Music

Wednesday, 27 May 2015

Top 5 #InfoSec Reads: May 19-26

Imperfect Forward Secrecy, DDoS made simple, Richard Stallman takes issue with abusive developers, malware spikes during holidays and a US Freedom Act smackdown are this week's Top 5 #InfoSec reads.

Logjam is latest security flaw to affect secure communication protocols

Vulnerability investigators and exploit kit developers are exposing critical flaws in secure communications protocols at an alarming rate  in 2015. GHOST, JASBUG, FREAK, and VENOM all reveal flaws in protocols that employ TLS. Weakdh.org has identified yet another vulnerability, Logjam, which takes advantage of weaknesses in Diffie-Hellman key exchange implementations. These force a downgrade of negotiated encryption to 512-bit export grade, which can be defeated in a man-in-the-middle attack to allow passive eavesdropping. The investigators suggest that such MITMs could be used to support state actor surveillance as well as criminal activities. A detailed report,  Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice is available from weakdh.org.

Storm Kit - Changing the rules of the DDoS attack

Distributed denial of service (DDoS) attack kits have until recently provided administrative "consoles" to manage the potentially very large numbers of infected ("botted") computers that generated the attack traffic. Storm Kit provides an even simpler management experience for DDoS attackers, allowing them to launch DDoS attacks with very high volume from a smaller (manageable) set of compromised servers or rented virtual private servers (VPS). Storm kit supports volumetric and resource depletion attacks including SYN/UDP/HTTP flood, DNS or NTP amplification.

Malware isn't only about viruses: companies preinstall it all the time

Richard Stallman is exorcised over the widespread abuse he sees in software that embeds functionality that does not benefit users but exposes them to disclosure of personal information without notice or consent or otherwise mistreats users. I agree with Richard but I'd prefer that we refer to this 'ware as abuseware so that we can at least attempt to distinguish criminal activity from infuriating-close-to-criminal activity. I also love Richard's missive to us all:

"We can resist:

"Individually, by rejecting proprietary software and web services
that snoop or track.

"Collectively, by organising to develop free/libre replacement systems and web services that don’t track who uses them.

"Democratically, by legislation to criminalise various sorts of malware practices. This presupposes democracy, and democracy requires defeating treaties such as the TPP and TTIP that give companies the power to suppress democracy."

Malware infections spike on Memorial Day in DC

DcmalwareMalware infections increased nearly 51% on Memorial Day in Washington, DC.  As this graphic from Federal Times illustrates, this statistic is an outlier among the already dramatic uptick in infection rates on US holidays in general. Enigma Software bases these findings using infections detected by their consumer security suite software, which is not used in government systems.  A lesson from this report? Relax during your holiday time off but remain diligent to avoid being phished or infected. 

 

Senate votes down USA Freedom Act, putting bulk surveillance powers in jeopardy

The US Senate voted down USA Freedom Act. Barring (un)heroic efforts by supporters like Mitch McConnell, it is likely that many Patriot Act powers will automatically expire on June 1. How unpopular had the US Freedom Act become? Imagine any other issue where the American Civil Liberties Union (ACLU) and the Tea Party Patriots would cooperate to create a TV advertisement, warning Americans, They've gone too far!

   

Posted at 11:17 AM in Music, Top Infosec Reads | | Comments (0)

Friday, 12 October 2012

Workforce Considerations for Planning a Cloud Migration

Moving an organization’s data or applications to a cloud provider is not very different from moving to a hosting or managed services provider. If you outsource Web, DNS, or other services to a provider today, then you already understand that the benefits an organization gains from outsourcing neither begin nor end with reducing staff or infrastructure. If you've never outsourced before, then learn from those who have: Don't downsize too quickly.

Here are three tips to help your partners prepare for a cloud makeover.

Tip 1: Focus on which staff to retain. 

You will still need business, admin, and technical staff to make informed choices when choosing -- and later managing -- a cloud provider. As detailed in the following links to recent trade and technical journals, many of your customers’ concerns about the selection process,systems management, and security are strikingly similar to the questions they asked and issues they considered with hosting or managing service providers in the past. Some changes, for example, would include:

  • Business staff will now be responsible for ensuring that no business matter -- contracts, payments, policy development, contracted levels, or technical support -- interferes with delivering services the organization has contracted to the cloud operator.

    • 4377329715_57b806b610_n
    Image by Veribatim
  • Administrative staff will now manage "add, drop, change" -- the provisioning aspects that exist whether you support users and applications in-house or "in the cloud".
     
  • Technical staff will now manage "your stuff," from end points and user accounts to content and application development or support, along with managing and monitoring capacity (what you'll need from the cloud) based on the organization's needs.

Tip 2: Supplement existing core competencies with new ones.

Many aspects of cloud migration may be similar to what customers already do with a managed service provider or outsourced datacenter operator. What is different from overseeing managed services prior to the cloud era is that the organization may need to acquire competencies in cloud-related areas. For example, (and depending on what you are moving to the cloud), staff may need to understand cloud infrastructure, service management, or provisioning. (See Cloud Gives Birth to a New Breed of Engineer.) They'll also need to know how to monitor new cloud technologies in a complementary manner to the assets and infrastructure they keep in-house.

Tip 3: Make customer care priority #1. 

3505305273_7da0d84874_q
Photo by reallyboring
Organizations embrace clouds to consolidate and to benefit from the economies of scale cloud computing offers in performance, resiliency, security, and general technical competency. If these are the operational areas that the cloud is supposed to provide, don't think, "What's left for the technical staff?" Instead, ask your customers: "Now that you've freed up expertise, how can you use the team to complement what the cloud is doing to improve productivity and enhance user (or customer) experience?" Consider projects that will raise security awareness, streamline workflows, or finally take on a big-data or similar initiative that you've put off for lack of... experienced staff!

 

The bottom line is that cloud services or infrastructure offer significant benefits or economies beyond workforce reduction (which are nicely documented in a whitepaper from Microsoft). While companies may see some reduction in staff, this is a secondary benefit compared to the delivery of more reliable and usable service to users or customers. The latter are, after all, the real reasons an organization embraces technology and online presence.

Originally posted at The Champion Community 11 July 2012

Posted at 08:00 AM in All matters security, Music, Web/Tech | | Comments (0)

Next »
Find me on Mastodon and Facebook

Spotlight Posts

  • The World's Phishiest Neighborhoods
    In this Interisle Insights article, we take a closer look at our data to better understand what’s hosted at three autonomous systems which have appeared at or near the top in recent quarters. We’ll also review who’s being targeted by these attacks and what corresponding name and address resources are most frequently exploited. Autonomous systems are blocks of Internet addresses, which you can compare to "neighborhoods" in a city. And like any city, some neighborhoods are safe and some are not. The full article, The World's Phishiest Neighborhoods, is hosted here.
  • Interisle Study Reveals Alarming Rise in Online Abuse and Identifies Exploitable Links in Cybercriminal Supply Chains
    My Interisle colleagues and I today published our 2024 Cybercrime Suppy Chain study. We analyzed 16 million cybercrime events to expose a dramatic rise in criminal exploitation of name, address, hosting, and financial supply chains. Our year-over-year findings show that cybercriminals exploit lax policies to easily and cheaply obtain resources for phishing, malware, and spam campaigns. In our report, we provide actionable insights for those aiming to curb cybercrime. Among the major findings in the study, Interisle reports that: The total number of malware, phishing, and spam attacks grew year-over-year by nearly 54%, to nearly 16.3 million attacks. Spam doubled,...
  • Malware quarterly reports for July-September
    Malware quarterly reports for July-September 2024 is now posted at the Cybercrime Information Center. For the period... Malware identified as targeting endpoint devices increased 277% over the prior period. WordPress blog sites used for malware accounted for nearly all the malicious documents reported for this period. We continue to see an uptick in malicious scripts. IPv4 addresses reported for exhibiting characteristics of attackware and traffic injectors increased 38% to just under 1 million. ASNs in China and India again have the most IPv4 addresses reported for hosting malware. More malware trends for the period at https://www.cybercrimeinfocenter.org/malware-trends-july-september-2024. For historical reporting of...
  • Interisle's Phishing Landscape 2024 is here
    Our Interisle team today announced the publication of an industry report, Phishing Landscape 2024, A Study of the Scope and Distribution of Phishing. Interisle’s fourth annual study examines nearly four million phishing reports collected from May 2023 to April 2024 and provides historical measurements using over 15 million phishing reports collected at the Cybercrime Information Center over a four year period. Findings from the study: • The total number of phishing attacks grew to ~1.9 million incidents worldwide. • Phishing attacks hosted at subdomain providers increased by 450,000+ reported names, representing 24% of all phishing attacks. • The use of...
  • Malware Trends, January - March, 2024 posted at the Cybercrime Information Center
    2024 began with a rise in domain names reported for hosting malware unlike any we have seen since we began measuring malware attacks in 2021. The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO) from the prior quarter. The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase). All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. Several registrars had 4- and 5-figure percentage increases in domains reported....

Search

My Photo

Categories