Archive for Threats
Author: Dave Lewis
April 10, 2008 at 9:01 am · Filed under Threats
People do love their “top 10″ lists. Security folks are no different. Here is a list of ten threats to keep an eye on. Of course this is by no means exhaustive.
From Network World:
Virtualization can help make more efficient use of hardware, but it also creates new security problems. In particular, it allows different virtual hosts to reside in the same physical machine where the traffic between them is difficult to monitor and screen.
The problem is compounded if virtual hosts replicate to other physical machines to meet increased demand for the services they provide. Rules for accessing these machines must accompany them, and this is complex, says Rob Whiteley, an analyst with Forrester Research.
“When you deploy virtualization at scale, it becomes a burden to manage the virtual machines,” Whiteley says. Access control is still important in virtual environments, but tools for replicating it are scarce.
For the rest of the list read on.
Article Link
Author: Dave Lewis
February 29, 2008 at 8:22 am · Filed under Insider Threat, Threats
Karen Salmansohn wrote a piece for the Huffington post on “cyber” war (still hate that word) from within.
From Huffington Post:
By all mainstream press accounts, the U.S. remains focused on guarding against inbound attacks by large and small enemies, a classic defensive posture anticipating warfare coming from the outside-in: a War of Mass Destruction.
But what if it’s an inside-out job — a cyber-attack via the internet: a War of Mass Disruption?
Think about it: We’ve become a nation of “internet addicts.” Even the smallest of businesses is obsessively dependent on constantly accessing, transferring, and acting upon information via the Internet.
I confess to personally often feeling like a new millennium O.C.D. character in an Oliver Sachs book: “The girl who couldn’t stop watching my email” — with minor symptoms of “google junkie.”
And the more all of us Americans increase our dependence on the Internet, the more we make the Internet a prime target for “Hacktivists” — enemy cyber terrorists.
And, it really wouldn’t be that difficult to do. I would be more concerned with bored teens at this point than with a concerted attack. Think about it. The “bad guys” take out the internet? Not entirely likely as they need it for the same reasons that China wouldn’t hit Atlanta in a nuclear strike. They would want to watch their progress on CNN.
Read on.
Article Link
Tags: Cyber War, Insider Threat
Author: Dave Lewis
January 31, 2008 at 9:33 am · Filed under Crime, Privacy, Threats
If ever there was a case for checking your facts this is it, in a strange manner. Some poor fella that works for a gas company started having the phone ring off the wall with people threatening him and his wife. Why? A group of anti-Scientology hackers thought he was a hacker for the other side. It seems that they were miles from right.
From Recordnet.com:
A 59-year-old man and his wife received dozens of threatening telephone calls from anti-Scientology provocateurs after their home address and telephone number - and her Social Security number - were posted online by hackers who mistook the man for a pro-Scientology hacker, he said.
“Friday we started getting phone calls, me and the wife,” John Lawson of Stockton said Wednesday. “They’d just say, ‘We’re going to get you,’ this and that.”
The Pacific Gas and Electric Co. field clerk said he had “no clue what was going on” until a staff writer for Wired News, the online side of Wired Magazine, called.
The writer, Ryan Singel, said a group of hackers called the “g00ns” believed Lawson to be a hacker who disrupted a Web site frequented by members of Anonymous, a loose league of Internet troublemakers most recently engaged in upsetting the Church of Scientology. The g00ns are skilled hackers and were “pretty convinced that from their forensic work they had found the right guy,” Singel said.
Um, oops? It’s bad enough that they were engaging in threats (never smart) but, to do it to someone who had nothing to do with the entire affair. No word on if the cops will be able to run this to ground.
Article Link
Tags: Scientology Hacking, John Lawson, Mistaken Identity
Author: Dave Lewis
January 16, 2008 at 7:22 am · Filed under Threats
From the Federal Times:
Cyber-espionage and phishing scams will cause bigger headaches for federal information security managers this year, one expert group predicts.
Researchers from the SANS Institute, a computer security research center, compiled a list of the 10 biggest cyber-security threats in 2008. Many items on the list are not new. Phishing scams, for example — official-looking e-mails that redirect users to malicious Web sites — have been around for years. But they rapidly are becoming more sophisticated and sending more targeted e-mails, according to Alan Paller, director of research at SANS.
“Their success level, and their ability to evade common defenses, is what’s new,” Paller says of the scams, which rank ninth on the list. “We’re not saying you haven’t seen these before, but they will cause a lot of damage this year.”
Ah, bedazzled jackets.
Article Link
Tags: SANS, Threats, Phishing, Espionage
Author: Dave Lewis
December 28, 2007 at 8:18 am · Filed under Physical Security, Security Mgmt, Threats
As the Olympics approach in Beijing the Chinese are diligently preparing for the event. One aspect of it that can never be overlooked is the security of the event. Not only the physical as the world witnessed at the games in Munich in 1972 but, also from a network security aspect. There really is a lack of appreciation by the public with regards to the amount of work that goes into setting up for an event of this magnitude. I have noticed that there has been little press on this angle so far. There are a lot of multinational companies getting into the mix selling physical security solutions. I can only imagine sales folks are jumping in with both feet on the software side as well.
From Herald Tribune:
In preparation for the Beijing Olympics and a series of other international events, some American companies are helping the Chinese government design and install one of the most comprehensive high-tech public surveillance systems in the world.
When told of the companies’ transactions, critics of China’s human rights record said the work violated the spirit of a sanctions law Congress passed after the Tiananmen Square killings.
The Commerce Department, however, says the sophisticated systems being installed, by companies like Honeywell, General Electric, United Technologies and I.B.M., do not run afoul of the ban on providing China with “crime control or detection instruments or equipment.” But the department has just opened a 45-day review of its policies on the sale of crime-control gear to China.
The network security will be of paramount importance as well. Especially when you take into account some of the folks who have recently moved into the neighbourhood.
Article Link
Tags: Olympic Security, Beijing Olympics, Beijing Olympic Security, China Olympics
Author: Dave Lewis
November 21, 2007 at 10:38 pm · Filed under Threats
Hmmm, interesting premise.
From InfoWorld:
Is the software we’re using to protect ourselves from online attacks becoming a liability?
That’s what Thierry Zoller believes. For the past two years, the security engineer for n.runs AG has taken a close look at the way antivirus software inspects e-mail traffic, and he thinks companies that try to improve security by checking data with more than one antivirus engine may actually be making things worse. Why? Because bugs in the “parser” software used to examine different file formats can easily be exploited by attackers, so increasing your use of antivirus software increases the chances that you could be successfully attacked.
Antivirus software must open and inspect data in hundreds, if not thousands, of file formats. One bug in the software that does this can lead to a serious security breach.
It would be unfortunate if security software was turned against the users. It’s not really inconceivable.
Article Link
Tags: Secuity Software As Risk, Security Software Problems
Author: Dave Lewis
November 12, 2007 at 1:12 pm · Filed under Threats
Well, it is that time of year again. Time to drag that crystal ball out of the closet and dust it off. This morning I noticed the first of what will no doubt be many prognostications for 2008.
From Business Week:
Exploiting Trust
These kinds of targeted attacks on Web-based services may constitute the top computer security threats of 2008 (BusinessWeek.com, 11/12/07), according to security experts. “One of the biggest challenges of 2008 will be, how do you do business online when you know there’s a bad guy in the middle?” says Chris Rouland, chief technology officer in IBM’s (IBM) Internet security systems division. “The personal computer isn’t the target of 2008; it’s the browser,” he says. IBM sees the landscape changing profoundly enough that the company plans to spend $1.5 billion next year to develop security suites that can address a broad array of threats rather than different products aimed at specific security risks.
For more be sure to check out the entire article.
Article Link
Tags: Online Security, Security 2008, Security Predictions 2008
Explore
Security Bloggers Network
