Information Security News
Infosec 2013: managing risk in the supply chain
Over the years, organisations have outsourced a wide range of services, generally because third parties can manage them more efficiently and cost-effectively than they can themselves. As a result, security and regulatory requirements have increased ...
Spanish authorities have arrested a 35-year-old Dutchman they say is "suspected of unprecedented heavy attacks" on Spamhaus, the international group that helps network owners around the world block spam.
A press release (English translation here) issued by the Dutch Public Prosecutor Service identified the suspect only by the initials SK and said he was living in Barcelona. A variety of circumstantial evidence, mostly taken from this Facebook profile, strongly suggests the suspect is one Sven Olaf Kamphuis. He's the man quoted in a March 26 New York Times article saying a Dutch hosting company called CyberBunker, which Kamphuis is affiliated with, was behind distributed denial-of-service attacks aimed at Spamhaus. Kamphuis later denied he or CyberBunker had anything to do with the attacks.
With peaks of 300 gigabits per second, the March attacks were among the biggest ever recorded. Besides their size, they were also notable because they attacked the London Internet Exchange, a regional hub where multiple networks from different service providers connect. As Ars writer Peter Bright explained, the size and technique threatened to clog up the Internet's core infrastructure and make access to the rest of the Internet slow or impossible. While some critics said that assessment was overblown, Bright provided this follow-up explaining why the attacks had the potential to break key parts of the Internet.
On the heels of my post on Microsoft's SIRv4 earlier this week, reader Ray posed a great question that elicited some nuanced responses from fellow handlers Mark H and Swa F. All parties have agreed to allow me to share the conversation with the ISC readership.
What is, "up to date anti-virus software"? Is there a de facto standard of how often or what defines when a system is up to date or not up to date? My goal isn't to split hairs. There are a lot of moving pieces (in the background) to this question & where I work. I would like to know what other organizations use; besides sooner is better.
Mark H's response:
To me the definition of up to date is the latest pattern file for that particular application. So I tend to configure AV products to check at least hourly for updates and apply them. Some product interestingly however still consider daily or weekly to be ok. Putting on my QSA hat usually I accept daily updates as being ok (assuming that the AV product is therefore at the lates pattern update), go beyond that and you'd best have a very good reason for lagging.
While wearing the AV hat at my last company I expected a drop in infections when I stabilized our (pattern file) distributions, but didn't expect such a dramatic drop in the rate. With three updates a day I hit < .5% systems were more than one day out of date. Since moving to a different company with different responsibilities I see one update a day and a 5 day window for updates with the target of only 90% of systems updated I see...room for improvement but face a mind set challenge. I was curious what other "standards" were.
Agreement with Mark: hourly is THE way to go.
Photo courtesy of nukeitfromorbit.com
Great discussion, Ray and handlers. Thanks for letting us share.
About six weeks ago, users of Facebook's Android application noticed that they were being asked to install a new version—without going to the Google Play app store.
Android is far more permissive than iOS regarding the installation of third-party applications, even allowing installation from third-party sources if the user explicitly allows it. However, it's unusual for applications delivered through the official Google store to receive updates outside of the store's updating mechanism.
Google has now changed the Google Play store polices in an apparent attempt to avoid Facebook-like end runs around store-delivered updates. Under the "Dangerous Products" section of the Google Play developer policies, Google now states that "[a]n app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism." A Droid-Life article says the language update occurred Thursday. APK (standing for application package file) is the file format used to install applications on Android.
Infosec 2013: Security bosses 'Gods' of the business during incidents
SC Magazine UK
Infosec 2013 saw a panel of experts discuss incident response, and what an organisation needed to put in place so they could respond the best way. Edward Tucker, head of cyber security and response at HMRC, said it was essential to have corporate ...
Top 10 insights from Infosec 2013: From cyber war to Apple's App Store
Infosec Europe is always an interesting affair, drawing players big and small from the security community, government and wider industry to London's Earl's Court to talk security and issues affecting the sector. This year was as busy as ever as the ...
Infosec 2013: Big disagreements over European data breach law
SC Magazine UK
RSS | Log in | Register · SC Magazine UK > News > Infosec 2013: Big disagreements over European data breach law. Infosec 2013: Big disagreements over European data breach law. Asavin Wattanajantra. April 26, 2013. Print · Email · Reprint; Text: A | A ...
Infosec 2013: Incentivise staff to become aware of cyber risks
Infosecurity Europe 2013: Infosec can no longer hinder business objectives
Infosec 2013 : Squeezed budgets mean security education Is vital
SC Magazine UK
Subscribe to our RSS feeds RSS | Log in | Register · SC Magazine UK > News > Infosec 2013 : Squeezed budgets mean security education Is vital. Infosec 2013 : Squeezed budgets mean security education Is vital. Asavin Wattanajantra. April 26, 2013 ...
Infosec 2013: External auditors attacked as threat to information security
SC Magazine UK
RSS | Log in | Register · SC Magazine UK > News > Infosec 2013: External auditors attacked as threat to information security. Infosec 2013: External auditors attacked as threat to information security. Asavin Wattanajantra. April 26, 2013. Print ...
Posted by InfoSec News on Apr 26https://www.computerworld.com/s/article/9238687/Adobe_s_first_CSO_sets_security_of_hosted_services_as_top_priority
Posted by InfoSec News on Apr 26http://www.bankinfosecurity.com/facebook-used-to-market-banking-trojans-a-5714
Posted by InfoSec News on Apr 26http://www.baltimoresun.com/news/maryland/politics/bs-md-cyber-audit-20130425,0,3404521.story
Posted by InfoSec News on Apr 26http://www.healthcareitnews.com/news/6-steps-keep-security-issues-bay
Posted by InfoSec News on Apr 26http://www.washingtontimes.com/news/2013/apr/24/cyber-sunk-hackers-find-flaws-it-security-new-navy/
Posted by InfoSec News on Apr 26http://www.darkreading.com/attacks-breaches/many-hacked-businesses-remain-unprepared/240153520
Posted by InfoSec News on Apr 26https://www.computerworld.com/s/article/9238665/Vulnerable_terminal_servers_could_let_bad_guys_hack_stoplights_gas_pumps
Posted by InfoSec News on Apr 26http://www.wired.com/threatlevel/2013/04/stephen-watt-stalked-by-past/
Posted by InfoSec News on Apr 26http://www.theregister.co.uk/2013/04/23/afp_claims_lulsec_scalp/
InfoSec: Understanding business goals is key to embedding company-wide ...
Nettverk & Kommunikasjon
o Matthew Finnegan 26.04.2013 kl 07:09 | Computerworld UK. Tweet. Information security managers need to better align themselves with company business goals help embed security practices in an organisation, according to speakers at InfoSec 2013.
Mining for infosec talent: How CISOs can fill security positions
Mining for infosec talent: How CISOs can fill security positions. Ernie Hayden, Contributor. E-Mail. Print; A; AA; AAA; LinkedIn; Facebook; Twitter; Share This; RSS · Reprints. In today's world, chief information security officers (CISO) are often ...