Group items tagged

http://www.buzznet.com/groups/hassassociatesha INNEN en uke med hverandre, har både EU-kommisjonen og det hvite hus satt ut en rekke nye regler utformet for å dempe den økende cyber-angrep mot offentlige og private ofre. De farligste av disse er rettet mot det som kalles kritisk nasjonal infrastruktur. Målene kan være fysisk (for eksempel strømnett) eller virtuelle, for eksempel datanettverk brukes av det finansielle systemet. Sammen med hans the union melding på 11 februar utgitt Barack Obama et executive bestille ment å plugge hullet som blir forlatt av svikt i Kongressen for å passere lovgivning for cyber-sikkerhet som samsvarer med den voksende trusselen. "Vi ikke kan se tilbake år fra nå", sa han, "og lurer på hvorfor vi gjorde ingenting i ansiktet av reelle trusler mot vår sikkerhet og økonomien." Presidentens frustrasjon stammer fra skjebnen til to dødfødt tiltak. En er Cyber etterretningsdeling og Protection Act, kjent som CISPA, vedtatt av Representantenes hus i fjor, som ikke klarte å gjøre det til en stemme i Senatet (det hvite hus truet et veto på grunn av bekymringer om personvern). Den andre er den Cybersecurity Act, som ble støttet av administrasjonen, men falt offer for en republikanske filibuster i Senatet. Om alle sider er enig om alvoret i trusselen, vanskeliggjør Americas partisk splitt avtalen selv i cyber-sikkerhet. De fleste republikanerne understreke nasjonal sikkerhet og deling av informasjon, men vil unngå imponerende tyngende regjeringen-sett sikkerhetsstandarder på private firmaer. Demokratene bekymre seg mindre om regulatoriske overkill, men er redd for noe som lignet en snooper charter som ville tillate at staten å lirke inn dataene som holdes av Internett bedrifter på enkeltpersoner. Mr Obama's executive order fokuserer på å dele informasjon om trusler mellom myndigheter og privat sektor. Dette vil vanligvis være uklassifiserte, men kan inkludere potensielt klassifisert materiale hvis angrepene er på opera

90% of unknown malware is delivered via the web A new study of malware takes an unusual approach - instead of analyzing known malware, it analyzes the unknown malware that traditional defenses miss; and finds that 90% is delivered from the web rather than via emails. The study, The modern malware review, was undertaken by Palo Alto Networks drawing on data from more than 1000 enterprise customers that use its WildFire firewall option. Wildfire analyzes unknown files; that is, files that are neither whitelisted nor blacklisted. It is the unknown files that turned out to be unknown malware that have been analyzed: some 26,000 samples over a period of 3 months. 90% of the undetected malware is delivered via web browsing, implying that traditional AV is better at detecting email-borne viruses. In fact, it takes AV companies four times as long to detect web malware as it does to detect email malware (20 days rather than 5 days). Source: http://www.liveleak.com/view?i=603_1364710455 There are several reasons for this. Firstly, since email malware tends to be sent to multiple targets, there are multiple incidences waiting to be found in mailboxes and analyzed. "However a potentially more significant factor," says the report, "is that web-based malware easily leverages server-side polymorphism." Put simply, the malware is frequently and rapidly re-encoded to avoid detection, "which vastly reduces the likelihood that AV vendors will be able to capture the sample and create a signature." FTP was found to be particularly risky. The FTP malware samples are more likely to be unique (94% were seen only once), are often missed by the AV industry (95% were never covered), and are port-independent (97% used only non-standard ports). "It was the 4th most common source of unknown malware, the malware it delivered was rarely detected... and almost always operated on a non-standard port." The malware samples were found to make significant efforts at avoiding detection.

Book a flight online, perform an internet banking transaction or make an appointment with your doctor and, in the not-too-distant future, the 'Internet of Services' (IoS) will come into play. A paradigm shift in the way ICT systems and applications are designed, implemented, deployed and consumed, IoS promises many opportunities but also throws up big challenges - not least ensuring security and privacy, issues currently being tackled by EU-funded researchers. IoS is a vision of the future internet in which information, data and software applications - and the tools to develop them - are always accessible, whether locally stored on your own device, in the cloud, or arriving in real time from sensors. Whereas traditional software applications are designed largely to be used in isolation, IoS brings down the barriers, thereby lowering costs and stimulating innovation. Building on the success of cloud computing, IoS applications are built by composing services that are distributed over the network and aggregated and consumed at run-time in a demand-driven, flexible way. This new approach to software will make the development of applications and services easier - so that new and innovative services, not possible today, can be offered. It is likely to make a huge contribution to the EU's strategy to make Europe's software sector more competitive. You might want to read http://hassbiggerprice.wordpress.com/tag/hass-associates-online-cyber-review-scam-du-jour-theyre-creative/ IoS services can be designed and implemented by producers, deployed by providers, aggregated by intermediaries and used by consumers. Anybody who wants to develop applications can use the resources in the Internet of Services to develop them, with little upfront investment and the possibility to build upon other people's efforts. In many ways IoS solves the challenges of interoperability and inefficiency that can plague traditional software systems, but it can also create new vulnerabilities. Ho