admini – Page 187 – CyberSecurity Institute

How SOA increases your application security risk

Posted on April 10, 2007December 30, 2021 by admini

Already malware commonly masquerades as useful code and sometimes does provide the function it promises while doing other less desirable things in secret.

That’s one of the three main exposures Wagner sees with SOA, and organisations are already experiencing problems when employees access the wrong sites from their work desktops and accidentally import malware into the enterprise.

Combating malware — whether it is associated with SOA or someone downloading “free” music from a file-sharing site — requires a strategy which combines technology with education. The security technology needs to be able to stop malware before it can infect the network. The second major exposure is more technical and harder to intercept. Again, every organisation accepting XML-encoded files, which is the vast majority of organisations today, is exposed already. But SOA promises to increase the number of XML transfers — and, therefore, the exposure — by orders of magnitude, while the huge volume of these transmissions in the SOA architecture also complicates the problem of intercepting the occasional piece of malware in that flow, even as it attracts increasing attention from criminals.

Education is much less effective in dealing with this exposure, because it is more likely to be injected into an otherwise legitimate packet flow entering the enterprise and may further disguise itself by entering in several separate packets mixed into legitimate traffic.

In a simple transaction the user authenticates at the beginning of the session and that authentication carries through the session. However, in an SOA model the user may initiate a transaction and disconnect from the server while the transaction flows through a group of back-end services, so the user has no direct connection to the final transaction.

http://computerworld.co.nz/news.nsf/devt/808389829A348680CC2572B40001DCF8

Boffins working on RFID super-shield

Posted on April 9, 2007December 30, 2021 by admini

The prototype so far has focused on one subset of RFID, the 13.56 ISO 15693 tags that are typically used in credit card and smart card applications.

http://www.theregister.co.uk/2007/04/08/rfid_guardian/

SecureRF Intros Secure RFID Tag

Posted on April 5, 2007December 30, 2021 by admini

The LIME Tag will also help pharmaceutical manufacturers and other cold chain distributors track and monitor product temperature history.

http://www.darkreading.com/document.asp?doc_id=121254&WT.svl=wire_4

Hackers now offer subscription services, support for their malware

Posted on April 5, 2007December 30, 2021 by admini

And many exploit providers simply wait for Microsoft Corp.’s monthly patches, which they then reverse-engineer to develop new exploit code against the disclosed vulnerabilities, Ollmann said.

While investigating a Trojan horse named Gozi recently, Jackson discovered that it was designed to steal data from encrypted Secure Sockets Layer streams and send it to a server in St. Petersburg, Russia. A customer query returning three passwords for a small retailer might cost 100 WMZ, while a query for 10 passwords for an international bank might fetch 2,500 WMZ or more. Customers could also choose how they wanted their search results delivered — as compressed files in e-mails or via FTP. In addition to the original Trojan horse, the server also hosted two ready-to-deploy variants in a separate staging area.

Often, groups such as the HangUp Team also offer a detection monitoring service with which they keep an eye on antivirus vendors to know exactly when signatures are available that can detect their malware.

The actual server hardware that the 76Service used was being managed by another entity called Russian Business Network (RBN), which provided Simple Network Management Protocol-based management and back-up services.

“We are not talking about kids doing it for kicks over the weekend anymore,” said Yuval Ben-Itzhak, chief technology officer at Finjan Inc., a San Jose-based security vendor. That report said that cybercriminals hold “vulnerability auctions” in which they sell information on freshly discovered software flaws to the highest bidder.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9015588&taxonomyId=17&intsrc=kc_top

Skype and Corporate Network Security

Posted on April 4, 2007December 30, 2021 by admini

For example, internal information thieves can steal vital data using Skype. Meanwhile, there is no shortage of examples of hackers probing Skype for vulnerabilities. Date Vulnerability Nov. 2004 Having uncovered a hole, a hacker was able to gain complete control over a user’s computer by means of overloading Skype’s buffer. Apr. 2005 Skype did not always erase access rights promptly. As a result, ill-intentioned people could replace original attachments with modified ones using previously established authorization. Oct. 2005 A hole was discovered which could be used to induce an overloaded buffer error on the victim’s machine resulting in access to the system. Oct. 2005 A breach in Skype allowed a denial-of-service attack on a remote computer. May 2006 A new breach facilitated the theft of files from a user’s machine. However, for this to work it was necessary to send the victim specially formed packets provoking an abnormal program termination. Dec. 2006 A worm was found to be spread across several countries, infecting workstations which had Skype installed in chat mode.

The present research is the first Russian study into risk-free Skype use on corporate networks.
To assess anxiety among IT and IS specialists regarding the use of Skype on company intranets.
To identify additional IS threats which add to such fears.
To pinpoint the source of these risks.

Key conclusions Skype is the clear leader among VoIP products. Almost half of those surveyed (46.8%) use Skype. If one removes those without any form of VoIP, then Skype takes 64.9%.

The risk of a leak of confidential information is the greatest threat (55.6%) for a corporate network which has Skype. Skype itself can not seriously be blamed for these additional risks. The core problem is with the human factor (44.6%) rather than with faults in the program. Despite this, almost two-thirds of those surveyed (66.4%) incline to the view that the threats which attend the introduction of Skype into the corporate environment are a serious obstacle to the program’s wider acceptance. Only one-third of specialists (33.7%) felt that IS problems would not prevent the program’s wider acceptance among companies.

Research methodology and survey participant profile This research was conducted by InfoWatch’s analysis center between 15th and 30th of January, 2007. Survey participants submitted their answers via an online form with 1242 people taking part. Statistical processing and results analysis were carried out by InfoWatch’s analysis center. Percentages are rounded off to the nearest one-tenth of one percent. In the case of some answers, the total percentages exceed 100% due to the use of multiple choice questions.

IS specialists: 37.1% System administrators: 34.3% Users: 28.6% This means that around 71.1% of those surveyed are IT professionals. We should mention that slightly over a third of specialists surveyed (27.9%) had no VoIP service on their intranets at all.

The greatest risk — according to 55.6% of those surveyed — is the leakage of confidential information. In other words, more than half the specialists felt that as a result of using Skype, confidential corporate information could leak out.

The research concludes that the threat of a leak of confidential information is twice as likely (55.6% as opposed to 29%) than a hacker attack on intranet resources.

On top of this, as with the majority of software products, VoIP client programs have vulnerabilities which, theoretically, may be exploited. The most likely explanation is that fear has its roots in past dangers from hacker break-in.

Clearly, apart from factors connected with the Skype program itself, vulnerabilities can arise due to other causes, such as faults in a given piece of software or malignant intent or lack of discipline among users, etc. VoIP is beneficial and convenient, but to prevent the occurrence of the nightmare scenario — the loss of confidential information — companies need to protect their data in the same way as they protect against theft via e-mail, the Internet, printers or USB data-storage devices. Thirdly, there is the issue of copying valuable data to the clipboard then pasting it into the chat facility which Skype supports.

http://www.viruslist.com/en/analysis?pubid=204791933

IBM Internet Security Systems Extends Industry-Leading Preemptive Protection to Remote Segments of t

Posted on April 2, 2007December 30, 2021 by admini

“IBM ISS understands that scalability is a key ingredient for offering customers a comprehensive set of options for their enterprise security needs,” said Rob Ayoub, Industry Manager, Network Security with Frost & Sullivan. “The addition of a lower-cost intrusion prevention appliance to the company’s product line extends its powerful, preemptive protection capabilities to a broader set of companies, and enables larger companies to cost-effectively shield additional segments of the network from attack.”

Until now, companies needing to protect these points have only had limited-feature IPS offerings available to them. “Long gone are the days when a firewall and antivirus solution were enough to protect a corporate network,” said Greg Adams, Business Line Executive, Network Solutions for IBM Internet Security Systems.

http://www.iss.net/about/press_center/releases/us_intrusion_protection_remote.html