A Sign Of The Times…

… Or something more disturbing? So, Wikipedia is finally closing its doors to unrestricted editing, why? Well because it was being abused – and the reputation of the site was falling. When the Internet first came on the scene, the data was ‘good’, because the people who used it, wanted to share their knowledge and so when you searched for something (hey, this was pre-Google!) then the results tended to be useful. Subsequently, the data on the web has been diluted by less good information – some of which is completely wrong (although may be an individual’s opinion), this has made it harder to use it as a research tool. Wikipedia started up with the best intentions but it has now been subverted like the rest of the web. Unfortunately, this looks to be the way of most ‘open’ collaboration in the Web 2.0 world. I have written before on the problems associated with splog (blog spam) which means that comments, the ones that make it through the initial filter, have to be checked before they are posted – just in case they are inappropriate. As we depend more and more on the web, we need to ensure the data is correct – and this isn’t just the ’static’ data, but also the calculated data as well.

I am preparing for a podcast recording for RSA Europe this afternoon, my session is on mitigating the security risks in the cloud – and one section is on computational integrity. If the service provider’s application makes a mistake… would you know? Now the mistake may be a genuine ‘bug’ or it might be malicious – how would you know? The answer is… well, most people haven’t thought about it yet, but for those who have there are a few ways to approach the problem. Perhaps the easiest of which is to have dummy transactions for which you know the outcome. That way, periodically you can test the application is still returning what you expect. Of course, it’s not really that simple – as you potentiall need to account for the dummy transactions in other business applications, but you get the idea.

As the cloud becomes more popular, its attractiveness to cyber-criminals will increase – and while a daft middle name for the prime minister on Wikipedia isn’t going to hurt your business, there are other things that might.

Guy Bunker

August 26, 2009 | Filed Under Cloud computing, Education, Speaking, security | 1 Comment 

130 Million…

… Credit card numbers that is. That’s what one person has been charged with stealing from several different companies. If convicted he could end up with 25 years in prison and £300,000 fine – which is serious stuff. However, what about those who have had their credit cards stolen… if all of them spent an hour changing their accounts then this equated to nearly 15,000 years of wasted time. As for the companies who lost the data – well they shouldn’t have (and there’s a great book to help them), but even so, shouldn’t they also be considered for compensation?

Guy Bunker

August 19, 2009 | Filed Under cyber-crime, data-loss, security | Leave a Comment 

Phishing World Rife With Wolves in Sheep’s Clothing

Even safe sites aren’t safe anymore, not if you don’t pay attention anyway. Symantec has recently spotted a phishing attack that used a legitimate SSL certificate to masquerade as a legitimate site. Fraudsters continue to use these kinds of techniques to perpetuate identity theft and these particular attacks aren’t as noticeable.

Symantec’s latest Phishing Report indicates attacks employing legitimate SSL certificates have higher possibilities to entice users in to trusting the fake website and provide confidential data. End users would only notice the deception if they reviewed the certificate or had other visual indicators, such as whether or not the site was secured with an extended validation SSL certificate.

The report, which can be downloaded here, also includes the following:

  •  Symantec observed a 52 percent increase from the previous month in all phishing attacks – The observed increase was primarily in the information services sector due to a large toolkit attack targeted towards a social networking brand.
  • 63 percent of phishing URLs were generated using phishing toolkits; an increase of 150 percent from the previous month – Such toolkit attacks targeted towards social networking and other sites in the information services sector facilitate collection of a large amount of personal data marketed in the underground economy to earn income and launch further attacks utilising the available data.
  • More than 130 Web hosting services were used, which accounted for 6 percent of all phishing attacks; a decrease of 14 percent of total Web host URLs when compared to the previous month.
  • There was a 17 percent decrease from the previous month in non-English phishing sites.

 Below are best practices to safeguard against seemingly legitimate SSL certificate attacks:

  • There should be an awareness of SSL certificate frauds and users should be cautious around suspicious URLs even with a SSL certificate and the familiar padlock icon
  • Avoid clicking on suspicious links and/or attachments in email or IM messages as these maybe links to spoofed websites
  • It is advisable to type Web addresses directly in to the browser than relying upon any links
  • Always be sure the operating system and the browser is up-to-date with the latest updates, and a security suite with an anti-phishing solution such as the Norton Internet Security 2009 or Norton 360 (version 3.0) installed on the computer

Launched at the same time as the Phishing Report, Symantec also released its August State of the Spam report. This revealed spammers are continuing to use celebrity names to drive their spamming efforts. The report can be downloaded here.

Dominic Cook

August 10, 2009 | Filed Under Phishing, Spam, cyber-crime, security | Leave a Comment 

Social Network Attacks… A Warning For The Cloud?

A couple of the largest social network sites have recently suffered from denial of service attacks. In one case, the website was taken down for a couple of hours and in the other, there was a reduced service.

OK, so this was social networking… who cares? Well, you should… especially if you are looking at cloud based services for your business. In the good old days, the cyber attackers could take out one site, and (in general) one business with it… but as more and more customers look to the cloud, the cloud service provider becomes a more and more attractive target for the cyber-criminal.

What can you do? Well, before entrusting your data and applications to a cloud service provider, ask them what they would do if they suffered from a denial of service attack… and if they brush it off with a ‘it won’t happen to us’, then look for a new provider.

Guy Bunker

August 7, 2009 | Filed Under Cloud computing, cyber-crime, security | Leave a Comment 

2009 Security Trends Predictions: A Mid-Year Update on How We Fared

At the end of 2008, Symantec’s security researchers made several predictions regarding trends to watch for in 2009. So several months on, how are we doing with the predictions?

Our experts said that some of the threats we’d see in 2009 would include a continued explosion of new malware variants, advanced Web threats, an increase in new threats that exploit the economic crisis,  and an uptick in threats related to social networking sites.  All of those forecasts have materialized in the first half of 2009.

In a recent interview with Byte and Switch, Marc Fossi, manager of R&D for Symantec Security Response notes an over-arching theme that unifies these trends.  He said:

“The nature of a lot of this is how interconnected everything is right now. The advanced web threats and explosion of new malware variants are interconnected. A lot of the threats are being installed through web sites that attack your browser. A threat isn’t there for too long a period before it’s replaced by something newer in the whole cat and mouse game of anti-malware.”Going on, “You could get a message on your social network account that points to a “good site for refinancing your mortgage,” but the site will actually install a new malware variant.”

In addition to the trends we predicted for 2009, other trends we have so far seen include old malware methods making a comeback as part of new threats, the increase in cross-industry cooperation to tackle cybersecurity and the use of deceptive methods by attackers that imitate traditional business practices. 

Today’s threats continue to increase in volume and severity.  It is important that Internet users secure and manage their information to make themselves less vulnerable to risks and threats.  We believe that a multi-layered defense combining traditional detection methods with complementary detection such as reputation-based security models will be essential to combat future threats.

 

Jessica Johannes

August 6, 2009 | Filed Under cyber-crime, security, trojan | Leave a Comment 

Aggressive Cuts To Cost & Complexity

Finding ways to substantially cut costs and complexity in an active, vibrant Data Centre is not easy. CIO’s have spent years trimming here and there and, to many, further demand from the business to reduce CAPEX/OPEX can seem like asking the impossible.

Nonetheless, significant additional reductions and effeciencies can be made possible where companies take a broader look at the way IT serves the business in a broad context. Key to this approach is the bringing together of “IT” and “Business” people in a combined effort to rationalise applications, processes, core infrastructure and operations. I have recently facilitated “IT/Business Alignment” workshops, forced both sides of the house to work together productively and have been amazed as to the opportunities that drop out of this exercise.  Well managed and facilitated workshops are a great way from stakeholders to express ideas, test theory and find “1+1=3″ type opportunities.

The days of the IT organisation behaving as “custodian of technology” need to be brought to a close and the CIO needs to be positioned and fully recognised as a business partner by their peers in the organisation.

Darren Thomson

August 3, 2009 | Filed Under Complexity, data centre, data-loss | Leave a Comment