InfoSec News

Bittorrent is a great tool to download large files. If the transfer is interrupted you haven't lost anything. The transfer will continue once you restart the download. There is however the other use of bit torrent and let's face it, probably one of the biggest uses of bit torrent, is to download copyrighted movies, music, books, etc. Now regardless of where you stand on the issue of artist rights , music/movie distributors, etc, etc, as security professionals you are in the position of having to control traffic in and out of your organisation, including torrent traffic.

So what are your options? We will get the easy answer out of the way first, block all outbound traffic or proxy everything via a proxy server, but that doesn't solve all of our problems. The first challenge is that many torrent applications proxy over http or https, how do we detect these? The second problem is that there will be people in your organisation that will have a static IP and direct access to the Internet. Some applications just, don't play well with proxies and exemptions have to be made. How do you prevent these users from accessing torrents? How do you control torrent downloads that are legit and should be permitted and prevent the bad?

If you have a commercial content filter, then it may be able to detect torrent traffic in http or https. If you have an IDS or IPS it may be able to alert on p2p traffic in the environment. If you have application aware firewalls there may be a signature that can be applied to traffic to detect torrent traffic. If you have traffic shaping devices they may be able to distinguish torrent traffic on the network and take some action. You can control user desktops and prevent them from installing applications, although many torrent apps will run with just the executable and don't need installation or can be run off a USB.

Distinguishing between a good torrent and a bad one? I haven't found anything that works well. URL filtering gives some measure of control, but isn't fool proof.

What measures do you take and are they working for you? Let us know.
Mark H (c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.
Apple will add App Store functionality to its new, miniature Apple TV in the near future, a Wall Street analyst said on Wednesday.
Google's Instant, a new feature that predicts search queries as people type them and refreshes results and ads accordingly on the fly, will be extended to 12 new countries, bringing the total to 19 countries.
Given the importance of telephone systems, refreshing the technology can be daunting. However, for small and midsized businesses who consider upgrading from a PBX to VoIP, the benefits are clear and, with proper planning, the implementation is not very frightening. Consider these three steps:
A reader by the name of Peace8 asks this question:
U.K. police rounded up 19 people Tuesday in a pre-dawn raid targeting a criminal network using the Zeus banking trojan.
Our 8th annual global security survey indicates a whopping 62 percent of you have little to no confidence in cloud-provider security. It's no wonder many CIOs are feeling clouded out.
If you're outsourcing to cut costs, you're doing it wrong. Instead, reinvest your resources in technologies that can help you compete.
With the rise of client virtualization and desktop as a service, CIOs need a more user-centric approach
Mobile operators could collect detailed information about what's happening on their networks and use it to guarantee network performance for application providers that pay for it, according to Openwave CEO Ken Denman.
Mark Gibbs delves into SOX-compliant password plans and finds a cool way to charge his cell phone and iPod.
A controversial bill to protect online intellectual property was amended Wednesday in an effort to allay fears of critics.
Users of Microsoft's Internet Explorer are more vulnerable to rogue DLL attacks than people who use rival browsers such as Mozilla's Firefox or Google's Chrome, a security researcher said today.
Amazon Web Services has its roots in the needs of, the online retailer, but that doesn't mean that all of the bookseller's operations run on Web Services.
The HP Mini 5103 is a corporate-oriented netbook that does just about everything right: It has a plethora of business and security features, an excellent keyboard and touchpad, and a touchscreen. However, performance is mundane, and a larger display would be nice--especially on a unit this pricey. The Mini 5103's configurations, and there are a lot of them, start at $399 and can run up to nearly $1000 even before including extended service and warranty plans. At this writing, the configuration we tested would set you back $649.
A top Microsoft official dismissed as conceptually misguided the new Instant feature that lets Google's search engine refresh search results on the fly while people type queries.
OCZ plans to launch upcoming SSD products using a new connectivity protocol that offers up to 20Gbit/sec throughput per channel.
Corralling the myriad physical and virtual servers that exist in IT shops of any size is a daunting task, and management tools that ease the burden are in hot demand. Naturally, all of the big guys are out to win this "adaptive infrastructure management" sweepstakes. HP threw its hat into this ring with HP BladeSystem Matrix in the first half of 2009, and Cisco entered the fray with Cisco UCS later in the year. Now it's Dell's turn.
Facebook is trying to work out a deal to integrate Skype's Internet phone service into the social network's site, according to reports.
Avaya and Skype signed an agreement to offer Skype Connect to Avaya customers to help them lower international voice-calling costs through IP-based calls.
Google Apps users will be able to turn off a Gmail feature whose value has been a point of contention for years: the "conversation" view that consolidates e-mail threads in a single inbox entry. Wednesday unveiled a new tool that lets users read sample parts of Kindle e-books through a Web browser.
ADP is running a new tax service on an IBM cloud offering.
Next-generation smartphones and tablets will run multiple operating systems and powerful cloud applications like high-definition gaming thanks to the growing use of virtualization on mobile devices, experts said this week.

Cool Under Pressure - Managaing Encryption Assets
By broadly deploying encryption to protect sensitive data—in order to comply with policies and regulations—IT Ops and InfoSec teams are struggling to ...

and more »

Skype and Facebook integration could be on the cards
While security could be an issue, if it's real and it's opt in, then we see no reason why infosec analysts would shout from the rooftops. ...

and more »
Mozilla has again rejected the idea of crafting a version of Firefox for the iPhone, saying that it is instead focusing its iOS efforts on the Firefox Home sync software.
Mark Gibbs ponders the uber malware called Stuxnet.
A new cyberattack exercise hosted by the U.S. Department of Homeland Security this week reflects the increasingly sophisticated attacks U.S. agencies and businesses face, DHS officials said.
Arm plans to add multithreading capabilities to future architectures as it tries to boost the performance of its processors, a company representative said on Tuesday.
Whether we like it or not, CIOs have a new economy, a new age of computing, a new (and highly demanding) set of technology users, and of course, new paradoxes. Technology is harder than ever, but your customers think it's easy. Your budget has been slashed, but the business wants everything faster. IT is the glue of your company's corporate strategy, but too often, you are the last to know that strategy.
Get work done on the go and stay connected with your team with these 10 killer apps for your iPhone.
A new variation of the Zeus banking malware that intercepts one-time passcodes on mobile phones is still transmitting data to hackers as of Wednesday, although U.K. police have been notified, according to security researchers.
Pirating Android apps is a long-standing problem. But it seems to be getting worse, even as Google begins to respond much more aggressively.
Amazon Web Services (AWS) has released a toolkit to make it easier to develop applications in PHP that will run on Amazon's cloud, the company said on Wednesday.
Proposed legislation aimed at slowing online copyright infringement has drawn criticism frm privacy advocates and industry gurus.
Leveraging Dell AIM, the VIS Self-Service Creator tackles automated provisioning for the private cloud
Census Bureau figures show people employed in computer and math jobs declined just slightly between 2008 and 2009.
With a few downloads from the App Store, you can be managing projects, updating your team, tracking progress and sharing documents from your iPhone.
China Unicom has sold close to 100,000 iPhone 4s in the four days since the device was launched in China.
Chile aims to be a key supplier of IT and related services to the U.S. market, but its key challenge is that it does not have the large number of trained people required to compete with the large software and services operations in India and the Philippines.
Dell hopes to expand its role in data centers beyond that of a low-cost hardware provider by offering a set of products for managing a virtual infrastructure.
Nintendo's 3DS, the first portable game device with a 3D screen, will go on sale in Japan on Feb. 26 next year, the company said Wednesday.

Internet Storm Center Infocon Status