Information Security News
Southeast Valley cities check network security
The Information Security and Privacy Office staff maintain a website dedicated to providing information about identity theft, cyber bullying and other technology-related security concerns: www.phoenix.gov/infosec. Gilbert. Gilbert uses the security ...
Agiliance Introduces First NIST Cybersecurity Framework Security Checklist and ...
... the Year, 2014 Cyber Defense Magazine Most Innovative InfoSec Award for Most Innovative Risk Management Product, Deloitte 2013 Technology Fast 500 Honoree (#4 in security software), and Government Security News 2013 Homeland Security Award.
Microsoft developers have fortified Internet Explorer with new protections designed to prevent a type of attack commonly used to surreptitiously install malware on end-user computers.
The "isolated heap for DOM objects" made its debut with last week's Patch Tuesday. Just as airbags lower the chance of critical injuries in automobile accidents, the new IE protection is designed to significantly lessen the damage attackers can do when exploiting so-called use-after-free flaws in the browser code. As the name suggests, use-after-free bugs are the result of code errors that reference computer memory objects after they have already been purged, or freed, from the operating system heap. Attackers can exploit them by refilling the improperly freed space with malicious code that logs passwords, makes computers part of a botnet, or carries out other nefarious behavior.
Use-after-free flaws are among the most commonly exploited, often at great expense to end users. Recent in-the-wild attacks that targeted IE versions 9, 10, and 11 capitalized on a use-after-free bug. The bug class has been at the heart of many other real-world attacks on IE that are too numerous to count. (They have also been known to bring down Google Chrome and Mozilla Firefox.) Wei Chen, an exploit developer with Rapid 7's Metasploit vulnerability framework, likens use-after-free exploits to sneaking tainted cookies into an already-opened bag of Oreos.
In the latest gaffe to demonstrate the privacy perils of anonymized data, New York City officials have inadvertently revealed the detailed comings and goings of individual taxi drivers over more than 173 million trips.
City officials released the data in response to a public records request and specifically obscured the drivers' hack license numbers and medallion numbers. Rather than including those numbers in plaintext, the 20 gigabyte file contained one-way cryptographic hashes using the MD5 algorithm. Instead of a record showing medallion number 9Y99 or hack number 5296319, for example, those numbers were converted to 71b9c3f3ee5efb81ca05e9b90c91c88f and 98c2b1aeb8d40ff826c6f1580a600853, respectively. Because they're one-way hashes, they can't be mathematically converted back into their original values. Presumably, officials used the hashes to preserve the privacy of individual drivers since the records provide a detailed view of their locations and work performance over an extended period of time.
It turns out there's a significant flaw in the approach. Because both the medallion and hack numbers are structured in predictable patterns, it was trivial to run all possible iterations through the same MD5 algorithm and then compare the output to the data contained in the 20GB file. Software developer Vijay Pandurangan did just that, and in less than two hours he had completely de-anonymized all 173 million entries.
5 Free Tools for Compliance Management
After all, a good inventory is the first step in seeing what needs to be secured. www.ptatechnologies.com: A free toolset that is driven by the methodology of effectively managing operational and infosec risks in complex systems using calculative ...
Microsoft announced a private preview of Microsoft Interflow today in timing with the 26th FIRST Conference in Boston. While its not available for general release yet this is the first public announcement of a project I've been tracking internally for awhile (I work at MSFT). Be patient, your opportunity is coming, this is good news for the DFIR community. Microsoft Interflow is a security and threat information exchange platform for professionals working in cybersecurity and allows collaboration for a collectively stronger ecosystem, action prioritization through automation, and integration via plug-in architecture. There's a write-up on the benefits as well as an FAQ so you can learn more. Microsoft Interflow, as security automation platform for the exchange of security and threat information, is based on the STIX (Structured Threat Information eXpression), TAXII (Trusted Automated eXchange of Indicator Information), and CyBox (Cyber Observable eXpression standards) specifications. This is all good news as it means that we're getting closer to general release.
Â(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.