blog trackingRealtime Web Statistics More Archives - Page 19 of 35 - Gregory D. Evans | Worlds No. 1 Security Consultant

Posts Tagged ‘More’

Pastebin to filter hacktivist posts more carefully

Pastebin’s status as the favoured website on which to post evidence of stolen or hacked data could become a thing of the past with the news that its owner plans to filter content more carefully.

In an email interview with the BBC, current owner Jeroen Vader admitted that the site now examined an average of 1,200 abuse reports a day via its notification system and needed to hire more staff to cope with this volume of traffic.

The site was also becoming a target itself and now received DDoS attacks almost every day, he said.

“February was a terrible month, so many attacks. It was a real nightmare to run the site. The longest one went on for more than 48 hours,” said Vader.

The site’s biggest challenge remains its reputation as a repository for stolen data as evidenced by numerous incidents since Vader took the site over in early 2010.

The sale was partly motivated by the infamous hack that gave Pastebin unwanted public attention in 2009 when it was used to publish the logins for thousands of Gmail, Hotmail, Yahoo and AOL webmail users.

Since then, it has become associated with an increasing number of data-sharing attacks, including the Comodo hacker’s famous SSL raids on various certificate authorities, the publication of credit cards culled from Saudi Arabian credit card users, and the theft of 100,000 Facebook user logins.

However, its most famous moments were undoubtedly connected to its regular use by LulzSec and Anonymous hacking groups to publicise attacks.

Equally, it has been used to publish details of important security vulnerabilities such as the one that affected Dropbox last June, which is where Pastebin’s tricky modus operandi becomes apparent. It is designed to be a repository for open information exchange, a sort of technical or coder’s version of Wikileaks. That this is often being abused is inherent to its open model.

“I am looking to hire some extra people soon to monitor more of the website’s content, not just the items that are reported,” Vader told the BBC.

“Hopefully this will increase the speed in which we can remove sensitive information. This will give us more time to look at trending items in detail if they haven’t been reported yet.”

Pastebin also shared IP address information if it was requested by the police using a valid court order, he said.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1e057f86/l/0Lnews0Btechworld0N0Csecurity0C33485410Cpastebin0Efilter0Ehacktivist0Eposts0Emore0Ecarefully0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Expert advocates for more effective pen tests, less complex security

A security expert warns organizations against buying the latest and greatest security technology and advocates for more effective pen testing at InfoSec World Conference and Expo 2012.

Add to digg
Add to StumbleUpon
Add to del.icio.us
Add to Google


View full post on SearchSecurity: Security Wire Daily News

View full post on National Cyber Security

Less-lethal, but more painful: A clock that shoots you

Author: Hayley Hudson

To help cops win the battle with the snooze button, one tech startup has released an alarm clock with an adjustable mount that fits any less-lethal device.

"If you don't silence your alarm within 30 seconds, it shoots a beanbag round straight between the legs," CEO Dave Danger explains. The ItsSeriouslyTimeToGetUpNow technology, which syncs the ammo with the clock, has dramatically changed the way one officer lives and works. "Not only am I getting up on time, I'm more energized," the officer said. "It's very motivating." He spoke on the condition of anonymity because several people — mostly criminals, but also a few other officers and maybe a dispatcher — already want to cause him serious bodily harm.

Now, he says, his alarm clock might beat them to it. "You snooze, you lose," he said.

View full post on PoliceOne Daily News

View full post on National Cyber Security

Surprise! More Malware Appears On Android

Another week, another announcement of new mobile malware found infecting Android phones. The new bug this week is DKFBootKit, a nasty bit of work that can come packaged inside seemingly legitimate applications–much like most of the other mobile malware we’ve seen thus far. What sets DKFBootKit apart from malware like DroidDream, is that DKFBootKit replaces certain boot processes and can begin running even before the system is completely booted up.

The malware was discovered by the NQ Mobile Security Research Center in collaboration with cyber security expert Dr. Xuxian Jiang. The researchers found that, though the malware can be placed in pretty much any app, it is usually found in apps that ask for root permissions. Once it gains access to the root system, DKFBootKit will begin to wreak havoc on system stability and phone home to a remote server in order to gain further commands.

You can better your chances of not getting infected by only downloading apps from trusted sources: Don’t download pirated apps, and stay off of foreign app stores. For more advice on how to avoid getting your smartphone infected, check out my tips for a malware-free smartphone. Make smart choices, and you should remain malware free.

Article source: http://www.pcworld.com/article/252949/surprise_more_malware_appears_on_android.html

View full post on National Cyber Security » Virus/Malware/Worms

Trend Micro Unearths More Links Between China and Hacker Group

Security vendor Trend Micro has been tracking a hacking campaign called Luckycat that has been linked to 90 attacks, including some aimed at Tibetan activists, and has tied it to a group based in China, the company said in a report published on Thursday.

The Luckycat campaign, which has been active since at least June 2011, has been connected with attacks against targets in Japan and India as well, according to Trend Micro. Industries targeted include military research, aerospace and energy, it said.

To avoid detection, the hackers used a diverse set of infrastructure and anonymity tools. Each attack used a unique campaign code to track which victims were compromised by which malware, illustrating that the attackers were both very aggressive and continually targeted intended victims with several waves of malware, according to Trend Micro’s report.

The security company was able to connect an email address used to register one of the group’s command-and-control servers to a hacker in the Chinese underground community.

The hacker has been using aliases “dang0102″ or “scuhkr” and has been linked to the Information Security Institute of the Sichuan University in Chengdu, China, where he was involved in a research project on network attack and defense.

The person behind the aliases and the email address is Gu Kaiyuan, who is now apparently an employee at Tencent, China’s leading Internet portal company, The New York Times reported on Thursday.

There are more signs pointing to China as the origin of the Luckycat campaign. The language settings of the attackers’ computers indicate that they are Chinese speakers, according to Trend Micro. The work done by the hacker group was first documented earlier this month by Symantec, which showed that the hackers used IP addresses allocated to China, Trend Micro said.

The targeted nature of the attacks is no isolated occurrence. The number of targeted attacks has dramatically increased, Trend Micro said.

To better protect themselves, enterprises need to use a mixture of technology and education, according to Trend Micro. Apart from patch management, endpoint and network security, enterprises should also focus on detecting and mitigating attacks, the company said.

But an enterprise’s defense is only as good as its employees. People trained to expect targeted attacks are better positioned to report potential threats and can become an important source of threat intelligence.

Article source: http://www.pcworld.com/businesscenter/article/252919/trend_micro_unearths_more_links_between_china_and_hacker_group.html

View full post on National Cyber Security » Computer Hacking

More companies eyeing SIEM in the cloud

A cloud service can help companies get around some hurdles with SIEM systems.


View full post on SearchCloudSecurity: RSS Feed

View full post on National Cyber Security

Man Had More Than $100K in Stolen Goods

Bond was set at $100,000 for a North Side man arrested Thursday for cyber stalking and found to be in possession of stolen goods ranging from diamond rings and scooters to tennis rackets.

View full post on cyber stalking – Yahoo! News Search Results

View full post on National Cyber Security

Rutgers-Camden professor uses computer modeling to more accurately analyze DNA evidence

CAMDEN — Move over, David Caruso. Rutgers–Camden has a computer scientist on the case.

View full post on computer forensic – Yahoo! News Search Results

View full post on National Cyber Security

ProtectMyID: What belongs in your safe? Consider this: your #SSN and other personally identifying info is far more valuable than jewels. #privacy #besafe

ProtectMyID: What belongs in your safe? Consider this: your #SSN and other personally identifying info is far more valuable than jewels. #privacy #besafe

View full post on Twitter / ProtectMyID

View full post on National Cyber Security

Skills development is more than a game—it’s key to management of IT

Body:

The last 10 years have seen a significant change in the information technology business. And I don’t mean the technology—that change is a given. Ten years ago, only the information technology companies had thought in real depth about people’s IT skills, and how to have the right capability in the right place at the right time.

 

The change is that, now, most large organisations not only have this on their agenda, but also have some idea of how to go about it. Why did this happen? Was it an awareness of large and expensive IT projects that failed to deliver on their promises? Or maybe it was simply the dissemination of ideas? Certainly, there had to be a change. One large bank I visited graded its IT staff on the same basis as bankers. The all-powerful HR function would not allow any other approach! Thankfully, this has also been part of the change.

 

The need to build quality into the organisation’s operations has stimulated plenty of activity and investment. At first there was a flurry of activity among people who thought they were playing a game called “Skills Development”. Over time, some of them have come to realise that the prime motivation is that of putting people to work: the skills development is a means to an end. Given the criticality of IT to modern organisations, having the right skills in the right place at the right time is a “running the company” matter, and quite commonly now has visibility at board level.

 

So what do people do that they didn’t do before? For one thing, they don’t make it up as they go along. Their job descriptions and role profiles are no longer unique creations:  they draw upon standard frameworks for definitions of the capabilities required. The language of project management has become standardised. There are many similar examples throughout our industry.

It is important to get the definitions right, but it is also essential to make sure that the contents of the package match the description. As a result, certification has assumed a key role in the management of IT. Correctly specifying what skills are needed and making sure that people really have them enable us to develop the skilled assets we need to run the business.

 

The changes I have seen in many organisations include the following.

·         The same definitions of skill are used throughout the skills management cycle:  recruit, deploy, assess, develop, reward and, of course, manage resources.

·         The organisation has a common language of skills, so there is no misunderstanding of what is expected from, for example, an architect.

·         There is recognition that the most important factor in your development is not your next training course, but your next project.

·         As well as defining the liability (the work to be done) the mature organisation describes the asset (the skilled people who do it), typically by identifying a small number (no more than 20) of categories of IT professionals whose broad capabilities are understood.

·         Performance assessments really happen, they are based on rational information, and they are followed by analysis from which development plans can be drawn. (Oh yes, the development plans really happen, too!)

·         Things are done for real, not just in theory: external certifications such those provided by ISACA underwrite all the key capabilities.

 

In some organisations these actions have made a profound difference to the way IT is managed. The UK Government, for example, outsources all major IT development projects. The procurement of skills from many outsourcing companies is based on definitions drawn from a skills framework (SFIA – Skills Framework for the Information Age).

 

So the message is this: whatever you do to improve IT, let the sunlight shine in from outside, embrace external skills frameworks like SFIA, and trust certifications like those provided by ISACA.

 

Ron McLaren

Operations Manager

SFIA Foundation

 

Note:  SFIA recently recognized CISA and CISM in its mapping. View this announcement for more information.

 

We welcome your comments! Please log in using the Sign In link at the top right of this page and then leave your comment in the box at the end of the post.

To view all blog posts, please click on the ISACA Now link in the blue box on the left.

Published: 3/8/2012 8:37 AM

View full post on ISACA Now: Posts

View full post on National Cyber Security

Page 19 of 35« First...10«1718192021»30...Last »

Get The New Book By Gregory Evans

Everyone Is Talking About!

Are You Hacker Proof?
$15.95

Find Out More, Click Here!