The Security Detail


June 30, 2011  9:16 PM

BeyondTrust Acquires Likewise Software Assets



Posted by: Tony Bradley
authentication, BeyondTrust, cloud, Likewise, security

BeyondTrust announced today the acquisition of Likewise Software’s Likewise Enterprise and Likewise Open products, expanding BeyondTrust’s portfolio to include authentication for cross-platform and cloud-based environments.

Under the new PowerBroker Identity Services platform two products will be released to seamlessly integrate Linux, Mac OS X, and Unix systems with Microsoft Active Directory: PowerBroker Identity Services, Enterprise Edition and PowerBroker Identity Services, Open Edition. BeyondTrust will provide seamless ongoing support for all Likewise Enterprise and LikeWise Open customers, and will continue to develop the both products under the PowerBroker Identity Services platform.

“As more organizations move corporate computing to the cloud, IT administrators are encountering increasingly complex authentication and security issues, particularly surrounding the management of user identity,” said Earl Perkins, research vice president in the Security and Privacy team at Gartner. “The security risks associated with running a multi-platform network compel organizations to implement identity and access management initiatives that will seamlessly integrate platforms with identity repositories and securely authenticate users with their existing domain credentials.”

PowerBroker Identity Services, Enterprise Edition addresses the authentication, audit and reporting needs of companies running multiple operating systems in their network while simultaneously easing the task of IT managers required to authenticate users, control access to applications and data, centrally manage settings within group policies, and create reports for regulatory audits. The solution also enforces company policies to help comply with regulatory requirements like Sarbanes-Oxley and HIPAA, and speeds up auditing by providing robust reporting tools with a number of pre-made reports.

Key features of PowerBroker Identity Services Enterprise Edition: 

  • Joins non-Windows servers to Microsoft Active Directory in less than five minutes.
  • Provides centralized user management for Linux, Unix, and Mac OS X.
  • Provide a single username and password for all Windows and non-Windows systems.
  • Does not require extending Active Directory schema to add non-Windows systems to your network.
  • Provides support for multiple Active Directory forests and one-way and two-way cross-forest trusts.

 

“This portfolio expansion – particularly when combined with our recent asset purchase from Lumigent – reflects our response to what we see as a growing ecosystem emerging around internal security threats and identity management in the enterprise,” said John Mutch, CEO of BeyondTrust. “As more organizations worldwide rank insider fraud and data breaches as one of their top IT security priorities, we are aggressively striving to build and provide the industry’s most comprehensive portfolio of authentication solutions addressing data privacy, the monitoring of insider threats, and assuring regulatory compliance for multi-platform environments We are securing the “perimeter within.”

June 24, 2011  9:39 AM

Survey Uncovers Risky Misperceptions on Security



Posted by: Tony Bradley
antivirus, G Data Software, malware, porn sites, security, spam

G Data Software has released a global survey that shows PC users are in the dark about the reality of today’s malware threats. G Data surveyed nearly 16,000 PC users worldwide, including more than 5,500 Americans, and found that risky behavior and misconceptions are rampant online.

 

Here are some of the key findings:

·         More than 50% of Americans regularly click on links on social networks – the most common way that malware is spread today. And nearly all Americans think they’ll know if they’ve become infected through PC crashes, slowdowns, etc. But today’s stealthy malware usually infects without detection, so that hackers can surreptitiously steal your information without sounding off any alarms.  

·         What’s more dangerous porn or ponies? More than 40% of Americans think porn sites are more risky than horseback riding sites. In reality, however, hobby sites are usually easier to attack than adult sites. Hobby sites are also much slower in removing malware — and with visitors not being careful on these sites — they pose a greater infection risk than adult sites, where visitors expect danger.

·         More than half of Americans still believe most malware is spread via email, even though spam malware infections are steadily declining. 80% of Americans believe if they don’t open an infected file, they are safe.

·         Nearly 88% of Americans report using security software to protect their PCs, with 46% using paid software and 42.7% relying on free versions. The U.K. had the highest number of users with a security solution installed (94%), while Russia had the lowest (83%). Even though no free antivirus product currently offers full-suite protection (including anti-spam, web filters, firewalls, etc), 82% of Americans believe that free software is as good as paid.


June 15, 2011  10:46 AM

Weak PINs are the New Weak Password



Posted by: Tony Bradley
data security, password, PIN, smartphone

What if your home or car lock used one of those simple, one-notch skeleton keys like you see for unlocking treasure chests in movies? It would offer pathetic protection that can be easily circumvented. That would be dumb.

Why is it, then, that so many people do essentially the same thing when it comes to protecting sensitive and confidential data? The tendency for users to choose weak passwords is well-documented, and has been demonstrated time and time again when breaches expose passwords and we get to see just how silly most of them are.

Unfortunately, smartphone PINs don’t appear to be any better. With more than 200,000 PINs to analyze, Daniel Amitay has compiled a list of the top 10 most used. Sadly, “1234″ tops the list, followed by such complex PINs as “0000″, “2580″, “1111″, and “5555″.

You may as well not bother setting a PIN.


June 7, 2011  12:11 PM

RSA Offers to Replace SecurID Tokens…Finally



Posted by: Tony Bradley
compromise, Lockheed-Martin, RSA Security, SecurID, tokens, two-factor authentication

RSA Security probably hoped the issue of compromised SecurID tokens would just get swept under the rug and quietly disappear. No such luck.

Following recent attacks against Lockheed-Martin and other defense contractors, which used counterfeit SecurID keys to attempt to gain unauthorized access to the network, RSA Security has had to admit the scope of the problem and offer to replace the compromised SecurID tokens, and offer some additional perks as well to try and earn back some customer trust.

There are roughly 40 million SecurID tokens in circulation. Replacing them will not be cheap, but rebuilding customer confidence is much more important than the short term financial impact.


June 1, 2011  9:46 PM

The USA Is Under Cyber Seige



Posted by: Tony Bradley
china, Cold War, Cyber War, Gmail, L-3 Communications, Lockheed-Martin, RSA Security, United States

It seems that a new Cold War is brewing, but instead of nuclear stockpiles or a Cuban missile crisis we have zero-day exploits and the RSA Security data breach. Whatever you want to call it, the United States seems to be facing a bit of a cyber seige right now.

Attackers–apparently using counterfeit SecurID tokens thanks to information compromised in an earlier breach of RSA Security–have attacked the networks of defense contractors, including Lockheed-Martin and L-3 Communications. Now, there are also reports that hackers have gained access to hundreds of Gmail accounts, including personal email accounts of senior US officials.

International espionage is nothing new. Nations–even allies–are constantly trying to access classified information and learn the secrets of rival nations. All that has changed is that the Internet has made it much easier and faster in many cases to get that information–anonymously, and remotely from around the world with much less risk of personal harm on the part of the “spy”.

We don’t know for sure who our Cold War enemy is, or if its a single nation or multiple nations. But, Google reports that the Gmail account hacks originated from China. I wonder how all of this fits in with the Pentagon doctrine that a cyber attack can be considered an act of war worthy of an armed response?


May 31, 2011  5:20 PM

Mac OS Update Takes Care of Mac Malware



Posted by: Tony Bradley
Apple, Mac malware, Mac OS X, MacDefender, Trojan, update

Apple has released an update for Mac OS X that addresses the recent scourge of Mac malware.

The plague of rogue AV scareware apps has been a source of controversy and heated debate over the past few weeks. Mac users are trained to believe the OS is impervious, making them easier targets for social engineering attacks like MacDefender.

Apple initially stayed out of the fray, and directed support techs not to get involved with eradicating the malware from Mac systems, but eventually Apple acknowledged the threat and developed this update to address the problem.

Mac users should download and apply the update immediately.


May 31, 2011  5:02 PM

Craigslist Spear Phishing Attack Targets the Wrong Guy



Posted by: Tony Bradley
attack, Craigslist, malware, Microsoft, spear phishing

A service like Craigslist is bound to bring out some shady characters. I know that the few times I have listed something, I have received inquiries from prospective buyers willing to pay more than I was even asking if I would just agree to ship the item to them on faith first. Um, no.

Well, there is apparently a new kind of Craigslist spear phishing attack, but the attacker chose the wrong victim and now we all get to learn from the experience. A Microsoft security researcher was almost duped into surrending his Craigslist credentials.

Check out this Microsoft Malware Protection Center blog post for details of the attack, and how it was identified and avoided. The following are some basic guidelines from the blog post that you can use to avoid becoming a victim of a similar attack: 

  • Verify the address you are visiting is indeed the intended address. For example, ensure you are not visiting cralgsIist.org thinking that it is craigslist.org.
  • Do not give out personal information just because an email asks you to, even if that email looks to be originating from a trusted source.
  • Report these types of attacks to the relevant abuse departments and complaints agencies.

  • May 31, 2011  4:41 PM

    Second World Cybersecurity Summit in London This Week



    Posted by: Tony Bradley
    East-West Institute, EWI, Microsoft, Second World Cybersecurity Summit, Trustworthy Computing

    The East-West Institute is hosting the Second World Cybersecurity Summit in London June 1 and 2.

    The EastWest Institute (EWI) was founded in 1980 to bridge technical divides across the Iron Curtain. Now, it lives on as a global think-and-do tank that devises innovative solutions to pressing security concerns and mobilizes networks of individuals, institutions and nations to implement these solutions.

    A Microsoft spokesperson told me that Microsoft’s Scott Charney, corporate vice president of Trustworthy Computing, will deliver a keynote address focused on building trust in the global technology supply chain. “In his address, Charney will urge industry and governments to create a consistent, transparent and stable approach for cyber supply chain management in an effort to preserve the benefits of open and free global trade.”

    In addition, Microsoft will partner with global cyber security policy leaders and security strategists from governments and leading global technology companies in a breakthrough group session entitled “Collective Action to Improve Global Internet Health.” The group will examine the current state of the Internet and collaborate on ways to improve consumer device health.


    May 31, 2011  4:08 PM

    Malicious Apps Sneak Into Android Market Again



    Posted by: Tony Bradley
    Amazon, Android, Android Market, Google, malware

    A new collection of malicious Android apps was available over the Memorial Day weekend from the official Android Market app store. As many as 120,000 Android devices were compromised from the roughly 25 malicious apps before Google identified and pulled them.

    Because of the more open nature of Android, and the availability of alternative app stores, it is easier for malware developers to sneak malicious apps into the Android ecosystem than say the Apple App Store which is heavily policed. Still, users expect a higher standard from the official Google Android Market, and should feel safe to download apps directly from Google without fear of infection or compromise.

    A middle ground for Android users might be to rely on the Amazon Androidapp store. Amazon sits somewhere between the permissive openness of Google, and the draconian walled garden of Apple to deliver apps that have at least been vetted to some extent to verify their authenticity.


    May 30, 2011  8:16 AM

    How to Recognize a Social Engineering Attack



    Posted by: Tony Bradley
    cookiejacking, Mac malware, MacDefender, rogue AV, scarewar, social engineering

    The rogue AV scareware attacks against Mac OS X, and the disclosure of a ‘cookiejacking’ attack that could compromised sensitive account credentials both have one thing in common–social engineering.

    These attacks generally have a technical element as well. The latest variants of the Mac scareware take advantage of a setting in Safari to automatically open “safe” files, and the ‘cookiejacking’ attack uses a weakness in the security zones protection of Internet Explorer. But, technical component aside, these attacks rely on somehow convincing the user to do something through social engineering.

    A post on the Windows Security Blog focused on the ‘cookiejacking’ attack explains, “This is a form of social engineering attack and these kinds of threats will remain a concern for Internet users on all browsers. Software vulnerabilities are not needed for these kinds of threats to be successful so it is always a good idea to follow best practices – regardless of the browser you are using – in order to stay safe.”

    The post offers six simple tips you can use to identify social engineering attacks, and avoid becoming a victim.

    1. Odd messages from friends on social networking sites to participate in games or offers you must act upon immediately.
    2. Alarmist messages and threats of account closures.
    3. Promises of money for little or no effort.
    4. Deals that sound too good to be true.
    5. Requests to donate to a charitable organization after a disaster that has been in the news.
    6. Bad grammar and misspellings.


    Forgot Password

    No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

    Your password has been sent to: