Chinese Smartphones a Security Threat

While I'm fascinated by this, it's becoming old news. Of course if it's made in China, it's going to report home.

News would be that Chinese manufacturers were acting like their US counterparts and making it difficult if not impossible to the government to access devices. Hats off to (and I shutter to say these names) Apple and Google.

Some soon to be published books:

Secure Development for Mobile Apps: How to Design and Code Secure Mobile Applications with PHP and JavaScript by J. D. Glaser

Android Malware and Analysis by Ken Dunham and Friends

CryptoWall 2.0 Ransomware Moves to TOR Network

Dangerous new ransomware variant storms onto the scene using the anonymous TOR network, taking down systems and networks unlucky enough to be caught in its path

Tampa Bay, FL (October 15, 2014) KnowBe4  issued an alert to IT Managers that a  new version of the world's most widespread ransomware CryptoWall has migrated to the TOR network. It has been upgraded to version 2.0, and continues to encrypt files so that a ransom can be extracted if there are no backups or if the backup process fails, often a common occurrence.

KnowBe4, received a panic call from an IT admin who was hit this week with CryptoWall. The admin’s workstation became infected with the malware. The workstation was mapped to 7 servers and within an hour, the entire server farm was shut down. The admin explained he had backups but it would take days to recover the data and get them back up and running. The company’s operations would be severely impacted.

 “The cyber criminals hit pay dirt with this one and the admin ended up paying the ransom, 1.3 Bitcoin, rather than face the serious costs caused by days of downtime, said Stu Sjouwerman, KnowBe4’s CEO. “This is the next generation of ransomware and you can expect this new version to spread like wildfire.”

 CryptoWall 2.0 went live October 1st and is now using the anonymous TOR network, making it very difficult to analyze or take down. Earlier versions of CryptoWall were not using TOR but HTTP, which allowed researchers to analyze the communication between the infected machine and the command & control server so they could take down the servers that delivered the malware. This version of CryptoWall has been tested for months and the malware uses innovative ways to propagate itself, like using ads on websites that take advantage of  vulnerabilities in browsers and unpatched plug-ins.

Sjouwerman advises these three steps as something IT admins HAVE TO, HAVE TO do:

1. Make regular backups, and have a backup off-site as well. TEST your restore function regularly to make sure your backups actually work.

2. Patch browsers as soon as possible, and keep the amount of plug-ins as low as you can. This diminishes your attack surface.

3. Step all users through effective training on security to prevent malware infections to start with.

 For end users, Sjouwerman advises, “Think before you click. Don’t open anything from someone unless you are expecting it. Hover over an email address to make sure its from a valid domain, one you know and recognize.”

Russian Hackers Spying on NATO: Business as Usual

Following the news of the new Russian 'Sandworm' hack that is exploiting a bug in Microsoft Windows to spy on NATO, EU, Ukraine and others, Tim Erlin, director of IT security and risk strategy for  Tripwire explains why this is no surprise:

"It's a short path from shoe phones to zero days. It's simply not surprising that this kind of activity has been going on. Russia, the United States, Britain and others have long histories of very strong and effective spy organizations. There should be little surprise that these groups have continued their missions through the boom of technology.

"Defending against such a targeted attack is extremely difficult. When the attacker is willing to spend significant resources to compromise you specifically, the playing field can be very uneven. As an industry, we tend to focus on the many broad threats that exist, but these kinds of targeted and sophisticated campaigns may actually do more damage."

Conflict and Cooperation in Cyberspace: The Challenge to National Security, edited by Panayotis Yannakogeorgos and Adam Lowther of the Air Force Research Institute, brings together some of the world’s most distinguished military leaders, scholars, cyber operators, and policymakers in a discussion of current and future challenges that cyberspace poses to the United States and the world. Maintaining a focus on policy-relevant solutions, it offers a well-reasoned study of how to prepare for war, while attempting to keep the peace in the cyberspace domain.

Ten Strategies of a World-Class Cybersecurity Operations Center

The MITRE Corporation is offering a free book, "Ten Strategies of a World-Class Cybersecurity Operations Center," by Carson Zimmerman.

Inside Hackers Seen as $40bn Threat for US Employers

Of course, this isn't new. Insiders have been threats since day 0. The question is, "what to do about it?"

As start, here are some articles and books that shed light on solutions.

Articles
The Insider Threat: A View from the Outside
Fundamental Elements of Computer Fraud
Protecting Customer Privacy Information


Books
Managing the Insider Threat: No Dark Corners
Insider Computer Fraud: An In-depth Framework for Detecting and Defending against Insider IT Attacks

Confirmed: Windows 9 to be a free upgrade for Windows 8 users

Maybe now I can take Microsoft off my companies-I-love-to-hate list.

I made the mistake upgrading to Windows 8. Besides the really shitty interface, the install process blew away my email files (I use Eudora), all the Office apps (which I had to repurchase because the authentication codes were in the email files that got blown away), several non-Microsoft apps, my iPod library (which I later recovered), and who knows what else.

Also, security sucks. Despite update Norton files, I get more pop-ups and ads opening new windows than I've ever experienced.

Off course, after the experience of installing Windows 8, I'm leery of installing another Windows OS. I know now what files and apps to backup, but it's the unknowns that scare me.

Anatomy of an Apple Launch

I hate Apple, and Amazon, and Google, and now Microsoft, and Walmart, ..., so I love reading this stuff. And here, "The Informer" gets it absolutely right.