Online dangers increase

Posted on by admini

McAfee security specialist Lee Fisher, author of the report, said the biggest risk for companies is their own apathy. “Firms believe (wrongly) that viruses and code are a benign risk, that because they have a firewall they are protected,” he said, adding that “about 70 percent” of internet threats are driven by profit, not a desire for notoriety.

Fisher said that firms face a number of separate dangers. “The fast-spreading viruses make all the headlines, but they are not the biggest threats.” The biggest dangers include key-logging tools and bot network tools that could be used for distributed denial-of-service attacks.

To help firms protect themselves against these risks, in March McAfee will start updating its virus alerts and tools on a daily basis. Fisher said that this requirement was unimaginable five years ago, but the firm is now seeing about 50 new threats or viruses each day.

McAfee’s report emphasises that the internet is global, fast and virtual, adding, “In the wrong hands, this adds up to the potential to make vast sums of money illegally.”

Fisher said McAfee worked with enforcement experts and academics for seven months to draw up what he described as “the first in-depth picture of (the) new invisible threats we face”.

Online crimes include hacking, and less obvious threats such as the use of zombies and bot-networks to host malicious code or illegal material. McAfee said that the perpetrators of online crime had matured from being “geeks in bedrooms” to organised criminal gangs.

Two years ago the company’s researchers saw about 300 potentially malicious attacks a month, now that figure has grown to 1,500.

McAfee noted that many traditionally physical crimes, such as extortion and money-laundering, are now carried out online, and the scale of the problem is “massive”.

http://www.vnunet.com/news/1161404

Read more

New cyber security protocol for online banking, and more

Posted on by admini

The same protocol could be employed in many computer networks in which two computers, hand-held communication devices or network nodes need to simultaneously verify the identity of each other.

The protocol – called “delayed password disclosure” – was created by Markus Jakobsson and Steve Myers of Indiana University.

It may have application in any environment where “mutual identity authentication” is required, the researchers say.

This new security protocol could help to prevent consumers from getting tricked into connecting to a fake wireless hub at an airport, for example.

Or the protocol could notify you that the link included in a legitimate-looking e-mail points to a fake website set up to steal your sensitive information, such as passwords and PINs to bank accounts, credit cards numbers and account numbers for online fund-transfer services.

The safety measures also might help stop organized crime and terrorist-funding groups from collecting large numbers of fund-transfer account numbers that could be used for money laundering, the researchers say.

The new protocol is meant to strengthen such networks, using a type of electronic “interrogation” to ensure they are not compromised.

For network attackers to launder money through online fund-transfer accounts of unsuspecting individuals, the criminals must stop email notifications from the fund-transfer company to the account holder.

“Denial of service attacks” and other kinds of network attacks could be employed to stop such notification emails, the researchers say.

http://www.innovations-report.com/html/reports/information_technology/report-40656.html

Read more

IT administrators told to get hacking

Posted on by admini

The plethora of exploit code available on the web to attack corporate servers should be used as a resource to test computer security. By running such code administrators can judge the efficacy of their defences and make appropriate adjustments.

“There are several legitimate uses for exploit code,” explained Ivan Arce, chief technology officer at Core Security Technologies. “We need to understand the strengths and limitations of our tools. It helps to deploy timely and cost-effective mitigation measures.”

Arce pointed out that code designed to exploit flaws in software programs is a valuable resource and should be used as such. Both legitimate and illegal organisations are now selling such code for use in testing.

This new value on exploit code is such that new vulnerabilities are being traded on the open market. Spammers and malware writers are buying it to further their ends, but legitimate security companies are also buying the information. “There is an increasing perception of value for vulnerability code,” said Arce. “The good guys value it and are not giving it up for free. The bad guys want it so they can carry on their attacks.”

http://www.itweek.co.uk/news/1161395

Read more

PGP moving to stronger SHA Algorithm

Posted on by admini

According to a report released this week by a team at Shandong University in China, the SHA-1 algorithm that supports the digital signatures used in popular SSL browser security and encryption can be successfully attacked. The same team helped break MD5, another commonly used cryptographic hash algorithm, in August 2004.

According to the company, all PGP products are architected to allow for rapid and non-disruptive migration of all encryption, hash, compression, and signature algorithms. PGP Corporation began planning the migration to more secure hash algorithms after MD5 was compromised last year.

Jon Callas, CTO & CSO of PGP Corporation addressed the company’s design philosophy in a September 2004 CTO Corner article entitled “Much ado about hash functions”. At the same time, PGP engineers began implementing a shift from SHA-1 to the stronger algorithms (SHA-256 and SHA-512) while preserving interoperability with existing software.

The upcoming releases of PGP Desktop and PGP Universal will allow users to select from a broader range of authentication options.

“The work done by the University of Shandong team is in the finest tradition of cryptoanalytic peer review,” said Callas. “The best minds continually review existing algorithms, identify issues that need to be addressed, and the entire community of vendors and users benefits.

We will continue to monitor the cryptographic integrity of the algorithms used in PGP products and upgrade them as required to provide our customers with the most secure information security solutions available.”

http://www.geekzone.co.nz/content.asp?contentid=4099

Read more

Security Is Growing As A Senior-Management Priority

Posted on by admini

“Three quarters of those surveyed said that their companies were raising security as a priority because it made them more efficient,” says Robert Holleyman, BSA’s president and CEO.

The report finds that a growing number of companies are raising security to the senior-management level, with 44% of companies having done so in February 2005 compared with 39% doing so in October 2003.

“Awareness and action are replacing fear in how security executives are responding to cyberattacks,” Holleyman says. “We’ve been talking for quite some time about making privacy and security a part of our corporate culture,” says Daniel Caprio, chief privacy officer and U.S. deputy assistant secretary for technology policy at the U.S. Department of Commerce. The increased levels of awareness that we’re finding in this survey show that we’re making progress.”

The numbers, he says, are encouraging: 78% of organizations now have a formal information-security program; 90% of companies have an information-security officer; 55% of companies have a chief privacy officer.

Says Caprio, “As companies create a CISO or CPO and empower that individual, and make that person part of senior management, then budget and resources follow.”

http://www.informationweek.com/story/showArticle.jhtml?articleID=60402295

Read more

RSA: Microsoft on ‘rootkits’: Be afraid. Be very afraid.

Posted on by admini

The researchers Tuesday discussed the growing threat posed by kernel rootkits at a session at the RSA Security Conference in San Francisco.

The malicious snooping programs are becoming more common and could soon be used to create a new generation of mass-distributed spyware and worms.

With names like “Hacker Defender,” “FU” and “Vanquish,” the programs are the latest generation of remote system monitoring software that has been around for years, according to Mike Danseglio and Kurt Dillard, both of Microsoft’s Security Solutions Group.

The programs are used by malicious hackers to control, attack or ferret information from systems on which the software has been installed and are typically installed on a machine without the owner’s knowledge, either by a virus or following a successful hack of the computer’s defenses, they said.

Once installed, many rootkits simply run quietly in the background but can easily be spotted by looking for memory processes that are running on the infected system, monitoring outbound communications from the machine, or checking for newly installed programs.

Rootkit authors are also making huge strides in their ability to hide their creations, said Danseglio. The result is that typical signs that a program is running, such as an executable file name, a named process that uses some of the computer’s memory, or configuration settings in the operating system’s registry, are invisible to administrators and to detection tools, said Danseglio.

One rootkit, called Hacker Defender, which was released about one year ago, even uses encryption to protect outbound communications and can piggyback on commonly used ports such as Transmission Control Protocol (TCP) port 135 to communicate with the outside world without interrupting other applications that communicate on that port, he said.

The kernel rootkits are invisible to many detection tools, including anti-virus, host and network intrusion detection sensors (IDS) and anti-spyware products, the researchers said.

One strategy to spot kernel rootkits is to use Windows PE, a stripped-down version of the Windows XP operating system that can be run from a CD-ROM, to boot a computer, then comparing the profile of the clean operating system to the infected system, according to Dillard and Danseglio.

http://www.nwfusion.com/news/2005/0217rsa-mic.html

Read more