Technical Security Alert: Rootkits can be hidden in virtual machines

March 13th, 2006

“Security researchers have uncovered new techniques to hide the presence of malware on infected systems. By hiding rootkit software in virtual machine environments, hackers have the potential to avoid detection by security software, boffins at Microsoft Research and the University of Michigan warn” (John Leyden, published 13 March 2006 in The Register).

View the rest of the article

Listen to our podcasts –> add to my PodNova

Free Security Training available at http://adventuresinsecurity.com/SCourses.html

 

CipherTrust Toolbar to Protect Email Users

March 12th, 2006

Last week, I wrote a blog article about the growth of SPF and Sender ID technology in the fight against unwanted email (spam, phishing, etc.).  It appears that CipherTrust is taking advantage of its own implementation of these standards to help make the Internet a safer place – at no cost.

On Monday, March 13, CipherTrust plans to make available for download a free toolbar for Outlook and Lotus Notes email users.  The toolbar will be available from the CipherTrust Research Portal, which will also launch Monday.

This is the way it works:

  1. The user clicks on an email
  2. The CipherTrust toolbar program sends the IP address of the sender to a CipherTrust hosted server running the TrustedSource reputation engine for analysis
  3. The results of the analysis are returned to the user’s desktop causing the toolbar to flash:
    1. Green with a happy-face when the email is from a reputable sender
    2. Yellow for questionable trustworthiness
    3. Red when the user should probably just delete the message

The data used for analysis come from CipherTrust’s global network of more than 4,000 sensors installed in business and government networks.  They’re collected on TrustedSource servers where the trustworthiness of the source is assessed to a very granular level.  The assessment is based on the following criteria:

  1. Is this the first time the sender has been seen?  According to CipherTrust, about 30% of IP addresses analyzed fall into this category.  Of those, about 95% are spam, viruses, etc.
  2. How much email is the sender responsible for?
  3. Does the sender send and receive email, or just send?
  4. Does the sender’s behavior seem “bursty” or is it more continuous?

This is one more step in the right direction.  Although not perfect, it goes quite a distance down the path toward a world in which the Internet is a safe place to travel the globe. 

Author:  Tom Olzak

Listen to our Podcast –> add to my PodNova

Free Security training available at http://www.adventuresinsecurity.com/SCourses.html

 

New Training Page

March 9th, 2006

We’ve added a new training page to our website.  The courses are free, and you can listen to them online or download them for personal or team viewing.

User Awareness Alert: New IM Malware

March 7th, 2006

“An anti-virus vendor warned Tuesday that two new worms spreading on Microsoft’s and America Online’s instant messaging networks delete files and leave systems open to hijacking.

“Symantec posted alerts for the “Hotmatom” and “Maniccum” worms, and ranked both as a level “2″ threat. The Cupertino, Calif.-based security company uses a 1 through 5 scale to label worms, viruses, and Trojans”

Read the rest of the story

Listen to our podcasts –> add to my PodNova

Your email:  
subscribe unsubscribe  

Email Authentication with Sender ID

March 7th, 2006

In a February 14, 2006 article, I described the new Goodmail CertifiedEmail solution.  Goodmail provides a service to senders of marketing email that allows messages to bypass the normal spam filtering processes of email service providers like AOL.  The sender is charged a fee.  The objective of this for-fee service is to authenticate senders.       

Sender ID is an free standard that also meets the objective of sender authentication.  Developed by Microsoft, Sender ID is enjoying increasing acceptance by email and email filtering vendors.  It also provides significant flexibility to receivers when making automated decisions about what to do with unauthenticated messages.    In this article I examine the two primary contenders for email authentication standard, how Sender ID works, what senders must do to be considered “safe”, and what the emergence of this standard means to businesses and individuals.

Read the rest of this entry »

User Awareness Alert: Legal Worm

March 6th, 2006

A new worm is working  its way throught the Internet.  Known as Bagle.do, the worm threatens email recipients with legal action if they don’t open the attached .exe file and respond to the sender.

 For the whole story, click here

 Listen to our Podcasts –>  add to my PodNova 

(User Awareness Alerts are a service provided by Erudio Security, LLC)

Review our Podcast

March 5th, 2006

In the past several weeks, we changed our format.  We’d like your opinion.  Please let us know if you like the new format or if a single host is better.  Also, let us know how we can improve.

You can either leave a blog comment or sent an email to tom.olzak@erudiosecurity.com.

Thanks for your support.

Podcasts –> add to my PodNova

 

A Practical Approach to Threat Modeling

March 4th, 2006

Today’s security management efforts are based on risk management principles.  In other words, security resources are applied to vulnerabilities that pose the greatest risk to the business.  There are several processes for identifying and prioritizing risk.  One of the most effective is threat modeling.           

There has been much written about threat modeling.  But most of the papers and books come at the problem of threat and vulnerability management from an academic perspective.  The papers and articles that do take a business management approach typically cover one or two aspects of the process. 

This paper is a practical, high-level guide to conducting threat modeling activities within a business environment.  It begins by exploring why threat modeling is important.  This is followed by a step-by-step process, including some tools you might find helpful.    

Download the paper     

Download the Risk Calculation Tool   

Author:  Tom Olzak 

Listen to our podcast

add to my PodNova

Political Risks Associated with Personal Information Storage

March 2nd, 2006

When we think of risks related to malicious hacking, we usually list financial ramifications.  But as global information delivery changes, the risks are increasing in severity. 

This week, Google moved its search records from its Chinese site to the United States.  The reason stated for the move was the possibility that the Chinese government might access those records without Google’s consent.  This was a responsible move by Google, given the potential reprisals against individuals whose searches cause concern within political circles in Beijing.  But is the data safe in the U.S.?

I wrote in a January 26, 2006 blog article about a successful attempt to acquire U.S. Military secrets by alleged representatives of the Chinese government.  A foiled attack against the British government prompted the article.  What prevents these same attackers from breaking into databases in other countries to search for evidence of dissident activity in China?

I don’t know what the solution is.  But I do know that maintaining information that can be used to reconstruct an individual’s Internet habits is becoming a bigger problem than the privacy issues touted by many Americans.  It’s important for Internet companies to understand that the emergence of a truly global Internet requires vigilance that many organizations operating within democracies may find difficult to comprehend.  Business intelligence isn’t a good enough reason to store search information or other personal data that might be compromised by a foreign government for political purposes.

Author:  Tom Olzak

Listen to our podcasts

add to my PodNova

Hacker’s Beware

March 1st, 2006

“Quantum cryptography is trying to make all transmissions secure, so this could be very useful for online banking, for example,” says Professor Hoi-Kwong Lo, an expert in physics and electrical and computer engineering at U of T’s Centre for Quantum Information and Quantum Control and the senior author of a new study about the technique. “The idea can be implemented now, because we actually did the experiment with a commercial device.”

 Read the rest of the article

 Listen to our podcasts

add to my PodNova

Your email:  
subscribe unsubscribe