Share |

InfoSec News

The recent RSA Breach ( http://www.rsa.com/node.aspx?id=3872, http://isc.sans.edu/diary.html?storyid=10564 ) has got lots of people asking lots of questions, and as a security consultant, I seem to be getting lots of them directed my way. I thought it was time that someone said How bad could it possibly be? and outline just what the worst case might be, along with what the associated risks are (or are not, please read on).
First, lets review how the RSA Authentication solution works. Your users have a keyfob (or a soft token on a phone or PC), with a token code that changes randomly. They also have a personal PIN code (4-8 alphanumeric digits), which only they know. These combine to make their password, which is normally used for secure access to a VPN, Web Server, Terminal Server or some other resource.
The more astute readers will have already seen the error in the paragraph above. The token code is *not* random (true randomness is a very tough nut to crack). The token code derived mathematically from a seed which is provided by RSA when the server is originally installed, the serial number of that particular token (printed on the back) and the system clock.
In short, RSAs ACE server is a traditional multifactor authentication system. It combines something you have (the keyfob) with something you know (your PIN code) to authenticate you. Once authenticated, it is up to you to handle Authorization (ie now that you are in, what do you have access to?).


So, back to the RSA event - what is the worst case breach that might have occurred? Well, for all I know, the information that was stolen was RSA's Christmas Card list, they really aren't forthcoming yet on exactly what the extent of the breach might have been.
The absolute worst case I can think of (and I am NOT implying that this happened), would be if an attacker obtained a complete or partial customer list, complete with seeds and serial numbers. Again this is my own worst case - read on, even this is not as bad as you might think.
First of all, like all good cryptographic algorithms, RSA's token code algorithm is both math heavy and public. If you have the seed, plus the serial number of a token, an attacker can easily calculate the token code at any given time. CAIN for instance is a popular tool that has an interface for this.
This seems pretty bad, but don't forget the rest of it. When a user logs in, they need to supply their userid, their token code, and their pin code. There is no way that an attacker could have obtained the userids (specific to the organization)or pin codes (known only to the user)from RSA.
An attacker could easily obtain a list of users from several sources - your company website might have several senior staff listed, or even a corporate directory. Facebook, Myspace and especially LinkedIn are other likely sources for user names. Combining your first and last name in any of the common formats gets you a list of account names that will work for many environments. (note that some shops will have userids that are not related to your actual name)
This leaves the PIN code and the serial number. The assignment of serial numbers to usernames resides only on the customers ACE server - RSA does not have this information. The users PIN code is set by that user, and is 4-8 alphanumeric digits, though many organizations still only use 4 numeric digits. Unless people use trivial PINS, such as 1234, or the last 4 digits of their public phone number or extension for a PIN, the PIN is also probably secret enough, since no-one knows it but the user.
All this being said, RSA's advice sent in an email to RSA customers, and then re-posted here along with loads of other locations on the web - http://www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex992.htm is spot on, and just plain common sense. Some of the high points I've summarize here (in my own words and order), but RSAs list of recommendations boil down to defense in depth against brute force login attempts (both in protecting against them, and minimizing the impact if successful).

Implement account lockout on your RSA server - if someone gets their login wrong 3,4 or 5 times, either they are attempting a brute force login, or they are legit, but need a refresher course and shouldn't be logged in tonight. Oddly enough, this one is NOT in RSAs list, but its certainly first on my list !!
Review your logs regularly. Or even better, use common log monitoring tools like SWATCH, Kiwi Syslog (now owned by SolarWinds), or any other monitor to raise an alert when you see successive failed login attempts. SEIM tools do a bang-up job of this as well. Have a procedure in place to take action when you see an alert.
Enforce strong password and PIN policies
Keep systems patched
Get your helpdesk on board, both the helpdesk and your users should know what a social engineering attack might sound like and what they should do if they see one.
Dont let your workstation get owned. If your workstation is owned, a keystroke logger can snag your PIN, and all is lost. RSA's advice on this includes being careful on social media, dont open suspicious emails, the usual suspects.
Use access rights and other authorization methods to implement least privilege access. If you dont need access to critical information, then you shouldnt have it.
Harden your servers


Long story short, no matter how bad RSA's breach might or might not have been, System Administrators have it in their power to implement truly effective mitigations. In fact, after reviewing the list, all of us should be doing this stuff already if not, theres no time like the present to start !


===============

Rob VandenBrink

Metafore (c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Microsoft has agreed to pay $7.5 million to purchase a block of 666,624 IPv4 addresses from bankrupt Canadian telecom equipment maker Nortel in a move that some see as a signal of the increasing value of IPv4 addresses.
 
First a Few Words About the Use of the Term APT
Advanced Persistent Threat (APT) has been getting a lot of press in the past year. There is plenty of debate over whether APT is a who or is a how. However, there is little debate over APT's buzzword status. This is how I'm using the term today: as a buzzword to get you managers' attention and to get them to the table for this exercise. Like all security efforts, if you lack management support, you are likely to fail.
Why you Need an Exercise
An APT occurrence is a low-frequency high-impact incident. You are not likely to have policies, procedures and run-books prepared. There are not a lot of people who have first-hand experience dealing with it, and they will be hard to find when you actually need them. This is why you need a flexible response framework and run through scenarios like these to stay prepared.
Before the Exercise
You will want to prepare the appropriate communications to get your message out to management and the participants, this can be as simple as emails, but my require full reports or presentations depending on your organization. The message should minimally include a description of the threat, and how it may affect your firm. Or, what is APT and why should we worry?
Describing APT-like events
You can Google around and find some really great bloggers discussing APT. Management won't know these people so it might not be the only source that you want to include. I'd recommend media reports (especially the media that your management reads) about the following high-profile events:

Google Aurora
NASDAQ
Night Dragon
RSA

Why Should We Worry?
This is the classical why should I care question which you're used to dealing with. If you're not on the obvious-targets list already you may want to point out that every organization has its secrets, and other groups probably want those secrets, either for direct profit or to simply post them on the Internet to make you look bad. These groups may employ tactics similar those high-profile events, and that's the purpose of this exercise, to determine if you're prepared to handle such attention.
Preparing the Notification
You will start off the exercise with the notification. Undoubtedly your organization will become aware of the event through a visit or phone-call from a government or law-enforcement agency. They will contact your upper management, not your security team or help-desk. This will not be a good day for any of you, so again, it's a good idea to involve upper management in this process so they know who to contact after they are made aware of the incident.
The scenario will be something like: we have learned, by way of an informant, that your crown jewels have been stolen, we think the compromise occurred over six months ago and the attackers possibly used one or more of the following IP addresses, and they provide a list of 62 IP addresses.
Always include a list of things to look for and the list will contain many false-leads, and probably be difficult to leverage in your environment. It's not uncommon to receive a list of dozens of IP address, domain names, and MD5 Sums of suspected malware with little or no context, and if you're told a time-frame of the event the window is usually very wide due to the uncertainty that the investigators have in the early stages of an event.
The First Exercise
Before assigning tasks and spinning up the incident response process the first thing that the participants must determine is who should be informed of the incident, and who should be involved in the response. network scans, or vulnerability scans of your web applications. It will be very difficult to identify what was related to the eventual attack and what was just another day on the Internet.
The first successful attack will likely involve a web application. A SQL injection or file-injection vulnerability will be exploited on one of your web-servers. This is the first flag, a SQL injection leaks out password hashes, or account details. These will be exfiltrated out among HTTP requests from the attack, and any hash values will undergo a cracking process. They have rainbow tables, and parallel-computing resources, so eventually a password will fall to these efforts and they will have a working account on the system. This is another flag: working username and password pair. However, if a remote file-inclusion vulnerability is found and exploited (flag) they now have the opportunity to drop files on the system and execute them via web requests. First it will be a simple file-uploader page that they drop using the file-injection. Then they will upload a web-based control panel on the system (flag), and using the same web access that you provide to the Internet, they can upload and execute any code using the privileges of the web server process ID.
They will drop more tools on the server, targeting the password hashes on the system itself (flag.) These will be pulled off of the system via HTTP and subjected to the same password attacks. One they have working accounts at the system level (flag) they will will use that to log into other systems via the web-based control panel (flag-- can you detect that your web-server is logging into other systems?)
Their target is your Active Domain server (or your firm's equivalent centralized access control system.) Once they have a working account on that server, they will attempt to elevate privileges enough to grab the password hashes. If you use the same admin password on your web servers as you use on your Active Domain server, then they can skip that step-- you made it a lot easier for them.
Second Phase
Armed with working accounts, and user-lists, and other public information about your firm/environment, they will craft targeted emails for key players in your organization. These messages will either contain malicious payloads, or provide links to sites that will compromise the reader and install a remote-access-tool on the system (flag.)
The command and control method used by these tools will be a mixture of novel and old school. Expect something clever like encoded DNS traffic to something as simple as a reverse telnet shell out to a compromised hosting provider. This is where you will need to be creative and customize this for something that would work in your environment. It's also an opportunity to shed some light on any glaring security holes that you're aware of and want upper management to help out with (e.g. A lack of egress filtering, or wide open proxy policy.)
The Heist
At this point, the attackers are in a position to research where your key documents are held and how to grab them. Once they have an internal system under their control, and it's just a matter of time before they either have the Administrator password or the ability to promote an account (flag-- are you alerting on when accounts are reclassified or when administrator is logging in directly to systems?) to administrative privileges. They will move from machine to machine looking for their ultimate target (flag.) Once found, it will go out via existing command and control channels (i.e. The remote access tool or HTTP control panel) or right out via email.
Example Flags for an Exercise
These are the flags I would use for the exercise listed above:
Phase One

SQL injection discovered on web application
SQL injection leveraged to expose web application authentication hashes
Accessed to web application gained using cracked password
Remote File Inclusion vulnerability discovered in authenticated area of web application
RFI vulnerability leveraged to execute a control panel
File uploader script installed on the system via control panel
Password hash extraction tool uploaded to the web server
Web-server password hashes extracted
The web-server attempts to log into the Active Domain controller.

Phase Two

Member of Upper management receives malicious PDF file
Member of Sales department receives a malicious spreadsheet
Member of IT department receives a link to a malicious video
Remote-Access-Tool is installed on one or more of the spear-phishing targets
Command-and-Control channel is established to an internal desktop or laptop
Password extraction tools are installed on the compromised system.
Password hashes are extracted
The compromised system logs into the Active Domain controller.
New accounts are added to the Domain and granted administrator privileges.

The Heist

The compromised system mounts the drive containing the crown jewels.
Files are compressed and uploaded to website on the Internet

Detailing the Flags
For each flag you are going to give an approximate time that it occurs. Starting with the first flag, SQL injection discovered on web application, note the approximate time elapsed. Some flags will follow in quick succession, others may wait for weeks or months as password hashes are attacked. Phase one and phase two may overlap. You may want to put more flags in to model how the group may explore your environment and try different techniques.
In addition to the timing of each flag. You will want to note how that flag may manifest itself in your organization's logs to justify how the step was discovered in your firm. Not every flag will leave easy log evidence. You might note a flag as being currently undetectable by your system, and it would be discovered in the exercise from something more intensive like forensic analysis or the discover of a fictitious outside consultant brought in to supplement your team.
Presentation of the Events
After you finish working up your customized time-line of the attack, list out all of the individual flags in chronological order. Come up with a plausible method that you may discover that event, this will guide you in writing the discovery stages of the exercise. For example, given the IP addresses provided by the notifying agency, you might find one of those IP addresses as one of the command and control endpoints and that would lead you to one of the internal infected systems.
It's common to work backwards from the discovery of the incident to the cause. So it makes sense to present the flags in reverse-chronological order-- although there may be a case where discovery of the first and second phases of the attack occur in parallel.
Once you have listed out the order that you present your events prepare some questions surrounding each flag. Initially you will discuss how you would instigate that event, but later you should focus on how you would generically detect an attacker reaching that flag. Another product of this exercise will be a list of recommendations so that you can detect future attackers while they're trying to get in and stop them before they get too far. Nobody wants to get that phone-call telling them that they've had a major compromise.
Wrapping Up?
At the end of this exercise you should have a working CERT contact sheet. Even if they're not initially aware of it, everyone that should be informed of an incident like this is now a member of your organization's Emergency Response Team.
For each flag, you should have listed out your plan to detect when an attacker achieves that stage in your environment. You should have identified existing controls, or point out a need for additional controls. You will likely have identified instances where individual alerts would not warned you of the big picture, but in concert, multiple alerts would have properly highlighted the heist. Followup with a discussion on how you can get your various groups cooperating and sharing log and alert data.
The results of this exercise should be written up, shared with upper management, audit, and your pen-testing team. After that, you'll find that you have a lot more work to do. Sorry. All I can say is that it's better than your CEO getting a phone-call from Special Agent Smith.
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Yahoo is close to releasing the next generation of big data engine Hadoop that will offer higher level management functionality.
 
Research In Motion announced on Thursday that users of its PlayBook tablet will be able to run Android and Java applications.
 
Lots of the people and organizations you interact with online are fake ... they're sockpuppets
 
DataStax's combined Hadoop/Cassandra distibution can undertake both database and data analysis duties
 
Research In Motion announced on Thursday that users of its PlayBook tablet will be able to run Android and Java applications.
 
Verizon Wireless has developed innovative IT tools that it has recently put to use in its online customer account management systems and in upgraded in-store kiosks, said Ajay Waghray, the carrier's CIO.
 
Oracle's net income for the third quarter ended Feb. 28 rose 78% to $2.1 billion over the same period last year, helped by strong software sales and an improving hardware business, the company said Thursday.
 
Motorola is investigating voice quality issues that some users of the Atrix -- the phone notable for its ability to dock with a laptop-like device -- are reporting.
 
Cisco IOS CVE-2010-2829 H.323 Unspecified Denial of Service Vulnerability
 
Mobile networks were damaged more by the Feb. 25 earthquake in Christchurch, New Zealand, than by the 2010 quake that devastated Haiti, according to the chairman of a company that owns carriers in both countries.
 
The European Commission has been hit by one of the most serious cyberattacks ever this week. Commission staff have been told to change their passwords and access to webmail and intranet from outside has been suspended.
 
Windows Phone 7 users are not happy about the slow pace of updates to their smartphones.
 
Security company Comodo's decision to delay disclosing the theft of digital certificates put the lives of Iranian activists at risk, a researcher charged.
 
If you want to share photos and videos and you don't care about privacy, a new social network called Color is just for you.
 
RETIRED: Apple Mac OS X Prior to 10.6.7 Multiple Security Vulnerabilities
 
Re: Vulnerabilities in some SCADA server softwares
 
Re: Vulnerabilities in some SCADA server softwares
 
Re: Vulnerabilities in some SCADA server softwares
 
Vendors and users of big data analytics gathered in New York this week to discuss the latest developments in a technology that they say will offer Web users and their customers a far more personalized experience while alleviating the need to throw away useful data.
 
The head of a non-profit that vets groups looking to collect charitable donations via text messages is talking to Apple in an effort to broaden its collection efforts by using iTunes.
 
Hint: You don't really know what hypervisors you're running, or what it all costs. Consider some expert advice on 6 common management mistakes.
 
Gibbs is crazy about Android and loves the IT apps
 
HTB22901: SQL injection in SyndeoCMS
 
Traffic destined for Facebook from AT&T's servers took a strange loop though China and South Korea on Tuesday, according to a security researcher.
 
Dell prepares to integrate its technologies into Compellent products to target enterprise customers.
 
The way we buy technology has to become more holistic and less obsessed with raw performance.
 
HTB22899: Path disclosure in SyndeoCMS
 
HTB22895: XSS vulnerability in Ripe website manager
 
HP OpenView Network Node Manager CVE-2010-1964 Remote Buffer Overflow Vulnerability
 
HTB22902: XSS in SyndeoCMS
 
LinkedIn is a great way to market yourself and your professional qualifications. Problem is, you have to rely on a lot of plain black-and-white text in order to do so. Wouldn't it be nice if you could use the social network to actually show colleagues (and prospective colleagues) what you can do, instead of just telling them about it? With the free SlideShare Presentations, you can. This LinkedIn app is an extension of SlideShare.net's professional sharing community, which allows you to upload and share a variety of content, including PowerPoint and Keynote presentations, Word documents, PDFs, and videos.
 
HTB22900: Multiple XSS vulnerabilities in SyndeoCMS
 
HTB22898: XSRF (CSRF) in Ripe website manager
 
[SECURITY] [DSA 2201-1] wireshark security update
 
[SECURITY] [DSA 2200-1] iceweasel security update
 
Apache MPM-ITK Module Security Weakness
 
HP OpenView Network Node Manager 'ovwebsnmpsrv.exe' Bad Option Stack Buffer Overflow Vulnerability
 
HP OpenView Network Node Manager 'ovutil.dll' Stack Buffer Overflow Vulnerability
 
HP OpenView Network Node Manager 'getnnmdata.exe' Stack Buffer Overflow Vulnerability
 
Damaged caused to telecommunications networks in Japan by the March 11 earthquake will take months to fully repair.
 
Windows users who install the latest Java security patches may end up with a little more security than they bargained for, at least that's the risk they take if they don't pay close attention to the installation process.
 
Social Media 'index.php' Local File Include Vulnerability
 
Microsoft has put up a website that allows owners of Windows Phone 7-based smartphones to find out when they will be offered the copy and paste update, the company said in a blog post on Wednesday.
 
China's latest efforts at tightening its control over the Internet -- including the blocking of Gmail and Web software that can bypass the censorship -- have hampered the work of human rights activists, say groups based in the U.S.
 
Windows users who install the latest Java security patches may end up with a little more security than they bargained for, at least that's the risk they take if they don't pay close attention to the installation process.
 
Google has launched its own quarterly online magazine, Think Quarterly, out of its operations in the U.K. and Ireland, saying that "in a world of accelerating change, we all need to take time to reflect."
 
Over 100 million apps have been downloaded from Samsung Electronics' mobile and TV app store in less than a year after its launch, the company said Thursday.
 
With the AT&T/T-Mobile deal on the minds of most CTIA attendees, Sprint moved ahead with business as usual, showing off new devices and future plans.
 
InfoSec News: ZeuS cybercrime cookbook on sale in underground forums: http://www.theregister.co.uk/2011/03/23/zeus_source_code_sale/
By John Leyden The Register 23rd March 2011
Cybercrooks are offering what purports to be source code for the infamous ZeuS cybercrime toolkit though underground forums.
The would-be seller, nicknamed IOO, has lent credibility to the offer by including screenshots of what appears to be portions of the source code for ZeuS to his sales pitch. IOO offers to discuss the sale to prospective buyers via either Jabber or ICQ. He is prepared to accept payment via any escrow service.
The screenshots make reference to peinfector.cpp, a project of ZeuS known as "Murofet". Security researchers - while unable to verify the sale is genuine - are taking the potential offer seriously.
"Prior to this there were several rumors that the Zeus/Zbot code was sold to the creator of SpyEye," writes Peter Kruse, an eCrime specialist who works for Danish security consultancy CSIS Security.
[...]
 
InfoSec News: Teenage hackers shut down a PHP cloud hosting firm: http://www.theinquirer.net/inquirer/news/2036653/teenage-hackers-shut-php-cloud-hosting-firm
By Asavin Wattanajantra The Inquirer March 23, 2011
A COUPLE of 16-year old hackers had their wicked way exploiting a security vulnerability recently that allowed one of them to steal and [...]
 
InfoSec News: Federal Cyber Attacks Rose 39% In 2010: http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=229400156
By Elizabeth Montalbano InformationWeek March 23, 2011
Cyber attacks on the federal government increased in 2010 over the previous year, even though the total number of cybersecurity incidents [...]
 
InfoSec News: Tech Insight: HTTPS Is Evil: http://www.darkreading.com/authentication/167901072/security/privacy/229301300/tech-insight-https-is-evil.html
By Adam Ely Contributing Writer Darkreading Mar 23, 2011
Last week, Twitter joined Facebook and other social networks in a default HTTPS option to help protect the privacy of users on its site. Many believe the author of FireSheep is to thank for pushing HTTPS support up the priority list for social networks.
With the new HTTPS setting, millions of people are now able to protect their private -- and not so private -- postings from prying eyes on airplanes, at coffee shops, or anywhere else they might browse their favorite social network sites. Facebook was cheered by the security community for finally taking this fundamental step in protecting the sessions and data of users.
Enterprise IT organizations, on the other hand, aren't so sure about the new security measures. Their first question: How do you monitor what's coming in and out of the corporation if all of the transports are encrypted?
The perils of social networks have been researched and reported many times. The reality is that any transport method out of an organization [...]
 
InfoSec News: 7 communication mistakes CSOs still make: http://www.csoonline.com/article/677948/7-communication-mistakes-csos-still-make
By Joan Goodchild Senior Editor CSO March 23, 2011
For many years, we heard security professionals lament the way they are perceived. Terms such as "the place where good ideas go to die" and "the [...]
 
InfoSec News: [SecArt-11] 3rd Workshop on Intelligent Security - Deadline Approaching (April 4, 2011): Forwarded from: Yacine Zemali <yacine.zemali (at) ensi-bourges.fr>
[Apologies if you receive multiple copies. Please distribute this call to interested parties.] 3rd Workshop on Intelligent Security Security and Artificial Intelligence (SecArt-11) [...]
 
InfoSec News: Firm points finger at Iran for SSL certificate theft: http://www.computerworld.com/s/article/9214998/Firm_points_finger_at_Iran_for_SSL_certificate_thefthttp://www.computerworld.com/s/article/9214998/Firm_points_finger_at_Iran_for_SSL_certificate_theft
By Gregg Keizer Computerworld March 23, 2011
Iran may have been involved in an attack that resulted in hackers acquiring bogus digital certificates for some of the Web's biggest sites, including Google and Gmail, Microsoft, Skype and Yahoo, a certificate issuing firm said today.
The bogus certificates -- which are used to prove that a site is legitimate -- were acquired by attackers last week when they used a valid username and password to access an affiliate of Comodo, which issues SSL certificates through its UserTrust arm.
Today, Comodo's CEO said his company believes the attack was state-sponsored and pointed a finger at Iran.
"We believe these are politically motivated, state driven/funded attacks," said Melih Abdulhayoglu, the CEO and founder of Comodo, a Jersey City, N.J.-based security company that is also allowed to issue site certificates.
[...]
 
Mozilla's new Firefox 4 now has a cleaner look, faster performance and an excellent way to keep your tabs in check.
 
HP executives are critical of Oracle's decision to stop supporting its database and ERP products that run on Itanium processor-based systems.
 
MC Content Manager Multiple Cross Site Scripting Vulnerabilities
 
MHonArc Tag Nesting Remote Denial of Service Vulnerability
 

Posted by InfoSec News on Mar 24

http://www.computerworld.com/s/article/9214998/Firm_points_finger_at_Iran_for_SSL_certificate_thefthttp://www.computerworld.com/s/article/9214998/Firm_points_finger_at_Iran_for_SSL_certificate_theft

By Gregg Keizer
Computerworld
March 23, 2011

Iran may have been involved in an attack that resulted in hackers
acquiring bogus digital certificates for some of the Web's biggest
sites, including Google and Gmail, Microsoft, Skype and Yahoo, a...
 

Posted by InfoSec News on Mar 24

http://www.theregister.co.uk/2011/03/23/zeus_source_code_sale/

By John Leyden
The Register
23rd March 2011

Cybercrooks are offering what purports to be source code for the
infamous ZeuS cybercrime toolkit though underground forums.

The would-be seller, nicknamed IOO, has lent credibility to the offer by
including screenshots of what appears to be portions of the source code
for ZeuS to his sales pitch. IOO offers to discuss the sale to...
 

Posted by InfoSec News on Mar 24

http://www.theinquirer.net/inquirer/news/2036653/teenage-hackers-shut-php-cloud-hosting-firm

By Asavin Wattanajantra
The Inquirer
March 23, 2011

A COUPLE of 16-year old hackers had their wicked way exploiting a
security vulnerability recently that allowed one of them to steal and
publish a PHP cloud hosting firm's proprietary source code on Twitter.

On his company's blog, PHP Fog founder and CEO Lucas Carlson described
how an Australian...
 

Posted by InfoSec News on Mar 24

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=229400156

By Elizabeth Montalbano
InformationWeek
March 23, 2011

Cyber attacks on the federal government increased in 2010 over the
previous year, even though the total number of cybersecurity incidents
was down overall, according to a new report from the Office of
Management and Budget (OMB).

There were 41,776 reported cyber incidents of malicious intent...
 

Posted by InfoSec News on Mar 24

http://www.darkreading.com/authentication/167901072/security/privacy/229301300/tech-insight-https-is-evil.html

By Adam Ely
Contributing Writer
Darkreading
Mar 23, 2011

Last week, Twitter joined Facebook and other social networks in a
default HTTPS option to help protect the privacy of users on its site.
Many believe the author of FireSheep is to thank for pushing HTTPS
support up the priority list for social networks.

With the new HTTPS...
 

Posted by InfoSec News on Mar 24

http://www.csoonline.com/article/677948/7-communication-mistakes-csos-still-make

By Joan Goodchild
Senior Editor
CSO
March 23, 2011

For many years, we heard security professionals lament the way they are
perceived. Terms such as "the place where good ideas go to die" and "the
department of no" weren't uncommon just a few years ago when referring
to the security function.

But that is changing—slowly, according to many...
 

Posted by InfoSec News on Mar 24

Forwarded from: Yacine Zemali <yacine.zemali (at) ensi-bourges.fr>

[Apologies if you receive multiple copies. Please distribute this call to
interested parties.]

---------------------------------------------------------------------------
CALL FOR PAPERS

3rd Workshop on Intelligent Security
Security and Artificial Intelligence (SecArt-11)...
 


Internet Storm Center Infocon Status