The Department of Homeland Security (DHS) testifying before a House subcommittee that it monitors social networks is unnerving for most people.

The fact that DHS had instituted a program that monitored the internet for threats and hazards is well known. DHS officials also confirmed the agency’s presence on many major social networking platforms, including Facebook, Twitter and YouTube, which is anyway an open secret.

What raises consternations is DHS putting together intelligence on the basis of press and media informations that may reflect badly on the U.S. Government and its interests. DHS scours social networking sites such as Facebook and Twitter, various blogs and reader comments in newspapers to collect reactions and opinions on issues having national implications. Such collection, analysis, and dissemination of private citizens’ comments threaten individual privacy and places freedom of speech and right to dissent at risk.

The DHS counters by saying that an individual willingly using public forums such as social media websites and comments section of newspaper websites to express their opinions cannot expect their views to remain outside the public domain in the first place.

DHS also reveals that they have set safeguards to prevent misuse of information collected, and that the collected information does not violate privacy, civil rights or civil liberties. DHS clarifies that it does not seek private information except in a few special cases, post information they collect on social media or other public forums, connect with social media users or accept personal users’ invitations to connect, or interact on social media sites.

Source: http://www.networkworld.com/news/2012/021612-social-network-security-256239.html?page=1

The biggest threat to network security is malicious insiders rather than any external actors. A recent lawsuit filed in a U.S. District Court for the Northern District of California by the San Jose based SunPower Crop, manufacturers of solar panels underscores this belief. The company accuses five of its ex-employees of stealing proprietary information and passing it on to SolarCity, SunPower’s competitor who now employ the five accused.

The alleged modus operandi is simple and straightforward: misusing the access available to the corporate network to hook up a personal USB storage device and transfer thousands of files containing proprietory and confidential information such as quotes, customer database, contracts, market analysis and more, to their personal computer. SunPower did not even discover the theft, until one of the accused attempted to use his corporate email account a month after he had left.

Such insider theft is commonplace. Research by security major Symantec, profiles such in-house thieves as male employees about 37 years old and working in technical positions. The research also highlights that in about 65 percent of the cases studied, the employee in question already had a new job offer when committing the theft, whereas in 20 percent of the cases, an outsider determined to steal specific data had recruited the thief.

The data stolen is invariably what the rogue employee is authorized to access, nullifying all security systems in place. However, security would do well to regulate data transfer and monitor the network for unusual or suspicious activities.

Source: http://www.cio.com/article/700236/SunPower_Lawsuit_Highlights_Insider_Threat?taxonomyId=3089

With drive-by downloads increasing by the day, and no solution in sight to eradicate such menace, corporate users and others would do well to take precautions that would minimize the risk of them being victims of such attacks.

The most important precaution is keeping software up to date. Drive-by downloads work by exploiting vulnerabilities in software. Installing patches and upgrading to the latest version of software mean reduced chances of the browser or other software containing vulnerabilities. Make sure to especially update browsers, add-ons and plug-ins, Java, Flash and Adobe Acrobat regularly.

A good web-filtering software, although not a fool-proof solution, minimizes the chances of stumbling into an infected website considerably. Such software work by applying heuristics, scanning websites for known exploits and indicators of drive-by downloads, and blocking suspected websites.

An alternative to web filtering software is NoScript, the free and open source add-on available on Firefox. NoScript allows only websites chosen by the user to run JavaScript, Java and Flash, reducing the chances of automatic downloads significantly. A better option than installing NoScript is to disable Java altogether, but this may not always be a workable solution.

As the threat of drive-by downloads escalate, security majors are fast working on specific countermeasures as well. One such initiative, which is already in an advanced state is Block All Drive-By Download Exploits (BLADE). This Windows immunizations system that aims to prevent drive-by download is under development at Georgia Tech and SRI International. The beta version of this software would be available soon.
Source: http://www.cio.com/article/699970/6_Ways_to_Defend_Against_Drive_by_Downloads?page=3&taxonomyId=3089

Cyber criminals innovate on new techniques by the day to stay one up on security. The latest trend is proliferation of drive-by downloads that automatically install malware and Trojans by stealth, with the end user remaining unaware of their machines being compromised.

Cyber criminals launch drive-by downloads by exploiting vulnerabilities in web browsers or plug-ins. Although the modus operandi can take many ways, the most common ways the cyber criminals launch the attack are:

•    by setting up a tempting website or hacking a legitimate website and attracting traffic to the website. No sooner does the unsuspecting user enter the website, the malware exploits the vulnerability in the browser and downloads automatically in the background.

•    releasing malware bearing advertisements. Even big names such as The New York Times, Google and Microsoft have become unknowing carriers of such malware. For instance, the New York Times ran a malware infested ad in 2009. When users clicked on the ad, the users began to receive pop-ups seeking their credit card information

Researchers estimate that about 4 million web pages spread across more than 400,000 websites disseminate such malware every month. On an average, one out of every 1,000 web pages are malicious in some way.

What makes the threat extremely scary is that most of such exploits are unavoidable. Even a fully aware user with state of the art protection may succumb to such exploit if they happen to stumble upon an infected website or ad.

The fact that do-it-yourself exploit kits are now freely available, allowing even entry level cyber criminals to launch such attacks is a major reason for the surge in such attacks off late. Web browsers becoming increasingly complex to the point that even advanced users cannot identify all the legitimate plug-ins, add-ons and browser versions aid cyber criminals.
Source: http://www.cio.com/article/699970/6_Ways_to_Defend_Against_Drive_by_Downloads?page=3&taxonomyId=3089

The ever-increasing scope of cyber-crime and cyber criminals adopting new and innovative techniques by the day make mobile computing a far riskier option than it was even months ago.

Downloading apps is the biggest risk that mobile users face. With bring-your-own-device (BYOD) gaining ground, corporate networks face serious challenge from the plethora of apps available in the smart phone that employees use to connect to the corporate network. Yet, it is not practical to restrict apps in smart phones, as it would result in a severe functionality constraint, defeating the very purpose of smart phones in the first place. Security experts would do well to focus on ensuring that the employers access the right resources in the right way rather than trying to fortify the device itself.

One solution in sight is a corporate app store that allows the user to download from a white-listed selection of applications. This provides employees with a choice without compromising network security. Such a corporate network can benchmark from Apple’s AppStore model that provides customers limited choice. Experience there proves that most users prefer to stick with the limited options rather than jailbreak and create complications.

Another innovative approach that would gain traction in the near future is shifting apps and services to the cloud, and allowing mobile users to choose and “rent” the apps required at any given time. This would herald a shift from the hopeless task of trying to control employee behavior or preferences to a more workable security-as-a-service approach.
Source: http://www.eweek.com/c/a/Security/Whitelisting-Gives-Employees-Choice-While-IT-Retains-Security-Control-186937/

Yamatough, the hacker representing “Lords of Dharmaraja” an Anonymous affiliate that stole pcAnywhere has finally made good its threat of making public the source code. The episode however has exposed the mercenary nature that lies obfuscated under the hackavist cause. Making public the source code took place only after the group could not inveigle the $50,000 ransom it demanded from Symantec. Yamatough still holds that it did not intend to take the money, and all it wanted to do was humiliate Symantec further.

The hackavist group entered into email negotiations with what they though were representatives of Symantec, but were actually law enforcement officials. The law enforcers in guise of Symantec apparently offered Yamatough $50,000 to destroy the source code in its possession, and also to make a public statement proclaiming that they had not hacked Symantec in the first place. Negotiations broke down when Yamatough demanded wiring the money to an offshore account without any delay.

With this, the hackers have released the code for Norton Utilities and PCAnywhere. They still have the code for 2006 versions of Norton Antivirus Corporate Edition and Norton Internet Security, which they may release at some point in the future, perhaps, after more negotiations.

For its part, Symantec has confirmed that the leaked source code indeed is of pcAnywhere, but since it has already released patches and updates that make the leaked version obsolete, the leak would not create any impact. The company nevertheless is now further embroiled in the public relations mess it finds itself in.

Source: http://www.networkworld.com/news/2012/020712-symantec-anonymous-255818.html

After the spate of attacks on federal agencies and music companies protesting against the move to strictly enforce copyright on the web, Anonymous is now on an overdrive, launching coordinated attacks and leaks against the government and law enforcement agencies at an international level.

Anonymous started off last week by making public a conference call, between the FBI and Scotland Yard, it had tapped, regarding a joint effort in a cybercrime case. It also took down the website of the Greek Ministry of Justice to protest against the decision to implement the EU and IMF backed austerity measures.

Next, in what was the most high profile action of the week, members of Anonymous took down the website of Boston Police Department, in retaliation to what it called “police brutalities” against the “Occupy Boston” protesters. The group also hacked the website of Syracuse (New York) police, but did not or could not access law enforcement reports or other sensitive information.

The hackavist group followed up these actions by vandalizing the website of the law firm that represented a U.S. Marine in the dock for alleged atrocities and making public many sensitive records, including testimonies, trial evidence, and donation records related to the case. The attacks on Boston police department and the law firm bear striking similarity, with visitors entering the website receiving a message stating the reasons why Anonymous hacked the websites.

For good measure, Anonymous has also hacked the email account of the Syrian President Bashar al-Assad, under fire to quit over human rights violations, and his associates by breaking into the email server of the Syrian Ministry of Presidential Affairs. The fact that most of these accounts had a password “12345” helped!
Source: http://www.tgdaily.com/security-features/61234-anonymous-jacks-and-tags-boston-police-department

Conventional network security wisdom holds that the larger the bandwidth of DDoS attacks, the more the damage caused to the vitims.

A study conducted by Radware, a leading application and security solution provider debunks this theory and proves that big problems usually come in small packages.  A survey conducted as part of the study reveals that 76 percent of the DDoS attacks in recent times had a bandwidth under 1 Gbps and 32 percent of the attacks had a bandwidth of less than 10Mbps, but still the damage caused by such attacks were often more devastating that DDoS attacks powered by 10Gbps bandwidth. The study brings to center stage the fact that what matters more is the type of attack rather than the size of the attack.

Another conventional wisdom that the study debunks is that firewalls and intrusion protection systems protect against DoS attacks. The reality is that such protection systems constitute the weakest link in the defense against DDoS attacks. Far effective protection comes from dedicated hardware solutions or through Content Delivery Networks (CDN) that simply absorb the traffic surge. Businesses need to ensure that the service provider remains capable of mitigating volumetric attacks that saturate bandwidth, and allocate sufficient budget to ensure such resilience.

Another effective protection is a security event information management (SEIM) system built into the network architecture. SEIM centralizes and makes easy monitoring the millions of messages and log records generated by security devices, and provides far more effective protection than ordinary network monitoring systems, which simply monitor network traffic.

Source: http://www.marketwatch.com/story/radware-security-report-debunks-prevailing-myths-about-distributed-denial-of-service-ddos-attacks-2012-02-06