Group items tagged

Between insider threats and malware attacks, the idea of trust-but-verify is dead as a security model, according to a new report by Forrester Research. In its place, Forrester analyst John Kindervag contends enterprises should embrace the concept of zero trust, a model where insiders and outsiders are equally untrustworthy, and security administrators stop trusting packets as if they are people. The change, he said, is necessary due in part to the "innumerable instances" of trusted users going rogue on enterprise networks.

Malware writers seem to be targeting the Task Manager with increasing frequency. McAfee's Avert Labs wrote in its blog yesterday of the discovery of a new Trojan it dubbed QTaskMgr-1, which crawls into the registry and disables the Task Manager, Windows Update and Internet Explorer tool bars. Hitting Ctrl+Alt+Del will activate the Windows Security menu, but all functions including Change Password and Lock Computer are disabled.

In reviewing several security articles and blogs about malware characteristics and workarounds, I see a recurring piece of advice: Don't click on any popup or dialog window; instead use the Windows Task Manager to end offending processes. It's good advice, since malware writers-particularly those spreading scareware or bogus applications designed to trick computer users into buying useless security software-are gaming the dialog windows. Users are often presented with the typical option, such as "do you wish to proceed? Yes/No." Hitting either button or even the "X" window closing button will initiate a background process as if the user agreed. Using the Task Manager is the safe way of disabling these processes to allow the anti-virus software to scan and remove the offending code. Or so we think. Malware writers seem to be targeting the Task Manager with increasing frequency. McAfee's Avert Labs wrote in its blog yesterday of the discovery of a new Trojan it dubbed QTaskMgr-1, which crawls into the registry and disables the Task Manager, Windows Update and Internet Explorer tool bars. Hitting Ctrl+Alt+Del will activate the Windows Security menu, but all functions including Change Password and Lock Computer are disabled.

WatchGuard Technologies has purchased BorderWare Technologies to get into the e-mail and Web content security business, the company says. WatchGuard says the move will help it compete against Google and Cisco Systems in the messaging security space.

[A]ddressing Stuxnet goes beyond using quality security controls, said Mark Weatherford, vice president and chief security officer at NERC. The industry, he said, needs to demand higher quality software that is free from defects. "This is not an indictment on [the] control system industry; it's an indictment on the IT business in general," Weatherford said. "We're still seeing products that come out that are susceptible to vulnerabilities that quite frankly have been in the wild for quite some time."

It may not be possible after all to conceal the existence of a sensitive file on a machine. BT security expert Bruce Schneier and a group of researchers have hacked an ultra-paranoid feature in the TrueCrypt open-source disk encryption tool that lets users hide secret files from detection by attackers or others. This "deniability" feature is a sort of extreme file-protection function that first encrypts the file and then hides it within an encrypted area on the disk drive like an invisibility cloak. But Schneier, chief security technology officer with British Telecom and researchers from the University of Washington found that Microsoft Vista, Word, and Google Desktop each can blow the cover of files using this so-called "deniable file system" (DFS) feature. The researchers were able to get around DFS in versions 5.0 and below of TrueCrypt's encryption-on-the-fly tool, and will present their findings on the hack at the Usenix HotSec '08 summit next week in San Jose, Calif.

"New breed of products calculates risk ratings of PCs based on what files they contain"

VMware and partner Tripwire have a tool that they say could make the job easier. Called Tripwire ConfigCheck, the free tool assesses ESX Servers against VMware's configuration rules. ConfigCheck is available for download on Tripwire's site, with a link on VMware's security site as well. Users can scan individual ESX Servers, presenting remediation instructions for non-compliant systems.

Microsoft is finally getting serious about USB flash drive security. It recently disabled the AutoRun and AutoPlay features in Windows (all older versions plus Windows 7), meaning users will no longer have directory trees and execution options presented when they pop a flash drive into a PC. More significant, though, is Microsoft adding flash drive encryption to Windows 7. Through a few, albeit not so simple steps (see below), users can encrypt and manage the files on these small, portable storage devices.

The Intrepidus Group reveals some details behind a malware attack that exposed critical systems at an energy company. Using a Microsoft zero-day vulnerability and a bit of social engineering, hackers compromised a workstation and threatened critical SCADA systems, the security vendor says.

Rapid7 has acquired Metasploit to bring the open-source project's database of reliable exploits to bear in Rapid7's vulnerability management and penetration testing offerings.

Such software, often referred to as "scareware," has gotten more attention in the past year as scammers continue to enjoy success tricking users into shelling out big bucks. In a report titled "Report on Rogue Security Software," Symantec officials uncovered that sales affiliates were pulling in staggering amounts of money.

Emerging as the sentinels of this modern scourge are companies like WatchGuard, the Seattle-based manufacturer of appliances dedicated to inoculating computer networks from the spread of viruses. The company in November unveiled three new models in its XCS series of 1U appliances to provide small and midsize businesses with always-on protection from spam, viruses, spyware, phishing and other threats borne by e-mail.

How can you identify and locate your organization's most sensitive data? Many vendors are offering data loss prevention (DLP) tools and other discovery tools, and many of them offer a lot of promise. But they aren't cheap or trivial to deploy. Does your data discovery process have to wait until you get the time and budget to deploy DLP? Thankfully, no. It's possible to get a jump-start on discovering sensitive data using freely available and open source tools -- provided that you understand what your company needs to identify and protect. The tools range in functionality from simple searching of files on desktops and laptops to spidering and searching Website content.