Security: Hackers swipe FTP server credentials using SaaS

Report: Hackers swipe FTP server credentials using SaaS
February 27th, 2008, Posted by Larry Dignan @ 7:18 am

Finjan said it has uncovered a database with more than 8,700 FTP account credentials -- user name, password and server address -- that allow hackers to compromise security and deliver malware as a service.
http://blogs.zdnet.com/security/?p=908

Security: PGP Responds to Cold Boot Attack Paper (February 2008)

PGP Responds to Cold Boot Attack Paper (February 2008)
SANS NewsBites Vol. 10 Num. 16, 02/26/08

PGP has posted a response to the recently published paper about the Cold Boot Attack, which describes how attackers with physical access to computers can take advantage of the fact that some encryption products store their keys in DRAM. PGP stresses the fact that attackers require physical access to the machines to conduct this sort of attack, and also points out that "all security tools techniques ... are designed to address specific threat models. Achieving comprehensive security in any given environment requires using a combination of security measures."

http://www.pgp.com/newsroom/cold_boot_attack_response.html

[Editor's Note (Northcutt): Good for PGP, calling all crypto vendors, we would love to highlight your cold boot responses as well, if you have posted a white paper on the subject, please send the link to stephen@sans.edu and copy isc@sans.org.

(Internet Storm Center: Frantzen) Excellent information from PGP is included in their answer, and it should be used to construct guidance for users of their tools. All vendors should release similar information needed to create such guidance.

- - For PGP WDE: the guidance is that if you "sleep" your laptop and it get's stolen the keys are still in RAM. They claim hibernating removes the keys from RAM.

- - For PGP Virtual Disk, the disk images need to be unmounted in order to remove the key from RAM.

At the Internet Storm Center were are collecting this guidance in an article. Vendors and users are invited to contribute.]

Security: Wireless Worms Will Follow Influenza's Example

Wireless Worms Will Follow Influenza's Example
New Scientist (02/26/08) Knight, Will
The outbreak of a wireless computer worm that spreads among portable devices like a flu epidemic is a possibility, according to a new mathematical model developed by Imperial College London researcher Christopher Rhodes and BT researcher Maziar Nekovee. Their model considers a group of people carrying Bluetooth-enabled smartphones, each of which has a fixed range for linking to other phones in the crowd. Each member of the crowd moves in a straight line and at a fixed speed, giving a phone that is contaminated by a worm a fixed likelihood of infecting other devices while they are within range. Rhodes and Nekovee's work demonstrates that a wireless worm could most efficiently proliferate in a crowded environment and also jump between geographically scattered locations, just like a real virus. "Knowledge that person-to-person contact, or rather device-to-device contact, represents a major factor in how a Bluetooth worm spreads is definitely important," says Symantec Security Response researcher Eric Chien. He adds that the disablement of non-essential Bluetooth communications during an outbreak "reduces the contact occurrences and would be analogous to wearing a surgical mask in areas of potential infection."
Click Here to View Full Article

Medical Software: Microsoft HealthVault is nothing like Google Health

Microsoft HealthVault is nothing like Google Health
February 26th, 2008, Posted by Dana Blankenhorn @ 3:01 pm

Microsoft HealthVault is a platform for sharing medical data. Google Health could, if it chose, become a HealthVault application.

Microsoft might even pay to help make that happen, th company said at HIMSS. (Click here for the full drawing at right.)

Grad Conn, senior director of Microsoft’s Health Solutions Group, told ZDNet that the Cleveland Clinic, the non-profit hospital which is Google’s beta partner in its initial Google Health effort, could apply to Microsoft’s Be Well Fund for the money needed to make that happen.

http://healthcare.zdnet.com/?p=742

Security: Research on Malware Distribution

Research on Malware Distribution

February 26, 2008, Bruce Schneier

Interesting:

Among their conclusions are that the majority of malware distribution sites are hosted in China, and that 1.3% of Google searches return at least one link to a malicious site. The lead author, Niels Provos, wrote, 'It has been over a year and a half since we started to identify web pages that infect vulnerable hosts via drive-by downloads, i.e. web pages that attempt to exploit their visitors by installing and running malware automatically. During that time we have investigated billions of URLs and found more than three million unique URLs on over 180,000 web sites automatically installing malware. During the course of our research, we have investigated not only the prevalence of drive-by downloads but also how users are being exposed to malware and how it is being distributed.'"

Draft paper, and some data.

Posted on February 26, 2008 at 06:23 AM

Medical Software: AT&T, Tenn. create medical info exchange

AT&T, Tenn. create medical info exchange
By ERIK SCHELZIG, AP Business Writer
Mon Feb 25, 7:39 AM ET
NASHVILLE, Tenn. - AT&T Inc. is partnering with Tennessee to provide the country's first statewide system to electronically exchange patient medical information, the telecommunications company said Monday.
http://news.yahoo.com/s/ap/20080225/ap_on_hi_te/at_t_medical_exchange_4

Security: Cryptanalysis of A5/1, attack against the GSM cell phone encryption

Cryptanalysis of A5/1
February 22, 2008, Bruce Schneier
There have been a lot of articles about the new attack against the GSM cell phone encryption algorithm, A5/1. In some ways, this isn't real news; we've seen A5/1 cryptanalysis papers as far back as ten years ago.

What's new about this attack is: 1) it's completely passive, 2) its total hardware cost is around $1,000, and 3) the total time to break the key is about 30 minutes. That's impressive.

The cryptanalysis of A5/1 demonstrates an important cryptographic maxim: attacks always get better; they never get worse. This is why we tend to abandon algorithms at the first sign of weakness; we know that with time, the weaknesses will be exploited more effectively to yield better and faster attacks.
Posted on February 22, 2008 at 06:31 AM

Software: Java Increasingly Threatened by New App Dev Frameworks

Java Increasingly Threatened by New App Dev Frameworks
InfoWorld (02/21/08) Krill, Paul
Java could slip to second-tier status as a development language as rival technologies start to garner more attention. Nearly 13 years old, Java is now competing with scripting languages such as PHP, Ruby, and Microsoft's .Net. Java has been praised for its ability to run on multiple platforms through the Java Virtual Machine, and Java received most of the attention for years before being seriously challenged by .Net and open-source scripting varieties. Microsoft has since made its .Net platform a serious contender, and a November 2007 report by Info-Tech Research Group found that .Net is becoming more popular than Java. However, Java is far from obsolete. Rick Ross, president of the DZone developer community and founder of Javalobby, says that Java can be found in almost everything, including major databases and in the Web sites of large companies such as eBay, and notes that it represents a multibillion-dollar industry. Info-Tech senior research analyst George Goodall says that Microsoft has an advantage in its ability to offer a single soup-to-nuts stack that features .Net, the Exchange email system, and the SQL Server database. Info-Tech's survey of 1,900 companies, mostly midmarket companies with less than $1 billion in annual revenues, found that 12 percent of enterprises focus exclusively on .Net while only 3 percent focus only on Java. Additionally, 49 percent center primarily on .Net, while 20 percent center on Java. The survey did find that .Net popularity decreases very gradually as the size of the enterprise increases, but that the decreased popularity of .Net does not come from an increase in Java, but rather a preference for other development platforms in heterogeneous environments.
Click Here to View Full Article

Security: Replicating Virtual Servers Vulnerable to Attack

Replicating Virtual Servers Vulnerable to Attack
Network World (02/15/08) Greene, Tim
Jon Oberheide, a PhD candidate at the University of Michigan, says there is a big security risk related to virtualization. He says that one of the most attractive features of virtualization--the ability to spontaneously replicate virtual servers in order to meet demand--increases the risk of attacks such as data theft and denial of service. Oberheide attributes this increased risk to the fact that authentication between machines is weak when a virtual machine moves from one physical server to another, and because virtual-machine traffic between physical machines is unencrypted. However, there are two solutions to these problems, Oberheide says. A short-term solution is to install hardware-based encryption on all the physical servers that might send or receive virtual machines, while a long-term solution is to incorporate strong authentication into virtual machine software. Oberheide has developed a proof-of-concept tool he used in a lab to launch man-in-the-middle attacks against virtual machines as they moved from one physical server to another. Nemertes Research analyst Andreas Antonopoulos says Oberheide's work is fascinating, and adds that virtual servers face much more basic challenges. "Our entire security infrastructure has been built around a static model, and as we're virtualizing everything else, the virtualization of security is lagging by a tremendous amount," he says. "That's causing real problems in architecture decisions today."
Click Here to View Full Article

Security: GENI project; a "secure web" framework

Princeton Researchers Envision a More Secure Internet
Princeton University (02/15/08) Riordan, Teresa
Some of Princeton's top brains have divergent ideas about fortifying the security of the Internet, with Larry Peterson offering the Global Environment for Network Innovation (GENI) as a much-needed platform for investigating and validating potential security solutions. Peterson says GENI is particularly important as a tool that would allow the research community to significantly shape the Internet's future and counter industry's increasingly pervasive influence. He believes the network offers the optimum path for tackling the Internet's security challenges, arguing that "the network needs to be able to quarantine compromised machines so that we can limit their collateral damage." Edward Felten, director of Princeton's Center for Information Technology Policy, focuses on short-term, high-impact research, and is convinced that many of the Internet's security problems can be traced to how technology is used rather than the technology itself. Ruby Lee, who heads the Princeton Architecture Lab for Multimedia and Security, stresses that security should be an element of system design, and wants to embed basic security features within hardware. Her lab has demonstrated that such an innovation can be accomplished without hiking up the hardware's power consumption or impacting its performance. Felten does not agree with Peterson and Lee's contention that online security can be adequately shored up by trust features incorporated into hardware or networks, while Princeton computer scientist and GENI participant Jennifer Rexford sees advantages to approaches espoused by all three researchers. "GENI would really open up the intellectual space in thinking about the Internet," she says, even as she works on incremental security enhancements such as the improvement of routing protocols.
Click Here to View Full Article

Research: A New Theory Changes the Thinking Behind Creating Robots and Smart Machines

A New Theory Changes the Thinking Behind Creating Robots and Smart Machines
Knowledge@W.P. Carey (02/13/08)
The school of Connectionism postulates that the human brain learns when neurons link experiences and understandings, and that the development of artificial intelligence hinges on emulating this capability with computers. But W.P. Carey School of Business professor Asim Roy has challenged these long-cherished notions in an academic paper where he argues that while connections between neurons are necessary, the system still requires organization by a controller. Roy presents a theory that elements of the brain are controlled by other elements, and has partly validated it by demonstrating that Connectionist brain-like learning systems are guided by higher-level controllers, in defiance of the Connectionist view that they employ only local controllers at the neuron level. "What I did was structurally analyze Connectionist algorithms to prove that they actually use control theoretic notions even though they deny it," says Roy, adding that he used neuroscientific evidence to support his argument. The design of various types of robots will eventually be affected by the rethinking of human learning and brain function that Roy's paper has engendered. Roy cautions, however, that his theory may not effectively change computer operations for decades.
Click Here to View Full Article

Security: Web Browsing, Search, and Online Ads Grow More Risky, Google Says

Web Browsing, Search, and Online Ads Grow More Risky, Google Says
InformationWeek (02/12/08) Claburn, Thomas
Google security engineer Niels Provos has found that Web browsing and searching are increasingly becoming channels for the distribution of malware. Provos says that more than 1 percent of all search results in the past few months contained at least one result that was believed to point to malicious content. He says that in the 18 months that Google has been tracking malicious Web pages, the company has found more than 3 million unique URLs on over 180,000 Web sites that attempt to install malware on users' computers. A recent paper Provos co-authored with Google colleague Panayiotis Mavrommatis and Johns Hopkins University computer scientists Moheeb Abu Rajab and Fabian Monrose blamed the problem in part on Internet advertising, Google's main source of revenue. Provos found that an average of 2 percent of malicious Web sites were delivering malware via Internet advertising, based on an analysis of about 2,000 known advertising networks. But since Internet ads target popular sites, search engine users are more likely to find them than that statistic suggests. The report noted that an average of 12 percent of overall search results that returned landing pages were associated with malicious content due to unsafe ads. Provos says there are no readily-apparent solutions to the problem.
Click Here to View Full Article

Web: Tool Predicts Election Results and Stock Prices

Web Tool Predicts Election Results and Stock Prices
New Scientist (02/11/08)No. 2642, P. 30; Palmer, Jason
Massachusetts Institute of Technology's Peter Gloor has developed Condor, software that monitors activity on the Web to predict the future of stock prices and election results. Condor has successfully predicted the results of an Italian political party's internal election as well as stock market fluctuations. Condor starts by taking a search term, such as the name of a political candidate or a company, and running it through a Google search. Condor then takes the URLs of the top 10 results and plugs them into the Google search field, prefaced with the term "link:". Google then returns the sites that link to the 10 original sites, which Condor then reinserts into Google. Condor then maps the links between all the sites it has found, even if they do not contain the original search term, and finds the shortest way to get from one site to the other through the links they contain. The more often a site is involved in moving between sites, the higher its "betweenness" score. Condor averages the betweenness scores for all of the sites to produce an overall score for the original search term. The score provides some indication of popularity. In December of 2006, Gloor entered a range of film titles from that year and found that of the 10 with the highest betweenness scores, five won Oscars, four were nominated, and only one did not receive an award. Gloor is working on altering Condor so that it only searches blogs or chat sites.
Click Here to View Full Article

Security: Workplace Autopilot Threatens Security Risk Perception

Workplace Autopilot Threatens Security Risk Perception
University of Leeds (02/08/08)
Human psychology and the way we perceive risk make it impossible for organizations to completely secure their data, no matter what preventative steps they take, concludes research conducted by Britain's Leeds University Business School. During the study, people who regularly used IT systems at work were asked to list examples of possible data security risks, either imaginative or ones they have seen in their personal experiences. Another group was asked to comment on the probability, underlying causes, likely consequences, and impacts of the scenarios that were most commonly listed. The study found that many of the risk examples listed by the participants matched recent security breaches, despite the fact that the survey data was collected over a two-year period. Professor Gerard Hodgkinson, director of the Center for Organizational Strategy, Learning, and Change, says the research shows that organizations will never be able to remove all of the latent risks in the protection and security of data stored on IT systems because people's brains naturally run on "automatic pilot" in routine situations. Dr. Robert Coles, the study's co-author, says the results of the study show that employees exhibit a highly-sophisticated perception and categorization of risk, as well as insight into the consequences of risk scenarios, when asked to focus on potential problems. But since this perception is not always translated into practice, errors are still happening and will continue to happen in the future, Coles says.
Click Here to View Full Article

Research: Accidental Algorithms

Accidental Algorithms
American Scientist (02/08) Vol. 96, No. 1, P. 9; Hayes, Brian
"Holographic" or "accidental" algorithms comprise a new and unanticipated algorithmic family that offers efficient techniques for several problems whose solutions could only previously be worked out by brute-force computation. The algorithms facilitate deeper investigation into the barrier between P problems, which are problems with at least one polynomial-time algorithm, and nondeterministic polynomial (NP) problems. Within the NP class reside NP-complete problems, which stand out by virtue of having a polynomial-time solution that can be adapted to rapidly solve all problems in NP. Problems known to be NP-complete currently number in the thousands, and collectively they form a massive weave of interdependent computations. Harvard University's Leslie G. Valiant says holographic algorithms get their name from the fact that their computational power extends from the mutual cancellation of many contributions to a sum, much like the optical interference pattern responsible for generating a hologram. Holographic reductions tap a class of transformations that do not necessarily connect individual problem instances, but they do retain the number of solutions or the sum of the solutions. This is adequate for certain counting problems.
Click Here to View Full Article

Web: Is Semantic Web Technology Taking the Wrong Turn?

Is Semantic Web Technology Taking the Wrong Turn?
Internet Computing (02/08) Vol. 12, No. 1, P. 75; Bussler, Christoph
Author Christoph Bussler sees a disaster in the making for Semantic Web technology (SWT) unless a change of course is implemented. "SWT doesn't propose a different application architecture," he writes. "Instead, it proposes languages and technologies that are intended to make the application development process and integration efforts a lot simpler, faster, and more reliable, especially in the areas of data and process mediation to achieve uniform semantic interpretation." But Bussler notes that the impact of SWT requires a certain degree of integration with current core computing technologies. He points out that the deployment of SWT as a wrapping technology to facilitate semantic interfaces for layers causes the number of data models requiring additional mediation to sharply increase due to problems with heterogeneity. SWT would like to tackle the heterogeneity challenge, but researchers generally attempt to bypass it by making assumptions or establishing restrictions to produce homogeneous environments, Bussler says. He considers the research community and industry's decision to split up the SWT space along classical lines of distinction between layers and components in software architectures, and along classical academic research fields, to be one possible reason for the derailment of the original SWT vision. "One possible turn would be to start addressing the problem of data and process heterogeneity, not only among systems but also along the layers within them to reduce or eliminate the number of mediations necessary," Bussler writes.
Click Here to View Full Article