Information Security News
The TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts is safer than some studies have suggested, according to a comprehensive security analysis conducted by the prestigious Fraunhofer Institute for Secure Information Technology.
The extremely detailed 77-page report comes five weeks after Google's Project Zero security team disclosed two previously unknown TrueCrypt vulnerabilities. The most serious one allows an application running as a normal user or within a low-integrity security sandbox to elevate privileges to SYSTEM or even the kernel. The Fraunhofer researchers said they also uncovered several additional previously unknown TrueCrypt security bugs.
Despite the vulnerabilities, the analysis concluded that TrueCrypt remains safe when used as a tool for encrypting data at rest as opposed to data stored in computer memory or on a mounted drive. The researchers said the vulnerabilities uncovered by Project Zero and in the Fraunhofer analysis should be fixed but that there's no indication that they can be exploited to provide attackers access to encrypted data stored on an unmounted hard drive or thumb drive. According to a summary by Eric Bodden, the Technische Universität Darmstadt professor who led the Fraunhofer audit team:
Posted by InfoSec News on Nov 20https://www.techdirt.com/articles/20151117/07350332835/ted-koppel-writes-entire-book-about-how-hackers-will-take-down-our-electric-grid-never-spoke-to-any-experts.shtml
Posted by InfoSec News on Nov 20http://www.csoonline.com/article/3005406/it-careers/a-change-in-wording-could-attract-more-women-to-infosec.html
Some infosec pros need kick themselves, panel told
IT World Canada
Canadian infosec pros aren't doing their jobs if they spend more time on buying technology than implementing simple but effective measures. That was the consensus of their peers, who gave IT security managers a rough ride at a panel discussion Thursday ...
Posted by InfoSec News on Nov 20http://www.nextgov.com/cybersecurity/2015/11/new-counterintelligence-strategy-focus-cyber-espionage/123880/
Posted by InfoSec News on Nov 20http://www.computerworld.com/article/3006360/security/us-government-wants-in-on-the-public-cloud-but-needs-more-transparency.html
Posted by InfoSec News on Nov 20http://www.bankinfosecurity.com/michaels-breach-how-fraudsters-pulled-off-a-8696
Posted by InfoSec News on Nov 20Forwarded from: THOTCON <info (at) thotcon.org>
Posted by InfoSec News on Nov 20http://www.eweek.com/security/blackhole-exploit-kit-makes-a-comeback.html
Thisfamous Bruces quote is so true that we can re-use it to focus on specific topics likeSIEM (Security Information and Event Management). Many organizations already deployed solutions to process their logs and to generate (useful - I hope) alerts. The market is full of solutions that can perform more or less a good job. But the ROI of your toolwill be directly related to the processes that you implement next tothe hardware and software components.Ill give you two examples.
The first one is the implementation of a mandatory strong change management procedure. Recently, I faced this story at a customer. I call this the green status effect: Ifthe security monitoring tool does not report alerts and and you assume thateverything seems running fine, youll fail!Becauseyour SIEM quality is directly dependingon the quality of the data send to it. Within the customer infrastructure, some critical devices were moved to a new VLAN (new IP addresses assigned to them) but the configuration of the collector was not changed to reflect this important change. Events being sent to a rsyslog instance and split based on the source IP address, the new events were not properly collected. They lost many alerts!
The second example focus on assets management. Many SIEM vendors propose compliancy packages (PCI, HIPAAS, SOX - name your favorite one). The marketing message behind those packages is be compliant out of the box"> if the target is not : known as a regular destination from the DMZ OR known as a trusted target OR known as a cardholder targetAND IF the destination port is not known as allowed (via an Active List)AND IF the traffic is not coming from a VPN deviceAND IF the traffic is not coming from a SIEM deviceAND IF the source is flagged as an attacker from the DMZ
Based on this rule, we must:
This means that to make this rule effective, there is a huge classification job to perform to fill the SIEM with relevant data (again!).Deploying a SIEM is not just a one shot process. Youve to carefully implement procedures!
ISC Handler - Freelance Security Consultant