JohnBert - Slashdot User

Submission + - Windows 8 Will Run From USB Thumb Drive (computerworld.com)

Submitted by

JohnBert

on Thursday September 15, 2011 @10:55AM

JohnBert writes: "Windows 8 will include a new feature that lets IT administrators provide workers with a portable Windows environment on a USB thumb drive. Called "Windows To Go," the feature seems aimed at enterprises that want to equip employees with "complete managed Windows images" that they can use to turn a PC into a doppelganger of a secured in-house machine.

It's not known whether individuals will be able to use Windows To Go for the same purpose, or if the feature is enterprise-only. It's also unclear whether Windows to Go comes with a price tag: One report, based on a briefing with reporters at BUILD on Monday, said that the feature will cost about $50 per seat.

Microsoft declined to provide more information about the feature, which was among those demonstrated to analysts earlier this week, according to Michael Silver of Gartner. Instead, a spokeswoman referred to the short summary of a session at the BUILD Windows conference, which kicked off Tuesday in Anaheim, Calif. with a two-and-a-half-hour demonstration of some of the operating system's key components and changes."

Submission + - SpyEye Hacking Kit Adds Android Infection (computerworld.com)

Submitted by

JohnBert

on Wednesday September 14, 2011 @08:53AM

JohnBert writes: "The SpyEye hacking toolkit has added an Android component that collects the text messages some banks use as an extra security precaution, a researcher said today.

"The standard SpyEye now also entices a user to download an Android app, which is actually a component that's Android-specific malware," said Amit Klein, the chief technology officer of Boston-based Trusteer, a security firm that specializes in online anti-cybercrime defenses.

The Android app poses as a security program — ironically, one that's supposed to protect a user's text messages from being intercepted — required to use a bank's online services from a mobile device.

Many banks now send customers a one-time code, usually a series of numbers, to their mobile phone. To access the account, a user must enter not only the traditional username and password, but also the just-received passcode. It's that passcode that the bogus Android app intercepts and then re-transmits to a hacker-managed command-and-control (C&C) server, said Klein."

Submission + - Sec Vendors Push Intrusion-Detection, Pro Services (computerworld.com)

Submitted by

JohnBert

on Tuesday September 13, 2011 @09:27AM

JohnBert writes: "Established vendors and startups last week announced products and services for network intrusion-detection and outsourced security management.

Hewlett-Packard, Axent Technologies and startup Sanctum debuted intrusion-detection software for corporate networks, while Raytheon Company announced BladeRunner, server-based software for monitoring internal corporate network traffic in order to prevent unauthorized transmission of sensitive material.

"It identifies traffic-flow patterns to identity anomalies," says Jeff Waxman, president of Raytheon's newly formed information assurance product area based in Linthicum, Md. "If the R&D department suddenly starts sending information out to the wide-area Internet, you'll know that.""

Submission + - Apple Strikes Stolen SSL Certificates From OS X (computerworld.com)

Submitted by

JohnBert

on Monday September 12, 2011 @09:59AM

JohnBert writes: "Apple released an update to Mac OS X that blocks Safari users from reaching sites secured with certificates stolen from a Dutch company last summer.

The update follows others by Microsoft, Google, Mozilla and Opera Software, which have already blocked or permanently barred the use of all certificates issued by DigiNotar, a certificate authority, or CA, that acknowledged its servers were breached and unauthorized SSL (secure socket layer) certificates obtained by one or more attackers.

Apple's update came just days after a security researcher criticized the company for "dragging its feet." In March, Apple took a month to block nine certificates stolen from U.S.-based Comodo, three weeks longer than Microsoft."

Submission + - After Certificate Hack, Mozilla Seeks Reassurances (computerworld.com)

Submitted by

JohnBert

on Friday September 09, 2011 @09:04AM

JohnBert writes: "Following the high-profile hack of DigiNotar, the makers of the Firefox browser are asking issuers of digital certificates to take a hard look at their internal security and to report back in a week.

In emails sent out to digital certificate authorities Thursday, Mozilla Certificate Authority (CA) Certificates Module owner Kathleen Wilson asked CAs such as Symantec and Go Daddy to audit their systems for any possible compromise, confirm that nobody can issue a digital certificate without two-factor authentication, and shore up practices with any third parties that might be able to issue digital certificates using the CA's root key.

Mozilla is giving CAs until Sept. 16 to respond to the email, but the browser maker is not saying what will happen if any of its 54 CAs ignore the request."

Submission + - Comodo Hacker Takes Credit For DigiNotar Hack (darkreading.com)

Submitted by

JohnBert

on Thursday September 08, 2011 @09:31AM

JohnBert writes: "The fallout from the recent breach of certificate authority (CA) DigiNotar continues at a rapid pace as more details about the scope of the attack come to light: More than 500 rogue digital certificates were created for such high-profile domains as cia.gov, microsoft.com, Microsoft's windowsupdate.com, and mozilla.org, as well as one posing as VeriSign Root CA. In addition, more than 300,000 IP addresses, mostly in Iran, have been compromised.

The plot further thickened today when the hacker who breached certificate authority Comodo earlier this year claimed he was also behind the DigiNotar attack, and has hacked four more CAs, including GlobalSign and StartCom: "I told all that I can do it again, I told all in interviews that I still have accesses in Comodo resellers, I told all I have access to most of CAs," wrote the hacker, who goes by the alias "ComodoHacker" and claims to be Iranian. He indicated that the attacks were in retaliation for the 16-year anniversary of a massacre of thousands of Muslims during the Bosnian War in the town of Srebrenica."

Submission + - New Tools Simplify Analysis of Android Malware (darkreading.com)

Submitted by

JohnBert

on Wednesday September 07, 2011 @09:22AM

JohnBert writes: "The Honeynet Project has helped create two tools aimed at making Android malware analysis simpler and free and, ultimately, help better secure the wildly popular mobile platform.

The new open-source tools were developed under the Google Summer of Code project, a program where students from around the world spend their summer breaks writing code for open-source software. Two students under the mentorship of The Honeynet Project focused on Android malware: One wrote a static analysis tool called APKInspector, and the other, a dynamic analysis system called DroidBox — both of which are aimed at giving researchers a way to easily reverse-engineer Android malware and to observe and dissect malicious Android apps.

"These two tools nicely complement each other and should really be part of one's toolbox [who deals] with mobile malware," says Christian Seifert, chief communications officer for The Honeynet Project. "We believe that mobile malware will flourish, and while similar to malware on the PC, [it has] some unique characteristics that will reflect themselves in unique characteristics of the malware itself.""

Submission + - DHS Warns of Planned Anonymous Attacks (computerworld.com)

Submitted by

JohnBert

on Tuesday September 06, 2011 @10:13AM

JohnBert writes: "The U.S. Department of Homeland Security today issued a somewhat unusual bulletin warning the security community about the planned activities of hacking collective Anonymous over the next few months.

The bulletin, issued by the DHS National Cybersecurity and Communications Integration Center (NCCIC), warns financial services companies especially to be on the lookout for attempts by Anonymous to "solicit ideologically dissatisfied, sympathetic employees" to their cause.

Anonymous has recently used Twitter to try and persuade dissatisfied employees within the financial sector to give them information and access. Though such attempts appear to have been largely unsuccessful so far, "unwilling coercion through embarrassment or blackmail may be a risk to personnel," the bulletin warned."

Submission + - Hackers Break Into Linux Source Code Site (computerworld.com)

Submitted by

JohnBert

on Friday September 02, 2011 @09:26AM

JohnBert writes: "As Linux fans know, there are two kinds of hackers: the good guys who develop free software, such as the Linux kernel, and the bad guys who break into computers.

The bad guys paid the good guys an unwelcome visit earlier this month, breaking into the Kernel.org website that is home to the Linux project. They gained root access to a server known as Hera and ultimately compromised "a number of servers in the kernel.org infrastructure," according to a note on the kernel.org website.

Administrators of the website learned of the problem and soon discovered a number of bad things were happening on their servers. Files were modified, a malicious program was added to the server's startup scripts and some user data was logged."

Submission + - New Windows Worm Wriggling Through Networks (darkreading.com)

Submitted by

JohnBert

on Thursday September 01, 2011 @09:14AM

JohnBert writes: "A retro worm attack is underway that takes the unusual spin of employing the Remote Desktop Protocol (RDP) in Windows' remote desktop connection feature as its attack vector.

Researchers from Microsoft, F-Secure, eEye Digital Security, and other organizations say the so-called Morto worm infects Windows workstations and Windows servers. It spreads by uploading a Windows DLL file to a targeted machine. The worm looks for weak administrator passwords in Remote Desktop on an organization's network — everything from "12345" to "admin" and "password."

Researchers say the attack could be used for various purposes, including distributed denial-of-service (DDoS) attacks against targeted organizations. "The remote control feature allows bot-like control of the infected machines and they can be used for basically any purpose," says Mikko Hypponen, chief research officer of F-Secure Lab."

Submission + - Google One of Many Victims in SSL Certificate Hack (computerworld.com)

Submitted by

JohnBert

on Wednesday August 31, 2011 @09:00AM

JohnBert writes: "A Dutch company that issues digital certificates used to authenticate websites said that several dozen other websites in addition to Google have been affected by a security breach.

The company, DigiNotar, issues SSL (Secure Sockets Layer) and EVSSL (Extended Validation) certificates, which are validated by Web browsers to ensure people are not visiting a fake website that is trying to appear legitimate.

DigiNotar is what's called a Certificate Authority (CA), an entity that sells digital certificates to legitimate website owners. But DigiNotar issued a digital certificate for the google.com domain, a mistake that could allow a skilled attacker to intercept someone's e-mail."

Submission + - Windows Worm Spreads By Attacking Weak Passwords (computerworld.com)

Submitted by

JohnBert

on Tuesday August 30, 2011 @09:11AM

JohnBert writes: "A new Windows worm is working its way through company networks by taking advantage of weak passwords, security researchers said over the weekend. The worm, dubbed "Morto" by Microsoft and Helsinki-based F-Secure, has been circulating since at least last week, when company administrators noticed systems generating large numbers of unexplained connections to the Internet.

"Although the overall number of computers reporting detections are low in comparison to more established malware families, the traffic it generates is noticeable," said Hil Gradascevic, a researcher with the Microsoft Malware Protection Center (MMPC), in a Sunday blog.

Morto spreads using RDP, or Remote Desktop Protocol, the Microsoft-made protocol for controlling one computer by connecting to it from another."

Submission + - UK Charges Another Alleged Anonymous Member (computerworld.com)

Submitted by

JohnBert

on Monday August 29, 2011 @09:34AM

JohnBert writes: "U.K. police said Thursday a 22-year-old student has been charged in connection with participating in distributed denial-of-service attacks (DDOS) with the hacking collective Anonymous.

Peter David Gibson, of Hartlepool, was charged with conspiracy to do an unauthorized act in relation to a computer under the Criminal Law Act of 1977. Gibson has been bailed and is scheduled for an appearance in Westminster Magistrates Court on Sept. 7.

The Metropolitan Police said Gibson's arrest is part of an ongoing investigation into Anonymous, which has conducted several high-profile campaigns to take down websites for political reasons. Among its most prominent actions were sustained DDOS attacks against companies that stopped processing donations to WikiLeaks last November after it began releasing secret U.S. diplomatic cables."

Submission + - Researchers Craft Defense Against Wireless MIM (computerworld.com)

Submitted by

JohnBert

on Friday August 26, 2011 @09:23AM

JohnBert writes: "MIT researchers have devised a protocol to flummox man-in-the-middle attacks against wireless networks. The all-software solution lets wireless radios automatically pair without the use of passwords and without relying on out-of-band techniques such as infrared or video channels.

Dubbed Tamper-evident pairing, or TEP, the technique is based on understanding how man-in-the-middle attacks tamper with wireless messages, and then detects and in some cases blocks the tampering. The researchers suggest that TEP could have detected the reported but still unconfirmed cellular man-in-the-middle attack that unfolded at the Defcon conference earlier this month in Las Vegas.

TEP was devised by a quartet of MIT researchers: Shyamnath Gollakota, Nabeel Ahmed, Nickolaik Zeldovich and Dina Katabi, all with the Department of Electrical Engineering and Computer Science. Their research paper, "Secure in-band wireless pairing," was presented at the recent Usenix Security Symposium and MIT has its own story about the research online."

Submission + - Palo Alto Networks Aggressively Pursues MSSPs (channelinsider.com)

Submitted by

JohnBert

on Thursday August 25, 2011 @11:29AM

JohnBert writes: "Palo Alto Networks has struck partnerships with a host of big players in the managed security services market. Palo Alto has been on the hunt for strategic managed services partners of late and plans to continue its expansion within the managed security services provider (MSSP) market through its two-tier MSSP program. Both levels offer a full spectrum of sales and marketing support as well as in-depth technical training and accreditation for managing its firewall systems.

Also notable is Bat Blue Corporation who has been an MSSP partner since March (http://www.batblue.com/plugins/content/content.php?content.929). The linked article states that they were named Palo Alto's Partner of the Year and they service over 25 organizations for Palo Alto Networks."

Slashdot Top Deals