Friday, March 28, 2014

Who knows what evil lurks in the Internet of Things?

According to a recent article in CIO, the Internet of Things is creating a scary world. And to think Cisco has started advertising it on TV.

Be frightened. Be very frightened. What you don't know can hurt you.

So, rather than curse the darkness of impending IoT doom, read Unit and Ubiquitous Internet of Things.

Written by Huansheng Ning, it
  • Introduces essential IoT concepts from the perspectives of mapping and interaction between the physical world and cyber world
  • Outlines a fundamental architecture for future IoT, based on the IoT layered model, topological structure, various existence forms, and corresponding logical relationships
  • Presents specific case studies that illustrate various application scenarios
  • Establishes an IoT technology system based on the knowledge of IoT scientific problems
  • Provides an overview of core technologies, including basic connotation, development status, and open challenges

Tuesday, March 25, 2014

New Zero-day Vulnerability Used in Targeted Attacks against Word

"A remote code execution vulnerability (CVE-2014-1761) in MS Word is currently being exploited in the wild. "At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010," said Microsoft, which acknowledged that the vulnerability also exists in Microsoft Word 2003, 2007, 2013, Word Viewer and Office for Mac 2011.

Dana Tamir, director of enterprise security at Trusteer, noted that the vulnerability can be exploited when Microsoft Word opens and parses specially crafted Rich Text Format (RTF) data. The exploit causes system memory corruption that enables the attacker to execute arbitrary code. An attacker who has successfully exploited this vulnerability could gain the same user rights as the current user.  As a result, that attacker can infect the victim's system with malware if a user simply opens the specially crafted RTF file.

The vulnerability could also be exploited through Microsoft Outlook. This is because Microsoft Word is the default email reader in most Outlook versions. In this case, previewing the message in Microsoft Outlook is enough to successfully exploit the vulnerability and download malware on the user’s machine.

A web-based scenario can also be used if the attacker creates a webpage that contains the malicious RTF-file, or if the malicious file is provided as content to websites that accept or host user-provided content or advertisements. Attackers may use this technique for conducting drive-by downloads and watering-hole attacks that infect website visitors.

Microsoft has posted a blog that discussed possible mitigations and temporary defensive strategies that can be used while the company is working on a security update.

Papa John’s Offering a Free Pizza

Papa John’s is offering consumers a free pizza. By simply placing an order for $15 or more between today and April 7 using promo code STATS at, you can get a free pizza on your next order.

While we don't offer free books, you might want to check out these anyway:

How I Discovered World War II's Greatest Spy and Other Stories of Intelligence and Code by David Kahn; ISBN 978-1-4665-6199-1

Trade Secret Theft, Industrial Espionage, and the China Threat by Carl Roper; ISBN 9781439899380

Managing Risk and Security in Outsourcing IT Services: Onshore, Offshore and the Cloud by Frank Siepmann; ISBN 9781439879092

Intrusion Detection in Wireless Ad-Hoc Networks by Nabendu Chaki and Rituparna Chaki; ISBN 978-1-4665-1565-9

The State of the Art in Intrusion Prevention and Detection by Al-Sakib Khan Pathan; ISBN 978-1-4822-0351-6

Core Software Security: Security at the Source by James Ransome and Anmol Misra; ISBN 9781466560956 

Monday, March 17, 2014

Critical Stuxnet-level Vulnerabilities Discovered in UK Power Plants

It was reported on Friday that three critical vulnerabilities were discovered in UK power plants.

"The security and integrity of Industrial Control Systems (ICS) should be a global concern," said TK Keanini, chief technology officer of Lancope. "The reality is that if these systems were ever vulnerable and reachable via the Internet, they are likely already compromised – simple as that.  Not only should these companies patch the system but care should be taken to investigate the systems integrity. Advanced malware can sometimes install itself and fooling the patching software into thinking it has already been patched – like a Jedi mind-trick "These are not the droids you are looking for" manner.

"Infiltration of these systems is just one step of the larger picture. These industrial facilities must also make it harder for the adversary to remain hidden as they perform their operations. Raising the cost for your adversary to operate is the critical factor these days as infiltration is almost inevitable. Remember the people attacking these ICS systems are the type of people who do not want to be identified."

"These are critical vulnerabilities that allow a remote attacker to gain complete control over systems running Yokogawa CENTUM CS3000 by sending just a few packets to the vulnerable system," said Tom Cross, Lancope's director of security research. "The availability of functioning exploits in the Metasploit framework means that its easy for attackers to target these vulnerabilities. It is extremely important that operators of Yokogawa CENTUM CS3000 install the available security updates immediately.

"It's important to emphasize that the software that controls industrial plant facilities can have serious security vulnerabilities just like any other kind of software. Although we like to think that these systems aren't connected directly to the Internet, it has happened, and often, there are indirect links through back office networks that exist because of the need for the business to monitor its plant operations. Ultimately, its valuable for vulnerabilities like these to be discovered, disclosed, and patched. Identifying and fixing vulnerabilities is part of the process of making these systems more resilient to attack. Frankly, there is much more work to be done in the Industrial Control Systems area before we can have a high degree of confidence that these systems are well protected."

For more on ICS and SCADA security, see these books and articles:

Handbook of SCADA/Control Systems Security

Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS

Smart Grid Security: An End-to-End View of Security in the New Electrical Grid

Security and Privacy in Smart Grids

"SCADA Security: What Is an Industrial Control System?"

"SCADA Security"