Cyber Security Institute

Friday, March 27, 2009

New Rootkit Attack Hard To Kill

Researchers have come up with a way to create an even stealthier rootkit that survives reboots and evades antivirus software.  Anibal Sacco and Alfredo Ortega, both exploit writers for Core Security Technologies, were able to inject a rootkit into commercial BIOS firmware using their own Python-based tool that installed the rootkit via an update, or flash, process.


Thursday, March 12, 2009

Worldwide Cybercrime Police Network Grows (PC World)

More countries are joining a network designed to quickly react to cybercrime incidents around the world, a senior U.S. Federal Bureau of Investigation official said Wednesday.  Fifty-six nations are now part of the 24/7 Network, which means a country has a computer security official available at all times to help meet requests for data or preservation of data from another nation, said Christopher Painter, deputy assistant director of the FBI’s cyberdivision.


Better metrics needed for security, says expert

The security industry has done a poor job of finding ways for companies to measure their security, but that does not mean that collecting data is not valuable, the former head of the U.S. Department of Homeland Security’s cyber group told attendees at the SOURCE Boston conference on Thursday.


Securely booting from strangest of places

Could FOSE 2009 be remembered as the year of the bootable portable drive?

On the show floor, a number of vendors are displaying either USB drives, enclosed hard drives or other portable media from which an entire operating system and associated application can booted.


Tuesday, March 10, 2009

Massachusetts Data Protection Law Date Extended: What Your Business Needs to Know

For the second time in four months, the Commonwealth of Massachusetts has pushed back the implementation of its new data protection law - one of the toughest in the nation.  Yet even with the new deadline of January 2010, many of the businesses impacted by these stringent data protection requirements won’t be compliant, say industry experts familiar with the new regulation.  The regulation is described by many as the nation’s most cumbersome data security regulation.  It will require all entities that license, store or maintain personal information about a Massachusetts resident to implement a comprehensive information security program—even if the business or entity does not have offices in the state.


Cyberattack mapping could yield blueprint for cyber defense

Cyberwarfare has long since moved beyond the imaginations of Hollywood producers and science fiction aficionados.  Countries, corporate entities, rogue states and motivated hackers are all online and actively testing the defenses of networks.  Understanding how automated cyberwarfare works and how to defend against coordinated cyberattacks has become critical to the national defense interest.  Researchers at Sandia National Laboratories have been mapping out attacks against large-scale computer networks to develop massive cyberattack simulations.  Their work could impact the cybersecurity industry by enhancing security defense mechanisms.


Monday, March 09, 2009

NIST suggests areas for further security metrics research

The National Institute of Standards and Technology (NIST) doesn’t have the answer for this, but scientists in its Computer Security Division have identified some areas for further research they hope might yield results.