Posts tagged Attacks
Just in Time for “Anonymous” Attacks, U.S. NIST Drafts a New Readiness Plan
Jan 23rd
Two years ago, the U.S. Dept. of Homeland Security firmly decided (again) that a policy of responding to vulnerabilities in the nation’s cybersecurity when they happen, is insufficient. The National Institute of Standards and Technology set about on a plan to model a 21st century perpetual vulnerability mitigation scheme – a continuous monitoring (CM) framework that attempts to model security procedures not in terms of crisis and response, but instead as a perpetual cycle of monitoring and engagement that stays basically the same whether or not there’s a crisis.
In other words, if you “keep doing this all the time,” then whatever happens won’t destroy the network. Late last week, NIST produced its first series of drafts for how government information services could look, perhaps later this decade. It’s so radically different from anything seen thus far, that NIST acknowledges that no one in the commercial sector has even come up with the language to describe it.
Sponsor
The January draft of NIST’s interface specifications (PDF available here) shows five layers of what are periodically described as subsystems. Think of these functional components as comprised of devices, software, and people. Acknowledging that not every CM process can or should be automated, NIST’s architects have created these five classes of subsystem to represent the divisions of workflow for both people and technology who work with any data domain. In other words, regardless of what data you’re working with, as a government IT worker, you and your programs will fall someplace within this model.
So do software vendors start digesting this system now and try to build products based on it? Right now, NIST acknowledges that might not be possible.
“Each subsystem specification provides product development requirements applicable to specific product types. It is not expected, or desired, that any specific product adopt all of the subsystem specifications. Some of the subsystem specifications describe requirements that already exist within many Information Technology (IT) products. Thus, incorporation of these specifications should require only gentle instrumentation for those existing products. In other cases, the subsystems represent new functionality and product types (e.g., multi-product sensor orchestration and tasking and policy content repositories) that do not currently exist on the market. If vendors choose to adopt these specifications, they will likely need to develop new products. To catalyze vendor involvement we are looking into providing functioning prototypes of these capabilities.”
In a situation that will remind some folks of The Hitchhiker’s Guide to the Galaxy, NIST comes clean in saying that in order to understand how this solution may eventually work, everyone needs to learn along the way just how the problem works. One of the elements absent from the NIST drafts so far is remediation, for instance. Right now, it’s worked out a structural framework for a query system that triggers workflow between the elements of the subsystems shown in the diagram. But the query language itself has not been invented yet.
So are we years away from a working implementation? Perhaps not very many. The CM concept has only been devised in the past few years, and one of the documents that led to the forging of these latest drafts was only produced last September. At that time, the CM concept was being referred to by its broader abbreviation, Information Systems Continuous Monitoring (ISCM).
“The output of a strategically designed and well-managed organization-wide ISCM program can be used to maintain a system’s authorization to operate and keep required system information and data… up to date on an ongoing basis,” the September document explains. “Security management and reporting tools may provide functionality to automate updates to key evidence needed for ongoing authorization decisions. ISCM also facilitates risk-based decision making regarding the ongoing authorization to operate information systems and security authorization for common controls by providing evolving threat activity or vulnerability information on demand. A security control assessment and risk determination process, otherwise static between authorizations, is thus transformed into a dynamic process that supports timely risk response actions and cost-effective, ongoing authorizations. Continuous monitoring of threats, vulnerabilities, and security control effectiveness provides situational awareness for risk-based support of ongoing authorization decisions. An appropriately designed ISCM strategy and program supports ongoing authorization of type authorizations, as well as single, joint, and leveraged authorizations.”
The hope is that, once security vulnerabilities are identified by researchers, either in the public or private sectors, the standardization of their reporting will enable them to be entered into the system like marbles in a pachinko machine. The system will essentially digest them, feeding on them and integrating their lessons into everyday processes. It is a completely different way to think about work and workflow, but desperate times demand it.
View full post on ReadWriteWeb
How Vulnerable Are Your Facebook Friends to Attacks?
Aug 24th
Even as Facebook moves to improve and simplify privacy options for the social network’s 750 million users, a group of independent researchers are proposing even greater security measures for social networks that place control and responsibility squarely in the hands of users.
The researchers are presenting their findings this afternoon at the ACM Conference on Knowledge Discovery and Data Mining in San Diego. They’ve created an index that lets users determine how vulnerable their Facebook friends are to the the myriad of attacks occurring on social networks (see sidebar below) and hope to develop an app based on their research. While they have yet to determine when an app like that could be launched, their easily digestible report is available now.
Sponsor
The Types of Malicious Activities Occurring on Social Networks
•Scams
•Stalking
•Malware
•Phishing
•Impostors
•Spamming
•Clickjacking
•Cyberbullying
•Malicious scripts
•Hacked accounts
•Malicious tagging of user content
•Hacking into anonymous data to extract personal user information
•Sybyl Attacks that involve the creation of false I.D.s to carry out malicious activities
•Scams
•Stalking
•Malware
•Phishing
•Impostors
•Spamming
•Clickjacking
•Cyberbullying
•Malicious scripts
•Hacked accounts
•Malicious tagging of user content
•Hacking into anonymous data to extract personal user information
•Sybyl Attacks that involve the creation of false I.D.s to carry out malicious activities
The researchers looked at 2 million Facebook users and assigned a vulnerability index to each account based not only on the individual’s behavior and privacy settings but those of their friends as well. The upshot is that your privacy is only as secure as the weakest link (person) in your network of friends.
The solution, says Pritam Gundecha, a computer science PhD student at Arizona State University and one of the authors of the study, is to unfriend those with questionable behaviors or friends who have not set their privacy controls to acceptable levels.
If you don’t wish to unfriend someone, you can make them aware of their vulnerabilities and to ask them to address them, says Gundecha, whose studies focus on social media security.
The three researchers, including Geoffrey Barbier and Huan Liu of Arizona State, hope to develop a Facebook application that will let users see the privacy attributes of their friends. The work is based on a relatively simple mathematical model that uses public information, says Gundecha.
Yesterday Facebook published its 20-page Guide to Facebook Security that’s well worth the read. It’s available as a downloadable PDF.
What would you do if you discovered a Facebook friend was a security risk? Unfriend them? Ask them to change their online behavior?
View full post on ReadWriteWeb
Patent Absurdity? Google, Microsoft in War of Words Over Android ‘Patent Attacks’
Aug 5th
Google brazenly released a blog post condemning the patent strategies of Microsoft, Apple, and Oracle. Unfortunately for them, Microsoft quickly rebutted by showing that they’d attempted to work jointly with Google.
Google’s Anti-Microsoft (and …
View full post on Search Engine Watch – Latest
“PakCyberArmy” Attacks Dozens of Indian Sites
May 10th
There is no single “cyber-war” taking place today. Rather, there are hundreds of brushfire wars taking place online. One of the latest is the Pakistan Cyber Army‘s attacks on at least 116 Indian sites, according to The Hacker News.
There has been a long history of conflict between Pakistan and India, with the most recent being Indian anger at the alleged Pakistani involvement in the 2008 Mumbai attacks that left over 100 dead and over 300 wounded.
Sponsor
The list of sites attacked by the Pakistan Cyber Army (aka “PakCyberArmy” and “MaDnI”) has been published on Zone-H.
A number of additional sites appear to have also been attacked since then.
Prior to this, the group has hacked the Indian railway and security bureau.
As the Internet becomes a more common ground for conflict, the activities of both official organizations, semi-official and unofficial groups will continue to mount.
View full post on ReadWriteWeb
Osama bin Laden’s Death Triggers Facebook, SEO Poisoning Attacks – CRN
May 2nd
|
Osama bin Laden's Death Triggers Facebook, SEO Poisoning Attacks
CRN SEO poisoning attacks and Facebook adware exploiting the news of Osama bin Laden's death are already traveling rapidly across the Internet, detected by researchers at antivirus firm Kaspersky Lab. The massive phishing campaigns … Spam, SEO and malware quick to capitalise on death of Bin Laden Web, E-mail and Facebook Exploit Osama bin Laden's Death |
View full post on SEO – Google News
Thousands of Bloggers Struggle to Withstand Wave of DDoS Attacks Against LiveJournal
Apr 7th
Long time blogging platform LiveJournal said today that it has been subject to “repeated, large-scale DDoS attacks” for the past two weeks. The company says that the attacks have targeted a number of different users’ journals, some of whom are political in nature. While a small number of users may be targeted, all users lose their ability to publish and read on the platform when the site is taken down. “LiveJournal believes strongly in the ideal of freedom of expression,” the company said, “and we’re working very hard to ensure that users around the world have a place where their voices can be heard.”
LiveJournal said it is making extensive but undescribed technical changes to try to fight off the attacks. Nearly 400 users posted comments expressing support for the company’s efforts (or listing their birthday wishes if they were born this month, the news update concerned several matters) within the first few hours after the statement.
Sponsor
“These attacks are insane,” commented fiction writer and paid account holder McGarryGirl78. “I’m glad you guys are doing everything you can but the frustration does start to get to me after a while. I know it’s not your fault though so I just wish you luck on keeping the attackers at bay.”
In its statement, the company urged users unable to access their journals to watch Twitter for updates. LiveJournal describes itself there as “blurring the lines between blogging and social networking… since ’99.” Built by now-Googler Brad Fitzpatrick 12 years ago next week, LiveJournal was acquired by SixApart 6 years ago and then bought by Russian media company SUP 3 years ago.
Cynics might shrug at the troubles of the no-longer dominant blogging/social networking service, but attacks against LiveJournal are attacks against the voices of people who choose to use that platform to publish and subscribe to the world. The ability for any everyday person to publish their thoughts and subscribe freely to their personal interests in the world is a precious historical anomaly.
Amazon traffic monitoring service Alexa says LiveJournal is the 72nd most-trafficked site on the web, just behind the New York Times at #71.
Related: Why a Day of Tumblr Down-Time Matters to the Web & to the World
View full post on ReadWriteWeb
