Posted by Kevin on August 20, 2014.
The ITsecurity daily security briefing: Wednesday, August 20, 2014.
If you find this security briefing useful, please spread the word via social media. If you have any comments or recommendations, please email kevtownsend at gmail dot com.
CHS Hacked via Heartbleed Vulnerability
“The initial attack vector was through the infamous OpenSSL “heartbleed” vulnerability which led to the compromise of the information. This confirmation of the initial attack vector was obtained from a trusted and anonymous source close to the CHS investigation.”
Court Addresses Bitcoin, Other Novel Online Technology Issues
United States v. Ulbricht (Silk Road). “The court’s decision in Ulbricht refused the defendant’s request to dismiss the charges. It remains to be seen whether the government will be able to prove its case and, if so, to withstand an appeal. Nevertheless, the application of traditional criminal law to evolving online activities such as those allegedly engaged in by Ulbricht and Silk Road presents prosecutors with new hurdles to overcome, and defense lawyers with new issues to contemplate.”
New York Law Journal:
The Security of al Qaeda Encryption Software
“I don’t want to get into an argument about whether al Qaeda is altering its security in response to the Snowden documents. Its members would be idiots if they did not, but it’s also clear that they were designing their own cryptographic software long before Snowden. My guess is that the smart ones are using public tools like OTR and PGP and the paranoid dumb ones are using their own stuff, and that the split was the same both pre- and post-Snowden.”
How Microsoft filled its Windows Store with app scams waiting to steal your money
“Microsoft might have just stolen some money from you with help of the Windows Store. In an extensive look at the “cesspool of scams” in the Windows Store, How-To Geek reveals how the store is crammed with fake versions of popular paid apps that people are unwittingly giving money to. And it all happens with Microsoft’s knowledge…”
Dear Daughter… (Dad’s 10 rules for online safety)
Must see infographic:
[New Tool] Haka v0.2 Protocols and Policies Analyzer Released
“The scope of Haka language is twofold. First of all, it allows to write security rules in order to filter/alter/drop unwanted packets and log and report malicious activities. Second, Haka features a grammar enabling to specify network protocols and their underlying state machine.”
AOL ignores Do Not Track
“How do the AOL brands respond to “Do Not Track” browser signals?
Some web browsers may transmit “Do Not Track” signals to the websites and other online services with which the browser communicates. Currently, there is no standard that governs what, if anything, websites should do when they receive these signals and AOL currently does not take action in response to these signals.”
Linux Kernel Git Repositories Add 2-Factor Authentication
“At this time, both the mainline and stable Linux kernel repositories are already protected requiring 2-factor authentication before a git push is accepted. As kernel developers congregate in Chicago to attend the annual Linux Kernel Summit, we are hoping that many more of them will choose to turn on 2-factor authentication on their own repositories hosted at kernel.org, to make it that much more difficult for an attacker to sneak in a malicious commit.”
The fall of rogue antivirus software brings new methods to light
“Lately we’re seeing a dropping trend in the telemetry for some of the once most-prevalent rogue families, such as Win32/Winwebsec, Win32/OneScan, Win32/FakeXPA, Win32/FakePAV… [but] we are seeing other players willing to fill the gap – luckily with small impact.” Such as Rogue:Win32/Defru.
Microsoft Malware Protection Center:
Man-in-the-Middle TLS Protocol Downgrade Attack
“A flaw was recently found in OpenSSL that allowed for an attacker to negotiate a lower version of TLS between the client and server (CVE-2014-3511). While this vulnerability was quickly patched, an attacker that has control of your traffic can still simulate this attack today. Let’s explore how this is possible through looking at man-in-the-middle attacks and how browsers handle SSL/TLS connections. In addition, we will see the implications of the attack on cryptographic security.”
CISO vs. CRO: What’s the Difference?
“Another C has found its way into the lexicon of the C-suite: the chief risk officer (CRO). Some may be scratching their heads and wondering why CROs are necessary. After all, isn’t risk already part of the domain responsibility of the chief executive officer (CEO), general counsel, chief security officer (CSO), chief information officer (CIO), chief information security officer (CISO) and chief operating officer (COO)?”
How to Get the Most Value out of Your MSSP and Security Operations
“In a well-executed partnership, an MSSP is simply viewed as an extension of the information security organization. An MSSP’s contribution to a security operation depends upon how effectively the partnership is built and maintained…”
Securing Hadoop: What Are Your Options?
“Join Hortonworks and Voltage in this joint presentation to learn about security options with authentication, authorization, monitoring and data-level security for Apache Hadoop. Get insight to the use cases and architectural decisions that enable the business benefits you need to deliver, while avoiding risks straight from today’s headlines, including cyber attacks and leaking of sensitive customer data.”
Wednesday August 27, 2014; Time: 10:00am PT/ 1:00pm ET
Voltage Security; Hortonworks:
New ransomware variant detected: Trj/Crypdef.A!
PandaLabs has “discovered a new strain of ransomware, a piece of malicious software which allows cyber-criminals to remotely lock the computers they infect… The new variant has been detected as Trj/Crypdef.A.”