Signature-based antivirus not quite dead
SAN FRANCISCO -- It's unmistakable: Infosec pros have long heard the death rattle of signature-based antivirus (AV). With the amount of malware currently in circulation -- and rising exponentially by the day ...
Posted by InfoSec News on Feb 16http://www.theregister.co.uk/2011/02/16/computer_fraud_plea/
Posted by InfoSec News on Feb 16Forwarded from: security curmudgeon <jericho (at) attrition.org>
Posted by InfoSec News on Feb 16http://www.telegraph.co.uk/technology/news/8326274/Israeli-security-chief-celebrates-Stuxnet-cyber-attack.html
Posted by InfoSec News on Feb 16http://blogs.forbes.com/andygreenberg/2011/02/15/hbgary-execs-run-for-cover-as-hacking-scandal-escalates/
Posted by InfoSec News on Feb 16http://www.wired.com/dangerroom/2011/02/pentagon-deputy-what-if-al-qaeda-got-stuxnet/
Posted by InfoSec News on Feb 16http://www.computerworld.com/s/article/9209461/Obama_seeks_big_boost_in_cybersecurity_spending
Posted by InfoSec News on Feb 16Forwarded from: Thomas Lim <thomas (at) syscan.org>
by Marcia Savage
In the face of heightened cyberthreats, the Pentagon is pursuing a multi-pronged defense strategy that includes a reliance on private sector participation, William J. Lynn, III, U.S. Deputy Secretary of Defense, said in a keynote Tuesday at RSA Conference 2011.
“To this point, the disruptive attacks we’ve seen are relatively unsophisticated in nature. In the future, more capable adversaries could potentially immobilize networks on a wide scale for much longer time,” he said.
It’s not impossible to imagine attacks on military networks or critical infrastructure that could cause severe economic damage or even loss of life, Lynn said. The nation must prepare for the likelihood that a cyberattack will be part of a conventional attack, he said. Al-Qaida hasn’t yet launched a cyberattack but it has vowed to, he adds.
nd at an important junction of development of cyberthreats… most malicious actors haven’t laid their hands on the most harmful capabilities. But this situation won’t last forever,” he said. “We need to develop stronger defenses before this occurs. We have a window of opportunity to gird our networks against more serious threats.”
For the past two years, the Defense Department has deployed specialized defenses to defend military networks, officially recognizing cyberspace as a domain of warfare, he said. The Pentagon’s cyberstrategy relies on “active defenses” — a more dynamic approach that Lynn described as operating at network speed and using sensors to stop malicious code before it executes.
The military is also working to build collective defenses with its allies to cooperatively monitor networks for cyberdefense, he said. But a major part of the strategy is working with the private sector through information sharing and working with key technology companies to improve cybersecurity, he said. To that end, the Defense Department announced a expanded IT exchange program that Lynn said will allow for exchange of IT and security personnel between government and industry.
It also is adding half a billion dollars in funding for research into cloud computing, encryption and virtualization technologies, Lynn said.
“Over the long term, we must develop technology that reverses the advantage of those seeking to steal our secrets and cause us harm. … The challenge we face today in cybersecurity — it’s global in scope and requires government working closely with industry.”
by Michael S. Mimoso
SAN FRANCISCO — It’s pretty tough to get a cynical, often paranoid, group of people to rise in unison in approval. It’s pretty tough, however, not to extend a standing ovation to cryptography and security pioneers Ron Rivest, Adi Shamir and Len Adleman, the R, S and A in RSA Security. The trio that developed the algorithm at the heart of a company and the security industry were honored this morning at RSA Conference 2011 with the RSA Lifetime Achievement Awards.
Rivest, Shamir and Adleman stood while conference founder and the award’s namesake Jim Bidzos rattled off an endless list of accomplishments and contributions to the security industry aside from the RSA algorithm. The announcement was preceded by a 20-minute video on the making of the RSA cryptosystem and included poignant memories and comments from friends, family and colleagues of all three men, in addition to their insights.
“We have indeed been fortunate to stand on the shoulders of giants,” said RSA executive chairman Art Coviello.
The Rivest, Shamir, Adelman paper of 1977 “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems” is the foundation for security in ecommerce; more than one billion digital certificates are validated daily in support of transactions carried over SSL, Bidzos said.
Rivest has been a professor at MIT for 35 years was one of the developers of the MD hash functions, as well as the RC4 algorithm. He is currently focusing his efforts on machine learning and electronic voting research and policy development. Shamir wrote the seminal paper “How to Share a Secret” and received the Pope’s Piux XI gold medal. The three current deans of Israel’s top technology institutes were Shamir students–at the same time. Adleman, meanwhile, is also an MIT professor known for breaking the Knapsack cryptosystem, as well as for the creation of DNA computing.