[SecurityRatty] tag: control-system

Gartner Data Center Conference 2008

Tue, 02 Dec 2008 15:55:49 +0000

The Gartner Data Center Conference kicked off this morning in Las Vegas. Despite the completely packed plane coming out here, Vegas seems quieter and not so crowded. The bartender at Wolfgang Puck’s Bistro told me they were looking forward to the 1800 people coming to this show to fill the hotel up. As we’ve noted, the economic crisis is impacting business travel all around.

22% of the attendees at Data Center come from the public sector and government, with 44% coming from very large enterprises of 20K+ employees.

During the Gartner IOM conference in June, some of the most interesting info coming out of it was the quick polls of the audience on a variety of infrastructure and operations management topics. What are enterprises doing? Where are they headed? What’s important to them? Here are some quick takes from the opening session:

1) What is the largest data center challenge that you currently face?

Smaller Budgets: 21%
Power & Cooling: 20%
Dealing with the Rate of Technology Change: 15%
Aligning Activities with the Business: 15%
Modernizing Legacy Applications: 10%
Lack of Data Center Space because of Equipment Spread: 9%
How to Source IT Services: 5%
How to Find and Retain Talent: 5%

Well, it’s taken almost a year to be “official”, but the National Bureau of Economic Research just announced that the US has been in a recession since December of 2007. It should come as a surprise to no one that dealing with smaller budgets is top of mind, even for the predominantly larger enterprises attending here.

2) What projects will receive the most funding in 2009?

Virtualization/Consolidation: 31%
Data Center Facilities – new builds: 17%
IT Operations Process Improvement: 12%
IT Modernization: 7%
Green IT: 5%

Virtualization and (server) consolidation projects are clearly a priority for larger enterprises in 2009. What’s interesting here is the relatively very low priority of Green IT projects – in spite of the importance to attendees of getting power and cooling costs under control. Perhaps there’s a gap here between what’s often the hype of Green IT and practical considerations for data center managers when it comes to power and cooling management.

3) Where are you with server consolidation projects?

No Plans: 3%
Looking at it now and will start in next 2 years: 13%
In process now: 58%
Have already completed server consolidation project: 26%

Larger enterprises are consolidating servers with a quarter of attendees already having gone through the process at least once. And according to poll #2, this trend will definitely continue.

Yet Another Web Malware Exploitation Kit in the Wild

Tue, 02 Dec 2008 03:24:43 +0000

With business-minded malicious attackers embracing basic marketing practices like branding, it is becoming increasingly harder, if not pointless to keep track of all XYZ-Packs currently in circulation. How come? Due to their open source nature allowing modifications, claiming copyright over the modified and re-branded kit, the source code of core web malware exploitation kits continue representing the foundation source code for each and every newly released kit.

In fact, the practice is becoming so evident, that anecdotal evidence in the form of monitoring ongoing communications between sellers and buyers reveals actual attempts of intellectual property enforcement in the form of exchange of flames between an author of a original kit, and a newly born author who seems to have copied over 80% of his source code, changed the layout, re-branded it, added several more exploits and started pitching it as the most exclusive kit there is available in the underground marketplace.

What's new about this particular kit anyway? Changed iframe and js obfuscation techniques, doesn't require MySQL to run, with several modified Adobe Acrobat and Flash exploits - all patched and publicly obtainable. This is precisely where the marketing pitch ends for the majority of malware kits released during the last quarter.

As always, there are noticable exceptions to the common wisdom that time-to-underground market isn't allowing them to innovate, but thankfully, these exceptions aren't yet going mainstream. What is going to change in the upcoming 2009? Web malware exploitation kits are slowly maturing into multi-user cybercrime platforms, where traffic management coming from the SQL injected or malware embedded sites is automatically exploited with access to the infected hosts or to the traffic volume in general offered for sale under a flat rate, or on a volume basis.

Converging traffic management with drive-by exploitation and offering the output for sale, all from a single web interface, is precisely what malicious economies of scale is all about.

Related posts:
Cybercriminals release Christmas themed web malware exploitation kit
New Web Malware Exploitation Kit in the Wild
Modified Zeus Crimeware Kit Gets a Performance Boost
Zeus Crimeware Kit Gets a Carding Layout
Web Based Malware Emphasizes on Anti-Debugging Features
Copycat Web Malware Exploitation Kit Comes with Disclaimer
Web Based Malware Eradicates Rootkits and Competing Malware
Two Copycat Web Malware Exploitation Kits in the Wild
Copycat Web Malware Exploitation Kits are Faddish
Web Based Botnet Command and Control Kit 2.0
BlackEnergy DDoS Bot Web Based
A New DDoS Malware Kit in the Wild
The Small Pack Web Malware Exploitation Kit
The Nuclear Grabber Kit
The Apophis Kit
Nuclear Malware Kit
The Random JS Malware Exploitation Kit
Metaphisher Malware Kit Spotted in the Wild

Stampede Death at Wal-Mart

Mon, 01 Dec 2008 01:12:00 +0000

The death of a Wal-Mart employee on Black Friday in New York should never have been allowed to happen.

The Police are said to be reviewing tapes to see if they can identify who was responsible for trampling the poor man to death. What will that achieve? Obviously it was not done on purpose. The findings are bound to result in an "accidental death" determination.

Getting back to; who is responsible? I think that is quite clear. Wal-Mart has to accept responsibility. UNLESS...they really did hire an outside security company and the employees of that company did such a poor job organizing that mob of "door busters", that they lost control of the situation.

One thing is a given. The family of the employee who lost his life is bound to bring a civil law suit against Wal-Mart. If I were them, the first thing I would look to find out would be who(if anyone)was providing security on Thanksgiving night outside of the front door?

Unfortunately, many clients do not take the function of security very seriously and they delegate the responsibility to those with no security training or experience. We have consulted for clients at arenas and found that ordinary ushers will be given a fluorescent vest or jacket with "SECURITY" written on the back and asked to provide security. This is a libility claim waiting to be filed.

If Wal-Mart did in fact outsource their security to an outside company, was the company allowed to provide an adequate number of officers to ensure that shoppers lined up in an orderly fashion? One security officer to a couple of hundred people is another liability suit waiting to be filed.

Next, they should be looking at the training that the security officers (Wal-Mart better hope that shelve stockers were not given the task)receieved. Because it was Thanksgiving night, there is the possibility that the company couldn't get anybody else to work and used untrained and inexperienced personnel. If that turns out to be the case, hopefully the company was legal and had adequate insurance coverage.

Whatever happens regarding a civil law suit, one thing will remain unchanged. A man lost his life in an incident that should have been prevented. It is obvious that not everything was done to ensure the safety of the shoppers who traditonally lined up to get the best bargains when the store opened on "Black Friday".

Whether it was Wal-Mart or the security company who may have been hired to prevent this very incident from happening - somebody failed to do their job. Whichever one it was, they should step up to the plate and apologize to the grieving family for letting them down.

Chairman Tata Surprised by Tricky Terrorists

Sun, 30 Nov 2008 22:29:00 +0000

Chairman Rata Tata, whose company owns the Taj hotel in Mumbai, gave a frank and honest interview to CNN. I would imagine that the Tata Group's PR people and General Counsel are scrambling at the moment trying to do as much damage control as possible.

The sad part of this unfolding story is the feeling one gets that the terrible loss of life at the hotel may have been prevented or at least mitigated had proper security measures been implemented and if the security that had been in place prior to the attack had not been removed.

One eye witness who stayed at the hotel a week before the terrorist assault spoke about metal detectors and baggage being checked. The same witness then went on to say that those security measures had been removed within the last week, allowing people to enter without being checked.

The most surprising news to surface must be the Chairman's comments regarding the terrible event. Unbelievably, he actually said; "They knew what they were doing and they did not go through the front. All of our arrangements were on the front entrance".

Who is Tata's security advisor, a kitchen worker? Actually, he might have been better off if that were the case since the terrorists entered the hotel through the rear kitchen door. ANNOUNCEMENT TO ALL CHAIRMEN AND CEO's; Terrorists are Tricky. That is their job. They are watching your businesses and will do the opposite to what you expect.

In the case of the TAJ HOTEL, you made it easy for them. Did nobody in Mumbai ever stop to think that a bad person can go through the back door? It is one thing for a cafe in a pedestrian area to be attacked as anyone can walk right by or walk through the front and open fire, but how can a major landmark that attracts Western vistors drop their security measures AFTER they have received terrorist alert warnings that the hotel may be the target of terrorsit attacks?

I don't know if it was the case with the Taj Hotel, but cutting corners where security is concerned is common place in corporate culture. Security is often seen as a necessary evil and usually the first department to experience budgetary cutbacks. It is very difficult to convince some clients that nothing happening is really a good thing and that by cutting out security may open the door to evil.

This appears to have been the case with the Taj. There is no doubt that the terrorists had conducted hundreds of hours of surveillance in and around Mumbai. Was it a coincidence that the attack occurred the week after security measures had been removed? What might have been the result if security had remained tight (if you could call watching the front entrance and disregarding the back as "tight security")? Maybe the terrorists would have held back another month or two...maybe in that time they would have been detected...

One thing is for certain, places like the Taj Hotel have to get serious about security. Mr. Tata's claim that; "If I look at what we had...it could not have stopped what took place", must be replaced by more progressive, proactive thinking. If the Tata Group had spent an adequate amount of funding on ensuring that a strict security policy was in force - if only for the period in question - then they might not now be facing a 5 Billion Rupee reconstruction bill. Who knows how high the civil suits against the Taj will run when compensation and punitive costs are calculated.

Kudos though to Chairman Tata for at least recognizing that the Indian authorities may not be able to handle the situation on their own. "These attacks underscore the need for Law Enforcement to seek outside expertise for training, equipment and strategic operations", he said.

We agree Mr. Tata. We also hope that you will recognize the need for the Tata Group to seek similar outside expertise to assist you with your security planning and training.

Estonian ISP cuts off control servers for Srizbi botnet

Thu, 27 Nov 2008 02:00:00 +0000

An Estonian ISP that temporarily hosted the command-and-control servers for the Srizbi botnet, responsible for a large portion of the world's spam, has cut off those servers, according to computer security analysts.

Estonian ISP cuts off control servers for Srizbi botnet

Wed, 26 Nov 2008 21:00:00 +0000

Massive botnet returns from the dead, starts spamming

Wed, 26 Nov 2008 02:00:00 +0000

The spam-spewing 'Srizbi' botnet that was shut down two weeks ago has been resurrected, security researchers said today, and is again under criminal control.

Spammers regaining control over Srizbi botnet

Tue, 25 Nov 2008 21:00:00 +0000

The zombie computers used to send spam are coming back to life.

Massive botnet returns from the dead, starts spamming

Tue, 25 Nov 2008 21:00:00 +0000

A big spam-spewing botnet shut down two weeks ago has been resurrected, security researchers said Wednesday, and is again under the control of criminals.

Check Point appliances fight spam, protect industrial networks

Thu, 20 Nov 2008 21:00:00 +0000

Check Point Software is upgrading its multifunction security appliances with antispam capabilities, support for secure wireless connectivity and protection for devices that control industrial infrastructure.