Wednesday, 25 August 2010 10:30
Akuma
The Pentagon's classified military networks were reportedly infiltrated by attackers in 2008, who allegedly stole a considerable amount of data. In a [statement](http://www.foreignaffairs.com/articles/66552/william-j-lynn-iii/defending-a-new-domain) published today by the US Council on Foreign Relations, Deputy Secretary of Defense William J. Lynn revealed that the attack originated at a base in the Middle East and was caused by a computer virus that was loaded on a flash drive.
According to Lynn, the virus was able to spread swiftly across the network and infect many military systems, eventually infiltrating the Department of Defense's classified network. He says that the attackers were able to establish a "digital beachhead" that enabled the transfer of highly sensitive material to unknown foreign agents. The incident, which is described as the most significant breach of US military computers in history, is now publicly acknowledged by the military.
Lynn says that this isn't the first time that military computer systems have been compromised. In fact, he says that "adversaries have acquired thousands of files from US networks and from the networks of US allies and industry partners, including weapons blueprints, operational plans, and surveillance data."
The 2008 attack, he says, was a wakeup call that changed the way that the US military prepares for similar threats. He touts the Pentagon's partnership with the Department of Homeland security as an important step towards better protecting the defense department's classified networks.
A [report](http://www.wired.com/dangerroom/2010/08/insiders-doubt-2008-pentagon-hack-was-foreign-spy-attack/) published by Wired contradicts the official story and suggests that the alleged attack was not, in fact, a concerted effort by foreign adversaries. Some members of the military who participated in the Pentagon's response and clean-up effort after the classified network was compromised told Wired that there is much less certainty than Lynn contends regarding the circumstances of the attack and the amount of data that was compromised.
Wired says that the virus that compromised the Pentagon's network, called agent.btz, is a variant of the relatively benign SillyFDC worm, which was been classified by security firm Symantec as a "very low" risk. The details revealed by Wired suggest that simple negligence enabled a commonplace virus to spread broadly across the network and that it was not actually an intentionally orchestrated attack.
In 2008, the NSA was tasked with [developing](http://arstechnica.com/tech-policy/news/2010/04/government-uses-nsa-tool-to-detect-thumb-drives-on-network.ars) a tool to prevent unauthorized use of USB drives on government networks. The tool is now said to be in widespread use throughout the defense department and other government agencies. It's likely that the tool was developed as a response to the 2008 network compromise incident. It could reduce the risk of similar situations in the future.
Read the comments on this post
Wednesday, 25 August 2010 05:05
Akuma
Wednesday, 25 August 2010 03:15
Akuma
Typical Web traffic is easy enough to spot: it uses TCP port 80. But plenty of protocols prefer to remain in the shadows and purposely make themselves difficult to identify—including Skype, BitTorrent, and eMule. If easy to identify, such protocols might make a tempting target for ISPs seeking to throttle back certain kinds of traffic. However, even these "obfuscated" protocols have a hard time hiding their secrets; encrypting the traffic can't keep them hidden, nor can certain tunneling behaviors that try to disguise one sort of traffic as another .
Who wants to identify traffic that hopes to remain hidden? Vendors of traffic analysis hardware, for one, who sell their gear to ISPs and must first be able to classify traffic before doing anything useful with it.
Tuesday, 24 August 2010 13:30
Akuma
Study after study has shown that users are the weak link when it comes to security. Some of it, however, is not their fault: best security practices often go against everything we know about human behavior or mental capacity. A study that will be published in the Journal of Consumer Research adds another one to this list. It turns out that the warning signs that might tip users off to a web site that's more likely to compromise their personal information actually causes many users to treat said information casually.
The authors approached the issue with a simple question: what motivates people to reveal personal information on the Internet? Understanding the phenomenon could go a long way towards explaining everything from blogging to phishing victims, but the authors chose to focus specifically on whether people would hand over embarrassing personal information, including sexual habits and illegal acts. After several rounds of tests, they conclude, "A central finding of all four experiments, is that disclosure of private information is responsive to environmental cues that bear little connection, or are even inversely related, to objective hazards."
Monday, 23 August 2010 04:06
Akuma
There's been quite a bit of head-scratching over Intel's decision to purchase McAfee, but, despite all the breathless talk about mobile security and ARM and virus-fighting processors, the chipmaker's motivations for the purchase are actually fairly straightforward. First, Intel's management has decided, in the wake of Operation Aurora, to move security up to the top of Intel's priority list. Second, secure systems require a lot more than just hardware support—security is about the whole stack, plus the network, plus policies and practices. Third, Intel has waited for ages for its ecosystem partners to come up with ways to give consumers access to vPro's security benefits, and little has really panned out so now they're just going to take vPro (and any newer security technologies) directly to consumers via McAfee.
Let's take a look at each of these reasons in turn.
Thursday, 19 August 2010 06:53
Akuma
In a deal valued at $7.68 billion, processor giant Intel has agreed to buy security and antivirus firm McAfee. The chip company will pay $48 a share for McAfee, a premium of 60% over Wednesday's closing price, and the size of the deal makes it the largest of Intel's history.
The purchase is a reflection of the growing importance of security. Intel president and CEO Paul Otellini said, "In the past, energy-efficient performance and connectivity have defined computing requirements. Looking forward, security will join those as a third pillar of what people demand from all computing experiences."
The company says that current security systems are unable to handle the proliferation of Internet-connected devices—not just computers, but phones, TVs, cars, and more. Security will now be as important to the company as energy-efficiency.
McAfee will be operated as a wholly owned subsidiary within Intel's Software and Services Group. Over the last decade, Intel has been expanding its software group to position itself as more than just a chip company. With McAfee's combination of end-user software and cloud services, this purchase further strengthens both the software and service sides of that diversification.
Both boards of directors have agreed to the deal, and it will go through assuming that McAfee shareholders and regulators give it approval.
The company's claim that security will now be on equal footing with power consumption would certainly represent a marked change in strategy. Intel has a history of selling security features as a premium—including them on some parts (typically the more expensive, corporation-oriented ones), but not others.
In the past, it did this with its VT-x virtualization technology; low-end variants had it disabled, mid- and high-end parts did not. Today, it still does the same with its VT-d virtualization and TXT technologies. Though the practical application of these is limited, they are being used in security research that could show the way to an altogether more secure, robust computing environment.
Just as the company's segmentation of VT-x caused headaches for virtualization software, its restrictions on VT-d and TXT may similarly deprive users of access to cutting edge security solutions.
Read the comments on this post
Wednesday, 18 August 2010 03:55
Akuma
Georgia Tech researchers have developed a tool called Collage that will allow Internet dissidents to insert hidden messages into Twitter posts and Flickr images in order to circumvent the censorship measures imposed by oppressive governments.
The tool, which is implemented in Python and uses the OutGuess framework, relies on a technique known as steganography to weave hidden messages into an image file. It uses an automated testing tool called Selenium to facilitate the deployment of the messages. The researchers believe that hiding subversive messages inside content that is indistinguishable from legitimate social network activity will reduce the chances of detection.
"This project offers a possible next step in the censorship arms race: rather than relying on a single system or set of proxies to circumvent censorship firewalls, we explore whether the vast deployment of sites that host user-generated content can breach these firewalls," the project's website explains. "We have developed Collage, which allows users to exchange messages through hidden channels in sites that host user-generated content."
It's worth noting that steganography is one method that was used by the Russian spy ring that was recently detected operating within the United States. As we noted last month, a lot of government surveillance is driven by automated keyword-matching and pattern analysis methods that do broad sweeps, but are blind to simple tricks like steganography. Obscuring the substance of a message in an image and deploying it in a nonthreatening and high-volume medium like a social network would make it harder to find.
The Collage software will be released soon and will be published on the Georgia Tech Network Operations and Internet Security (GTNoise) website.
Read the comments on this post
Wednesday, 11 August 2010 10:23
Akuma
Apple has released security updates for iPhone, iPod touch, and iPad to address flaws in both PDF handling and I/O—these flaws had been exploited recently to create a Web-based jailbreak for the company's portable devices. iOS 4.0.2 is available via iTunes for the iPhone and iPod touch, and iOS 3.2.2 patches the flaw for iPad owners.
The Web-based jailbreak relied on two vulnerabilities to work. A flaw in the open source FreeType library, used by iOS's PDF rendering engine, could result in a stack buffer overflow when handling CFF font data. A specially crafted PDF, such as the one at jailbreakme.com, could exploit the flaw to execute arbitrary code.
Once the overflow happened, an integer overflow flaw in IOSurface could be exploited to elevate privileges from user to root. With elevated privileges, the code from jailbreakme.com then removed the security features that prevent unsigned code from running on an iOS-based device.
However, security researchers publicized the flaw shortly after the jailbreak was released, noting that the flaws could likewise be exploited for more malicious purposes by simply getting a user to visit a website. Apple quickly acknowledged the problem and promised a fix. The updates released today add additional bounds checking for both libraries.
Read the comments on this post
|
|
