Posts Tagged info security
NEWS ANALYSIS: Employees are accessing any number of entertainment, social networking and shopping Websites that threaten corporate security and productivity. Most of them should be banned.
The Internet has become a savior for many companies. With the Web’s help, companies can expand their reach to other markets, dramatically improve their business processes to improve productivity and profitability.
Cloud-based business applications are allowing people to work productively anywhere. But as the Internet’s popularity has soared, so too, have services and technologies that might actually hurt productivity.
Not only are these sites distracting, some of them can even compromise network security. For all its benefits, the World Wide Web has also become a treacherous web of security and management pitfalls that IT decision-makers contend with every day.
To get a handle on the risks, enterprises are justified in blocking certain sites and services that could do more harm than good. Sometimes employees don’t like that. But if they are working on a corporate network they have to strictly following all network access policies or go work someplace else.
Take a look at some of the online services companies should block ban from the corporate network.
1. YouTube, Of Course
This one is an obvious one, isn’t it? YouTube with extremely rare exceptions has never served as a productive business information platform for enterprises. It is a bottomless time sink that distracts employees from productive work by viewing and share videos that are often inappropriate in an office environment. It should always be blocked.
2. Facebook Is A Brain Drain
Facebook is nice for the marketing department to get the word out about the latest company news, but why a typical employee in accounting or management should have access to Facebook is anyone’s guess. Facebook is a productivity killer and depending on what folks share through the social network, a potential security issue.
3. The same is true for Twitter
Speaking of security issue, Twitter is arguably one of the biggest potential concerns facing companies today. The social network has no real value to anyone outside of the marketing department, and links and images and other potentially harmful media are shared with ease. Save yourself the grief and block Twitter.
4. Social-gaming sites
Oddly, there are some companies that don’t block social-gaming sites, like Zynga, PlayFish, and others. Why? Those sites serve no purpose to anyone within a company and only kill productivity. They should always be banned from use in the office.
Intel’s security subsidiary offers to pay $389 million for next-generation firewall firm Stonesoft, betting that businesses want to pay for stronger security management.
McAfee, a wholly owned subsidiary of Intel, will acquire next-generation firewall maker Stonesoft in a deal worth $389 million, the companies said May 6 in a joint statement.
The security maker expects the acquisition of the Finnish firm to round out its lineup of security products, giving it a strong contender in the market for content-aware firewalls. Next-generation firewalls inspect network packets going in—and out—of a corporate network to prevent compromise and block the data exfiltration. Stonesoft focuses on blocking sophisticated attacks that use advanced evasion techniques to dodge other defenses.
Stonesoft’s strong products, knowledge of the market for advanced firewall products and their investigations into evasion techniques make the company valuable, Pat Calhoun, senior vice president and general manager for McAfee’s network security business, told eWEEK.
“Stonesoft has put a significant amount of resources into research,” he said. “The combination of those three elements is what makes them very attractive.”
The purchase is not McAfee’s first in the network security market. In 2009, the company bought Secure Computing, a maker of firewall, email-security and Web-security products, which itself had bought firewall maker Securify the preceding year. In November 2011, McAfee also purchased security information and event management (SIEM) maker Nitro Security for an undisclosed sum, boosting its ability to give companies better security awareness of their networks.
In 2010, chip maker Intel bought McAfee in a deal valued at $7.7 billion.
Next-generation firewalls combine traditional port blocking and reporting features of traditional firewalls with the ability to link users, devices and applications with on-the-fly content inspection of traffic, allowing advanced combinations of policies. Companies, for example, could block users who attempt to connect to the network from an unrecognized device, download a potentially malicious file from an suspicious Website or attempt to send sensitive data to, say, Dropbox.
“It is really is about contextual information and understanding the application behind the traffic,” said Calhoun. “All of that contextual information can be used in the policy to better secure the network.”
McAfee will have to support the acquisition well, as the market is quite competitive. Palo Alto Networks, Check Point Software Technologies, Fortinet, Cisco and Juniper are all top companies in the market for next-generation firewalls. In addition, with its May 2012 acquisition of firewall maker SonicWall, Dell has boosted its own capabilities in the midsized business market.
McAfee plans to add Stonesoft’s offering to its network security solutions, including its IPS Network Security Platform and Firewall Enterprise. The Finland-based company also has products focused on virtual private networks and preventing attackers from evading defenses. Stonesoft has 6,500 customers worldwide.
NEWS ANALYSIS: Frustrated that email and social network users can encrypt their messages, law-enforcement agencies want the feds to enact punitive measures to force cooperation.
Even if it accomplished nothing else, the Middle Eastern governments’ crackdowns on communications during the Arab Spring movement two years ago demonstrated how much governments, in general, and repressive governments, in particular, hate encryption—particularly in the hands of private citizens.
This is why governments from Egypt to Oman to India have tried to ban BlackBerry smartphones with their uncrackable encryption. Now, in the United States, the Federal Bureau of Investigation and the military and intelligence agencies are going after your encrypted communications on Google, Facebook and other Web communication services.
Google, as you’ll likely recall, was hacked by the Chinese military who tried to get into the email accounts of dissidents who use Gmail for communicating their pro-freedom activities. The Chinese, a repressive regime if there ever was one, just hates dissidents. So the military hackers wanted to read their email to find out who they were and what they were up to.
Google responded by encrypting its network from end to end. Facebook, after being attacked repeatedly, has done the same thing. Other networks that pride themselves on their security are also providing encrypted communications, including BlackBerry, which is widely used by the U.S. government precisely for this reason.
Of course those other repressive governments never actually banned BlackBerry devices because their own intelligence agencies also use them and needed the security more than they needed to read other people’s email.
So now we come to the FBI and other U.S. law-enforcement agencies that are trying to read the text messages, chats and the email of people they think are bad guys. The feds say that they’re doing this to fight crime and terrorism. And they say they have a right to get information if they have a legally obtained wiretap order.
The problem is, as The Washington Post reported recently, that not all providers of communications services have the ability to comply with a federal wiretap order. Their systems are secure and they’re meant to stay that way. What the FBI is asking for is the ability to fine those companies that don’t comply with a wiretap order, even if they’re technically unable to do so within a time limit set by the FBI.
In other words, if you can’t provide the feds with a back door to your system, the government will keep piling on fines until you go out of business. The idea, of course, is to compel companies that provide secure communications to also build in a means for the feds carry out get their wiretaps.
In the latest incident of nation-state cyber-attacks, attackers slipped malware onto the agency’s site, apparently aiming to compromise nuclear-energy officials from the Department of Energy.
Hackers compromised the U.S. Department of Labor’s Web site this week, modifying pages about nuclear-related illnesses with malware that could compromise visitors’ computers through a zero-day vulnerability in Internet Explorer 8, according to security experts.
While security firms first released details of the attack on May 1, endpoint protection firm Invincea reported on May 3 that the malware served up by the Department of Labor’s pages used an exploit for a previously unknown flaw in Internet Explorer 8.
Victims’ systems which fell prey to the attack would be compromised with a variant of Poison Ivy, which is a malware type popular with Chinese hackers. In addition, the command-and-control traffic matches that seen in cases of espionage attributed to a Chinese attacker known as DeepPanda, according to security-management firm AlienVault.
The attack follows reports of the theft of technology secrets, allegedly by Chinese agents, from Western defense firms. These recent attacks highlight the necessity for the U.S. government to address the issue of nation-state espionage, Anup Ghosh, founder and CEO at Invincea, told eWEEK.
“They are essentially stealing defense technology secrets right from under our noses; it’s pretty brazen,” he said. “At what point, do we as a nation, as a government, say enough is enough, that the red lines are being crossed here?”
The compromise at the Department of Labor appears to be a version of a tactic known as a watering hole attack, where the attackers compromise a site that they believe will be visited by their intended targets. Unlike more general drive-by download attacks, which attempt to compromise as many PCs as possible, watering hole attacks are a form of targeted operation.
In September, security firm Symantec issued an in-depth report on a series of attacks, known as the Elderwood Project, in which attackers applied a number of zero-day exploits and used watering holes to target certain companies or types of companies. In December, attackers compromised the Council of Foreign Relations’ Web site and used it to serve up malware using an exploit for a previously unknown flaw in Internet Explorer 6, 7 and 8.
While experts cannot be certain that officials at the U.S. Department of Energy were the targets of the attack, the logic is clear, said Ghosh.
“The pages that were compromised with the malware were specific to this issue of workers and nuclear toxicity,” he said. “The DOE—and many its labs—do a lot of nuclear research.”
As in many cases of targeted attacks, the malware used by the attackers was not well recognized by antivirus software—only 2 out of 46 products identified the malicious executable, according to the initial post by Invincea. Users who believe they may be at risk from this attack should use a different browser or any of a variety of security virtualization products that isolate browsers from the rest of the system.
“Invincea has been notified that Microsoft is aware of this vulnerability and is currently investigating,” the company said in its post.
BlackBerry’s announcement that the Defense Department has approved BlackBerry 10 devices for use was overshadowed by a three-hour outage.
The BlackBerry network suffered a particularly ill-timed outage early May 3.
In March, BlackBerry had its besmirched name cleared, when the Department of Defense responded to reports that it was ending its relationship with the ailing phone maker, known for its security and stability but lack of consumer appeal. It wasn’t leaving BlackBerry, the DOD clarified, but moving to a mixed-device environment.
It was particularly bad luck, then, that the outage overlapped BlackBerry’s announcement that the DOD had approved its more-consumer-friendly BlackBerry 10 smartphones, PlayBook tablets and BlackBerry Enterprise Service 10 for use on DOD networks.
“BlackBerry 10 is ideal for our government customers because it offers a rich, highly responsive mobile computing experience, along with BlackBerry’s proven and validated security model—a combination that’s unmatched in the industry,” Scott Totzke, senior vice president of security at BlackBerry, said in a May 2 statement.
“Hope the Pentagon doesn’t mind the occasional outage,” came the inevitable Tweet, from Financial Times writer Daniel Thomas, with others offering variations on the theme.
BlackBerry users in the U.K. reported an outage shortly after beginning the workday Friday. Around three hours later, BlackBerry confirmed the problem on Twitter.
“Some of our customers may be experiencing issues with BlackBerry services. We are investigating and apologize for any inconvenience,” it said.
BlackBerry told The Register in a statement: “We can confirm that our technical teams have addressed the issue, and BlackBerry services are returning to normal levels. We apologize to customers for any inconvenience. We take all service issues—no matter how small—very seriously and through constant monitoring and investigation we aim to ensure our networks meet customers’ expectations.”
About 90 minutes after its first Tweet, BlackBerry announced, “All BlackBerry services are returning to normal levels. Apologies to any customers who experienced issues earlier.”
Both Tweets came from Donny H., a community manager on the BlackBerry site.
New Delhi-based tech writer Prasanto K. Roy Tweeted that the outage lasted 3 hours and 20 minutes, and Airtel Dehli BlackBerry users should restart their handsets.
Other reports said that Vodafone and O2 users were also affected.
In still more bad news for BlackBerry, the DOD the same day approved Samsung’s KNOX solution for secure bring your own device (BYOD) deployment. Developed by the National Security Agency (NSA), it includes “integrity management services” in both the hardware and software layers.
“KNOX enables existing Android ecosystem applications to automatically gain enterprise integration and validated, robust security with zero change to the application source code,” Samsung said in a Feb. 25 statement introducing the solution. “KNOX relieves application developers from the burden of developing individual enterprise features such as FIPS-compliant (Federal Information Processing Standard-compliant) VPN, on-device encryption, Enterprise Single Sign-On (SSO), Active Directory support and smart card-based multi-factor authentication.”
In October 2011, Samsung also introduced a Samsung Approved for Enterprise (SAFE) program, offering what it called a “higher industry standard for devices designed for enterprise users.”
When eWEEK asked BlackBerry’s Totzke, during an April interview, whether Samsung’s security solutions were on par with BlackBerry’s, he replied, “I don’t look at our competing solutions.”
Today, it’s hard not to compare them.
Security is always among the highest priorities of any IT system. With the ever-increasing number of cyber-threats assaulting networks 24/7, IT security specialists are continually looking to defend all of their data surfaces. While IT has mostly been password driven for decades, enterprises are more frequently looking at deeper security layers to protect customer and internal business data. Two-factor authentication is now getting more trial runs as a result. This could include a combination of passwords and a secret answer to a question, entering a series of numbers or letters into a form, an SMS message or entering security tokens. While many two-factor authentication systems help prevent fraud, it is not a panacea for all threats. Several varieties of two-factor authentication (or 2FA as it’s known, are available and in wide use today. Yet you’re network your customer’s data is still vulnerable. Before choosing a two-factor authentication system, research the different options available and have a clear understanding on what is being adopted by customers and what level of protection is provides. This eWEEK slideshow examines truths and myths about two-factor authentication. Resources include Jim Fenton, Chief Security Officer of OneID, IDC market research, and eWEEK reporting.
For three years, digital thieves linked to China stole intellectual property and defense information from the U.K.-based firm.
For more than three years, hackers linked to China thoroughly compromised U.K.-based QinetiQ, a firm that bills itself as “a world leading defense technology and security company,” to steal intellectual property and sensitive defense information, according to reports of the incident.
The long-running breach resulted in numerous visits from federal investigators from December 2007 until late 2010, according to Bloomberg News, which first reported the massive compromise. The incident, spelled out in emails leaked from security firm HBGary in 2011, resulted in large swaths of data on sensitive technologies–such as drones and military helicopters—getting transmitted overseas.
“The scary part of this particular type of intrusion is you are no longer talking about business interests and intellectual property, but about national security, and that raises the stakes quite a bit,” Alex Cox, principal research analyst for RSA’s FirstWatch incident response group.
The report is the latest evidence linking compromises at defense and critical-infrastructure companies to a Chinese group known as the “Comment Crew.” In February, incident response firm Mandiant released a report identifying the group as the source of more than 140 incidents of espionage investigated by the firm since 2006. The group is a part of the People’s Liberation Army known as Unit 61398, Mandiant said.
It’s one of several espionage groups backed by nation-states known within defense and security circles as specialists in advanced persistent threats (APTs). In January, the New York Times and the Wall Street Journal revealed that hackers thought to be from China had compromised their networks.
The widespread attacks on sensitive corporate and government organizations had top U.S. cyber officials ranking the threat above terrorism, in terms the threat posed to U.S. interests. In March, the Director of National Intelligence and the head of the U.S. Cyber Command both warned of the danger of the ongoing espionage.
In the recently reported incident, QinetiQ suffered a number of attacks over three years. A July 2010 report, leaked from security firm HBGary by hacktivists linked to Anonymous, discussed two of the attacks that resulted in the compromise of at least 71 systems—about 3.5 percent of systems investigated.
Among the tools used by the hackers to control compromised systems was a remote access Trojan (RAT) known as “lprinp.dll,” the report stated.
“It is a well known and used variety of malware that is customized and built from source code (that is, not an attack toolkit/generator),” the report stated. “HBGary believes this malware strain to be tightly coupled to a Chinese hacking group that targets the DoD and its contractors. HBGary has code-named this threat group as ‘Soysauce.’ This group is also known as ‘Comment Crew’ by some.”
The chain of compromises of QinetiQ’s network stretched back to December 2007, when the Naval Criminal Investigative Service contacted the company and notified them that two of their employees had lost information to hackers, according to the Bloomberg article. Over the next three year, the company called in a succession of security contractors but limited their investigations and failed to take adequate steps to stop the attacks, the report stated.
The Electronic Frontier Foundation noted a dramatic increase in the number of companies publishing law-enforcement guidelines but sees room for improvement.
With the provocative title of “Who Has Your Back?” a new report concludes that while many technology service providers have made impressive strides in their commitment to users’ rights in recent years, there is plenty of room for improvement.
Increasingly, Internet companies are formally promising to give users notice about law-enforcement requests for information, unless prohibited by law or a court order, according to the report from the Electronic Frontier Foundation (EFF), a nonprofit digital rights group. The organization also found a dramatic increase in the number of companies publishing law-enforcement guidelines for making data requests. This year, two companies—Twitter and Sonic.net—received a full six stars, while Verizon and MySpace earned no stars.
The report examines 18 companies’ terms of service, privacy policies, advocacy and courtroom track records, awarding up to six gold stars for best practices in various categories such as telling users about government data demands or publishing transparency reports.
The largest social networking site, Facebook, has yet to publish a transparency report, and while Yahoo has a public record of standing up for user privacy in courts, it hasn’t earned recognition in any of EFF’s other categories.
Meanwhile, Amazon holds huge quantities of information as part of its cloud computing services and retail operations, yet does not promise to inform users when the government is seeking their data. Amazon also does not produce annual transparency reports or publish a law-enforcement guide, according to EFF.
Although Apple and network operator ATT are members of the Digital Due Process coalition, they don’t observe any of the other best practices the EFF measures. And this year—as in past years—MySpace and Verizon earned no stars in the report, which noted the organization remains disappointed by the overall poor showing of Internet service providers (ISPs) like ATT and Verizon in their best practice categories.
“Transparency reports have become an industry-standard practice among major technology companies since we started issuing this report in 2011,” Marcia Hofmann, EFF senior staff attorney, said in a statement. “Through those reports, we’ve learned more about law-enforcement requests for user data. We publish this annual report to encourage companies to let users know how data flows to the government, and to encourage companies to stand up for their users.”
The report also noted a dramatic increase in the number of companies publishing law-enforcement guidelines. Seven companies—including Comcast, Foursquare, Google, Microsoft, SpiderOak, Tumblr and WordPress—earned stars in this category for the first time this year.
“There’s a lot to celebrate in this report, but also plenty of room for improvement,” Nate Cardozo, EFF staff attorney, said in a statement. “Service providers hold huge amounts of our personal data, and the government shouldn’t be able to fish around in this information without good reason and a court making sure there’s no abuse. This report should be a wake-up call to Internet users that they need more protection from the companies they trust with their digital communications.”
When you use the Internet, you entrust your conversations, thoughts, experiences, locations, photos and more to companies like Google, ATT and Facebook. In its annual report, the Electronic Frontier Foundation (EFF), an international nonprofit digital rights group, examined the policies of major Internet companies — including ISPs, email providers, cloud storage providers, location-based services, blogging platforms and social networking sites—to assess whether they publicly commit to standing with users when the government seeks access to user data. The purpose of the report is to give companies the incentive to be transparent about how data flows to the government and encourage them to take a stand for user privacy whenever it is possible to do so. EFF graded companies in six areas, including transparency reports and companies’ willingness to fight for users’ privacy rights in court. eWEEK takes a look at how 10 technology companies ranked in EFF’s study. Read on to learn more about which companies need improvement and which are ahead of the data-protection game.
Known as Cdorked.A, researchers at ESET called it one of the most sophisticated Apache backdoor exploits seen in the wild.
Attackers are using a sophisticated and stealthy piece of malware to infect Apache web servers.
The backdoor, dubbed Linux/Cdorked.A, is “one of the most sophisticated Apache backdoors we have seen so far,” according to Pierre-Marc Bureau, security intelligence program manager at ESET.
“The backdoor leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis,” he blogged. “All of the information related to the backdoor is stored in shared memory. The configuration is pushed by the attacker through obfuscated HTTP requests that aren’t logged in normal Apache logs. This means that no command and control information is stored anywhere on the system,” Bureau wrote.
Cdorked is designed to send users visiting a compromised site to servers hosting the notorious Blackhole exploit kit. According to ESET, the malware has already claimed hundreds of web servers.
Just how the servers are initially being attacked is not clear, but it may be through brute force attacks, explained Daniel Cid, CTO of security firm Sucuri.
“For the last few months we have been tracking server level compromises that have been utilizing malicious Apache modules…to inject malware into websites,” he blogged.
“However, during the last few months we started to see a change on how the injections were being done,” he added. “On cPanel-based servers, instead of adding modules or modifying the Apache configuration, the attackers started to replace the Apache binary (httpd) with a malicious one.”
The compromised binary doesn’t change anything in terms of how the site looks, he noted. However, on some random requests—for example once per day per IP address—it added a malicious redirect as opposed to just displaying the content.
“After the redirection, a web cookie is set on the client so it is not redirected again,” Bureau explained. “This cookie is also set if a request is made to a page that looks like an administration page. The backdoor will check if the URL, the server name, or the referrer matches any of the following strings : ‘*adm*’, ‘*webmaster*’, ‘*submit*’, ‘*stat*’, ‘*mrtg*’, ‘*webmin*’, ‘*cpanel*’, ‘*memb*’, ‘*bucks*’, ‘*bill*’, ‘*host*’, ‘*secur*’, ‘*support*’. This is probably done to avoid sending malicious content to administrators of the website, making the infection harder to spot.”
Bureau recommended organizations check for the presence of the shared memory to make sure they
are not infected. ESET has also made a free tool to allow systems administrators to verify the presence
of the shared memory region and dump its content into a file.
Bureau recommended organizations check for the presence of the shared memory to make sure they are not infected. ESET has also made a free tool to allow systems administrators to verify the presence of the shared memory region and dump its content into a file.
The attack is just the latest example of attackers targeting Apache Web servers. Earlier this year, researchers uncovered the Darkleech campaign, which is believed to have infected thousands of Web servers running Apache 2.2.2 and above. So far, ESET Security Evangelist Stephen Cobb told eWEEK, no connection has been found between Linux/Cdorked.A and DarkLeech.
When attackers get full root access to the server, they can do anything they want, from modifying configurations to injecting modules and replacing binaries, Cid blogged.
“However, their tactics are changing to make it even harder for administrators to detect their presence and recover from the compromise,” he wrote.