Monday, July 31, 2017

Has FireEye Been Breached?

Am reading reports of a breach of FireEye. Stay tuned. While three outlets have covered, I’m awaiting acknowledgement from company officials.   Hackers Breach Cybersecurity Company In Apparent Revenge On Employee: Gizmodo http://gizmodo.com/hackers-breach-cybersecurity-company-in-apparent-reveng-1797397861 ==== PasteBin data dump: Hackers claim files are from Mandiant FireEye ‘breach’: The Register https://www.theregister.co.uk/2017/07/31/mandiant_fireeye_leak/ ==== Hackers claim ‘breach’ of cyber firm […]

from Has FireEye Been Breached?

A week in security (July 24 – July 30)

A compilation of security news and blog posts from the 24th of July to the 30th. We talked about ransomware, the Dark Web, smart toys, encryption, and other.

Categories:

Tags:

(Read more...)

The post A week in security (July 24 – July 30) appeared first on Malwarebytes Labs.



from A week in security (July 24 – July 30)

From 2007 to Now: Onapsis’ CEO’s Thoughts on Business-Critical Application Security recognized by Gartner in the Hype Cycle for Application Security

Today Gartner recognized Business-Critical Application Security as an emerging market trend, in the 2017 Hype Cycle for Application Security that has just been released.Gartner, hype cycle, business-critical applications, OnapsisCorporateMariano Nunez0...

from From 2007 to Now: Onapsis’ CEO’s Thoughts on Business-Critical Application Security recognized by Gartner in the Hype Cycle for Application Security

BSides London 2017, Andi Hudson’s ‘Ignorance is Bliss – Does Privacy Matter?’

Permalink

from BSides London 2017, Andi Hudson’s ‘Ignorance is Bliss – Does Privacy Matter?’

DEF CON attendees make short work of electronic voting machines

Attendees to the DEF CON hacking conference in Las Vegas discovered weak spots in electronic voting machines that attackers could abuse in future compromises. David Bisson reports.

from DEF CON attendees make short work of electronic voting machines

Avast RMM Platform for MSPs now includes security assessment

Small and medium-sized businesses have just as great a need as large enterprise to keep their data safe and secure. But costly, complex assessment and monitoring solutions are often all that’s available. Starting today, Avast is offering Managed Service Providers (MSPs) a simplified way to perform real-time security assessments and consolidate the data into easy-to-read reports that prescribe solutions for issues. From these reports, MSPs can quickly recommend solutions, take actionable steps to remediate issues, and demonstrate how they are keeping businesses safe and secure – all from the Managed Workplace remote monitoring and management platform (RMM). 



from Avast RMM Platform for MSPs now includes security assessment

News in brief: Roomba data not for sale; thief-catching wallet; Windows Bounty Program

Your daily round-up of some of the other stories in the news!

from News in brief: Roomba data not for sale; thief-catching wallet; Windows Bounty Program

Robot Safecracking

Robots can crack safes faster than humans -- and differently: So Seidle started looking for shortcuts. First he found that, like many safes, his SentrySafe had some tolerance for error. If the combination includes a 12, for instance, 11 or 13 would work, too. That simple convenience measure meant his bot could try every third number instead of every single...

from Robot Safecracking

Hackers steal information on 400,000 customers of Italy’s biggest bank

Hackers steal information on 400,000 customers of Italy’s biggest bank

Italy’s largest lender, UniCredit, has blamed an unnamed “third-party provider” for two security breaches where hackers have managed to steal information related to the personal loans of some 400,000 customers.

Read more in my article on the Hot for Security blog.



from Hackers steal information on 400,000 customers of Italy’s biggest bank

Should Adobe make Flash open source? [POLL]

Some of us are counting down to the end of Flash; others are trying to give it life after death. Who's right? Have your say...

from Should Adobe make Flash open source? [POLL]

Measuring Vulnerability Rediscovery

New paper: "Taking Stock: Estimating Vulnerability Rediscovery," by Trey Herr, Bruce Schneier, and Christopher Morris:

Abstract: How often do multiple, independent, parties discover the same vulnerability? There are ample models of vulnerability discovery, but little academic work on this issue of rediscovery. The immature state of this research and subsequent debate is a problem for the policy community, where the government's decision to disclose a given vulnerability hinges in part on that vulnerability's likelihood of being discovered and used maliciously by another party. Research into the behavior of malicious software markets and the efficacy of bug bounty programs would similarly benefit from an accurate baseline estimate for how often vulnerabilities are discovered by multiple independent parties.

This paper presents a new dataset of more than 4,300 vulnerabilities, and estimates vulnerability rediscovery across different vendors and software types. It concludes that rediscovery happens more than twice as often as the 1-9% range previously reported. For our dataset, 15% to 20% of vulnerabilities are discovered independently at least twice within a year. For just Android, 13.9% of vulnerabilities are rediscovered within 60 days, rising to 20% within 90 days, and above 21% within 120 days. For the Chrome browser we found 12.57% rediscovery within 60 days; and the aggregate rate for our entire dataset generally rises over the eight-year span, topping out at 19.6% in 2016. We believe that the actual rate is even higher for certain types of software.

When combined with an estimate of the total count of vulnerabilities in use by the NSA, these rates suggest that rediscovery of vulnerabilities kept secret by the U.S. government may be the source of up to one-third of all zero-day vulnerabilities detected in use each year. These results indicate that the information security community needs to map the impact of rediscovery on the efficacy of bug bounty programs and policymakers should more rigorously evaluate the costs of non-disclosure of software vulnerabilities.

We wrote a blog post on the paper, and another when we issued a revised version.

Comments on the original paper by Dave Aitel. News articles.



from Measuring Vulnerability Rediscovery

Sunday, July 30, 2017

An extra bit of analysis for Clemency

This year’s DEF CON CTF used a unique hardware architecture, cLEMENCy, and only released a specification and reference tooling for it 24 hours before the final event began. cLEMENCy was purposefully designed to break existing tools and make writing new ones harder. This presented a formidable challenge given the timeboxed competition which occurs over a […]

from An extra bit of analysis for Clemency

BSides London 2017, Nick Smith’s ‘The State of Crypto APIs’

Permalink

from BSides London 2017, Nick Smith’s ‘The State of Crypto APIs’

Training Room Rental at Phoenix TS

Phoenix TS is a world-class provider of IT and business training. Since 1998 we have offered certification courses to help you further your career. We are now proud to offer room rental options at our headquarters in Columbia, MD. Situated in the heart of downtown Columbia, we are centrally located to Baltimore and Washington D.C. […]

The post Training Room Rental at Phoenix TS appeared first on Phoenix TS.



from Training Room Rental at Phoenix TS

Where Next for Microchip Implants?

Phoenix TS is a world-class provider of IT and business training. Since 1998 we have offered certification courses to help you further your career. We are now proud to offer room rental options at our headquarters in Columbia, MD. Situated in the heart of downtown Columbia, we are centrally located to Baltimore and Washington D.C. […]

The post Training Room Rental at Phoenix TS appeared first on Phoenix TS.



from Where Next for Microchip Implants?

Hacking Conference Shirts

T-shirts are among the most popular giveaways at security conferences. They’re great, practical, and serve as walking advertisements. But if you go to enough conferences, you’ll usually find yourself accumulating far too many shirts. There are only so many shirts you can use to wear when working out, or doing DIY projects, or as rags […]

from Hacking Conference Shirts

SSD Advisory – McAfee Security Scan Plus Remote Command Execution

Vulnerability Summary The following advisory describes a Remote Code Execution found in McAfee Security Scan Plus. An active network attacker could launch a man-in-the-middle attack on a plaintext-HTTP response to a client to run any residing executables with privileges of a logged in user. McAfee Security Scan Plus is a free diagnostic tool that ensures … Continue reading SSD Advisory – McAfee Security Scan Plus Remote Command Execution

from SSD Advisory – McAfee Security Scan Plus Remote Command Execution

iOS VPN apps removed from Apple’s Chinese App Store

Apple has bowed to pressure from the regime in Beijing, and removed some VPN apps from the Chinese version of its iOS App Store. Read more in my article on the We Live Security blog.

from iOS VPN apps removed from Apple’s Chinese App Store

Microsoft Backs Kubernetes with Cloud Native Membership

Amazon remains a holdout, as public cloud industry falls in line behind Kubernetes.

It's happened again. Microsoft has joined yet another open source group. Whatever happened to Redmond's long held belief that open source is a cancer? Times change, and evidently Microsoft has learned to change with them.

On Wednesday the company announced it's joined the Cloud Native Computing Foundation as a top tier platinum member. The foundation is a project of the Linux Foundation, where Microsoft is also a platinum member. According to CNCF's website, the membership is costing Microsoft $370,000 per year.

read more



from Microsoft Backs Kubernetes with Cloud Native Membership

Is DefCon Wifi safe?

DEF CON is the largest U.S. hacker conference that takes place every summer in Las Vegas. It offers WiFi service. Is it safe?Probably.The trick is that you need to download the certificate from https://wifireg.defcon.org and import it into your compute...

from Is DefCon Wifi safe?

Saturday, July 29, 2017

Microsoft Backs Kubernetes with Cloud Native Membership

Amazon remains a holdout, as public cloud industry falls in line behind Kubernetes.

It's happened again. Microsoft has joined yet another open source group. Whatever happened to Redmond's long held belief that open source is a cancer? Times change, and evidently Microsoft has learned to change with them.

On Wednesday the company announced it's joined the Cloud Native Computing Foundation as a top tier platinum member. The foundation is a project of the Linux Foundation, where Microsoft is also a platinum member. According to CNCF's website, the membership is costing Microsoft $370,000 per year.

read more



from Microsoft Backs Kubernetes with Cloud Native Membership

Is DefCon Wifi safe?

DEF CON is the largest U.S. hacker conference that takes place every summer in Las Vegas. It offers WiFi service. Is it safe?Probably.The trick is that you need to download the certificate from https://wifireg.defcon.org and import it into your compute...

from Is DefCon Wifi safe?

BSides London 2017, J3lena Milosevic’s ‘Awareness About Behavior Online, How to Build It’

Permalink

from BSides London 2017, J3lena Milosevic’s ‘Awareness About Behavior Online, How to Build It’

What is CISM?

CISM is an advanced information security certification offered by ISACA. CISM stands for Certified Information Security Manager and it is ANSI accredited under ISO/IEC 17024:2012. Who Should Test For The CISM Certification? The CISM exam is focused on how best practices in information security can help meet business objectives. This certification is designed primarily for an […]

The post What is CISM? appeared first on Phoenix TS.



from What is CISM?

Car wash security flaws let hackers ‘physically attack’ people

Hackers can exploit security flaws affecting popular car wash rigs to damage customers' vehicles and "physically attack" people. David Bisson reports.

from Car wash security flaws let hackers ‘physically attack’ people

Friday Squid Blogging: Giant Squids Have Small Brains

New research: In this study, the optic lobe of a giant squid (Architeuthis dux, male, mantle length 89 cm), which was caught by local fishermen off the northeastern coast of Taiwan, was scanned using high-resolution magnetic resonance imaging in order to examine its internal structure. It was evident that the volume ratio of the optic lobe to the eye in...

from Friday Squid Blogging: Giant Squids Have Small Brains

Friday Squid Blogging: Giant Squids Have Small Brains

New research:

In this study, the optic lobe of a giant squid (Architeuthis dux, male, mantle length 89 cm), which was caught by local fishermen off the northeastern coast of Taiwan, was scanned using high-resolution magnetic resonance imaging in order to examine its internal structure. It was evident that the volume ratio of the optic lobe to the eye in the giant squid is much smaller than that in the oval squid (Sepioteuthis lessoniana) and the cuttlefish (Sepia pharaonis). Furthermore, the cell density in the cortex of the optic lobe is significantly higher in the giant squid than in oval squids and cuttlefish, with the relative thickness of the cortex being much larger in Architeuthis optic lobe than in cuttlefish. This indicates that the relative size of the medulla of the optic lobe in the giant squid is disproportionally smaller compared with these two cephalopod species.

From the New York Times:

A recent, lucky opportunity to study part of a giant squid brain up close in Taiwan suggests that, compared with cephalopods that live in shallow waters, giant squids have a small optic lobe relative to their eye size.

Furthermore, the region in their optic lobes that integrates visual information with motor tasks is reduced, implying that giant squids don't rely on visually guided behavior like camouflage and body patterning to communicate with one another, as other cephalopods do.



from Friday Squid Blogging: Giant Squids Have Small Brains

Me on Restaurant Surveillance Technology

I attended the National Restaurant Association exposition in Chicago earlier this year, and looked at all the ways modern restaurant IT is spying on people.

But there's also a fundamentally creepy aspect to much of this. One of the prime ways to increase value for your brand is to use the Internet to practice surveillance of both your customers and employees. The customer side feels less invasive: Loyalty apps are pretty nice, if in fact you generally go to the same place, as is the ability to place orders electronically or make reservations with a click. The question, Schneier asks, is "who owns the data?" There's value to collecting data on spending habits, as we've seen across e-commerce. Are restaurants fully aware of what they are giving away? Schneier, a critic of data mining, points out that it becomes especially invasive through "secondary uses," when the "data is correlated with other data and sold to third parties." For example, perhaps you've entered your name, gender, and age into a taco loyalty app (12th taco free!). Later, the vendors of that app sell your data to other merchants who know where and when you eat, whether you are a vegetarian, and lots of other data that you have accidentally shed. Is that what customers really want?



from Me on Restaurant Surveillance Technology

Friday, July 28, 2017

Cyber News Rundown: Edition 7/28/17

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things...read more

The post Cyber News Rundown: Edition 7/28/17 appeared first on Webroot Threat Blog.



from Cyber News Rundown: Edition 7/28/17

Become a sysadmin – learn how to fit right in [VIDEO]

In one short #SysAdminDay video, we can't teach you how to *play* the part of a sysdmin, but we can help you *look* the part!

from Become a sysadmin – learn how to fit right in [VIDEO]

Friday Squid Blogging: Giant Squids Have Small Brains

New research: In this study, the optic lobe of a giant squid (Architeuthis dux, male, mantle length 89 cm), which was caught by local fishermen off the northeastern coast of Taiwan, was scanned using high-resolution magnetic resonance imaging in order to examine its internal structure. It was evident that the volume ratio of the optic lobe to the eye in...

from Friday Squid Blogging: Giant Squids Have Small Brains

5 Questions to Ask About Machine Learning

Machine learning isn’t pixie dust to be spread on products. We look into the nuts, bolts and challenges involved, and how we approach it. There’s no walking the show floor at RSA Conference or Black Hat these days without vendors bombarding you with messages like “machine learning” and “artificial intelligence”. But few of them will […]

from 5 Questions to Ask About Machine Learning

The DEF CON ocean is too loud today, so listen here

Ahoy again, pirates of DEF CON 25!

from The DEF CON ocean is too loud today, so listen here

Top Security Awareness Training Vendors

Top Security Awareness Training Vendors Having rigorously tailored security infrastructures is important for companies in the modern world; moreover, having a workforce that’s adequately aware of the...

Go on to the site to read the full article

from Top Security Awareness Training Vendors

Happy SysAdmin Day 2017

Having a background as a system administrator, I know first-hand many of the challenges you face. As every organization has a unique set of business requirements, system administrators work hard behind the scenes to keep operations running smoothly. From managing permission changes, recovering important files and monitoring user accounts, many system administrators utilize scripts to automate and manage routine tasks. Tenable.io includes over 450 pre-built audit policies and allows you to incorporate custom audit files. Custom audit files provide a great way for you to monitor routine events and changes, while making your work a little easier.

The Problem

On a daily basis, organizations can generate thousands of events, and keeping track of these events across multiple systems can be difficult to manage effectively. System administrators often access multiple web interfaces or consoles to manage systems within their environment. In addition, many are also responsible for maintaining compliance, managing access permissions, and ensuring corporate policies are followed.

Scripts are often used in combination with other security devices to help system administrators monitor critical events or issues that need to be addressed. Unfortunately, no matter what you use to monitor your network, many of these solutions won’t provide the complete visibility you need to sort through all of the events and activity within your network.

By leveraging custom audit files within Tenable.io, you can easily keep track of unique or critical events within one interface. You can customize scripts based on your organizational requirements that can help to ensure service availability and protect data integrity. Tenable.io provides you with the critical insight needed to stay one step ahead of activity that could impact network security or business operations.

Monitoring Account Changes

Many organizations today are required to ensure compliance with corporate policies, as well as industry regulations. Controls requiring password changes and monitoring inactive accounts are often included within many well-known frameworks such as NIST, HIPAA, and PCI DSS.

We have also recently had several questions from customers that wanted to monitor user account changes within Active Directory. I decided to use my lab environment and test out a solution. Within my lab environment, I created several PowerShell scripts to find inactive user accounts and password changes within the domain. These controls help to prevent account compromise and reduce the risk of critical systems or data from being accessed by attackers.

Using Powershell with Tenable.io

Tenable.io has the ability to run compliance checks using PowerShell cmdlets. The compliance checks use the arguments supplied within a custom audit file and run “powershell.exe” on the remote server. Results will include either the command output or compare results against the value data specified in the file. PowerShell is Microsoft’s built-in scripting language that’s designed for System Administration tasks. Using credentialed scans, Tenable.io leverages PowerShell scripts placed within custom audit files to collect information on event changes and activity within your network.

Monitor User Accounts

Since I’m going to be querying Active Directory, I start by importing the Active Directory Module for PowerShell. The Get-ADUser cmdlet I created a script to retrieve a list of user accounts and when the password was last set. Using this cmdlet, you modify the script to include either active and inactive accounts, and track changes across specific Organizational Units (OU) or other domains within your forest.

This information can also be used by executives to confirm if corporate security policies are being followed or need to be improved. If your organization has an internal policy to remove inactive accounts after a specific time period, using this data can help you ensure compliance requirements are being met.

Tenable.io also supports the ability to use PowerShell script files within your custom audit file. The Nessus User Guide includes a detailed section on how to setup and configure your custom audit file with Powershell.

Create Custom Audit File

In my custom audit file, I’m using if/then logic to first check whether the target system is a domain controller, then runs each audit check. Since I’m going to audit my domain controller, the WMI_POLICY is used to provide an initial check that target system is either a Primary or Backup domain controller.

<custom_item>
  type          : WMI_POLICY
  description   : "Target is a Domain Controller"
  wmi_namespace : "root/CIMV2"
  wmi_request   : "select DomainRole from Win32_ComputerSystem"
  wmi_attribute : "DomainRole"
  wmi_key       : "DomainRole"
  value_type    : POLICY_DWORD
  value_data    : 4 || 5
</custom_item>

Next, I used the AUDIT_POWERSHELL check and added the PowerShell commands I ran previously. The description value should include the appropriate plugin name and powershell_args value should contain the PowerShell command. This check also supports the ability to use PowerShell .ps1 files as well.

<custom_item>
  type                 : AUDIT_POWERSHELL
  description          : "<Plugin Name>"
  value_type           : POLICY_TEXT
  powershell_args      : "<PowerShell command>"
  value_data           : "MANUAL REVIEW REQUIRED"
  severity             : MEDIUM
  only_show_cmd_output : YES
</custom_item>

The Compliance check parser provides you with the ability to add multiple audit checks within your custom audit file. Once your custom audit file is completed, save the final output into an .audit format.

Results

Using the Policy Compliance Auditing scan template, I added my custom audit file and credentials for the domain controller. Completed results are located under the Compliance tab within the scan, and included the name of each check performed. Since we are auditing a Windows System, results are included within the Windows Compliance Checks plugin family.

Tenable.io Scan

Each result will look identical to the results posted earlier within PowerShell command line sessions. If you need to add more information, you can always modify your custom audit file to include the specific attributes you need based on your organizational requirements.

Password changes

Summary

User accounts are one of the easiest ways for attackers to gain access to your network systems and data. Once an account is compromised, attackers can pivot and target critical systems, obtain confidential data, and remain in your network for days, weeks or even month.

These examples are just a small portion of what custom audit files can do for you. Whether you want to obtain additional information from Active Directory, monitor file and folder changes or track local account activity, using custom audit files provides you with countless ways to automate routine tasks and know what’s going on within your network.

I hope these tips help. And Happy SysAdmin Day to my fellow fearless colleagues!

Have More Questions?



from Happy SysAdmin Day 2017

Top 20 Security Awareness Tips & Tricks

Top 20 Security Awareness Tips & Tricks Keeping your data safe and far away from the clutches of the hacking community is a need of the hour in today’s world. We have compiled 20 of the most...

Go on to the site to read the full article

from Top 20 Security Awareness Tips & Tricks

Me on Restaurant Surveillance Technology

I attended the National Restaurant Association exposition in Chicago earlier this year, and looked at all the ways modern restaurant IT is spying on people. But there's also a fundamentally creepy aspect to much of this. One of the prime ways to increase value for your brand is to use the Internet to practice surveillance of both your customers and...

from Me on Restaurant Surveillance Technology

The Case for Annual Security Awareness Training

Training Annually vs One-Off Training Anything short of annual IT security awareness training, at a minimum, is difficult to consider a legitimate training program at all. Unlike many components of... Go on to the site to read the full article

from The Case for Annual Security Awareness Training

Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers

In April, the Shadow Brokers -- presumably Russia -- released a batch of Windows exploits from what is presumably the NSA. Included in that release were eight different Windows vulnerabilities. Given a presumed theft date of the data as sometime between 2012 and 2013 -- based on timestamps of the documents and the limited Windows 8 support of the tools:

  • Three were already patched by Microsoft. That is, they were not zero days, and could only be used against unpatched targets. They are EMERALDTHREAD, EDUCATEDSCHOLAR, and ECLIPSEDWING.
  • One was discovered to have been used in the wild and patched in 2014: ESKIMOROLL.
  • Four were only patched when the NSA informed Microsoft about them in early 2017: ETERNALBLUE, ETERNALSYNERGY, ETERNALROMANCE, and ETERNALCHAMPION.

So of the five serious zero-day vulnerabilities against Windows in the NSA's pocket, four were never independently discovered. This isn't new news, but I haven't seen this summary before.



from Zero-Day Vulnerabilities against Windows in the NSA Tools Released by the Shadow Brokers

Thursday, July 27, 2017

The Concept of Mobile Phone

INTRODUCTION The digital forensic community is striving hard to stay abreast of the current state of the art in the constantly changing technologies which we use to expose relevant clues in a probe.... Go on to the site to read the full article

from The Concept of Mobile Phone

Reading PCAP Files with Apache Drill and the sergeant R Package

It’s no secret that I’m a fan of Apache Drill. One big strength of the platform is that it normalizes the access to diverse data sources down to ANSI SQL calls, which means that I can pull data from parquet, Hie, HBase, Kudu, CSV, JSON, MongoDB and MariaDB with the same SQL syntax. This also... Continue reading

from Reading PCAP Files with Apache Drill and the sergeant R Package

Interview with Julio Potier, Developer of SecuPress

Julio Potier is the developer behind SecuPress, the WordPress plugin that makes it possible to easily secure your WordPress websites and blogs. Julio is based in France and is very active in the WordPress security scene. He is also a security consultant and teaches developers to write more secure code through his lecture and audits… Read More

The post Interview with Julio Potier, Developer of SecuPress appeared first on WP White Security.



from Interview with Julio Potier, Developer of SecuPress

From my Gartner Blog – SIEM, Detection & Response: Build or Buy?

As Anton already blogged (many times) and twitted about, we are working to refresh some of our SIEM research and also on a new document about SaaS SIEM. This specific one has triggered some interesting conversations about who buy services and who buy products, and how that decision is usually made.

There are usually some shortcuts to find out if the organization should look, for example, for a MDR service or for a SIEM (and related processes and team to manage/use it). They are usually related to the organization’s preference for relying on external parties or doing things internally, the availability of resources to manage and operate technology or some weird accounting strategy that moves the needle towards capital investments or operational expenses. But what if there’s no shortcut? What if there’s really no preference for either path, how should an organization decide if it should rely on services for threat detection and response, or if it should build those capabilities internally? Making things more complicated, what if the answer is a bit of each, how to define the right mix?

Initially I can see a few factors as key points for that decision:

  • Cost – What option would be cheaper?
  • Flexibility – Which option would give me more freedom to change direction, put less restrictions on how things could/should be done?
  • Control – Which option gives me more control over the outcome and results?
  • Effectiveness – Which option will provide me, for lack of a better word, “better” threat detection / response capabilities?
  • Time to value – Which option can be implemented and provide value faster?

(Yes, there are other factors, including the security of your own data, but many times those factors end up in the “shortcuts” category above. Stuff like “we don’t put our stuff in the cloud”; makes the decision really easy, but that’s not the point here.)

Some of these factors have clear winners: time to value is almost always better with services, while doing everything yourself will obviously give you more control than any type of service.

Flexibility is more contentious. Services will be less flexible as no service provider (apart from pure staff augmentation) will give you the option to define how every piece of the puzzle should work. However, building things and hiring people will often freeze your resources more than just paying a services monthly bill. If you build everything in a certain way and then decide to change everything, you’ll probably have to pay some things twice. Moving from one service provider to another can be easier when contracts are made for flexibility.

And what about the last point, which model will provide the best results? If you are a Fortune 100 company, you’ll probably be in a position, in terms of resources, context and requirements, to build something that will be better than any service provider will be able to do for you. But if you’re not in that category, the best service providers will probably be able to give you better capabilities that you would be able to build AND maintain; just think about the challenge of keeping a very good and motivated team for more than a few months!

A simple framework for deciding between outsourcing or building in house could just look at those 5 factors, but you didn’t think the problem was that easy, right? Because the decision IS NOT BINARY! Today you can fully outsource your security operations, outsource some processes or even keep processes and people and rely on tools provided in a SaaS model. The number of questions to ask yourself and factors to consider grows exponentially.

For now we are just looking at a very specific outsourcing point, the SIEM as a tool. We hope to build some type of decision framework as one of the outcomes of our current research, but I’d like to revisit the broader problem in the future. And you, how did you decide between build or buy your detection and response capabilities?

The post SIEM, Detection & Response: Build or Buy? appeared first on Augusto Barros.



from Augusto Barros http://ift.tt/2w4FzpU
via IFTTT


from From my Gartner Blog – SIEM, Detection & Response: Build or Buy?

Death by Maintenance and Process Creep

Hardware-Defined IT is About to End- Not with a Bang but a Whimper After completing Security Paradox the idea of death by maintenance really sunk in. The following is a “song of vapor and iron” that has been echoing through my mind like an earworm: The Golden Age of IT As organizations grew they made […]

from Death by Maintenance and Process Creep

The Bottom Line – Security Awareness Training as a Revenue Generator

One of the roadblocks that IT managers often encounter when trying to implement IT security awareness training initiatives is justifying expenses associated with the program. Businesses live and die... Go on to the site to read the full article

from The Bottom Line – Security Awareness Training as a Revenue Generator

Garry Kasparov to speak about the rise of intelligent machines at DEF CON

Garry Kasparov, Avast security ambassador and former world chess champion, is set to discuss why humanity shouldn’t fear the rise of intelligent machines, but should embrace it at DEF CON in Las Vegas on July 28th, 2017 from 10:00 - 10:35. After his keynote, Garry will host a booklet signing session in the vendor area at DEF CON at 11:30.



from Garry Kasparov to speak about the rise of intelligent machines at DEF CON

What You Need to Know When Prepping for the PMP

The registration process for the PMP examination is pretty straightforward, but it is not uncommon for people wishing to take the project management examination to be confused about how to go about... Go on to the site to read the full article

from What You Need to Know When Prepping for the PMP

BSides London 2017, Owen Shearing’s ‘IPv6 for Pentesters’

Permalink

from BSides London 2017, Owen Shearing’s ‘IPv6 for Pentesters’

Virgin America says a hacker broke into its network, forced staff to change passwords

The attack happened days before the company was to be acquired by Alaska Air.

from Virgin America says a hacker broke into its network, forced staff to change passwords

Firing a Locked Smart Gun

The Armatix IP1 "smart gun" can only be fired by someone who is wearing a special watch. Unfortunately, this security measure is easily hackable.



from Firing a Locked Smart Gun

Wednesday, July 26, 2017

Tripwire Tuesdays: Stocking Your Data Lake with Prize Fish – Tripwire and Splunk

Big data lakes should be populated with big fish. IT (and OT) staff are tasked with “fishing,” or in this case splunking data lakes for evidence. They are looking to report and visualize evidence of operational faults, evidence of compliance, and evidence of nefarious activities. They are looking to catch the bad guys and the […]… Read More

The post Tripwire Tuesdays: Stocking Your Data Lake with Prize Fish – Tripwire and Splunk appeared first on The State of Security.



from Tripwire Tuesdays: Stocking Your Data Lake with Prize Fish – Tripwire and Splunk

Who Is Responsible for Monitoring the Internet and Email Communication? Are Your Communications Secure?

Is the internet monitored, or is it just hanging out there without anyone looking over it? That’s a very good question. The fact is that no one is looking over the internet in a supervisory kind of way aside from governments that may create legislation that has an influence in some way. It is up […]… Read More

The post Who Is Responsible for Monitoring the Internet and Email Communication? Are Your Communications Secure? appeared first on The State of Security.



from Who Is Responsible for Monitoring the Internet and Email Communication? Are Your Communications Secure?

The Importance of Penetration Testing and Its Tools

Introduction There is no doubt today that the threat landscape is changing on a daily basis. It seems like that hardly one threat is discovered that many unknown ones are still lurking. One of the... Go on to the site to read the full article

from The Importance of Penetration Testing and Its Tools

Slowloris all the things

At DEFCON, some researchers are going to announce a Slowloris-type exploit for SMB -- SMBloris. I thought I'd write up some comments.The original Slowloris from several years creates a ton of connections to a web server, but only sends partial headers....

from Slowloris all the things

CompTIA CSA+ Certification: Overview and Career Path

Cyber theft and fraud are some of today’s most feared threats for many organizations and companies. This is not hard to believe when thinking of the number of reports the FBI’s Internet...

Go on to the site to read the full article

from CompTIA CSA+ Certification: Overview and Career Path

Smashing Security #035: Up the Roomba with mandatory Chinese spyware

China is forcing people to install smartphone spyware, young cyberoffenders are offered rehab, and robot vacuum cleaners want to sell maps of the inside of your house to tech firms. All this and more is discussed in the latest edition of the "Smashing ...

from Smashing Security #035: Up the Roomba with mandatory Chinese spyware

Feature Phone Forensics

Introduction A feature phone can be described as a wireless mobile device that has more features than a standard cell phone, but limited capabilities when you compare it with a smartphone. Feature... Go on to the site to read the full article

from Feature Phone Forensics

Future Semiconductors Could be ‘Photocopied’ Using Graphene

Todd R. Weiss Research at MIT is continuing with single-atom-thin sheets of graphite to try to make it easier to manufacture future semiconductors. read more

from Future Semiconductors Could be ‘Photocopied’ Using Graphene

Diversity to Drones: Black Hat Speakers Weigh in On Top Security Trends

From $10 hacks to wind farm meltdowns, Black Hat speakers share the state of security this week in Las Vegas. read more

from Diversity to Drones: Black Hat Speakers Weigh in On Top Security Trends

From my Gartner Blog – Apresentando no Gartner Security Summit Brasil 2017

(excuse me for the post in Portuguese…)

O Gartner Security & Risk Management Summit de São paulo está chegando! Já estou no Brasil para o evento, que acontece entre os dias 8 e 9 de Agosto. Tenho algumas apresentações durante os dois dias de evento, incluindo o keynote de abertura, junto com meus colegas Claudio Neiva e Felix Gaehtgens. São estas:

Gerencie Riscos, Construa Confiança e Abrace a Mudança Tornando-se Adaptável em Todos os Lugares
08/08/2017 – 09:15AM

Augusto Barros , Claudio Neiva , Felix Gaehtgens

Neste keynote de abertura, o Gartner vai introduzir um novo capítulo para a segurança da informação, que irá transformar todas as áreas de segurança da informação a partir de então. Com base na visão de arquitetura de segurança adaptativa do Gartner, este keynote ampliará a capacidade e a necessidade de ser continuamente adaptável a todas as disciplinas de segurança da informação. Esta abordagem será a única maneira em que a segurança da informação será capaz de equilibrar as exigências em rápida mudança dos negócios digitais com a necessidade de proteger a organização de ataques avançados, mantendo níveis aceitáveis de risco e conformidade. Exploraremos essa visão futura e usaremos exemplos do mundo real sobre como essa mentalidade se aplicará à sua organização de segurança da informação e risco, processos e infraestrutura.

Mesa-redonda: Compartilhando Experiências com serviços MSS e MDR
08/08/2017 – 13:45

Muitas organizações estão confiando em Serviços Gerenciados de Segurança (Managed Security Services) e Gestão de Detecção e Resposta (Managed Detection and Response) para melhorar sua postura de segurança. O valor desses serviços, no entanto, está diretamente relacionado ao modo como a relação com o fornecedor é gerenciada. Esta discussão irá focar nas melhores práticas e eventuais armadilhas na contratação e utilização dos serviços MSS e MDR. Questões-chave:

• Quando faz sentido confiar nos provedores de serviços de segurança para detecção e resposta de ameaças?
• Como decidir entre MS SP e in house?
• Quais são os cenários de falha comuns para cada modelo?
• Quais são as melhores práticas para gerenciar o relacionamento com o provedor de serviços?

Aplicando Deception para a Detecção e Resposta a Ameaças
08/08/2017 – 16:00

Deception está surgindo como uma opção viável para melhorar recursos de detecção e resposta a ameaças. Esta apresentação tem como foco o uso de deception como um método de “baixo atrito” para detectar movimentos de ameaças laterais e como uma alternativa ou um complemento a outras tecnologias de detecção.

Workshop: Desenvolvimento, Implementação e Otimização dos Casos de Uso de Monitoramento da Segurança
09/08/2017 – 09:15

Esse workshop terá como foco, por meio da colaboração com pares, a implementação e a otimização dos casos de uso de monitoramento da segurança. Os participantes serão orientados pela estrutura do Gartner para identificar e refinar os seus requisitos a fim de produzir os seus próprios casos de uso de monitoramento da segurança com base em seus desafios e prioridades atuais.

Mesa-redonda: Lições Aprendidas Sobre Aventuras de Analytics de Segurança
09/08/2017 – 13:45

Muitas organizações se aventuraram além do SIEM e aplicaram técnicas e abordagens de análise avançada à segurança. Esta mesa redonda é uma oportunidade para as organizações com iniciativas de análise de segurança compartilhar suas descobertas e expor seus desafios atuais sobre como torná-lo efetivo.
Quais são seus casos de uso atuais?
Que ferramentas estão sendo usadas?
Quais são as habilidades envolvidas (e necessárias)?

The post Apresentando no Gartner Security Summit Brasil 2017 appeared first on Augusto Barros.



from Augusto Barros http://ift.tt/2uD9wy2
via IFTTT


from From my Gartner Blog – Apresentando no Gartner Security Summit Brasil 2017

Roombas will Spy on You

The company that sells the Roomba autonomous vacuum wants to sell the data about your home that it collects.

Some questions:

What happens if a Roomba user consents to the data collection and later sells his or her home -- especially furnished -- and now the buyers of the data have a map of a home that belongs to someone who didn't consent, Mr. Gidari asked. How long is the data kept? If the house burns down, can the insurance company obtain the data and use it to identify possible causes? Can the police use it after a robbery?



from Roombas will Spy on You

Tuesday, July 25, 2017

IOS Forensics

1. INTRODUCTION Day by day, Smart phones and tablets are becoming popular, and hence technology used in development to add new features or improve the security of such devices is advancing too fast.... Go on to the site to read the full article

from IOS Forensics

The Ins and Outs of Email Security Awareness

Email has been used as a medium for remote communication even before the World Wide Web and other technological breakthroughs came into light. Though email security seems unglamorous and old hat on... Go on to the site to read the full article

from The Ins and Outs of Email Security Awareness

XKCD, Physics Confession

Via the comically superlative mind of Randall Munroe at XKCD....

from XKCD, Physics Confession

Ways to Stay Secure When using File Sharing

When sharing small files over the Internet, you can always attach them to an email but, when the file is large, it may not be possible to send it via email. Most email servers have a limit on the... Go on to the site to read the full article

from Ways to Stay Secure When using File Sharing

Best Tips for Creating Strong Passwords

Passwords are an important safeguard for our data, yet so vulnerable: Verizon Enterprise recently reported that 63% of breaches are due to passwords that are weak, default, or stolen. That’s why it’s...

Go on to the site to read the full article

from Best Tips for Creating Strong Passwords

Metasploit meterpreter scripting

InfoSec Institute now has a Metasploit training course available that goes in-depth on Metasploit tools and scripting. Leave class Metasploit certified. The post Metasploit meterpreter scripting... Go on to the site to read the full article

from Metasploit meterpreter scripting

Managing Desktop Security

Why Is Desktop Security Important? Desktop security can be thought of as the first line of defense on a company’s network. By having proper security policies in place, many malware and virus...

Go on to the site to read the full article

from Managing Desktop Security

Black Hat speaker denied entry to US in another needless hit to security research

One security researcher was set to give a Black Hat talk in Las Vegas.

from Black Hat speaker denied entry to US in another needless hit to security research

Black Hat speaker denied entry to US in another needless hit to security research

One security researcher was set to give a Black Hat talk in Las Vegas.

from Black Hat speaker denied entry to US in another needless hit to security research

Windows Phone Forensics

1. INTRODUCTION Windows phone holds large of market share, so it is essential that Examiners or Investigators are aware of techniques used to extract data from Windows phone. It is also crucial that... Go on to the site to read the full article

from Windows Phone Forensics

Alternatives to Government-Mandated Encryption Backdoors

Policy essay: "Encryption Substitutes," by Andrew Keane Woods:

In this short essay, I make a few simple assumptions that bear mentioning at the outset. First, I assume that governments have good and legitimate reasons for getting access to personal data. These include things like controlling crime, fighting terrorism, and regulating territorial borders. Second, I assume that people have a right to expect privacy in their personal data. Therefore, policymakers should seek to satisfy both law enforcement and privacy concerns without unduly burdening one or the other. Of course, much of the debate over government access to data is about how to respect both of these assumptions. Different actors will make different trade-offs. My aim in this short essay is merely to show that regardless of where one draws this line -- whether one is more concerned with ensuring privacy of personal information or ensuring that the government has access to crucial evidence -- it would be shortsighted and counterproductive to draw that line with regard to one particular privacy technique and without regard to possible substitutes. The first part of the paper briefly characterizes the encryption debate two ways: first, as it is typically discussed, in stark, uncompromising terms; and second, as a subset of a broader problem. The second part summarizes several avenues available to law enforcement and intelligence agencies seeking access to data. The third part outlines the alternative avenues available to privacy-seekers. The availability of substitutes is relevant to the regulators but also to the regulated. If the encryption debate is one tool in a game of cat and mouse, the cat has other tools at his disposal to catch the mouse -- and the mouse has other tools to evade the cat. The fourth part offers some initial thoughts on implications for the privacy debate.

Blog post.



from Alternatives to Government-Mandated Encryption Backdoors

NIST SP 800-171 Deadline at End of 2017 – Is Your Organization Ready?

The National Institute of Standards and Technology (NIST) has released Special Publication 800-171. The document covers the protection of Controlled Unclassified Information (CUI) in Nonfederal Information Systems and Organizations. The document was designed to provide guidance on ensuring that all systems that process, store, or transmit CUI information are secured and hardened. Compliance to the […]… Read More

The post NIST SP 800-171 Deadline at End of 2017 – Is Your Organization Ready? appeared first on The State of Security.



from NIST SP 800-171 Deadline at End of 2017 – Is Your Organization Ready?

18-year-old arrested after reporting dumb bug in public transport e-ticket system

More than 45,000 users have voiced their disapproval on social media for Hungary's public transport system after police arrested an 18-year-old man for reporting a flaw in its new e-ticket system. David Bisson reports.

from 18-year-old arrested after reporting dumb bug in public transport e-ticket system

Alphabet Sales Fall Short of Most-Optimistic Analyst Forecasts

Bloomberg
Alphabet Inc. reported second-quarter revenue that met analysts’ projections, falling short of the most-optimistic estimates, and said the cost of its Google ads declined.

read more



from Alphabet Sales Fall Short of Most-Optimistic Analyst Forecasts

Google Creates an AI Venture Fund to Invest in AI Startups

Todd R. Weiss With artificial intelligence research increasing around the world, Google has created a new Gradient Ventures venture fund to target investments in early-sta...

from Google Creates an AI Venture Fund to Invest in AI Startups

Weekly Cyber Risk Roundup: Three Ethereum Heists and NotPetya Fallout Continues

The cryptocurrency Ethereum made numerous headlines this past week due to three separate multi-million dollar thefts: one due to a bug in the code of the Parity Ethereum client, one caused by a website hack that redirected funds meant for the Initial Coin Offering (ICO) of Coindash, and one tied to a hacker managing to… Read More

from Weekly Cyber Risk Roundup: Three Ethereum Heists and NotPetya Fallout Continues

Hotel Security – The Protocol

Me just a few minutes ago (real life, just the room number is not real): At the reception: Me: Sorry, my key does not seem to work anymore. Reception: What is your room number, sir? Me: 683 Reception: Mr. Halbheer? Me: Yes Reception: Let me give you a new key I understand: A scammer would…

from Hotel Security – The Protocol

Swedish Government Tries to Stem Damage Done by Security Breach

Bloomberg Swedish Prime Minister Stefan Lofven says his government is trying to safeguard sensitive information and minimize damage done by an IT outsourcing deal. read ...

from Swedish Government Tries to Stem Damage Done by Security Breach

Daniel Stori’s ‘Are You Ready for Microservices?’

Finely tuned cartoonery, via the comedic mind of Daniel Stori at turnoff.us. Permalink

from Daniel Stori’s ‘Are You Ready for Microservices?’

Daniel Stori’s ‘Are You Ready for Microservices?’

Finely tuned cartoonery, via the comedic mind of Daniel Stori at turnoff.us. Permalink

from Daniel Stori’s ‘Are You Ready for Microservices?’

Internet of Dashboards and the Future of Defense in Cybersecurity

I am thrilled to be keynoting this year’s BSidesLV this week in Las Vegas with a talk on what I believe is the future of defense in cybersecurity: a better design of social and economic systems that incorporates modeling for the human factor and a renewed focus on human outcomes. Big data, behavioral analytics, machine […]… Read More

The post Internet of Dashboards and the Future of Defense in Cybersecurity appeared first on The State of Security.



from Internet of Dashboards and the Future of Defense in Cybersecurity

Monday, July 24, 2017

US Army Researching Bot Swarms

The US Army Research Agency is funding research into autonomous bot swarms. From the announcement:

The objective of this CRA is to perform enabling basic and applied research to extend the reach, situational awareness, and operational effectiveness of large heterogeneous teams of intelligent systems and Soldiers against dynamic threats in complex and contested environments and provide technical and operational superiority through fast, intelligent, resilient and collaborative behaviors. To achieve this, ARL is requesting proposals that address three key Research Areas (RAs):

RA1: Distributed Intelligence: Establish the theoretical foundations of multi-faceted distributed networked intelligent systems combining autonomous agents, sensors, tactical super-computing, knowledge bases in the tactical cloud, and human experts to acquire and apply knowledge to affect and inform decisions of the collective team.

RA2: Heterogeneous Group Control: Develop theory and algorithms for control of large autonomous teams with varying levels of heterogeneity and modularity across sensing, computing, platforms, and degree of autonomy.

RA3: Adaptive and Resilient Behaviors: Develop theory and experimental methods for heterogeneous teams to carry out tasks under the dynamic and varying conditions in the physical world.

Slashdot thread.

And while we're on the subject, this is an excellent report on AI and national security.



from US Army Researching Bot Swarms

Sunday, July 23, 2017

Elastic-ing All the Things at BSidesLV 2017

Take five seconds to think: Which of the two scenarios is the worst as an incident responder? In the first one, you have to analyze terabytes of logs by grepping audits, Windows events, proxy, intrusion prevention systems and mail as you try to pivot, correlate and understand what the heck happened. In the second one, […]… Read More

The post Elastic-ing All the Things at BSidesLV 2017 appeared first on The State of Security.



from Elastic-ing All the Things at BSidesLV 2017

7 Not-to-Miss Presentations at Black Hat USA 2017

The excitement is building for Black Hat USA 2017. To help attendees get the most out of the event, I’ve assembled just a few of the presentations that will no doubt make this year’s conference a memorable one. These talks range in topic from mobile network vulnerabilities to breaking electronic door locks to new solutions […]… Read More

The post 7 Not-to-Miss Presentations at Black Hat USA 2017 appeared first on The State of Security.



from 7 Not-to-Miss Presentations at Black Hat USA 2017

Book Review: Borderless Behavior Analytics

The excitement is building for Black Hat USA 2017. To help attendees get the most out of the event, I’ve assembled just a few of the presentations that will no doubt make this year’s conference a memorable one. These talks range in topic from mobile network vulnerabilities to breaking electronic door locks to new solutions […]… Read More

The post 7 Not-to-Miss Presentations at Black Hat USA 2017 appeared first on The State of Security.



from Book Review: Borderless Behavior Analytics

Defending anti-netneutrality arguments

Last week, activists proclaimed a "NetNeutrality Day", trying to convince the FCC to regulate NetNeutrality. As a libertarian, I tweeted many reasons why NetNeutrality is stupid. NetNeutrality is exactly the sort of government regulation Libertarians hate most. Somebody tweeted the following challenge, which I thought I'd address here.

@ErrataRob I'd like to see you defend your NN stance in this context.https://t.co/2yvwMLo1m1https://t.co/a7CYxd9vcW
— Tanner Bennett (@NSExceptional) July 21, 2017

The links point to two separate cases.
  • the Comcast BitTorrent throttling case
  • a lawsuit against Time Warning for poor service
The tone of the tweet suggests that my anti-NetNeutrality stance cannot be defended in light of these cases. But of course this is wrong. The short answers are:

  • the Comcast BitTorrent throttling benefits customers
  • poor service has nothing to do with NetNeutrality

The long answers are below.

The Comcast BitTorrent Throttling

The presumption is that any sort of packet-filtering is automatically evil, and against the customer's interests. That's not true.

Take GoGoInflight's internet service for airplanes. They block access to video sites like NetFlix. That's because they often have as little as 1-mbps for the entire plane, which is enough to support many people checking email and browsing Facebook, but a single person trying to watch video will overload the internet connection for everyone. Therefore, their Internet service won't work unless they filter video sites.

GoGoInflight breaks a lot of other NetNeutrality rules, such as providing free access to Amazon.com or promotion deals where users of a particular phone get free Internet access that everyone else pays for. And all this is allowed by FCC, allowing GoGoInflight to break NetNeutrality rules because it's clearly in the customer interest.

Comcast's throttling of BitTorrent is likewise clearly in the customer interest. Until the FCC stopped them, BitTorrent users were allowed unlimited downloads. Afterwards, Comcast imposed a 300-gigabyte/month bandwidth cap.

Internet access is a series of tradeoffs. BitTorrent causes congestion during prime time (6pm to 10pm). Comcast has to solve it somehow -- not solving it wasn't an option. Their options were:
  • Charge all customers more, so that the 99% not using BitTorrent subsidizes the 1% who do.
  • Impose a bandwidth cap, preventing heavy BitTorrent usage.
  • Throttle BitTorrent packets during prime-time hours when the network is congested.
Option 3 is clearly the best. BitTorrent downloads take hours, days, and sometimes weeks. BitTorrent users don't mind throttling during prime-time congested hours. That's preferable to the other option, bandwidth caps.

I'm a BitTorrent user, and a heavy downloader (I scan the Internet on a regular basis from cloud machines, then download the results to home, which can often be 100-gigabytes in size for a single scan). I want prime-time BitTorrent throttling rather than bandwidth caps. The EFF/FCC's action that prevented BitTorrent throttling forced me to move to Comcast Business Class which doesn't have bandwidth caps, charging me $100 more a month. It's why I don't contribute the EFF -- if they had not agitated for this, taking such choices away from customers, I'd have $1200 more per year to donate to worthy causes.

Ask any user of BitTorrent which they prefer: 300gig monthly bandwidth cap or BitTorrent throttling during prime-time congested hours (6pm to 10pm). The FCC's action did not help Comcast's customers, it hurt them. Packet-filtering would've been a good thing, not a bad thing.


The Time-Warner Case

First of all, no matter how you define the case, it has nothing to do with NetNeutrality. NetNeutrality is about filtering packets, giving some priority over others. This case is about providing slow service for everyone.

Secondly, it's not true. Time Warner provided the same access speeds as everyone else. Just because they promise 10mbps download speeds doesn't mean you get 10mbps to NetFlix. That's not how the Internet works -- that's not how any of this works.

To prove this, look at NetFlix's connection speed graphis. It shows Time Warner Cable is average for the industry. It had the same congestion problems most ISPs had in 2014, and it has the same inability to provide more than 3mbps during prime-time (6pm-10pm) that all ISPs have today.




The YouTube video quality diagnostic pages show Time Warner Cable to similar to other providers around the country. It also shows the prime-time bump between 6pm and 10pm.


Congestion is an essential part of the Internet design. When an ISP like Time Warner promises you 10mbps bandwidth, that's only "best effort". There's no way they can promise 10mbps stream to everybody on the Internet, especially not to a site like NetFlix that gets overloaded during prime-time.

Indeed, it's the defining feature of the Internet compared to the old "telecommunications" network. The old phone system guaranteed you a steady 64-kbps stream between any time points in the phone network, but it cost a lot of money. Today's Internet provide a free multi-megabit stream for free video calls (Skype, Facetime) around the world -- but with the occasional dropped packets because of congestion.

Whatever lawsuit money-hungry lawyers come up with isn't about how an ISP like Time Warner works. It's only about how they describe the technology. They work no different than every ISP -- no different than how anything is possible.



Conclusion

The short answer to the above questions is this: Comcast's BitTorrent throttling benefits customers, and the Time Warner issue has nothing to do with NetNeutrality at all.

The tweet demonstrates that NetNeutrality really means. It has nothing to do with the facts of any case, especially the frequency that people point to ISP ills that have nothing actually to do with NetNeutrality. Instead, what NetNeutrality really about is socialism. People are convinced corporations are evil and want the government to run the Internet. The Comcast/BitTorrent case is a prime example of why this is a bad idea: government definitions of what customers want is actually far different than what customers actually want.




from Defending anti-netneutrality arguments

What is Data Privacy and why is it an important issue?

The question of whether privacy is a fundamental right is being argued before the honorable Supreme Court of India. It is a topic to which a young India is waking up too. Privacy is often equated with Liberty, and young Indians wants adequate protectio...

from What is Data Privacy and why is it an important issue?

Online criminals clone UK university’s website to phish for cash

Criminals have cloned a UK university's website in an attempt to phish for unsuspecting students' cash and personal information. David Bisson reports.

from Online criminals clone UK university’s website to phish for cash

Nuit du Hack XV (2017) Workshop Slides

As promised, (with the usual delay):Nuit du Hack XV (2017): workshop slides and USB content.Also, the Google Drive folder with all the presentations.Enjoy! :)

from Nuit du Hack XV (2017) Workshop Slides

Nuit du Hack XV (2017) Workshop Slides

As promised, (with the usual delay):Nuit du Hack XV (2017): workshop slides and USB content.Also, the Google Drive folder with all the presentations.Enjoy! :)

from Nuit du Hack XV (2017) Workshop Slides

Cyber Exposure: The Next Frontier for Security

The stakes have never been higher when it comes to cybersecurity. Global cyber attacks such as the recent WannaCry ransomware attack is a sobering reminder that cybersecurity is the existential threat of this generation. A new report from Lloyd’s of London estimates a serious cyber attack could cost the global economy more than $120 billion - as much as catastrophic natural disasters such as Hurricane Katrina and Sandy. According to the report, the most likely scenario is a malicious hack that would take down a cloud service provider at an estimated loss of $53 billion. With all of the attention and the hundreds of vendors in the security industry, why are we still here in this same situation, with it only getting worse and more severe?

The reality is these "future" technologies and compute platforms, such as IoT and cloud, are no longer the future. They are here and now. This means the cyber attack surface is no longer a laptop or a server in a data center. According to Business Intelligence, there will be nine billion active IoT devices in the enterprise by 2019. That’s more than the entire smartphone and tablet markets combined. According to a 2016 IDG Enterprise Cloud Computing Survey, over 90 percent of organizations either have applications running in the cloud today or are planning to adopt cloud applications in 2017. We’re also seeing development shifts such as DevOps become mainstream, and with that comes the rise of containers and microservices as a way to make changes to smaller parts of the application in a more agile way. According to 451 Research, the container market is the fastest growing market of cloud-enabling technologies, with a CAGR of 40 percent through 2020, growing from $762 million to $2.7 billion by 2020.

So What Do We Do in Response?

We throw hundreds of tools at the problem, each designed to protect the organization from a nice, many times advanced "threat of the week" style attack. We have Configuration Management Databases (CMDBs) which give the organization an IT view of assets and configurations, but weren’t built to keep pace with modern assets and aren’t a security view. Vulnerability Management (VM) technologies are used by most organizations to scan the network to identify issues, but the problem with legacy VM tools is they are a "one size fits all" approach designed in the world of client/server and on-premise data centers which only assess "known" assets which are running at the time of the scan or that can have an agent deployed on them.

We are in the new, modern world of IoT, cloud, SaaS, mobile and DevOps, which means organizations need to approach understanding their cyber risk in a way that adapts to this new world of modern assets. For example, IoT and mobile devices may be undetectable with traditional tools, containers and cloud workloads which, as opposed to other types of assets that have lives of months to years, may have a life of minutes to hours, making them extremely hard to see and protect. There are also safety-critical infrastructure and Operational Technology like Industrial Control Systems which are a rising attack vector. These systems were designed to be walled off from the network and isolated from threats, and therefore not designed for frequent change or software deployments. As software permeates through every industry, these Industrial IoT devices which are now connected devices need to be protected but the old way is too intrusive.

Welcome to the Era of Modern Cyber Exposure

We believe that Cyber Exposure is the next frontier for empowering organizations to accurately understand, represent and ultimately reduce their cyber risk against the rapidly changing modern attack surface. Cyber Exposure transforms security from a static or fragmented view to live and holistic visibility across every asset - whether that’s IoT or traditional IT devices, cloud infrastructure or Industrial Control Systems. From this live picture then you can start to accurately assess and analyze these assets for areas of exposure. This could be misconfigurations but it could also be other hygiene types of health indicators such as out-of-date antivirus or flagging high-risk users. By correlating this information with additional sources data, such as a CMDB or threat intelligence, you can get a more complete picture of the business criticality and severity of the issue to prioritize remediation and work with IT to fix it.

Cyber Exposure is analogous to IT Service Management and how the execution of ITSM processes is supported with specialized software technology. At the core of ITSM software suites are a workflow management system (service desk) for managing incidents and maintaining a knowledge base system of record, and a Configuration Management Database (CMDB) for discovering and mapping Configuration Items and their dependencies. Bringing these technologies together creates an intuitive way to link incidents with change and service requests together, but also provides a view of business services and the underlying IT infrastructure to help accelerate troubleshooting and change impact analysis, for example. Just as ITSM provides a process for planning, delivering and operating IT services to better support customers, Cyber Exposure provides a discipline and a process for managing and measuring cyber risk against the modern attack surface. This will help security and IT teams collaborate to more effectively and efficiently identify and resolve issues, but will also provide an objective way for the CISO, CIO and the business to measure cyber risk and use it for strategic decisions and planning. Cyber Exposure technologies will provide the data, visualization, process management and metrics to help drive a new way to manage security to reduce risk, make better business decisions and actually enable digital transformation instead of being the impediment to it.

Communicating Cyber Risk to the Board

There has also been a lot of conversation around cybersecurity awareness and readiness within the C-suite and the board of directors: how do you represent and communicate cyber risk in non-technical, business terms? Today the CISO has to translate a mountain of data in multiple spreadsheets into intuitive insights the business can use to make decisions from. Cyber Exposure will help the CISO drive a new level of dialogue with the business. If you know which areas of your business are secure - or exposed - and you can measure your organization against a larger set of data. This opens up a whole new set of discussions and decisions about where the organization needs to focus, how much and where to invest to reduce risk to an acceptable amount and help drive strategic business decisions. Every function has its organizational system of record to manage, measure and predict the business exposure relevant to that function, for example, CRM for revenue and forecasting exposure, ERP for financial and supply chain exposure and Human Capital Management (HCM) for employee satisfaction and attrition exposure. Imagine a future where every strategic business decision factors in Cyber Exposure data as a key risk metric, just as the business does with all of these types of exposure. We believe the future doesn’t need to be in the future.

We’re excited to apply our years of expertise and knowledge in understanding assets, networks and vulnerabilities to usher in this new modern era of Cyber Exposure. And we’re just getting started...



from Cyber Exposure: The Next Frontier for Security

Book Review: Borderless Behavior Analytics

The stakes have never been higher when it comes to cybersecurity. Global cyber attacks such as the recent WannaCry ransomware attack is a sobering reminder that cybersecurity is the existential threat of this generation. A new report from Lloyd’s of London estimates a serious cyber attack could cost the global economy more than $120 billion - as much as catastrophic natural disasters such as Hurricane Katrina and Sandy. According to the report, the most likely scenario is a malicious hack that would take down a cloud service provider at an estimated loss of $53 billion. With all of the attention and the hundreds of vendors in the security industry, why are we still here in this same situation, with it only getting worse and more severe?

The reality is these "future" technologies and compute platforms, such as IoT and cloud, are no longer the future. They are here and now. This means the cyber attack surface is no longer a laptop or a server in a data center. According to Business Intelligence, there will be nine billion active IoT devices in the enterprise by 2019. That’s more than the entire smartphone and tablet markets combined. According to a 2016 IDG Enterprise Cloud Computing Survey, over 90 percent of organizations either have applications running in the cloud today or are planning to adopt cloud applications in 2017. We’re also seeing development shifts such as DevOps become mainstream, and with that comes the rise of containers and microservices as a way to make changes to smaller parts of the application in a more agile way. According to 451 Research, the container market is the fastest growing market of cloud-enabling technologies, with a CAGR of 40 percent through 2020, growing from $762 million to $2.7 billion by 2020.

So What Do We Do in Response?

We throw hundreds of tools at the problem, each designed to protect the organization from a nice, many times advanced "threat of the week" style attack. We have Configuration Management Databases (CMDBs) which give the organization an IT view of assets and configurations, but weren’t built to keep pace with modern assets and aren’t a security view. Vulnerability Management (VM) technologies are used by most organizations to scan the network to identify issues, but the problem with legacy VM tools is they are a "one size fits all" approach designed in the world of client/server and on-premise data centers which only assess "known" assets which are running at the time of the scan or that can have an agent deployed on them.

We are in the new, modern world of IoT, cloud, SaaS, mobile and DevOps, which means organizations need to approach understanding their cyber risk in a way that adapts to this new world of modern assets. For example, IoT and mobile devices may be undetectable with traditional tools, containers and cloud workloads which, as opposed to other types of assets that have lives of months to years, may have a life of minutes to hours, making them extremely hard to see and protect. There are also safety-critical infrastructure and Operational Technology like Industrial Control Systems which are a rising attack vector. These systems were designed to be walled off from the network and isolated from threats, and therefore not designed for frequent change or software deployments. As software permeates through every industry, these Industrial IoT devices which are now connected devices need to be protected but the old way is too intrusive.

Welcome to the Era of Modern Cyber Exposure

We believe that Cyber Exposure is the next frontier for empowering organizations to accurately understand, represent and ultimately reduce their cyber risk against the rapidly changing modern attack surface. Cyber Exposure transforms security from a static or fragmented view to live and holistic visibility across every asset - whether that’s IoT or traditional IT devices, cloud infrastructure or Industrial Control Systems. From this live picture then you can start to accurately assess and analyze these assets for areas of exposure. This could be misconfigurations but it could also be other hygiene types of health indicators such as out-of-date antivirus or flagging high-risk users. By correlating this information with additional sources data, such as a CMDB or threat intelligence, you can get a more complete picture of the business criticality and severity of the issue to prioritize remediation and work with IT to fix it.

Cyber Exposure is analogous to IT Service Management and how the execution of ITSM processes is supported with specialized software technology. At the core of ITSM software suites are a workflow management system (service desk) for managing incidents and maintaining a knowledge base system of record, and a Configuration Management Database (CMDB) for discovering and mapping Configuration Items and their dependencies. Bringing these technologies together creates an intuitive way to link incidents with change and service requests together, but also provides a view of business services and the underlying IT infrastructure to help accelerate troubleshooting and change impact analysis, for example. Just as ITSM provides a process for planning, delivering and operating IT services to better support customers, Cyber Exposure provides a discipline and a process for managing and measuring cyber risk against the modern attack surface. This will help security and IT teams collaborate to more effectively and efficiently identify and resolve issues, but will also provide an objective way for the CISO, CIO and the business to measure cyber risk and use it for strategic decisions and planning. Cyber Exposure technologies will provide the data, visualization, process management and metrics to help drive a new way to manage security to reduce risk, make better business decisions and actually enable digital transformation instead of being the impediment to it.

Communicating Cyber Risk to the Board

There has also been a lot of conversation around cybersecurity awareness and readiness within the C-suite and the board of directors: how do you represent and communicate cyber risk in non-technical, business terms? Today the CISO has to translate a mountain of data in multiple spreadsheets into intuitive insights the business can use to make decisions from. Cyber Exposure will help the CISO drive a new level of dialogue with the business. If you know which areas of your business are secure - or exposed - and you can measure your organization against a larger set of data. This opens up a whole new set of discussions and decisions about where the organization needs to focus, how much and where to invest to reduce risk to an acceptable amount and help drive strategic business decisions. Every function has its organizational system of record to manage, measure and predict the business exposure relevant to that function, for example, CRM for revenue and forecasting exposure, ERP for financial and supply chain exposure and Human Capital Management (HCM) for employee satisfaction and attrition exposure. Imagine a future where every strategic business decision factors in Cyber Exposure data as a key risk metric, just as the business does with all of these types of exposure. We believe the future doesn’t need to be in the future.

We’re excited to apply our years of expertise and knowledge in understanding assets, networks and vulnerabilities to usher in this new modern era of Cyber Exposure. And we’re just getting started...



from Book Review: Borderless Behavior Analytics

Shannon’s Legacy

Saturday's Must Read is the story of the years Claude Shannon spent (early-on his career) residing and workin...

from Shannon’s Legacy

OCI Sets First Container Standards

The Open Container Initiative has issued its first sets of standards for container technology. read more

from OCI Sets First Container Standards