Thursday, April 30, 2009

Online Banking and Mutual Authentication

This little piece from Finextra, a British online banking newsletter, presents three scenarios for authentication: the classic user ID and password, one-way authentication and two-way mutual authentication.

It basically chops down the first two and, by following the evolution of hacking technology for cracking authentication, leads to the third alternative, which is two-way mutual authentication.

The article sees this as a two-way street, if you will, that can block fraud and increase business by promoting legitimate transactions.

Cyberwar, Cyberdefense: Many Issues, Little Time

In this detailed article in The New York Times, the difficulties and complexities of defending against a cyberattack are well presented. Cyberwar can't be easily compared to its offline counterpart, as this article skillfully points out. Cyberdefenses are just as slippery to assemble.

To make matters worse, this study by the National Academy of Sciences says secrecy on the subject is preventing the open debate necessary to combat cyberwar. The report says U.S. government policy is "ill-formed, undeveloped and highly uncertain."

Watch Out for Swine Flu Online Scams

As is always the case, there are plenty of low lifes out there looking to cash in on the current swine flu crisis. Con artists are churning out spam, offering pharmaceutical remedies for the disease. What ever happened to just peddling Viagra? Those were the good old days.

A list of suspicious recently-registered URLs was uncovered by Sophos and listed on the bMighty ANTenna blog by Keith Ferrell. More details were reported this week in Computer World.

Monday, April 20, 2009

WGN Interview About The Little Black Book

I was interviewed today on WGN TV news in Chicago about my book, The Little Black Book of Computer Security, Second Edition:

Sunday, April 19, 2009

Finally a Mac Botnet? Could That Be Possible?

Yes, a Mac botnet could be very possible, according to researchers at Symantec, who say the malware spread inadvertently over peer-to-peer networks in January.

The researchers say the malware was embedded in pirated copies of Apple's iWorks '09 software and can cause Denial of Service (DoS) attacks. This is apparently the first ever Mac botnet.

Or should we say iBotnet?

Federal Cybersecurity Report Almost Due

The 60-day cybersecurity review commissioned by President Barack Obama is due to be completed this week. But expectations are low about what the report will recommend, and when it'll be released to the public.

Some observers say the report might just be a lame checklist of cybersecurity initiatives already completed by the government. Obama had appointed Melissa Hathaway, a cybersecurity big shot from the Bush administration, back in February to conduct the study.

Report or not, the controversy surrounding federal oversight of cybersecurity has been swirling around for months, even before Obama set foot in the White House. Various government agencies -- DHS, NSA, and the DOD -- have been in a turf battle over the issue.

Security luminary Bruce Schneier recently noted that the NSA, a front runner over the DHS, shouldn't be in charge of cybersecurity because of its narrow scope. An advisory role, yes, but not the leader.

Meanwhile, the government has been looking for hackers to secure its networks. For those interested, the job is number 155433 at General Dynamics Information Technology.

Tuesday, April 14, 2009

Writing Scary Cyberwarfare Articles

Here's a humorous article from Foreign Policy magazine, where you wouldn't normally find articles about IT security, about how to write an article to create a panic about cyberwarfare. The article doesn't deny the existence of cyberwarfare. It just pokes fun at the media for their handling of the subject.

The article references GhostNet, a cyberspying operation originating in China and discovered last month, that infiltrated media locations in 103 countries.

This is a more down-to-earth article in TechRepublic about GhostNet and how it was uncovered by Information Warfare Monitor, a cyberwar research team.

No Recession for the Underground Economy

The so-called underground economy hasn't been touched by the recession. In fact, according to reports published today by Symantec and Gartner, organized crime groups are getting more sophisticated and phishing more than ever.

But, at the same time, the proliferation of criminals has created competition in the marketplace, making stolen card and identity data cheaper. Crime may be increasing, but it's paying less.

The report attributed part of the increase to a 47 percent increase in bots over last year. In fact, a new variant of Conficker may be linked to the notorious Storm bot.

Thursday, April 09, 2009

Cyberspies in the American Power Grid

Cyberspies from China, Russia and other countries have penetrated the American electrical grid, leaving behind tools that could potentially disrupt the electrical system, according to The Wall Street Journal.

While foreign hackers lurking around in US cybersystems isn't news, the extent of the supposed intrusions into our vital infrastructure hasn't been reported before. Intelligence officials quoted in the story expressed concern about the possibility of these dormant tools being turned on in the event of a war or other hostile situation.

The White House, in response, said it took cybersecurity seriously, citing its ongoing security review of the federal cyberinfrastructure, but it wasn't aware of any disruptions. The Pentagon is also in the act, having spent US$100 million over the last six months for cyberdefenses.

An interesting suggestion came from Alan Paller, research director at SANS. Paller called for beefing up the North American Electric Reliability Corporation (NERC), which currently sets standards for grid operators, into a cybersecurity regulatory body.

In unrelated cybersecurity news, Paul McCartney's web site was hacked with links to spew malware at visitors.

Tuesday, April 07, 2009

Step Aside Conficker, Neeris on the Loose

Now that we've all survived Conficker without a major incident -- yet -- there's now Neeris, which, apparently mimics Conficker. Neeris isn't exactly new. It's been around for four years, but a new variant has hit the cyberstreets in the past week.

Like Conficker, it exploits the MS08-067 flaw and can also be activated by AutoRun. And, like Conficker, patching the Microsoft flaw and disabling AutoRun can contain the bug. But, unlike Conficker, it has attacked far fewer victims, researchers say.

The original version of Neeris used a buffer overflow to take advantage of a now-patched Microsoft flaw in the Server Service.

Saturday, April 04, 2009

Pending US Legislation to Beef Up Cybersecurity

The US government is proposing strong action to beef up cybersecurity defenses. Legislation proposed by the Senate would give the president unprecedented authority, for example, to unilaterally shut down networks under attack.

The proposal is based on the results of a study last year by the Center for Strategic and International Studies and would impose mandatory government standards on both the public and private sector for certifying network security.

Crafters of the legislation were Sen. John Rockfeller and Sen. Olympia Snowe with input from the White House, which hasn't officially endorsed the legislation yet. The legislation would create a National Cybersecurity Advisor (NCA), reporting directly to the president.

Rockfeller was quoted in the Washington Post, saying it was more than just a military or intelligence issue. "It suddenly gets into the realm of traffic lights and rail networks and water and electricity."

Supporters of the measure said it was long overdue, but critics say it gives the government too much power over private telecommunications and could threaten privacy, according to this post on The Last Watchdog, an Internet security blog.

Obama's security advisors are still in the middle of their 60-day review of American cybersecurity, another part of the White House's actions to improve cybersecurity.