters are usually told with the aim of generating sympathy and enough guilt to fool people into helping them, and one SPAM Experiment participant who received a real deluge of such mails commented that they couldn’t believe how low some people will go in order to deceive. Unsurprisingly, there is no business opportunity and rather than ending up considerably richer, the “up-front investment” is never seen again. This darker side of spam is the one that now poses the greatest concern, as we’re no longer just looking at something that can be the cause of short-term irritation but at a phenomenon that can result in financial loss and fraud.
So it’s clear that spam has evolved considerably since that first message in 1978 but has our perception of it evolved at the same pace? For many people, spam is a mere irritation – like its physical predecessor junk mail, that piled up on our door mats whenever we were away for more than a few days. However, spam mails are now being sent out fully loaded, with more malicious intentions than just telling as many people as possible about something in the hope that a few of them will take the bait. The participants in McAfee’s SPAM Experiment certainly found that there was more to spam than meets the eye: once they got up and running, spam started to flow into the participants’ inboxes pretty quickly, showing how even just a few careless mistakes online can have a considerable impact. The volume of messages they received – 104,832 messages in total during the course of the experiment – made spam step beyond the boundaries of annoying as it became stifling for some participants, with an average of 70 messages per person each day.
The experiment demonstrated some interesting variations as we look at spam across the globe: the US participants in McAfee’s experiment received more spam than their counterparts elsewhere, topping the global spam league in which Brazil was second, followed by Italy, Mexico and the UK, while Germany received less spam than any other country taking part in the study. Perhaps the most alarming discovery was how spam has become far more than just a cause of irritation, with two of the people taking part in the study receiving malware. This demonstrates how spam has evolved as a tool, having started out as a marketing tool which was generally perceived to be the cause of considerable annoyance, but has become a weapon deployed by cybercriminals in order to make money and exploit unsuspecting victims. In both cases, the participants received emails containing files and had they tried to open the attachments, their PCs would have been added to a botnet and then used to spam out viruses, making these innocent people not only spammers but also distributors of malware. This really highlights how behaving carelessly with your email address can result not only in a deluge of spam in your inbox but also in potential malware infections.
As well as highlighting the risk of becoming infected with malware, the SPAM Experiment demonstrated that phishing continues to create challenges for email users. The percentage of phishing emails varied significantly from country to country, with 22% of messages received by participants in Italy being identified as spam, compared to 18% in the US, 9% in Australia, 8% in the UK, 7% in the Netherlands, 3% in France and 1% in Germany. In recent years, phishing has grown to present a real threat to Internet users, whose personal bank account details are the valuable treasure that the phishers are trying to get their hands on. Phishing emails emulate legitimate communications from banks, so it can be easy to be fooled, although people are now becoming more aware of this risk. Many Internet users have now grown to understand that banks will not ask for information in this way, so they should treat any such requests with a considerable degree of suspicion.
The SPAM Experiment generated some interesting comments from the participants that really explain the impact that 30 days of non-stop spam had on them and on their computers. Many of those taking part noted the way that their system had slowed down during the course of the study. The potential for spam to progress from a mild irritation to a major annoyance and then into the domain of the damaging was highlighted by Australian participant Sue, who commented “I didn’t realise how easy it was to contract a virus and how dangerous some of these sites are! I think my computer may have been damaged by the spam, as it keeps warning about fatal errors!” Spam certainly took it’s toll and at the end of the month, UK participant Simon concluded, “everyone here in Spamville wants to burst in to song to celebrate the end of this project”.
So it’s clear that spam is not something that’s going to go away – 30 years on from that initial email, electronic messages are still being used to try to raise awareness and sell – often to an incredible number of people and with great frequency – and because of the broad coverage it provides, it is increasingly being used to trick and defraud people. Certainly, the SPAM Experiment made it very clear that spam has gone from being an annoyance to being something altogether darker and which must be acknowledged in the same way as other threats faced by those using the Internet, rather than seen simply as something innocuous yet inconvenient. Having conducted an experiment inspired by Morgan Spurlock’s “Super Spam Me”, one thing is clear – just as living on a diet of burgers and fries can have a real impact on your health, 30 days of spam won’t do you much good either, with all manner of undesirable elements hidden in messages and waiting to attack you and your system.
McAfee International Ltd is exhibiting at Infosecurity Europe 2009, Europe’s number one dedicated Information security event. Now in its 14th year, the show continues to provide an unrivalled education programme, the most diverse range of new products & services from over 300 exhibitors and 12,000 visitors from every segment of the industry. Held on the 28th – 30th April 2009 in Earls Court, London this is a must attend event for all professionals involved in Information Security. www.infosec.co.uk
VIEWPOINT: WELCOME TO YOUR NEW JOB! FIRST THINGS FIRST, LET’S GET EVERYTHING SET-UP FOR WHEN YOU LEAVE…
By Marc Hudavert, vice-president & general manager at ActivIdentity
The process of ensuring that a company’s security is not compromised by the departure of staff needs to begin on an employee’s first day in the job.
Although this may seem to paint a bleak picture about a company’s ability to retain and motivate staff it is, in fact, a necessity for a growing number of organisations. With the range of facilities and systems that employees require access to becoming increasingly varied, enterprises are struggling to find ways in which to control new, existing and departing members of staff.
Marc Hudavert, vice-president & general manager at ActivIdentity, offers best practice advice for minimising the risk to which the corporate infrastructure is exposed when staff leave the building for the last time.
Commissioning: To securely commission a new employee in the enterprise, the access rights and privileges of that individual must be determined and controlled through a centralised system. The use of smart card technology can facilitate this process from day one, by requiring the employee to use these devices to access buildings and systems.
Throughout the individual’s term of employment, the privileges linked to their profile can be centrally managed through the same system which commissions and decommissions cards, ensuring that the appropriate levels of security are maintained at all times.
Furthermore, when the employee leaves, the company retains management of the card to prevent unrestricted access to either buildings or IT systems, regardless of whether or not they returned the card.
Passwords: Many businesses use password protection facilities to control access to web-based applications. While this reduces the chances of unauthorised individuals accessing company data from outside the building, the constant need to update, change and respond to forgotten password queries from staff can be a huge administrative burden for the IT department to bear.
However, it’s not a responsibility that users should be allowed to overlook. Some applications use a single password for multiple users, so ensuring that the process of decommissioning an employee is carried out in a timely fashion is paramount to avoiding the disruption of other staff. Password management can also be consolidated through a single sign-on solution, which enables users to access systems and applications through a combination of authentication hardware and a one-time password.
Passwords can be centrally managed and the IT department given the option to automate the changing of passwords without requiring user intervention. The password changes happen without the user being aware, and remain secure because the use of their own password and a physical card or token are still required to complete the authentication.
Hardware: Aside from the software applications that staff use, it’s also imperative that hardware is included in the employee commissioning process. Firstly, an itinerary of all devices supplied to a member of staff must be maintained to ensure that hardware is returned at the point of departure. Not only is it costly if items go missing, it could also constitute a major security threat if the access that they offer is unsecured.
Where employees are provided with smart phones, PDAs or laptops, they should be required to authenticate themselves each time they log on, either through a token-based or smart card solution. During 2007, laptop and smart phone losses contributed to a record 37 million* items of personal data being lost by UK public and private sector organisations. Although it’s believed that most of this loss was accidental, the use of strong authentication tools will considerably reduce the likelihood and negative impact of such data losses in the future. In the context of the enterprise, the point at which they leave the company will see them surrender the authentication hardware, rendering the user incapable of connecting to the corporate network.
Furthermore, it is highly advisable that measures are taken to prevent employees from attaching their own hardware to the network or local device without gaining clearance from the IT department first. This will minimise the opportunities for them to transfer sensitive data or bypass the security measures of the corporate infrastructure.
Buildings: Physical access controls can be flouted intentionally and unwittingly by former colleagues if they hold the door open to someone who has already handed back their keys or ‘swipe card’. More dangerous still is the practice of allowing visitors to access the premises without the appropriate supervision. It’s imperative that staff are made aware of the risks that this can pose to the business and clearly worded guidelines should be issued as part of the induction process.
For many enterprises, the key has now been replaced by a smart card as the main point of access to buildings and a growing number are exploiting the functionality of smart cards to control systems access too. Not only is this enabling them to consolidate controls onto one card, it also means they can centrally control all access rights of staff.
*According to figures released by the Liberal Democrats in January 2008
ActivIdentity is exhibiting at Infosecurity Europe 2009 on the 28th – 30th April 2009 in Earls Court, London. www.infosec.co.uk
Stephane Fymat, VP of Business Development and Strategy at Passlogix
In Europe, very few people have heard of Terry Childs. In California, everyone has. Childs is the City of San Francisco’s disgruntled network manager who reset all administrative passwords to the routers for the city’s FibreWAN network and held the city administration to ransom. He refused to hand over the passwords which effectively gave him complete control of the network, locking out all other employees and preventing anyone else from administrating it.
As legal teams try to get to the bottom of how Childs was able to gain so much control, IT managers around the world are working out how to prevent the same thing happening to them.
The complexity of corporate IT systems requires users to memorise more and more passwords: surveys have found that 36 per cent of users have between six and 15 passwords to remember; a further 18 per cent have more than 15 unique identifiers to memorise. Research from Burton Group, suggests that the average user can spend up to 15 minutes every day logging on to separate application – which adds up to 65 weekday hours spent entering user IDs and passwords each year.
Almost everyone has personally experienced password frustration: the inability to remember the details for an important application when they needed it and the delay in getting the password reset by the IT help desk. Gartner estimates that 25 to 35 per cent of calls made to IT helpdesks are password related at an estimated cost of around £15 - £20 a call, adding millions to the support bill at larger companies.
Aside from lost productivity, the excessive administrative overhead and the user frustration, passwords can actually present a significant security risk. In an effort to jog their memories, users will often create passwords that are easy-to-figure out - such as derivatives of names and birthdays - making it all-too-easy for hackers to gain access to enterprise applications and data.
Concerns about ineffective password systems and lax password security that enables unauthorised users to breach enterprise networks have caused corporate regulators to take a tougher stance on password security. The Sarbanes Oxley Act for example, includes specific clauses on password security. Nonetheless, there are people, including Bill Gates, who question their benefit and long term future.
But the problem doesn’t lie with passwords themselves – it’s how they are managed and the lack of best practice in how they are deployed. The latest generation of enterprise single sign-on technologies (ESSO) overcomes the inherent weaknesses of passwords. ESSO eliminates the need to remember - and therefore the risk of forgetting - and is the most effective antidote to the problem of password overload.
ESSO enables users to sign in once with a single password and access all their applications, databases and systems. They no longer need to remember or enter individual passwords for all those applications, so they gain immediate access to corporate information in a more secure, controlled environment. ESSO automates the process of password entry by responding to each log-in prompt without user intervention. New passwords can be automatically generated when old ones expire, and the user ID and password for every application can be stored in a secure central repository.
Quite aside from the very quantifiable savings that can be made in help-desk costs, the benefits of ESSO to the enterprise include simplified administration, improved enterprise security and greater user productivity, all while retaining the ability to achieve compliance with regulations on data protection, privacy and corporate governance.
So why isn’t it more widely used?
ESSO has often been seen as too costly and labour intensive to ever be truly attainable. But the latest advancements in the technology mean that its time may finally have come.
Traditionally, one of the biggest criticisms of ESSO has been that it makes an organisation vulnerable to a single point of attack. The reality is that ESSO provides a higher degree of security. There is no user involvement so password quality rules can be more easily enforced, for example. Password length and complexity and the frequency at which they are changed can be greatly increased making them much more difficult for a hacker to decipher. Since users don’t need to remember each password, unique, complex alpha-numeric combinations of any length, case or format can be created for each application, database or account log-in. Mathematicians have proved that if the length of a password is increased from 8 to just 9 characters, the time to crack the password is increased to 447 years.
Even in the unlikely event of a hacker cracking the password, they would still need access to a workstation with ESSO software on it, or alternatively install software on a workstation themselves. Even then it would require specific knowledge about how to install and configure the ESSO software with the target organisation’s directory.
But the problems associated with passwords aren’t limited to the fallibility of users’ memories and the determination of hackers. The Childs incident illustrated another problem that has passed under the radar at most companies, who place an enormous amount of trust in their IT staff and system administrators. There was only one administrative account on many systems at San Francisco. Childs had open access to system passwords, and so was able to change them without authorisation and lock out his colleagues. It’s not an uncommon scenario – but it is an unavoidable and unnecessary one.
The most advanced ESSO software now includes shared and privileged user management capabilities. This enables all administrative passwords to be encrypted and stored in the enterprise’s central directory. Administrators must check out a password from the directory in order to use it - and can be approved or denied based upon the administrator’s role and manager’s approval within an identity management system. If approved, the software will log the administrator on to the network device and check the password back in automatically – the administrator never knows the password.
The software will also keep a history of passwords for each network device. So if network devices must be restored from backup, the then-current password can be retrieved. Had this system of shared management capability been in place at the City of San Francisco, Childs would never have been able to hold the City administration to ransom in the way that he did.
The lesson from San Francisco is that an effective alternative to basic password systems, is needed which offers much greater control and security around access to enterprise networks. The number of application passwords that must be managed in many enterprises today is untenable, undesirable and unsafe. The bottom line is simple: passwords no longer provide adequate protection. ESSO is a proven solution that removes the burden from both end users and administrators, and simultaneously hardens the network against attack through strengthened password policies.
The Childs incident highlights the need for greater control over administrative passwords – and the role that ESSO can play in protecting organisations against sabotage by insiders. If we are to avoid a repeat of what happened in San Francisco, widespread adoption of ESSO with shared and privileged user management needs to be seriously considered.
Passlogix is exhibiting at Infosecurity Europe 2009 on the 28th – 30th April 2009 in Earls Court, London. www.infosec.co.uk
Source: Eskenzi PR
by Michael Smith
The Pentagon has suffered a cyber attack of alarming levels that, so it would appear, has caused considerable damage.
The attack came in the form of a global virus or worm that is spreading rapidly throughout a number of military networks.
As a result of the cyber attack, the Defense Department has banned the use of external hardware devices throughout a vast network of military computers, such as flash drives and DVD's.
What banning the use of such devices shall archive beats me as, unless the attack was introduced by someone using such devices, banning them will make absolutely no difference whatsoever.
Pentagon officials states that they had detected a global virus, for which there has been alerts, and that have seen some of this on their networks and that they are now taking steps to mitigate the virus.
The official could not reveal the source of the attack because that information remains classified.
"Daily there are millions of scans of the GIG, the Global Information Grid, but for security reasons we don't discuss the number of actual intrusions or attempts, or discuss specific measures commanders in the field may be taking to protect and defend our networks," the department said in an official statement.
Military computers are often referred to as part of the Global Information Grid, or GIG, a system composed of 17 million computers, many of which house classified or sensitive information.
Not discussing the number of actual intrusions or attempts or specific measures commanders in the field may be taking to protect and defend the networks is, obviously, a wise step as otherwise one would be giving away the countermeasures to the enemy, of whichever kind, and that would be rather counter-productive. However, unless the virus was introduced into the grid via an external hard drive such as a USB flash device or such like then banning them will not make one iota of a difference.
A memo sent out to an Army division within the Pentagon warning of the cyber attack.
"Due to the presence of commercial malware, CDR USSTRATCOM has banned the use of removable media (thumb drives, CDRs/DVDRs, floppy disks) on all DoD networks and computers effective immediately."
Again, as I said, this is either due to the fact that the introduction of the virus came via such a device, which means the enemy has access to the network directly via workstations or this is the wrong move. We shall, I guess, never find out, as they won't tell.
What this tells us, however, is that there is no such thing as a 100% secure system and that one must never ever let ones defences lapse. Keep all your anti-virus and anti-malware software updated, ideally on a more than once daily basis, if at all possible, and also have at least a software firewall, if not even a hardware and a software one working in conjunction.
You are only as safe on the Internet, in whichever way, as the latest update of your malware protection.
© M Smith (Veshengro), November 2008
by Michael Smith
Sophos, the IT security and control firm, reports that eight times more malicious email attachments spammed out in the third quarter of 2008 compared to the previous quarters and has revealed the top twelve spam-relaying countries responsible for this.
Identity thieves and hackers are striking Windows users on all fronts, as Russia rears its head higher in the Dirty Dozen league of spam-relaying nations. Amongst others of this, for instance, also Brazil can be found. China, on the other hand, is busy with hacking into computers in order to gain national and industrial secrets of the western world.
The figures show an alarming rise in the proportion of spam emails sent with malicious attachments between July - September 2008, as well as an increase in spam attacks using social engineering techniques to snare unsuspecting computer users.
We have also seen the fist clickjacking in this third quarter of 2008 and I shall be writing some more about clickjacking as soon as possible.
Sophos’s latest report reveals that one in every 416 email messages between July and September contained a dangerous attachment, designed to infect the recipient’s computer – a staggering eight-fold rise compared to the previous quarter where the figure stood at only one in every 3,333 emails.
This is such an enormous rise that one can but wonder who we can protect ourselves against this, whether large or small business, and especially the home business user.
Sophos has identified that much of this increase can be attributed to several large-scale malware attacks made by spammers during the period. The worst single attack was the Agent-HNY Trojan horse which was spammed out disguised as the Penguin Panic Apple iPhone arcade game.
Other major incidents included the EncPk-CZ Trojan which pretended to be a Microsoft security patch, and the Invo-Zip malware, which masqueraded as a notice of a failed parcel delivery from firms such as Fedex and UPS.
We also must not forget the malware that comes courtesy of visits to website, some even legitimate websites. The so-called “Drive-by Downloads” or as I have termed them “Drive-by Shootings”, often without the user having to do anything at all.
Windows users opening any of these attachments exposed their PCs to the risk of infection and potentially put their identity and finances at risk. The most widespread attacks seen by Sophos are not designed to run on Unix, Linux and Mac OS X.
"For Apple Mac and Linux/Unix lovers, these major spam attacks just mean a clogged-up inbox, not an infected operating system. But organized criminals are causing havoc for Windows users in the hunt for cold hard cash," said Graham Cluley, senior technology consultant at Sophos. "Too many people are clicking without thinking – exposing themselves to hackers who are hell-bent on gaining access to confidential information and raiding bank accounts. The advice is simple: you should never open unsolicited attachments, however tempting they may appear."
The one thing to always consider: if an email looks suspicious do not open the email even, let alone the attachments. While I know that this is not 100% protection as an email may claim to be from a friend or a colleague or such, one way to protect oneself a little bit is to (1) not using the preview pane and (2) to always check any suspect mail via the “properties” box as to contents and originator. The “preview” pane should be deactivated in Outlook, Outlook Express or other email client, as some malware does not require the opening of the payload, that is to say the attachment, but is capable of running just by opening the mail.
Creative social engineering continues to out-fox users
As well as using malicious email attachments, cybercriminals have continued to embed malicious links and spam out creative and timely attacks designed to prey on users’ curiosity.
For example, in August, Sophos warned of a widespread wave of spam messages claiming to be breaking news alerts from MSNBC and CNN. Each email encouraged users to click on a link to read the news story, but instead, took unsuspecting users to a malicious webpage which infected Windows PCs with the Mal/EncPk-DA Trojan horse.
Emails like that are best binned immediately and never, I repeat never, opened. Immediately remove them from the PC by clicking “delete” while holding down the “shift” key. This way they are kept out of the “deleted items” box as well.
"When a spam email appears to come from a trusted source, too many users are fooled and end up clicking through to a malicious webpage," remarked Cluley. "The naivety shown by many internet users is downright dangerous. In the past hackers were more like teenage mischief-makers breaking into sheds to see what they could find. Today they’re hardened criminals wearing hobnail boots with no qualms about breaking into your home and stealing everything they can get their hands on."
Spammers have proven themselves to be unafraid of trying new methods of distributing their marketing messages and spreading their malware to an undefended public during the last three months. Sophos has seen an escalation in the amount of spam being sent via social networking websites such as Facebook and Twitter, and expects to see this continue to rise.
Emerging countries surface as spam-relaying offenders in dirty dozen chart
Sophos made three new entries to the spam hall of shame in the third quarter of 2008 and those are Colombia and Thailand. Those tow nations have assumed eleventh and twelfth place respectively, while India has shot straight into the chart at number seven.
"Insecure computers, wherever they are in the world, are a spammer’s dream – they can be easily hijacked remotely and joined to sprawling networks of botnets designed to create chaos by sending floods of spam and carrying out denial-of-service attacks," explained Cluley. “The message needs to be heard loud and clear: if you don’t properly defend your PC you are not only putting your data, finances, and identity at risk, you are also endangering other members of the internet."
Sophos identified the top twelve countries responsible for relaying spam across the globe between July-September 2008 and whilst the United States retains its position as the top relayer of spam, Russia has increased its contribution to the world spam problem, soaring from 4.4 percent last year, to 8.3 percent during this time period. When it comes to cybercrime of the real high stakes then Russia is one of the top players.
According to Sophos researchers there is no sign that recent legal action by the authorities against major spam gangs have had any perceptible impact on the amount of spam in circulation.
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at their email and web gateways to defend against viruses and spam.
Where does that leave the little guy, however? Well, in a way the same advice applies, that is to say, automatically update anti-virus programs and other protection software, such as firewall, anti-spyware, etc.
Furthermore, the most important thing to do is to use common sense. Yes, that misnomer, because it is not as common as it should be. If someone tells you you have won the lottery despite the fact you never entered into a draw then it is too good to be true and hence it is a fake.
The same it true for Yahoo or MSN lotteries that, supposedly, have drawn your email out of the hat. Those also malware bearing emails or emails which have a “claim” link that will direct him or her who opens such a link to a website with malware.
News items that you have not subscribed to via that feed, for instance, especially if they claim various strange things are certainly not something that you should open and definitely you should not click on the links in any such email.
The best advice must be: if in doubt do not open and check with sender if such an email was sent. That should ensure a certain degree of high level safety.
© M Smith (Veshengro), November 2008
Industry leaders met in London to share strategies to manage the next generation of security threats and issues
by Michael Smith
RSA Conference, the world's leading information security conference, concluded its 9th annual event at ExCeL London on 29th October, 2008. The Conference attracted an audience of international industry experts, senior executives, security professionals, developers, architects and vendors from more than 50 countries and a great conference and show it was. I know, I was there.
Highlights of the RSA Conference Europe 2008 included:
Keynote speakers which included Richard Thomas, the UK's Information Commissioner, and Bruce Schneier, Security Technologist and Chief Technical Officer, BT Counterpane.
Other keynote speakers were:
- Baroness Neville-Jones, Shadow Security Minister, UK;
- Art Coviello, Executive Vice President, EMC Corporation and President, RSA, The Security Division of EMC;
- Ken Silva, Chief Technical Officer, VeriSign; and
- Dr. Herbert H. Thompson, Chief Security Strategist, People Security.
An exhibition featuring new product innovations from 40+ world-class service and technology vendors, including Fortify Software, Integralis, MXI Security, Omada A/S, Optenet, phion AG, SanDisk, Tripwire, Trusted Computing Group, VeriSign, RSA, The Security Division of EMC and WinMagic Inc.
20+ Special Interest Groups (SIGs) offering interactive and hands-on debating forums on topics such as Identity & Access Management Governance, Security Awareness and Social Networking, and What Works and Doesn't Work in Fighting Online Fraud.
Tim Mather, Chief Security Strategist, RSA Conference said: "Organisations today have to deal with a far wider and far more sophisticated variety of security risks than ever before. From attacks on corporate identity and data theft to Trojans, worms or other malware, the threat landscape is constantly evolving as would-be cyber-criminals find new ways to infiltrate corporate networks and computing devices. The challenge for security professionals is to keep pace with industry developments and innovations in order to stay one step ahead of the 'bad guys'."
"RSA Conference Europe is the place where industry leaders meet to discuss the changing threat landscape and share strategies, approaches and new services that will secure the organisations of the future."
Linda Lynch, RSA Conference Europe Manager said: "The Conference is now in its 9th year and once again received strong ratings for its content from delegates. The Conference has a strong and varied programme that remains its key differentiator from other security events. The number of 'Full Conference' delegates was up 6% on the previous year, showing the Conference's continued growth as Europe's premier forum for information security professionals."
"RSA Conference Europe's interactive environment and networking opportunities are repeatedly praised by our attendees and we will continue working hard to facilitate the best debates in the industry. Thanks to all speakers, sponsors and exhibitors, who helped make RSA Conference Europe 2008 the most insightful and interesting event yet."
"We will be looking for a stellar cast of speakers once again for RSA Conference Europe 2009, which takes place on 20th - 22nd October 2009 at ExCeL London. The call for papers will open in February next year."
I can very much recommend the RSA Conference Europe to anyone whose professional interest is in the realm of information security. The conference and the exhibition was expremely good; the conference better than the expo. The latter could do with some more vendors of the right calibre. This is not to say that the calibre of the vendors was not good; it was excellent, but we could have done with more of them. So, in order to avoid disappointment, book your place as soon as possible.
© M Smith (Veshengro), November 2008
by Michael Smith
The Internet security company PC Tools has warned that next Monday could be the worst day of the year for computer attacks.
The spread of viruses and malicious software is expected to peak on Novem 24, along with attempts by hackers to seize control of computers, according to PC Tools.
PC Tools, by the way, is the “maker” of ThreatFire, amongst other items of software, and ThreatFire, which I have reviewed in the pages of this journal and used for a considerable time by now, I am certain, has done the bulk of work in preventing my system, while other have been infected, from staying free of problems.
The company has analysed information on more than 500,000 computers worldwide, and looked at data from the same period last year, which appears to suggest the Monday before Thanksgiving in the US is a prime time for security attacks.
PC Tools believes that this could probably be because of the increased online activity at this time of the year, as people starting shopping online for Holiday gifts, and for details of bargains they might be able to pick up on Black Friday, the day after Thanksgiving, when many US stores hold huge sales.
Online shoppers are a tempting target for hackers and fraudsters, many of whom will try and trick consumers into clicking links in emails and websites that will download software onto their computers that allows malicious attackers to take remote control of the system and/or to gain control of their passwords and other sensitive information.
With such software on board hackers will then be able to log keystrokes in order to access banking login details and passwords for online shopping sites, and more dangerously even, credit card numbers, PayPal account details and such like.
Web users must be especially vigilant in the run-up to the Holidays and they really must keep their wits about them. While in the real world they would shield their PIN for their Credit or Debit cards they must do similar things as regards to protecting their online identity and credentials.
People who plan to do their gift shopping on the Internet should ensure their anti-virus software and firewall security is up to date, that they don't open emails and files from unfamiliar people, and that they ensure they only enter credit or debit card information on secure web pages.
Secure web pages are denoted by the appearance of a padlock symbol somewhere around the border of the webpage or in the address bar, and the "http://" prefix for the website changing to "https://" to show it is a secure link.
As to opening emails let me add that even emails that are sent from friends may not actually be from them. Their details could have been cloned in the same way as your own details can be cloned – even my own. So let the user beware and if in doubt contact the sender of an email, if he is a known associate, as to whether he or she has, in fact sent you and email with this or that title. If so then it is, more than likely, safe to open.
I have received emails even from my own email addresses – supposedly – that never were from my own addresses. However, the address had been cloned and could have, maybe, confused people.
So, as I always say; let's be careful out there.
© M Smith (Veshengro), November 2008
Rolling Meadows, IL, USA: Organisations allow employees to shop online but do not educate users about risks, exposing employees and employers alike to spam, malware, phishing and loss of productivity in the workplace. ISACA, a nonprofit association that serves more than 86,000 IT security, assurance and governance professionals globally, has carried out three simultaneous surveys (two in the US and one in the UK) to look at the latest trends in online shopping and workplace Internet safety.
The UK survey of ISACA members found that a mere 21% of respondents said their organization's employees fully understood the risks associated with shopping online from their workplace computers. More than 82% said their organisation either does not have or they are not aware of a policy that prohibits employees from shopping online. There was also an expectation that there would be more online shopping from the work place than last year with over 51% predicting an increase. Only 32% of organisations that allow online shopping educate employees about the risks. Slightly over 31% of organisations prohibit using a work e-mail for online shopping or other online non-work related activities, even though allowing the use of work e-mails can expose the organisation to greater volumes of spam. Over 40% of organisations thought they were going to lose an average of £2,000 or more in productivity per employee from online holiday shopping at work during November and December. Slightly more than one in 10 organisations had security measures in place to prevent employees from shopping online at work. The age groups that respondents felt posed the greatest threat to their organisations infrastructure were Millennials (born 1977-94).
“Shopping from the workplace looks set to continue, especially with the increased pressures inevitable in a recessionary environment. It is clear that more needs to be done to improve employee awareness of the hidden dangers of shopping online, particularly regarding clicking on links from unsolicited e-mails or making sure that a web site is safe before shopping,” said Lynn Lawton, CISA, FCA, FIIA, FBCS CITP, international president of ISACA and the IT Governance Institute. “The challenge for organisations is not only to educate workers about information security, but also to change their behaviour. For example, it is one thing to make someone aware that it is wrong to click on a link from a spam e-mail, but quite another to change their behaviour so that they do not click on these suspicious links.”
In a separate survey of 973 US consumers, ISACA found that 63% of employees plan to shop online from their work computer during November and December, but 26% do not know how to or do not bother to check whether a web site is secure. They also found that nearly half of employees (49%) had clicked on an e-mail link to go to a retailer’s web site from their workplace computer, potentially exposing their employer to Trojans or malware from infected or unscrupulous web sites. Over a fifth of all employees, 22%, had compounded the problem by clicking on a link to order goods while also using their work e-mail address as a contact address for purchases, exposing themselves to a greater risk of attack by spammers.
“It is clear that we still have a long way to go in making sure that employees think before they click on a link. There are literally millions of web sites infected with malware. If someone just clicks on a link in an e-mail, they are compromising the security of their PC and potentially the security of the whole organisation, said Paul Williams, MBCS, FCA, CITP, past international president of ISACA. “Many of the new forms of malware are designed to bypass traditional security systems, so once someone has let one in from an infected page, it can damage a lot more than just that one person’s credit rating.”
One third of workers were more concerned about the security of their personal computer than their work computer, but for younger workers aged 18-25, this figure shot up to 49% paying less attention to the security of their employer’s computer. A quarter of employees either did not check or were not sure how to check if a web site was secure before they made a purchase.
The survey of ISACA members in the US revealed similar findings to the survey of ISACA members in the UK but with a few striking differences; 21% of respondents said their organization's employees fully understood the risks associated with shopping online from their workplace computers. A total of 71% either do not think that or are unsure whether their organisation has a policy in place that prohibits employees from shopping online. There was less expectation that there would be an increase in online shopping from the work place with only 34% predicting an increase compared to last year. Only 31% of organisations that allow online shopping educate employees about the risks. Slightly over 33% of organisations prohibit using a work e-mail for online shopping or other online non-work-related activities, even though allowing this type of use of work e-mails can expose the organisation to greater volumes of spam. Over 45% of organisations thought they were going to lose an average of US $3,000 or more in productivity per employee from online holiday shopping at work during November and December. Over 16% of organisations had security measures in place to prevent employees from shopping online at work. Again the age groups that respondents felt posed the greatest threat to their organisations infrastructure were Millennials (born 1977-94).
Tips for Safer Holiday Shopping from the Office Computer
ISACA recommends that employees and IT departments take the following steps to reduce the risk of spam, viruses and inadvertent downloading of backdoor “agents” that can highjack corporate data.
For online shoppers:
1) Make sure web sites you connect to are secured with SSL, display a padlock, and possibly a green address bar if secured by an EV SSL certificate before you enter personal information.
2) Do not allow sites to save your username or password. Avoid providing your work e-mail address as your contact information.
3) Delete cookies from your computer after you are finished shopping, Instructions on how to delete cookies for in many different browsers can be found at http://www.aboutcookies.org/Default.aspx?page=2.
4) Use separate browser sessions for your holiday shopping versus your work-related browsing.
5) If it looks too good to be true, it probably is. Do not download free games, ringtones, wallpapers or animations on to your work computer.
For the IT department:
1) Train employees on safe computing just prior to the holiday shopping season and follow up with periodic reminders.
2) Tailor education programs to match the various demographics, attitudes and technology know-how of groups within the workplace.
3) Conduct formal risk and threat assessments and update your Acceptable Use Policy and security measures appropriately.
4) Make sure that patches are deployed; security functions are enabled, and firewall rules, web security gateways, anti malware, intrusion detection systems (IDS), spam and URL filters are updated regularly.
5) Monitor networks for high-volume or suspicious traffic, and respond immediately to threats. Remind employees to sound the alarm if suspicious events occur.
The ISACA UK survey was of 251 IT professionals in October 2008, the ISACA US survey was of 3,191 IT professionals in October 2008 and the US consumer survey was of 937 employees in late September 2008.
With more than 86,000 constituents in more than 160 countries, ISACA (www.isaca.org) is a recognized worldwide leader in IT governance, control, security and assurance. Founded in 1969, ISACA sponsors international conferences, publishes the Information Systems Control Journal, and develops international information systems auditing and control standards. It also administers the globally respected Certified Information Systems Auditor (CISA) designation, earned by more than 60,000 professionals since 1978; the Certified Information Security Manager (CISM) designation, earned by more than 9,000 professionals since 2002; and the new Certified in the Governance of Enterprise IT (CGEIT) designation.
by Michael Smith
The economic downturn may lead to the increased use of illegal software, according to the Federation Against Software Theft (Fast).
The Federation has, at a recent trade event, questioned company directors and found that 79% felt businesses would be more likely to try and save costs by not having their software appropriately licensed. What is not clear, though, is as to whether they were admitting their own temptation and maybe even more than that.
The chief executive of Fast, John Lovelock, said, "When times are hard economically the automatic response is to look at ways to reduce cost. Our survey has highlighted a worrying trend that indicates that more and more companies are willing to risk breaking the law in the name of cost cutting."
The most effective, and legal, way of reducing software costs is to introduce a software asset management programme to highlight unused software in the system, said Lovelock.
The survey also found that 80% of respondents felt that obtaining illegal software was "very easy", with 31.5% of the sample citing the Internet as the easiest way to access illegal copies of software programs.
A further 22.5% cited peer-to-peer file sharing, 11.5% mentioned online auction sites, and 13.6% suggested car boot sales. Even the pub came in for a mention, suggested by 9.5% of the sample.
But there is, in many cases, if not indeed most or all, no need to pirate software as there will be an Open Source and free equivalent available. Open Office is one example, for instance. It can be a substitute – then again, why should it be seen as a substitute – for Microsoft Office and it can read most, if not indeed all, MS Office files, whether those be databases, Excel spreadsheets, Word documents, Power Point presentations, etc. While it is true there is no equivalent for the “notes” and for Visio in Open Office the question must be asked anyway as to whether that is something one would need anyway.
Also, theoretically, Open Office does not have an Outlook equivalent within its Office suite. However, Evolution Mail can, so I have been assured, more than adequately replace Outlook. Hence there should be, at least in this field, be no need to pirate software.
PDF makers too, some as powerful as Adobe, are available as Open Source and free software, and the same is true of a free nigh-on replacement for Adobe Photoshop. Even entire operating systems can be had for free in the form of the various Linux distros.
There is, however, much Open Source software that is written and designed to work on Windows and there is, therefore, no need to go an illegal route if one wishes to save costs, as alternatives are, as said, available for free. Even business may use such software, as it is Open Source, under the standard GNU license for free. Hence I cannot see a reason for going the piracy route.
Piracy is not the right course for cost cutting but Open Source software, on the other hand, sure is.
© M Smith (Veshengro), November 2008
Interxion, a leading European operator of data centres, today announced a five million Euro agreement with Spain’s public postal service, Correos. Under the terms of the agreement, Interxion Spain will provide Correos with 300 m2 of connectivity-rich equipped data centre space and 24x7 support in a purpose-built section of its Madrid data centre.
Interxion’s new data centre space, scheduled to be fully operational by January 2009, will house Correos’ next generation of corporate IT systems, supporting all of the company’s applications for years to come. It will also allow Correos to completely duplicate its processing, management, storage and backup capacity.
“It makes good business sense to house our equipment with Interxion, as they are specialist suppliers with an excellent track record, advanced infrastructure, and guaranteed capacity and availability,” said Rubén Muñoz, Director of Technology and Systems, Correos. “To achieve similar levels of service in-house would require a much higher level of investment in real estate and infrastructure, not to mention specialist personnel.”
“Given today’s economic climate, more and more companies are entrusting their systems to established data centre operators rather than building their own,” said Robert Assink, Interxion Spain MD. “Budget-conscious organisations like Correos recognize that they can achieve their strategic IT objectives without risking capital expenditure on top-tier data centre infrastructure. Outsourcing to Interxion also means they can enjoy greater flexibility, better connectivity, and an instant team of dedicated professionals.”
Interxion is a leading European operator of carrier-neutral data centres. Headquartered in Schiphol-Rijk, The Netherlands, Interxion serves its customers from 23 carrier-neutral data centres located in 13 cities across 11 European countries. Interxion serves network and carrier-based, hosting and enterprise customers who require professionally managed and strictly controlled physical environments within which to operate mission-critical applications and computer systems. Interxion’s data centres offer cost-effective and fast access to multiple local and global communication networks. For more information please visit www.interxion.com
Source: Spreckley Partners Ltd
TRIPWIRE REVOLUTIONISES VIRTUAL DATACENTRE COMPLIANCE WITH SINGLE POINT OF CONTROL FOR SECURITY & CONFIGURATION STANDARDS
- Tripwire Enterprise 7.5V provides visibility and configuration control, helping customers mitigate virtual sprawl, security threats stemming from misconfiguration -
At RSA Conference Europe 2008 Tripwire, Inc., the recognised leader in configuration assessment and auditing for virtual and physical IT infrastructure, announces the newest version of its flagship product, Tripwire® Enterprise 7.5V. Designed explicitly to give visibility into the security and compliance of virtual IT systems, the latest version of Tripwire Enterprise allows IT to manage systems to internal and external policies – across the heterogeneous data centre – from a single point of control.
The constantly growing number of mission-critical applications running in virtual environments necessitates proper configuration for security, compliance and optimal performance. Tripwire Enterprise 7.5V helps IT maintain this ideal state with capabilities that:
Identify and mitigate virtual sprawl. With Tripwire Enterprise 7.5V, enterprises have an early warning system to potential virtual sprawl, with alerts when virtual infrastructure is added or deleted, to take appropriate action and contain unauthorised virtual machine provisioning, automatic monitoring of enabled virtual infrastructure, and auto discovery of unmonitored virtual objects.
Deep integration with VMware vCenter products that allows Tripwire Enterprise to automatically discover all elements within the virtual environment. Now users will know which elements in their virtual infrastructure are assessed for configuration integrity – and which are not. With this latest version, Tripwire users have the ability to monitor VMware ESX 3.0, 3.5, and 3i hypervisors; virtual switches; virtual machine containers; and virtual machine workloads.
New configuration assessment policies designed specifically to assess and validate configurations within VMware virtualised environments, including VMware ESX DISA STIG; the VMware ESX 3.5 Hardening Guide V2; CIS; and PCI. With these policies, enterprises have a view into all configuration settings and changes of virtual infrastructure objects, providing complete control for security, regulatory compliance, and optimal operational performance. In addition, users can also create their own best practice policies for their virtual environment through Tripwire Enterprise. Tripwire integration with VMware vCentre products provides virtualisation customers with easy access to hardening guidelines.
Continuous control of virtual infrastructure objects. Tripwire Enterprise builds on its flagship heritage, automatically detecting unauthorised, non-compliant change to virtual infrastructure objects, immediately alerting IT staff to exceptions to change and configuration management policies for immediate investigation.
Remediation Advice for every change that violates a policy. Tripwire provides detailed remediation guidance, allowing enterprises to quickly return any system to a known, compliant state. This approach enables IT staff to better manage risk by providing continuous, automated compliance across heterogeneous environments.
In a recent survey, “Is Virtualisation Under Control?” conducted by Tripwire, more than 90 percent of those interviewed said that virtualised servers are now deployed in their production environments and run a wide variety of applications. And, three out of four said that up to half of their production servers are now virtualised. This has made security and compliance particularly important for enterprises deploying virtualisation in production environments.
“Most security vulnerabilities in the virtual world will be introduced through misconfiguration and mismanagement of the technology,” says Gartner Vice President and Fellow Neil MacDonald. “While existing tools may be used to assess the proper configuration of virtualised workloads, in many cases these don’t work to assess the proper configuration of the virtualisation layer itself. Ideally, a single, consistent process and tool would be used to assess the proper configuration of both physical and virtual workloads, including the virtualisation layer.”
“VMware and Tripwire are committed to helping customers proactively ensure security and compliance across virtual and physical infrastructure through automation and enhanced manageability,” said Shekar Ayyar, vice president of infrastructure alliances at VMware. “Tripwire Enterprise 7.5V provides critical insight that complements the industry-leading VMware platform, providing essential configuration control to help ensure that security and compliance policies can be enforced.” Tripwire and VMware are extending their leadership around compliance from the Datacentre to the Desktop to proactively provide solutions that help customers maintain control and adhere to Business, Security, and Regulatory directives.
“IT environments are heterogeneous by nature. While many organisations are exploiting the benefits of virtualisation, they want a single point of control for managing configuration integrity across the organisation,” said Dan Schoenbaum, SVP of Corporate and Business Development for Tripwire. “As the backbone of business increases in complexity through technology such as virtualisation, we’re seeing visibility, embedded expertise, and automation grow in importance. That’s why, with the deepest configuration knowledge in the industry, Tripwire is well positioned to provide a holistic solution for ensuring configuration control within the virtual infrastructure and beyond.”Tripwire Enterprise 7.5V new features are available only through the purchase of the Tripwire Enterprise for VMware ESX Server node. Tripwire Enterprise 7.5V will be available at www.tripwire.com/products/enterprise.
Source: The itpr Partnership
The only(?) USB stick that offers public and private hardware encrypted partitions
Review by Michael Smith
The Kingston DataTraveler Vault USB Flash drive protects even the most sensitive data with 256-bit AES hardware encryption and a durable, aluminum casing and features data transfer rates up to 24MB/sec. read and 10MB/sec. write plus a five-year warranty and free tech support.
The DataTraveler Vault USB Flash drive is assembled in the U.S. for organizations that require a secure way to store and transfer portable data. It features hardware-based, 256-bit AES encryption and two zones, public or encrypted, to safeguard even the most sensitive data in case the drive is lost or stolen. Its durable, aluminium casing provides added protection.
The DT Vault offer two partitions. On is a public zone which is unencrypted and the other is a 256-bit AES encrypted zone that is accessed via DTVaultLock security software for Windows (currently the software does not work on other operating systems). The zone size is user customizable and in my case I basically created a 2GB secure and and 2GB pubic zone on a 4GB stick.
The set-up for this was very fast and easy and the same goes for accessing the Vault as and when needed.
The secure partition, as already mentioned, utilizes 256-bit Advanced Encryption Standard (AES) hardware-based encryption (N.B. that this is for the encrypted zone only – there is no encryption on the public partition) and it locks down and reformats after 10 intrusion attempts.
Kingston's DT Vault and DTBB both lock down and reformat after the set intrusion attempts unlike some sticks that destroy their chips instead of reformatting.
As a user who has just paid out a fair amount of money for such sticks the destruction of a stick is a little high, I would think, and hence Kingston's drives and those that do not “burn” their chips would be my choice every time.
Unless someone wants to use the most sophisticated methods of computer forensic reformatting the drives, as done by Kingston and some others, is, in my opinion, more than enough.
The DT Vault , aka DTV, is available in the following sizes of 1GB, 2GB, 4GB, 8GB, 16GB.
The DTV USB drive is easy to use and does not require any administrative rights nor does it need to have applications installed on the PC.
The use is as simple as using an ordinary USB drive and initially no password is required. Only for the secure partition, the “Vault”, a password is required and the interesting part of the DTV is that is only uses the one drive. It does not need to mount two drives, as other sticks that are automatically encrypted from start.
In addition to this the public partition can also be used to transfer data between Windows, Linux and Mac, for instance, even though the private partition will not launch on the other operating systems.
Maybe the friendly engineers at Kingston might also find a way of making the DTV entirely cross-platform operable, which is to say making the Vault program in such a way that it can work equally on Linux, Mac and Windows.
I have been told that they are working on doing that for the Black Box and, hopefully, I would say, though I do not know as yet, for the DTV.
While the case may not be as rugged as that of the DTBB, as the DTBB used steel instead of aluminium for the casing, the DTV is still a rugged device and will give a long and faithful service, I should assume.
From the cost point Kingston's drives are not cheap but then you get what you pay for,in most cases, and I believe the chips to be some of the best on the market and their reliability being second to none, and reliability is, in my opinion, what counts.
The Kingston DataTraveler Vault is, to my knowledge, the only USB stick that offers a public are and private hardware encrypted partition on the same stick, and especially one where the parameters can be entirely configured by the user.
© M Smith (Veshengro), November 2008
Intellitactics and Programatic Partner in Italy to Introduce Intellitactics SAFE Security Appliances
Programatic Selects Intellitactics to Strengthen Their Solution Offering for Auditing and Security Event Monitoring
Reston, VA and Rome, Italy, October 2008—Intellitactics, a leader in enterprise security and compliance management solutions, and Programatic, a leading enterprise security solutions provider in Italy, announced a business partnership where Programatic will sell and provide services for Intellitactics’ security information and event management (SIEM) software and appliances.
Programatic has been an ICT Security Solution Provider in the Italian market since 1986. The company offers state of the art technologies and competencies to solve any kind of security problem connected with identification, privilege definition, data integrity and privacy as well as auditing and monitoring. “Our goal is to provide a comprehensive pallet of solutions to our customers. In the area of auditing and monitoring we wanted to strengthen our offering with log consolidation and correlation. We looked at several companies and chose a partnership with Intellitactics after they announced their new Intellitactics SAFE appliances that simplify logging and event management,” explained Maurizio Corti, Senior Associate and Intellitactics Product Manager for Programatic.
Programatic operates two offices, one in Milan and one in Rome and offers qualified implementation and support personnel; many are certified by the vendor partners in their respective technologies. Brent Davidson, Director of International Sales for Intellitactics explains why Programatic is a good partner for Intellitactics: “Programatic believes in quality and it’s evident in solution menu, their consultancy and their technical support services. Consequently they choose quality products. They have a reputation for opening markets for innovative technologies and have made many products leaders in their segment. The SAFE products, sold and supported by Programtic, should do very well in the Italian market.”
Massimo Catà, Senior Associate with Programatic, comments on the health of the security market in Italy: “The security market in Italy is growing. In fact, in areas like firewall, authentication and antivirus, the Italian companies are very mature. We think that these companies are becoming more aware every day of the value they can get from consolidating data from security technologies and monitoring for anomalies. The time is right for security event monitoring products like Intellitactics SAFE.”
Headquartered in Reston, VA, Intellitactics provides a suite of complementary security incident and event management (SIEM) products for organizations of all sizes. Well-known as the provider of Intellitactics Security Manager, the optimal enterprise security management solution, to the largest organizations in the world, Intellitactics has expanded its product leadership with a line of security management appliances, Intellitactics SAFE. The combination of the appliances and software products underscores Intellitactics product leadership in providing solutions for log management, compliance, threat management and incident response to every organization regardless of size or purchasing power. By combining any of the products of the suite, global organizations can effectively distribute SIEM capabilities outside headquarters. Intellitactics was awarded Common Criteria Certification in December 2004, making it the first software provider to earn this certification as a security information and event management solution. Founded in 1996, Intellitactics is backed by JMI Equity Fund LP and Lazard Technology Partners and is ranked by well-known industry analysts as a market leader known for product development, delivery and thought leadership. Visit us at www.intellitactics.com.
Power-reducing software solutions provider 1E (www.1e.com) has been announced as the winner of the inaugural Green Supplier Award at Green IT Expo 2008, the UK’s first free-to-attend event focusing on sustainable computing. Head of Global Sales at 1E, Jon McKellar, accepted the award from Managing Director of conference organiser Revolution Events, Richard Tribe, during the afternoon’s keynote sessions on 5th November.
“The award recognises 1E for its innovative range of products, in particular its Nightwatchman software, which was seen to offer a great solution to the common issue of PCs and other peripherals being left switched on after office hours,” says Tribe.
CEO of 1E, Sumir Karayi adds, “We are thrilled to have been recognised as Green Supplier 2008. Ten million people across 1,000 organisations in 42 countries worldwide are now using our products, all helping to reduce IT energy consumption on a larger scale.”
VeryPC (www.very-pc.co.uk), the Sheffield-based energy-efficient PC manufacturer were also awarded the runners-up prize, for its ‘totally holistic approach’ to building low-energy servers and PCs, whilst clearly quantifying the power savings. VeryPC’s Managing Director, Peter Hopton, accepted the award on the company’s behalf.
The Green Supplier Award honours IT suppliers that have shown outstanding commitment to providing greener IT hardware and software for the future. 1E and VeryPC were voted for by end-users from Revolution Event’s database of commercial, public and third sector organisations.
Green IT Expo 2009 takes place on the 10th and 11th November. Please visit www.greenitexpo.com for further information on the conference.
Source: MCC International
A new generation of 'online hoodies' ('cyber hoodies') is wreaking havoc in cyberspace, Internet security experts are warning
by Michael Smith
The hackers (and crackers), some as young as 12 (and younger still), begin by phishing for identities on social network sites before graduating to stealing cash from PayPal accounts. Theoretically, however, those are two separate corridors of activities. Their scams are believed to be raking in thousands of pounds with the possibility of the damages caused by the syndicates going into the millions.
Some even offer step-by-step guides on how to pull off the scams – although these are often just another attempt to get money from gullible copycats.
Many see themselves as stars and want to boast about their exploits, with one of them selling T-shirts bearing his online name and proclaiming himself 'the greatest hacker of all time'.
Web security expert Maksym Schipka, whose wife's professional site was defaced, said: “They know more than we do, they can do more than we can, they understand it better.”
The young hackers are said to be growing increasingly sophisticated, and the hackers and crackers and other cycbercriminals are always, it would appear, a step or four ahead of the security experts charged with defending systems and the Net.
“There is now a whole sub-industry where people will supply these kids with custom made tools to create phishing pages to steal bank details,” said web expert Chris Boyd.
The other problem is that those who supply the tools are also children – children who are cleverer in the computer technology field than are many of the experts. And the other problem with children is that, if and when they are caught, and they happen to be “below the age of criminal responsibility” nothing can really be done against them.
While I know what many who have been hit by those scams and by the viruses and Trojans, and also the security experts, would like to do with those little nasties apparently it is regarded unlawful to suspend them from certain appendages. A shame rather, for I am sure it would set others thinking.
Many of the perpetrators boast about what they do on video sharing sites such as You Tube.
Mr. Boyd, of Internet security firm, Face Time, added: “One 12-year-old kid ran a huge forum with thousands of users sharing tips on stealing credit card details and bank details.”
The government concedes online crime is a growing problem and next Spring a £7million police unit starts work to combat the latest trend. But a Home Office spokesman said the “age of the perpetrators isn't an issue”.
The Home Office, the British Ministry of the Interior, say that the “age of the perpetrators isn't an issue” but everyone can bet their lives that it is going to be an issue as and when – if, more like – they are caught. It can be more or less guaranteed that nothing will happen to them, nothing whatsoever.
The other issue is that most of those kids and other perpetrators do not sit in the UK – they are elsewhere. Or even if they are here and in the USA, they go in via proxy servers and IPs and the forums are hosted, more often than not, in places such as the Russian Federation or other former USSR countries.
The biggest groups of cyberhoodies do sit in countries such as Brazil, where most of the viruses and Trojans and such agents are written, and the former USSR and other Eastern Bloc countries where the details collected are used.
So, again, the advice: “Let's be careful out there.” We must be if we want to be safe on the Net in the same way in the city and especially in hostile territory.
© M Smith (Veshengro), November 2008
by Michael Smith
A message similar to this many have been getting when inserting hardware encrypted USB drives into PCs running Windows XP ever since around April 2008.
This happened to me with a Sandisk Cruzer Enterprise and, as readers may recall, I hence assumed that the stick was broken, especially as the Blockmaster Safestick kand the Stealth MXP devices from MXI performed perfectly.
However, having recently come to test a Kingston Data Traveler Black Box the same happened on the XP machine. Oops!
It turns out that the Cruzer Stick is NOT broken and nor is or was the DTBB. Both use an executable with which Windows XP has an issue ever since a patch that was installed by most users around April 2008. Microsoft has a hotfix on its website that is supposed too cure this but, alas, it does not on my system.
When the issue occurred with the DTBB I called Kingston and one of their engineers kindly directed me to the hotfix which, as I said, does not fix things on my system. The whys and wherefores as to the lack of fix beats me.
Prior to Adriane, the engineer of Kingston, coming back to me with the link to Microsoft I had successfully set up the DTBB on an old Windows 2000 system and it was a faster set up than I have seen on XP. This does, obviously, brings to mind the question as to why MS every changed from WIN2000.
I have also tested the DTBB on an XP system that belongs to a local authority and there is no issue with that one.
In the meantime I have also gotten myself a new laptop with Windows Vista installed and no problem with the DTBB and also, after finally finding it my desk drawer again, neither with the Sandisk Cruzer Enterprise.
I must say, and I am not too proud to do so, that I do owe Sandisk an appology as regards to the Cruzer stick as it is not broken and the issue lies wholly with Microsoft and one of their patches.
I have tried uninstalling the patches and could do that with all but one which was installed around April time; one patch cannot be uninstalled and I assume that to be the culprit. Therefore, it can safely be assumed that all systems that have that patch and may have an issue with the hotfix not applying will not be able to run any drives that have one of the five or six executables to run the encryption programs.
It is not the sticks but a Windows update/patch that causes the issue. Once again my apologies to Sandisk and I hope that readers will come to understand, as did I, where the problem does lie.
While it is always being advised that one should always apply the patches to the system the more I am seeing as far as Windows is concerned the more I am concerned about this.
I have now more than once seen the problem caused by those patches and a fair number of years ago some computer experts, including those in IT security, advised me not to take each and every patch. Some even advised entirely against patching the OS and suggested to just keep all the security software up to date and to patch all other applications. Maybe I should have listened?
© M Smith (Veshengro), November 2008
Peak Development Ltd announced as TKR’s first etail & retail distributor
4 November 2008, London: The Key Revolution (TKR), developers of the portable office and secure virtual network solution, Mobiu, have today announced a distribution partnership with Peak Development Ltd, the UK’s leading flash memory distributor.
TKR’s partnership with Peak Development marks a major milestone for the distribution of Mobiu and will introduce the ground-breaking solution to a range of well known etail and retail resellers. Mobiu will be stocked by Peak for distribution from the week of 27 October.
Robert Baseley, Managing Director at Peak Development comments, “In the current market environment, we are seeing our reseller partners begin to focus much more on product innovations that specifically tackle the business issues thrown up by the downturn. One of the key issues for their customers at the moment is cost effective data security when working away from the office which makes Mobiu a very timely product for us to be involved in.”
Adrian Burholt, CEO of The Key Revolution comments, “Peak has great channels into the etail and retail market place and they’ve been consistently enthusiastic about the product. Peak’s market is a natural fit with the capabilities Mobiu offers, and we’re looking forward to marketing the brand together”.
The Mobiu secure virtual network solution offers mobile computing to small/medium businesses and consumers. Mobiu is an advanced USB based device with a SIM card that plugs into a computer and enables the user to automatically store and back up the latest versions of all documents in designated file locations. Mobiu can then securely unlock, access and use all files, data and applications safely, securely, and privately, from any online PC running Windows XP or Vista, in any location. Services included with Mobiu are:
- Plug and play ability
- SIMAssured chip and pin access system
- Web-browsing without leaving a ‘footprint’
- File and folder back-up across multiple PCs direct to MobiVault secure server hosted by NTT Europe Online and powered by Sun Microsystems
- Shared MobiRoom private workspaces that can be set up simply and easily where colleagues and friends can be invited to join and share information
- Remote ‘kill’ feature to disable the Mobiu if the owner reports it as lost/stolen
Pricing: SRP £150 including VAT
The Key Revolution was created by a team of ex-Vodafone employees to license and commercialise technology patented by Vodafone. This technology enables internet users to securely authenticate themselves and encrypt their data using the SIM (Subscriber Identity Module) - familiar to billions of mobile phone users worldwide. The Key Revolution was licensed to use the technology in September 2007 in return for an early equity stake. The first product from The Key Revolution based on its SIMAssured™ technology platform is Mobiu, a portable office solution which uses a unique SIM enabled solution to access files and applications securely from any online PC running Windows XP or Vista.
Peak Development Ltd is the UK’s leading Flash Memory provider. They offer a continually expanding range of products from retail packaged Memory Cards for Digital Cameras and Mobile Phones to highly specified OEM solid state drive for industrial applications. The portfolio of new products continues to grow and currently includes everything from mobile scanning equipment to satellite navigation.
Source: Clarke Mulder Purdie
First Day Keynotes At Green IT Expo 2008 – 4th – 5th November, Barbican Exhibition Centre, London
Potential methods and models for measuring energy efficiency and the cost and environmental impact of green IT, were the two major themes highlighted by the keynote speakers on the first day at Green IT Expo 2008, the UK’s first free-to-attend event focusing on sustainable computing.
At yesterday’s opening plenary, Senior Vice President of Forrester Research, Christopher Mines, discussed ways of accelerating and implementing successful green initiatives to ensure IT suppliers and their customers are actively reducing the harmful impacts of computing on the environment. Mines affirmed that green IT does not have to mean higher expenses and outputs for businesses and that energy savings can be acquired by simply turning off unused equipment, recycling IT consumables and implementing virtualisation techniques to cut down on commuting and business travel. He also highlighted the results of a recent Global Green IT Online Survey, which identified that as initiatives and methods of energy measurement are being discussed more publicly, the number of businesses implementing green IT practices has increased by 14% since October 2007.
Following Mines was Head of ICT for Sustainable Growth (Unit H4) at the European Commission, Colette Maloney, who outlined the EC’s initiatives to improve energy efficiency and establish policy frameworks for a lasting contribution to Information Communication Technology’s (ICTs) energy footprint. Maloney reinforced the importance of identifying a widespread standard for measuring and reporting energy consumption. Between 2007 and 2008 the European Commission spent 20 million Euros over 11 research projects that looked at ways of improving energy efficiency at the design phase and ways ICT can serve energy efficient systems.
Maloney explained that individuals cannot see how their energy savings can affect things but ‘if we were more aware of the energy we consume from engaging in different activities, then we could pro-actively work to change our consumption.’
Later in the morning, Chief Technology Officer at IBM, Steve Bowden, looked at what might happen to data centres if they do not start looking at methods to improve the environment and cost efficiency and start taking control of energy saving and cooling requirements. Bowden stated that if left unchecked, the cost to power and cool servers in the future might equal the cost of acquisition and by 2010, there will be over 35 million servers installed worldwide and the cost of powering and cooling them could increase by 54% (Source: IDC – Worldwide Server Power and Cooling Expense 2006-1010).
Energy efficiency is one of the top five concerns for leaders of public sector institutions, government officials, and for CEOs. Managing Director of Green IT Expo organiser Revolution Events, Richard Tribe comments, “We learnt that it is possible for businesses to reduce their operational costs whilst saving between 40-50% in energy, it is just a case of diagnosing which areas could be improved, measuring the energy that could be saved and implementing these processes. It is in our commercial interest to use less energy, drive fewer miles, generate less waste, recycle more, and we must reduce our impacts in these areas to the absolute minimum where the investment and payback is acceptable.”
Green IT Expo (www.greenitexpo.com) is supported by event sponsors including IBM, Adobe, Infor, Ricoh, Kyocera, Sun Microsystems, Bell Microsystems Ltd and Microsoft. Green IT Expo 2008 is organised by one of the UK’s leading providers of focused business forums, Revolution Events, in collaboration with the global Climate Savers Computing Initiative, a non-profit group of eco-conscious consumers, businesses and conservation organisations.
Green IT Expo 2009 will take place on the 10th and 11th November, at the Barbican Exhibition Centre, London.
Source: MCC International