Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for the ‘internet safety’ Category

A New Class Of Security

leave a comment »

Click to enlarge. This graph outlines some of the key types of security attacker types and techniques that the 2011 IBM X-Force Trends Report identified as being most common. By the end of last year, the frequency and scope of these incidents persisted, and continue to bring awareness to the basic tenants of operating a business and protecting its assets in an increasingly connected world.

As hackers increasingly find new and nefarious ways to threaten the global digital infrastructure, recent policy advancements such as the proposed “Cybersecurity Act of 2012” in the U.S. have been introduced as solutions to the world’s growing cybersecurity problem.

While IBM accepts it is an imperative to properly secure critical systems, private sector advancements should be balanced with pragmatic legislative policies that avoid overly-prescriptive mandates that can inhibit the very innovation needed to ensure cybersecurity.

Consequently, IBM moved quickly and sent a letter urging the U.S. Senate to address flaws in the proposed cybersecurity bill.

According to IBM’s X-Force 2011 Trend and Risk Report, cyber attackers are adapting and moving quickly to target newer information technologies such as social networks and mobile devices. This rapidly evolving nature of cyber attacks necessitates a new approach to enabling cybersecurity.

Responding to the ever-changing nature and volume of attacks requires agility, risk-based management, and a commitment to innovative defensive measures. IBM supports bipartisan, cybersecurity legislation, but the “Cybersecurity Act of 2012” would add bureaucracy to a process that needs speed to succeed.

Government and industry would be best served by a common-sense approach to cybersecurity that allows for investment in R&D, improved information sharing between public and private sectors, better security for federal IT networks, and criminal penalties for cyber-crimes.

Industry Solutions To A Network Problem

Advanced threats, rapid adoption of social media, and Web applications have also been driving the need for new, intelligent approaches to security.

As employee access to the Web has become ubiquitous, enterprises are struggling with massive increases in malware as well as Advanced Persistent Threats (APTs), which can compromise proprietary data.

Many of today’s security solutions often offer limited visibility and control over network activity, which can put the company at risk.

To help clients proactively protect against evolving security threats, including those posed by social media sites and malicious websites, IBM today announced a new class of network security appliance that delivers a more granular view of a company’s security posture and a simplified security management interface.

This new next-generation intrusion prevention appliance helps clients address advanced attacks targeting their organization, providing visibility into exactly what applications are being used on the network, where users are going on the Web, with the ability to monitor and control this activity, which can result in improved security and reduced operational costs.

IBM Security Network Protection XGS 5000

IBM Security Network Protection XGS 5000 is a next-generation intrusion protection system specifically designed to address the constantly evolving, increasingly sophisticated threats that organizations face today.

It builds on the proven, core security features found in IBM Security Network Intrusion Prevention System, including helping protect against “zero-day” exploits, by adding new levels of visibility and control over the network, applications, data and users to help improve security by helping prevent misuse and identify previously undetectable threats.

IBM Security Network Protection incorporates global threat intelligence from X-Force, including a Web filter database of over 15 billion URLs — capable of monitoring and categorizing millions of Web servers and applications each day to provide superior protection against the changing threat landscape.

Gaining Control, And Visibility, Into Security Events

Once organizations are aware of the nature of activity on their network, the new application control features enable clients to have granular control over what is happening on their network; this means granular user and group-level control over which applications and Websites are permitted, and how they are used down to individual actions or activities within these applications and sites.

IBM Security’s Advanced Threat Protection Platform helps clients by providing the following features and capabilities:

  • Proven security to help protect against zero-day threats: enables preemptive protection against a full spectrum of advanced threats, including Web application attacks and exploits hidden in files. IBM’s protection engine is built upon years of security intelligence gathered by X-Force Research, and can stop entire classes of attacks — including new and unknown threats – without updates; most solutions available today match individual protection signatures — a process that can be too slow to stop evolving threats and can result in higher rates of false positives and false negatives.
  • Visibility and insight: provides application awareness, monitoring and control, with high level dashboards for drilling down into events and reporting. Also provides deep insight into the nature of activities on the network through broad application awareness and flow data analysis. Integrates with QRadar Security Intelligence Platform to provide even greater levels of insight including anomaly detection and event correlation.
  • Control: utilizes intelligence related to Web applications, Websites, and non-Web applications, including Web application and Web site coverage with over 15 Billion URLs across 68 categories and support for 1000+ applications and actions.

IBM Security Network Protection XGS 5000 will be available starting in 3Q12.

 About IBM Security

IBM’s security portfolio provides the security intelligence to help organizations holistically protect their people, data, applications and infrastructure. IBM offers solutions for identity and access management, security information and event management, database security, application development, risk management, endpoint management, next-generation intrusion protection and more.

IBM operates one of the world’s broadest security research and development, and delivery organizations. This comprises nine security operations centers, nine IBM Research centers, 11 software security development labs and an Institute for Advanced Security with chapters in the United States, Europe and Asia Pacific. IBM monitors 15 billion security events per day in more than 130 countries and holds more than 3,000 security patents.

Don’t Get Knocked Offline With DNSChanger!

with one comment

Heads up: Krebs On Security is reporting that the DNSChanger Trojan horse virus is still in 12% of the Fortune 500!

On July 9, any systems still infected will be “summarily disconnected from the rest of the Internet.”

Click to enlarge. The U.S. government’s “safetey net” for the DNSChanger virus will go offline on Monday, July 9, which could see thousands could lose access to the Internet that once infected approximately 4 million computers across the world. The Federal Bureau of Investigation first gave details about the virus last November, which affects computers’ abilities to correctly access the Internet’s DNS system — essentially, the Internet’s phone book. The virus would redirect Internet users to fake DNS servers, often sending them to fake sites or places that promoted fake products.

The attached infographic provides some of the key background and history, but now the question is, what to do about it?

PC World explains DNSChanger rerouted infected computers through servers controlled by a criminal ring based in Eastern Europe, by basically hijacking the DNS service.

If you’ve been infected and recently visited Facebook or Google, PC World explains, you’ve likely seen a warning. But to be sure, check out this tutorial to see if DNSChanger has infected your PC (Mac or Windows).

There’s also a list of removal tools here you can use to learn more and prevent your systems from going offline on July 9th!

Written by turbotodd

July 5, 2012 at 5:11 pm

Internet Insecurity

leave a comment »

You ever get one of those emails where there are two headlines that couldn’t have been more synchronous?

That’s what I got today in a Washington Post email newsletter:

“New malware is 20 times size of Stuxnet”

“Cybersecurity experts needed to meet growing demand”

Surely the Post newsletter editor at least chuckled when he put those two together.

I didn’t chuckle, however, when I started reading up on this new Internet security phenom.

Wired’s Threat Level blog led with this: “A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.”

Here was The New York Times lead on the story: The computers of high-ranking Iranian officials appear to have been penetrated by a data-mining virus called Flame, in what may be the most destructive cyberattack on Iran since the notorious Stuxnet virus, an Iranian cyberdefense organization confirmed on Thursday.

And, the Post led with: Researchers have identified a sophisticated new computer virus 20 times the size of Stuxnet, the malicious software the disabled centrifuges in an Iranian nuclear plant. But unlike Stuxnet, the new malware appears to be used solely for espionage.

The Post goes on to cite analysts who “suspect Israel and the United States, given the virus’s sophistication, among other things.”

Which is it, we need more cybersecurity experts in the U.S., or we’re the “nation-state” behind this latest cyber war virus?

Whatever the case, the BBC’s coverage included the following facts: Russian security firm Kaspersky Labs believed the malware had been operating since August 2010 and described Flame as “one of the most complex threats ever discovered.”

If you don’t remember Stuxnet, it was the alleged state-sponsored virus which wreaked havoc on Iran’s uranium centrifuges.  This new malware, according to the BBC story, “appears not to cause physical damage,” but instead collects “huge amounts of sensitive information.”

Wired also adds to the story, reporting Flame was “written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals.”

Wired went on to report that “Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.”

Recorded conversations?

Yes, indeedy.  According to Wired, one of the modules in Flame is “one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity.”

It also allegedly contains a module that turns “Bluetooth-enabled computers into a Bluetooth beacon,” scanning for other Bluetooth-enabled devices in order to “siphon names and phone numbers from their contacts folder.”

It can also store “frequent screenshots of activity on the machine,” screenshots that include everything from emeetings to instant messages, email….you get the picture.  Literally.

I don’t know about you, but I sense a whole new genre of cyber espionage novels looming on the horizon.

More details on Flame as they emerge…

Live @ IBM Smarter Commerce Global Summit Madrid: IBM Product Manager Mark Frigon On Smarter Web Analytics & Privacy

leave a comment »

Mark Frigon is a senior product manager with IBM’s Enterprise Marketing Management organization, a key group involved in leading IBM’s Smarter Commerce initiative. Mark’s specialties are in Web analytics (he joined IBM as part of its acquisition of Coremetrics) and Internet privacy, an issue that has come to the forefront in recent years for digital marketers around the globe.

Effective Web metrics are critical to the success of businesses looking to succeed in e-commerce and digital marketing these days, and IBM has a number of experts who spend a lot of their time in this area.

One of those here in Madrid at the IBM Smarter Commerce Global Summit, Mark Frigon, is a senior product manager for Web analytics in IBM’s Enterprise Marketing Management organization.

Mark sat down with me to discuss the changing nature of Web analytics, and how dramatically it has evolved as a discipline over the past few years, including the increased focus by marketers on “attribution,” the ability to directly correlate a Web marketing action and the desired result.

Mark also spoke at the event about the importance for digital marketers around the globe to be more privacy-aware, a topic we also discussed in our time together, calling out in particular the “Do-Not-Track” industry self-regulatory effort that intends to put privacy controls in the hands of consumers.

If you spend any time thinking about Internet privacy or Web analytics, or both, this is a conversation you won’t want to miss.

Warning Against Your Insecurities: The 2011 IBM X-Force Trend And Risk “Poltergeist”

leave a comment »

WARNING: This is an exceptionally long post intended for security and privacy geeks everywhere, including sys admins, Internet security hawks, CIOs, and innocent but interested bystanders everywhere.  No web servers were hacked in the preparation of this report: at least, none by me!

Okay, troopers, it’s that time of year again.  You know, the time when IBM releases its report card for security incidents, the X-Force Trend and Risk Report.

Google has the search “Zeitgeist” every year, we have the security “poltergeist!”

This time around, we’re looking back at the wild and wacky 2011, a year which showed surprising improvements in several areas of Internet security. Improvements, you ask?  Surely you jest, Turbo.

This figure from the 2011 IBM X-Force Trend And Risk Report shows a steady decline in the instances of input control related vulnerabilities such as cross-site scripting (XSS) and SQL injection since X-Force began recording these statistics in 2007. In 2011, the statistics suggest that the likelihood of encountering XSS in a given test continues to decrease but shows signs of leveling out at approximately a 40 percent chance of occurring. Injection vulnerabilities and specifically SQL injection appears to have leveled out at around a 20 percent chance of occurring in a given test.

No, no, there IS some good news.  Like a reduction in application security vulnerabilities, exploit code and spam.

But, good news leads to less good news on this front, as many of you who follow security well know, because the bad guys are being forced to rethink their tactics by targeting more niche IT loopholes and emerging technologies such as social networks and mobile devices.

The Top Line: Less Spam, More Adaptation

To get specific, the X-Force 2011 Trend and Risk Report demonstrated a 50 percent decline in spam email compared to 2010.

2011’s poltergeist saw a diligent patching of security vulnerabilities by software vendors, with only 36 percent of those vulnerabilities remaining unpatched in 2011 (compared to 43 percent in 2010).  The year also saw a higher quality of software application code, as seen in web-app vulnerabilities called “cross-site scripting” that were half as likely to exist in clients’ software as they were four years ago.

So, the net is, the bad guys are adapting their techniques to the changing tech environment. The report uncovered a rise in emerging attack trends including mobile exploits, automated password guessing, and a surge in phishing attacks.

It also witnessed an increase in automated shell command injection attacks against web servers, which may well be a response to successful efforts to close off other kinds of Web app vulnerabilities.

The Security Landscape Glass Half Full: Decrease In Unpatched Vulnerabilities, Exploit Code, And Spam

Getting even more specific, according to the report, there are several positive trends as companies adjusted their security policies in 2011:

  • Thirty percent decline in the availability of exploit code. When security vulnerabilities are disclosed, exploit code is sometimes released that attackers can download and use to break into computers. Approximately 30 percent fewer exploits were released in 2011 than were seen on average over the past four years. This improvement can be attributed to architectural and procedural changes made by software developers that help make it more difficult for attackers to successfully exploit vulnerabilities.
  • Decrease in unpatched security vulnerabilities. When security vulnerabilities are publicly disclosed, it is important that the responsible software vendor provide a patch or fix in a timely fashion. Some security vulnerabilities are never patched, but the percentage of unpatched vulnerabilities has been decreasing steadily over the past few years. In 2011 this number was down to 36 percent from 43 percent in 2010.
  • Fifty percent reduction in cross site scripting (XSS) vulnerabilities due to improvements in software quality. The IBM X-Force team is seeing significant improvement in the quality of software produced by organizations that use tools like IBM AppScan OnDemand service to analyze, find, and fix vulnerabilities in their code.  IBM found XSS vulnerabilities are half as likely to exist in customers’ software as they were four years ago. However, XSS vulnerabilities still appear in about 40 percent of the applications IBM scans. This is still high for something well understood and able to be addressed.
  • Decline in spam. IBM’s global spam email monitoring network has seen about half the volume of spam email in 2011 that was seen in 2010. Some of this decline can be attributed to the take-down of several large spam botnets, which likely hindered spammers’ ability to send emails. The IBM X-Force team witnessed spam evolve through several generations over the past seven years as spam filtering technology has improved and spammers have adapted their techniques in order to successfully reach readers.

The Security Landscape Glass Half Empty: Attackers Adapt Their Techniques in 2011

Even with these improvements, there has been a rise in new attack trends and an array of significant, widely reported external network and security breaches.

This figure from the 2011 IBM X-Force Trend And Risk Report shows an increase in mobile operating system exploits in 2011 due to an uptick in malicious activity targeting mobile devices. Because of the two-tiered relationship between phone end users, telecommunications companies, and mobile operating system vendors, disclosed mobile vulnerabilities can remain unpatched on phones for an extended period of time, providing a large window of opportunity to attackers.

As malicious attackers become increasingly savvy, the IBM X-Force documented increases in three key areas of attack activity:

  • Attacks targeting shell command injection vulnerabilities more than double. For years, SQL injection attacks against web applications have been a popular vector for attackers of all types. SQL injection vulnerabilities allow an attacker to manipulate the database behind a website. As progress has been made to close those vulnerabilities – the number of SQL injection vulnerabilities in publicly maintained web applications dropped by 46 percent in 2011– some attackers have now started to target shell command injection vulnerabilities instead. These vulnerabilities allow the attacker to execute commands directly on a web server. Shell command injection attacks rose by two to three times over the course of 2011. Web application developers should pay close attention to this increasingly popular attack vector.
  • Spike in automated password guessing – Poor passwords and password policies have played a role in a number of high-profile breaches during 2011. There is also a lot of automated attack activity on the Internet in which attacks scan the net for systems with weak login passwords. IBM observed a large spike in this sort of password guessing activity directed at secure shell servers (SSH) in the later half of 2011.
  • Increase in phishing attacks that impersonate social networking sites and mail parcel services – The volume of email attributed to phishing was relatively small over the course of 2010 and the first half of 2011, but phishing came back with a vengeance in the second half, reaching volumes that haven’t been seen since 2008. Many of these emails impersonate popular social networking sites and mail parcel services, and entice victims to click on links to web pages that may try to infect their PCs with malware. Some of this activity can also be attributed to advertising click fraud, where spammers use misleading emails to drive traffic to retail websites.

Emerging Technologies Create New Avenues for Attacks

New technologies such as mobile and cloud computing continue to create challenges for enterprise security.

  • Publicly released mobile exploits rise 19 percent in 2011. This year’s IBM X-Force report focused on a number of emerging trends and best practices to manage the growing trend of “Bring your Own Device,” or BYOD, in the enterprise. IBM X-Force reported a 19 percent increase over the prior year in the number of exploits publicly released that can be used to target mobile devices. There are many mobile devices in consumers’ hands that have unpatched vulnerabilities to publicly released exploits, creating an opportunity for attackers. IT managers should be prepared to address this growing risk.
  • Attacks increasingly relate to social media – With the widespread adoption of social media platforms and social technologies, this area has become a target of attacker activity. IBM X-Force observed a surge in phishing emails impersonating social media sites. More sophisticated attackers have also taken notice. The amount of information people are offering in social networks about their personal and professional lives has begun to play a role in pre-attack intelligence gathering for the infiltration of public and private sector computing networks.
  • Cloud computing presents new challenges – Cloud computing is moving rapidly from emerging to mainstream technology, and rapid growth is anticipated through the end of 2013. In 2011, there were many high profile cloud breaches affecting well-known organizations and large populations of their customers. IT security staff should carefully consider which workloads are sent to third-party cloud providers and what should be kept in-house due to the sensitivity of data. Cloud security requires foresight on the part of the customer as well as flexibility and skills on the part of the cloud provider. The IBM X-Force report notes that the most effective means for managing security in the cloud may be through Service Level Agreements (SLAs) because of the limited impact that an organization can realistically exercise over the cloud computing service. Therefore, careful consideration should be given to ownership, access management, governance and termination when crafting SLAs. The IBM X-Force report encourages cloud customers to take a lifecycle view of the cloud deployment and fully consider the impact to their overall information security posture.

The IBM X-Force 2011 Trend and Risk Report is based on intelligence gathered by one of the industry’s leading security research teams through its research of public vulnerability disclosures findings from more than 4,000 clients, and the monitoring and analysis of an average of 13 billion events daily in 2011.

“In 2011, we’ve seen surprisingly good progress in the fight against attacks through the IT industry’s efforts to improve the quality of software,” said Tom Cross, manager of Threat Intelligence and Strategy for IBM X-Force. “In response, attackers continue to evolve their techniques to find new avenues into an organization. As long as attackers profit from cyber crime, organizations should remain diligent in prioritizing and addressing their vulnerabilities.”

You can learn more about IBM Security Solutions here.

Impressions From SXSW Interactive 2012: Q&A With Don Tapscott On Our Digital Future, Privacy, & Milennials

leave a comment »

I’ve been following Don Tapscott’s work since I first moved to New York in 1995, reading a number of his early books, including Growing Up Digital.  Without question, he’s been a consistent and articulate voice about how digital technology is changing our world, detailing for us mere mortals its impact on business, education, children, and beyond.

Scott and I had the real privilege of stealing a few minutes of Don Tapscott’s time yesterday here at SXSW Interactive 2012 to talk about some of those themes, and Tapscott’s suggestion that there’s some very real change in the air that’s being enabled by Internet Protocol-based technologies, including the smartphone.

No Hiding

leave a comment »

After spending six and a half lovely hours at Pearson International Airport in Toronto, watching the miserable snow and misty rain falling out of the sky, my Air Canada flight was finally allowed off the ground and into the air, only to find myself soon in Times Square in NYC, standing amidst more nasty weather.

This is why I left NYC 11 years ago and moved back to Texas.

But, I must say, Pearson is a true business travelers’ airport.

I’m long unqualified for any of the airline lounge programs (unless I want to fork over $500 a year), but Pearson makes such havens unnecessary.  There were plenty of chairs freely available to the masses, nice restaurants and bars (where I enjoyed some insurance sushi and beer before my long-delayed flight), and most noticeably, free wi-fi throughout the airport.

Yes, I said it: Free wi-fi throughout the airport.  The kind of wi-fi you can suck oxygen freely through without gasping for bandwidth.  The kind where you can stream a Netflix show or get your actual file attachments without looking back and forth guiltily at all the the other normally weary, bandwidth-starved travelers.

Steve Lohr with The New York Times just penned a piece this morning about how the web is, by necessity, speeding up, but being nicknamed “Turbo,” I fear it could never get fast enough for me.  But I’ll appreciate every effort that Akamai and others are making to speed up the bits and bytes.

Of course, even as you’re speeding around the information superhighway, you need to keep a look out for who’s watching.  Google’s changed privacy policy went into effect today, and lots of folks are unhappy about it.

Me, I took charge of my own privacy with Google a number of years ago, shutting down their search history feature.  What I’m searching for and when is my own business, far as I’m concerned, but I’m happy to let them put little ads up against my queries if that’s what it takes to keep the service free.

As I explain to people, having that search history feature turned “on” is like having multiple people following you around the shopping mall, with nice HD cameras, capturing your every move.  If you don’t believe me, Google “Ghostery” and download the handy little app to see how many third-party cookies are watching YOUR every move.

Ghostery positions itself as “your window into the invisible web – tags, web bugs, pixels and beacons that are included on web pages in order to get an idea of your online behavior.”

Ghostery “tracks the trackers” and lets you know who all has invaded your machine.

So that if you decide to do a little hunting yourself, you’ll know precisely what you’re looking for.

Written by turbotodd

March 1, 2012 at 3:18 pm

%d bloggers like this: