Category: News

Homeland’s Information Analysis and Infrastructure Protection Directorate (IAIP) inked the deal with Symantec to add the Cupertino, Calif.-based company’s data — acquired in large part from its global network of some 20,000 sensors deployed in 180 countries — to the information already collected and analyzed by the federal agency, which is tasked with the chore of improving computer security preparedness and responding to cyber attacks in the U. S.

“We’re building out our cyber-situational awareness,” said Andy Purdy, the acting director of the National Cyber Security Division of Homeland Security. “We believe that the [Symantec] DeepSight alerts and services will help enrich the information sources to the federal government and its stakeholders.”

Data from both Symantec’s DeepSight Alert Services and DeepSight Threat Management System will be integrated within the US-CERT Portal, a secure site accessible only to federal information security officers.

The off-the-shelf DeepSight data — it’s not being tweaked for the feds, said Symantec executives — provides early warning of developing cyber-threats and analysis of both in-the-wild exploits and vulnerabilities in more than 18,000 different pieces of software.

“The time that organization have to respond to a threat is constantly shrinking,” said Oliver Friedrichs, the senior manager of Symantec’s security response team. The window Friedrichs referred to is the time between the disclosure of a vulnerability and the appearance of the first exploit leveraging that vulnerability. “Right now that window averages just a bit more than six days,” he added. Friedrichs touted Symantec’s DeepSight data as something difficult for a government agency like US-CERT to reproduce on its own.

“Although DeepSight is just one of a number of data contributors to US-CERT, its sensor network isn’t that easy for just anyone to build. The data from DeepSight will also be used, said Purdy, by US-CERT’s analysts to broadcast alerts to businesses and the public about specific cyber-threats. In the end, however, Symantec’s addition to the CERT data stream is just another feed. By combing as much data as possible, said Purdy, CERT has a better chance of being on the mark.

One of US-CERT’s missions is to publicize outbreaks via its own e-mail based alerts.

http://www.techweb.com/wire/security/162600188

Or is Microsoft holding back on providing these partners/competitors with the information they need to ship in a more timely fashion?

One thing’s for sure: Neither Symantec nor McAfee is currently supporting Microsoft’s new 64-bit Windows desktop release.

Meanwhile, Alwil Software and Computer Associates have released AV products that are compatible with the Windows XP Professional x64 product that Microsoft began shipping last Monday.

http://www.microsoft-watch.com/article2/0,1995,1791343,00.asp?kc=MWRSS02129TX1K0000535

Microsoft said the patch also contains support for WPS/IE (Wireless Provisioning Services Information Element), the protocol that handles the distribution of configuration and service information to a wireless client.

The WPA2 spec, also known as 802.11i, was ratified in June 2004 to pave the way for improved security within wireless networks. It replaced the stopgap WPA (Wi-Fi Protected Access) protocol and offers a more advanced encryption technique called AES (Advanced Encryption Standard). By adding support for WPA2, Microsoft can now market Windows XP Service Pack 2 with full FIPS 140-2 (Federal Information Processing Standard — Publication 140-2) support.

According to a knowledge base article, users that download the Windows XP patch will be able to view previously hidden SSIDs (Service Set Identifiers) in the “Choose a Wireless Network” dialog box. This functionality simplifies the users’ connection to public Wi-Fi networks that were not previously connected.

The AES using the CCMP (Counter Mode-Cipher Block Chaining-Message Authentication Code Protocol) that provides data confidentiality, data-origin authentication and data integrity for wireless frames.

The optional use of PMK (Pairwise Master Key) caching and opportunistic PMK caching, allowing faster access when a wireless client roams back to a wireless access point to which the client has already authenticated.

http://www.eweek.com/article2/0,1759,1791515,00.asp?kc=EWRSS03119TX1K0000594

Malware, spam, phishing, spyware, bots and root kits are raking in big bucks and fighting them effectively is a huge challenge, Aucsmith said in a presentation at the Windows Hardware Engineering Conference in Seattle. “We’ve seen an explosion of criminal enterprise moving onto the Net in the last 18 months or so,” he said in describing hacker motivation trends. Among other ills, spam serves as a gateway for artificially generated web traffic, phishing, identity theft and credential theft. “People are making a lot of money with spam,” he said flatly.

Over 60 percent of all Internet users have visited a spoofed site and over 15 percent have been tricked into providing personal data, he said.

They have control channels and can communicate back to whoever created them. Later they can become keystroke loggers hunting for financial or software license information.

“There are your moms’ machines, compromised by a bot. A whole collection of them just look for Windows CD keys.”

Aucsmith said the “herders” who operate bot networks offer to rent out their bot networks.

Aucsmith noted major growth in root kits since the launch earlier this year of Microsoft’s Anti-Spyware product, which is available as a free download. But he said rook kits still pose a significant technical challenge, can defeat anti-spyware products and will continue to offer financial incentives to support spyware and adware.

When fighting these threats, a big problem network security pros encounter is legacy systems, Aucsmith said, noting for example that the security kernel for Windows NT was written before there was a World Wide Web and before TCP/IP was the default communications protocol. Some Windows NT boxes, nonetheless, remain connected to the Web.

http://www.techweb.com/wire/security/161601341

It’s the first bill of its kind in the nation, said its author, state Sen.

Supporters of the bill, including the American Civil Liberties Union and the Electronic Frontier Foundation, say unchecked use of the technology, known as radio frequency identification, or RFID, could trample people’s privacy and aid identity thieves.

“I have real concerns about the suitability of RFID technology for government identification documents,” said Simitian, D-Palo Alto. “I thought that it probably made sense to try to develop some kind of boundaries.” Simitian introduced the Identity Information Protection Act of 2005 in February after a rural elementary school just 40 miles north of the state capital ditched plans to outfit students with electronic IDs amid protest from parents and students. The case, which involved Brittan Elementary School in Sutter, Calif., got national media attention.

“The issue of RFID in identification documents really hit home with what happened in Sutter,” said Nicole Ozer, technology and civil liberties policy director of the ACLU of Northern California.

Brittan Elementary had issued the electronic badges to seventh- and eighth-graders in an effort to attain better class attendance records and tighten campus security.

Critics said the technology, which is also used to track livestock, was dehumanizing.

Consumer advocates also worry about the ability of data thieves to intercept RFID signals or break into databases storing the information collected by such systems. The RFID chips are designed to broadcast personal data, such as name, address and date of birth, to special receivers at close range.

The California bill also puts the state at the forefront of a national debate. The U.S. State Department plans to issue passports containing RFID chips soon, and schools and libraries across the country are experimenting with them, too.

A Republican-backed federal measure that has passed a vote in the U.S. House of Representatives proposes implanting RFID chips in driver’s licenses.

Businesses are also ratcheting up their use of the technology.

“My hope is that it will underscore the importance of these issues and prompt a wider and more thoughtful debate at a national level,” Simitian said.

Simitian’s bill would prohibit identity documents created or issued by the state containing computer chips that can be read remotely. Identity documents include driver’s licenses, ID cards, student ID cards, health insurance or benefits cards, professional licenses and library cards. It allows for some exceptions, though, including the use of electronic IDs for prisoners and for newborn babies in hospitals. It would also permit government workers to use them to access secured areas.

The bill would make any surreptitious gleaning of data from RFID chips, government-issued or otherwise, a misdemeanor punishable by up a year in jail and a $5,000 fine.

A number of lawmakers in other states, including Maryland, Missouri, Nevada, South Dakota, Utah and Virginia, have proposed RFID regulations, but few states have actually passed laws.

Even California has proved resistant to such efforts. A bill introduced there last year to regulate commercial use of the technology was killed by the state assembly after facing opposition from numerous business groups.

http://news.zdnet.com/2100-1035_22-5689358.html

The Jericho Forum, whose membership includes many chief security officers from FTSE 100 companies, will push for the removal of encryption restrictions within the next three-to-five years.

“This is a big problem for us,” said Nick Bleech, a member of the Jericho Forum and an IT security director for Rolls Royce. “We have 200 locations [around the world]. In industrialised countries it’s not a problem, the real problem comes from places like China. But the Chinese government is extremely keen to further new development.”

Countries such as China, Russia, Israel and Saudi Arabia, have stipulated strict rules governing the use of encryption tools, and in some cases banned the practice.

The Jericho Forum, which is looking to move away from the perimeter model for cybersecurity in favour of an approach that would make data totally secure, hinted this could cause problems for e-commerce.

“But I don’t think we’ll come up with a universal solution that will solve everything. We don’t have the clout to do that yet. We’ve got to lobby governments across borders, find out what restrictions there are and close them. At the moment it is a variable nightmare. The time frame is three to five years before this comes to fruition.”

Bleech said that governments usually respect each others’ encryption policies and make concessions for each other. Bleech was speaking at Infosecurity 2005, which ends on Thursday.

http://news.zdnet.co.uk/internet/security/0,39020375,39196486,00.htm