[SecurityRatty] tag: trends

New spam and virus trends from Enterprise

Tue, 12 Aug 2008 10:01:00 +0000

Written by Amanda Kleha, Google Apps Security & Compliance team

The Google Apps Security & Compliance team, which provides email and web security for more than 40,000 companies, regularly tracks trends in spam, viruses, and other threats. Check out some of our latest findings over on the Enterprise blog. Also, on Friday, August 15, at 10:00 am PT, we'll be hosting a webinar on keeping your business safe from web and email threats -- tune in if you'd like to learn more.

It's Router Upgrade Time As AS Numbers Expand

Mon, 28 Jul 2008 18:25:12 +0000

The fact that we're running out of IPv4 addresses is reasonably well-known by now, but it's not the only declining network resource on the Internet. 'AS' or Autonomous System numbers, which uniquely identify networks for the Internet's BGP routing infrastructure, are also running out, and on a similar timeline. AS numbers, like IP addresses, are allocated by RIRs (Regional Internet Registries) and the last one, based on current trends, will be gone in early 2011. As this release from APNIC (the Asia Pacific Network Information Centre, the RIR for the far east) explains, the old AS numbers were 16-bits. A new standard exists for 32-bit AS numbers and, as of January 1, 2009 these 32-bit numbers will be the ones allocated by default, unless a 16-bit number is specifically requested. But routers and network management software on networks using the new numbers need to be updated. Surprisingly, and impressively, routers on older, 16-bit AS-numbered routes can still communicate with the new 32-bit AS-numbered networks, and vice-versa. Click here for more on how they accomplished this neat bit of backward-compatibility.

It's Router Upgrade Time as AS Numbers Expand

Mon, 28 Jul 2008 18:25:12 +0000

The fact that we're running out of IPv4 addresses is reasonably well-known by now, but it's not the only declining network resource on the Internet. "AS," or Autonomous System, numbers, which uniquely identify networks for the Internet's BGP routing infrastructure, are also running out, and on a similar timeline. AS numbers, like IP addresses, are allocated by RIRs (Regional Internet Registries), and the last one, based on current trends, will be gone in early 2011. As this release from APNIC (the Asia Pacific Network Information Centre, the RIR for the Far East) explains, the old AS numbers were 16 bits. A new standard exists for 32-bit AS numbers and, as of Jan. 1, 2009, these 32-bit numbers will be the ones allocated by default, unless a 16-bit number is specifically requested. But routers and network management software on networks using the new numbers need to be updated. Surprisingly, and impressively, routers on older, 16-bit AS-numbered routes can still communicate with the new 32-bit AS-numbered networks, and vice versa. Click here for more on how they accomplished this neat bit of backward compatibility.

Keeping corporate secrets - the data centric security approach

Mon, 28 Jul 2008 16:13:00 +0000

Just read the eWeek summary for the new book Blown to Bits... (btw, what's up with tag lines and subheadings in books - these seem to be filling up the font page!). The authors discuss the right mix of people, process and security technology that organizations can use to prevent such breaches...

Interestingly enough, the trends they talk about are very data-centric - "Secure the message as well as the medium" and "Address data at rest, in flight and in use"...

In particular I like this paragraph...

"Even with SSL (Secure Sockets Layer) and VPN, strong passwords, fire walls and a flood of security patches, the medium (the network and the attached servers) should be considered inherently insecure. The greatest security comes from protecting the data itself. Even a gargantuan data breach will be of no real consequence if the data is undecipherable."

Could not have said it better - and I could not agree more...

Dont become a statistic says Sophos

Thu, 24 Jul 2008 14:56:51 +0000

Alot of numbers and stats, but a must read for those who want to take no changes while online.

clipped from www.istockanalyst.com

Hackers Attack Businesses, Blogs and Web 2.0 Sites, Sophos Security Threat Report Reveals

Sophos, the largest privately held vendor in the secure content and threat management market today published new research into the first six months of cybercrime in 2008. The Sophos Security Threat Report examines existing and emerging security trends and has identified that criminals are increasingly using creative, new techniques in their attempt to make money out of internet users.

NAPA Shows How the Government is Using Web 2.0

Wed, 16 Jul 2008 16:45:37 +0000

Back in April, we attended a session at the FOSE conference that highlighted Web 2.0 usage in the public sector. We also found through a survey of government workers that 65% of government IT workers surveyed said that Web 2.0 tools are important to their operations. The overall message was that all IT, government included, have too many projects they could be taking on for the amount of resources they have. For much of the IT topics we covered in the survey, importance was high but actual deployment was lower.

Dan Munz, project manager of the Collaboration Project commented on the unique work that the National Academy of Public Administration (NAPA) is doing to bring together government leaders. The Collaboration Project seeks to innovate across government not just down the silos and create a safe place for leaders to have discussions around innovation.

ScienceLogic: What is the National Academy of Public Administration?

Dan Munz: The Academy is an independent, non-partisan, non-profit organization dedicated to tackling government’s most complex challenges. We were founded in 1967 by James Webb, the NASA administrator who took us to the moon – he saw that he could consult the National Academy of Sciences for expert technical advice, but had no counterpart in government for expert management advice. That’s been our mission ever since.

ScienceLogic: What is the Collaboration Project? How long has it been around?

Dan Munz: The Collaboration Project is the Academy’s response to two parallel trends we see in government. The first is the government’s need to transform the way it does business. There is a strong demand for change out there driven by a number of challenges that are forcing the government to rethink its mission and structure. Challenges include a public disconnected from government; a multi-sector workforce and increasing reliance on contractors; financial instability; and new types of security threats, just to name a few. More and more, the challenges facing government reach across the traditional boundaries of agency and mission. But government isn’t configured to work that way.

The second trend is the unprecedented opportunity collaborative technology offers to drive transformational change in government. Tools like blogs, wikis, and mashups are changing the way leaders think about problems. They’re focusing not on what they can do just within their offices or agencies, but what voices they need to pull together across government, non-profits, the general citizenry, and other stakeholders to solve these problems. The Collaboration Project’s goal is to encourage this type of thinking and empower leaders committed to use collaborative technology to:

strengthen citizen civic engagement;
enhance government transparency;
improve service delivery and operational efficiency; and
facilitate coordination and innovation within and between agencies.

ScienceLogic: Why focus on Web 2.0 in the government?

Dan Munz: The question of how web 2.0 will impact federal IT departments is a critical one. Our view is that “the era of big systems” is basically over. Things like disk space, bandwidth, and computing power are basically shifting from being assets to being commodities.

There’s also a shift in expectations. People both inside and outside government – especially Gen-X and Gen-Y – are incredibly frustrated by being able to use lightning-fast apps like Flickr, YouTube, and Facebook that don’t even live on their hard drives while the government and other large organizations still operate clunky PCs, space-limited e-mail accounts, and sluggish e-mail servers.

So aside from the opportunity for transformative leadership, the idea of web 2.0 at a government level is very appealing in terms of getting the most out of the IT infrastructure we already have, rather than embarking on costly, large-scale projects in an era of diminishing budgets.

ScienceLogic: How do you build a sense of community at the Collaboration Project?

Dan Munz: Some community feel emerges naturally, from a sense that mass collaboration really is a tool for “doing government” in a whole new way.

The more formal community building mechanisms we have include our web page, where we share insights, news, case studies, and other content – The virtual space serves as an anchor for people, whether they’re experts or beginners, to learn about what we do.

Finally, we are conducting an ongoing series of in-person meetings, usually featuring a leader who has harnessed collaborative technology in what we think is a truly revolutionary new way.

ScienceLogic: How do you hear about cool new government Web 2.0 projects?

Dan Munz: That’s a key question, because part of our mission is to inspire action by finding leaders who have succeeded and highlight their accomplishments. We’ve done that with folks like Kip Hawley, TSA, Molly O’Neill, EPA, and Jim Walker, Alabama DHS.

We also feel that the Academy’s position as a “safe space” for leaders means that we’re a place people can turn to when they hear about an emerging trend or project and want some help making sense of it.

ScienceLogic: What are the most innovative uses of Web 2.0 technology you’ve seen in the government?

Dan Munz: It’s important to distinguish between agencies that are simply adjusting to the reality of web 2.0, and those that are “using” it. Getting a YouTube account for your agency, or putting some photos on Flickr, is a great first step, but we want to inspire leaders to really transform their normal ways of doing business. At the moment a few that come to mind are the EPA Puget Sound Mashup, ODNI’s Intellipedia, TSA IdeaFactory, the PTO Peer-to-Patent Project, and Virtual Alabama, to name a few.

The TSA launched the IdeaFactory in February 2008. TSA set up a collaboration platform with commenting, voting, etc. to form communities in a way to bring people to consensus and offer ways to improve the agency’s performance.

ScienceLogic: Do you see a difference between state and local versus federal adoption of Web 2.0?

Dan Munz: That’s a hard generalization to make – at all levels you see leaders who recognize the potential in this technology to bring new voices into the governance process.

ScienceLogic: What are the obstacles to Web 2.0 adoption by government agencies?

Dan Munz: The three main challenges that we see are in the areas of technology, culture, and policy/governance.

The technology issue is probably the simplest to solve – it’s important to choose a technology that fits the problem you’re trying to solve, but these technologies are usually inexpensive and almost never very complex.

The question of culture is harder, particularly given the way that baby boomers, gen-xers, and millenials are beginning to interact in the workforce. How do you gain acceptance and buy-in among groups that have very different comfort levels with collaborative tools and environments?

Finally, the most daunting challenge might be the questions of policy and governance, if only because those are the things that most commonly prevent leaders from even dipping a toe in the waters of collaboration. Most of the policies, regulations, and statutes governing the way government does business don’t anticipate things like wikis, blogs, or instant messaging. One of our most important missions is helping leaders who just want to get to action navigate these obstacles.

ScienceLogic: Is there any advice you can give to government employees getting started with Web 2.0? Or any places you would point them to for more info?

Dan Munz: It’s shameless plug time! I’d of course point them to our web page, collaborationproject.org, where, among other things, we’ve collected a case library of over 40 instances of collaborative technology being used in the government and non-profit sectors. The library is growing every day and is a sort of “database of record” for what is and isn’t working in terms of collaborative government. I think that would be a great place to start for anyone looking to get started but not really knowing the way.

In terms of advice, the best thing to say is that, once you’ve settled on a problem you want to solve and an audience you want to reach out to, just do it! We believe strongly that there are a lot of organizational and leadership issues that still need to be addressed regarding collaboration in government, but our biggest mantra is about getting leaders to action. The most successful projects we’ve seen are ones that try something daring and new, and discover the true power of what they’ve done as it catches on more and more widely.

ShareThis

Are Stolen Credit Card Details Getting Cheaper?

Tue, 15 Jul 2008 11:36:12 +0000

What is shaping the prices of stolen credit card details? The investments the cybercriminals or real life scammers ( through credit card cloning or ATM skimming) put into the process of obtaining the details, or can we even talk about investments being made where an experienced scammer has just purchased 1GB of raw credit cards data from a novice botnet master who isn't really aware of the actual value of his "botnet output"?

Depends on which economic theory you believe in, or whether or not you'll take the "bottom-up approach" or the "top-down" one. And since I'm not aware of the existence of "the invisible hand of the underground market" and centralized power to increase the supply or decrease it to boost prices for the stolen credit card details, also indicating the existence of underground cartels putting everyone in a "price taker" position.

The basics of demand and supply for anything underground will always apply unless of course, The more they want, the cheaper it gets, the less they want, the higher the price on per credit card basis gets, since the investment on behalf of the malicious party that originally stolen them is virtually the same, and he can theoretically break-even in every single case since the credit card details were obtained efficiently. It's up to the seller to follow or entirely ignore economic behavior, and do what they feel like doing with this good which must on the other hand reach its market liquidity as soon as possible, else it becomes obsolete. The current market model can be further explained as a good example of competitive equilibrium :

"Competitive market equilibrium is the traditional concept of economic equilibrium, appropriate for the analysis of commodity markets with flexible prices and many traders, and serving as the benchmark of efficiency in economic analysis. It relies crucially on the assumption of a competitive environment where each trader decides upon a quantity that is so small compared to the total quantity traded in the market that their individual transactions have no influence on the prices."

This can be easily explained in a single sentence - it's a mess and every participant is doing whatever they want to, so generalizing on the prices charged for stolen credit card numbers would be unrealistic, since it's the price a single seller with no real impact on the "average" market price for the same good. As for the average market price itself, it would be hard to measure it depending on the quality of the sample you want to rely on, since this is a type of market where sellers don't have to report price changes in their goods for the purpose of statistical research.

A recently released report by Finjan, with whom I've been on the same page of several high profile incidents so far, touches this very same topic :

"Prices charged by cybercriminals selling hacked bank and credit card details have fallen sharply as the volume of data on offer has soared, forcing them to look elsewhere to boost profit margins, a new report says. Researchers for Finjan, a Web security firm, said the high volumes traded had led to bank and credit card information becoming "commoditized" - account details with PIN codes that once fetched $100 or more each might now go for $10 or $20. In its latest quarterly survey of Web trends, the California-based company said cybercrime had evolved into "a major shadow economy ruled by business rules and logic that closely mimics the legitimate business world."

Excluding the presence of price discrimination for a while, as well as open topic offers in the lines of "how much for X amount of Y?" answered as "how much are you willing to pay?", it's all a matter of the seller in a particular situation.

Furthermore, in real-life market there's always the scarcity problem, however, in the underground market there's no shortage of resources despite the ever growing wants of the buyers. Generalizing even more, take for instance the butterfly effect of a price change in petrol, and result of which is inevitable increase of prices in every single aspect of your life, but in the underground market mostly due to the malicious economies of scale achieved, a price increase in renting a botnet would have no effect in the prices charged for the stolen credit card details obtained through the infected hosts. How come? Basically, the price and resources for malware infection are prone to decrease, if we take a malware infected host as a static foundation for the basis of any upcoming cybercrime activities using it.

Perhaps the most disturbing part is that the market for stolen credit card details is so mature, and its entry barriers so low these days, that the confidential data that cannot be efficiently obtained through real-life means like credit card cloning or ATM skimming on a large scale, is now purchased online for the purpose of abusing it in real-life by embedding the valid information into plastic cards.

IT Operations Management Audience Polls at the Gartner Conference

Mon, 23 Jun 2008 11:09:22 +0000

Greetings from the Gartner IT Infrastucture, Operations & Management Summit 2008 – in warm and humid Florida!

A couple of notes from the first day’s keynote address “IT Operations Management Scenarios: Trends, Directions and Market Landscape” by Donna Scott – VP and Distinguished Analyst at Gartner Research.

Donna: Today customers are looking for 100% availability for their externally facing business systems. Five 9’s are no longer enough. They expect IT to deliver the right services at the right cost with the right service levels.

My aside: How many of you are like me? When I listen to analysts or read the research, part of me is always asking – how applicable is this to me now? How rooted is what they are saying in the practical day-to-day operations that our customers need help with now? Well, how short-sighted of me.

Donna: “Best-in-class organizations manage through the day-to-day turbulence of change but also keep an eye on the long-term nirvana of IT operations management.” And that creating a continuous optimization culture is necessary to improve over time – this needs to be baked into the corporate IT culture. Food for thought for all of us.

Interesting quick polls of the audience – some results were surprising; some were funny; and some were validating.

I. What are the Top 3 pressures on IT Infrastructure and Operations Management:

1) 24 x7 availability: 82%

2) Business continuity and disaster recovery: 70%

3) Cost reduction and/or cost management: 67%

On a personal note – supporting/deploying SOA came in at the bottom of this poll. Enough said.

II. What grade would you give the IT Infrastructure and Operations Management vendors?

A 1%

B 14%

C 49%

D 17%

F 4%

Last year – the average grade ended up being C- so the grade went up slightly this year.

III. What IT Infrastructure and Operations Management vendor are you most confident in to help achieve “ERP for IT”? (Dave will cover this topic later this week.)

HP 20%

IBM 16%

BMC 16%

CA 4% (lingering bad rep?)

Microsoft 8%

Oracle 4%

EMC 4%

Other 5%

And the winner was “NONE OF THE ABOVE” with 23% of the responses.

ShareThis

Who's Behind the GPcode Ransomware?

Tue, 10 Jun 2008 05:44:53 +0000

So, the ultimate question - who's behind the GPcode ransomware? It's Russian teens with pimples, using E-gold and Liberty Reserve accounts, running three different GPcode campaigns, two of which request either $100 or $200 for the decryptor, and communicating from Chinese IPs. Here are all the details regarding the emails they use, the email responses they sent back, the currency accounts, as well their most recent IPs used in the communication :

Emails used by the GPcode authors where the infected victims are supposed to contact them :
content715@yahoo.com
saveinfo89@yahoo.com
cipher4000@yahoo.com
decrypt482@yahoo.com

Virtual currency accounts used by the malware authors :
Liberty Reserve - account U6890784
E-Gold - account - 5431725
E-Gold - account - 5437838

Sample response email :
"Next, you should send $100 to Liberty Reserve account U6890784 or E-Gold account 5431725 (www.e-gold.com) To buy E-currency you may use exchange service, see or any other. In the transfer description specify your e-mail. After receive your payment, we send decryptor to your e-mail. For check our guarantee you may send us one any encrypted file (with cipher key, specified in any !_READ_ME_!.txt file, being in the directorys with the encrypted files). We decrypt it and send to you originally decrypted file. Best Regards, Daniel Robertson"

Second sample response email this time requesting $200 :
"The price of decryptor is 200 USD. For payment you may use one of following variants: 1. Payment to E-Gold account 5437838 (www.e-gold.com). 2. Payment to Liberty Reserve account U6890784 (www.libertyreserve.com). 3. If you do not make one of this variants, contact us for decision it. For check our guarantee you may send us ONE any encrypted file. We decrypt it and send to you originally decrypted file. For any questions contact us via e-mail. Best regards. Paul Dyke"

So, you've got two people responding back with copy and paste emails, each of them seeking a different amount of money? Weird. The John Dow-ish Daniel Robertson is emailing from 58.38.8.211 (Liaoning Province Network China Network Communications Group Corporation No.156,Fu-Xing-Men-Nei Street, Beijing 100031), and Paul Dyke from 221.201.2.227(Liaoning Province Network China Network Communications Group Corporation No.156,Fu-Xing-Men-Nei Street, Beijing 100031), both Chinese IPs, despite that these campaigners are Russians.

Here are some comments I made regarding cryptoviral extortion two years ago - Future Trends of Malware (on page 11; and page 21), worth going through.

Links for 2008-06-06 [del.icio.us]

Fri, 06 Jun 2008 20:00:00 +0000

Business Creativity & Innovation - How Promote an Innovative Culture
Content Discovery vs. E-Discovery vs. Content Classification | securosis.com
Enroll For: The Art of Evangelism
Event Logging (Windows)
IFTF's Future Now: Post-scientific society
So I was especially struck by Gregg Zachary's latest column in the New York Times, which asks, "might cheap science from low-wage countries help keep American innovators humming?" At least a few policy analysts and scholars studying global trends in scien
Inside Innovation with Colin Stewart » Blog Archive » 11 innovation lessons from creators of World of Warcraft - OCRegister.com
Intel Open Port: IT@Intel Blog: How do you measure something that doesn't happen?
Marissa Mayer's 9 Principles of Innovation | Fast Company