Linux defect fixing, a tool that helps criminals erase evidence, a new ransomware, DropBox follows Twitter to Ireland, and a poster child for effective security legislation are this weeks top #infosec reads.
Since 2007, developers have made considerable efforts to mitigate vulnerabilities in the Linux OS. Based on an Information Week review of the defect-fixing record of Linux, commercial and open source code, the effort has delivered exceptional results. Information Week reports that, "where one defect per 1,000 lines of code is considered quality, Linux in July 2014 had .55 defects per 1,000 lines. Linux also is better than most other open source projects." Much of this accomplishment can be attributed to static analysis verification, and since 2013 fixes to identified defects have accumulated faster than the number unfixed defects. There's a lesson here for commercial software and the open source community.
Criminals can now use a simple script to wipe incriminating data from their computers before they are seized to prevent law enforcement agents from conducting forensic investigations on their hard drives. The script, USBKill, thwarts a common practice of investigators use when they discover a computer during a search and seizure: agents often insert a mouse jiggler or similar device to prevent a possibly encrypted system from logging off or shutting down. USB kill detect changes in USB ports status and immediately shuts the seized computer down.
Ransomware is malware that installs on your computer, secretly encrypts your data, then pops up a window that threatens to destroy your data forever if you do not pay the ransom. AlphaCrypt is a recent variant that uses threat notifications like its predecessor TeslaCrypt and employs an encryption (recovery) key technique like Cryptowall 3.0 but defeats shadow volume measures and executes more stealthily. This malware is delivered as a Flash exploit and has frustrated AV detection until only recently.
First Twitter and now Dropbox have moved accounts of users who do not reside in North America to their facilities in Ireland. Why? Data stored in Ireland is not subject to the NSA court requests for data. If you're an American, Canadian or Mexican citizen, you can't opt in to the Ireland hosting. The Patriot Act is arguably the first domino in the path that's led us to this unhappy juncture, where we cannot honestly call America the Land of the Free.
US Congress should read Canada's Anti-Spam Legislation (CASL) and treat it as a promising model for effective cyber legislation. According to Cloudmark, spam originating from Canada has dropped 37% since CASL took effect, and the monthly volume of email in Canada has dropped 29%. Cloudmark speculates that this latter figure may be marketing email that does not satisfy the CASL's affirmative consent criterion.