Saturday, December 16, 2017

Education needed to stop hackers exploiting web users’ ‘scary’ data sharing

More education needs to be provided and at a younger age in order to stop people oversharing data online, thus reducing the risk of hackers being able to exploit publically available information for cyber criminal gains. That's what Darren Dance, Unix technical lead for online transaction firm WorldPay told Computing at Splunk Worldwide Users' Conference 2013 in Las Vegas.WorldPay crunches over 500 GB of data a day and has various measures and protections in place to ensure that its customers' data remains secure, but Dance believes that security begins at home and web users need to ensure they're not giving hackers and cyber criminals an easy ride. "We need to teach kids when they're younger about how easy it is for their stuff to get out online and the amount they're sharing on social media, for example," he said. "You can actually mine data from social networking spaces using a free tool from Splunk, so if you were actually a cyber criminal, you could start to look at people's posts to work out what their pet is called and give you a good idea about them." Dance told Computing that too many people still use simple passwords - such as the nickname of their favourite sports team - and easy to discover information like that is too often shared on the likes of Facebook, something that he argues many don't understand the risk of. "People actually do use simple passwords. People who are Arsenal fans have passwords like ‘Gooner' and things like that! People do stick with what they know and we need to educate people who are a lot younger, and also everyone needs to know a bit more about how risky it is to put anything online," he said. And while those with a better understanding of security, like those working in business, might already be aware of this, Dance argued that it's away from the office where the biggest threat might lie, with users being blasé when it comes to passwords. "Education needs to go to everyone, not just the enterprise, because in the enterprise we have all the processes and controls, but at the end of the day, people's home PCs if they're using weak passwords, they are a threat," he said, adding the amount of information people are happy to share is worrying. "If their PCs get compromised you've got the likes of botnets and it's scary the amount of data that is open to abuse." Dance added that the amount of trust web users put into cross-site authentication is also a worrying trend which needs to be addressed. "People allowing Facebook to do authentication for other sites and linking apps between websites is really scary. "The amount of trust we're happy to put into that kind of thing... yet in other parts of our lives we're really paranoid," he said.

Apple’s Plus plan pays off

Features limited to the iPhone 7 Plus helped boost sales of the larger smartphone, but they were not the only reasons why a higher percentage of customers went big last year, analysts said."The nature of the market is also shifting," said Ben Bajari...

Apple’s iPhone Plus plan pays off

Features limited to the iPhone 7 Plus helped boost sales of the larger smartphone, but they were not the only reasons why a higher percentage of customers went big last year, analysts said."The nature of the market is also shifting," said Ben Bajari...

Verizon offers unlimited data and won’t throttle video (unlike T-Mobile)

Verizon's $80 plan has unlimited phone data and 10GB of 4G LTE tethering.

Yahoo recycled ID users warn of security risk

Users of Yahoo's recycled ID names say they are receiving the former owner's sensitive information through their new accounts. September 24, 2013 12:50 PM PDT (Credit: James Martin/CNET) Yahoo users who got recycled account IDs said they've foun...

House intel bill adds $75 million to NSA budget to stop...

Senate version also adds money to NSA's budget to stop "insider threat."    

DB Networks Looks to Detect SQL Injection With New Appliance

The new Linux-powered appliance aims to limit the risk for SQL injection attacks. Year after year, in study after study, SQL injection is identified as a leading cause of data breaches and a top security vulnerability.

There are a lot of vendors trying to help solve the problem, one of them being DB Networks, which announced a new security appliance this week designed to help detect the scourge that is SQL injection. DB Networks was founded in 2009 and has raised $7 million in funding to date, Steve Hunt, president and chief operating officer of DB Networks, told eWEEK.

This week, the company is officially launching its new core intrusion detection system (IDS), the IDS-6300 hardware appliance.

The IDS-6300 is a continuous monitoring device for SQL injection detection, according to Hunt. In a SQL injection attack, the attacker injects bad input into a database SQL statement in an effort to gain unauthorized access to the data. Hunt noted that one of the common ways that organizations try to defend against SQL injection is with a Web application firewall (WAF). However, Hunt said, attackers today can hide their attacks in ways that can get around a WAF, which is why the IDS-6300 takes a behavioral approach in contrast with the signature-based approach typically employed on a WAF. The IDS-6300 connects into the network via a Test Access Port (TAP) or Switched Port Analyzer (SPAN) port inside of an organization's existing network switching infrastructure. By using TAP or SPAN, the IDS-6300 is seeing a copy of the data traffic that is generated between the application server and the database server.

As such, the IDS-6300 sits out-of-band on a network and does not impact the performance of the network or the database. "We're modeling the behavior of the application traffic and then using advanced SQL injection behavioral analysis to detect attacks," Hunt said. "We're really looking for the difference between normal behavior and the abnormal behavior." DB Networks' technology also does a deep analysis of the SQL statements that are sent to the database and monitors how they can change over time. "We can see how one statement is generated as a variant of another SQL statement," Hunt explained. "So when you're looking for threats, you can see how statements morph over time and where the threats exist." Technology Currently, the IDS-6300 solution works with Oracle Database as well as Microsoft SQL Server databases. Michael Sabo, vice president of marketing at DB Networks, told eWEEK that there is a road map to add additional databases to the mix, with the next one being Oracle's open-source MySQL database. From a bare metal perspective, the IDS-6300 runs on top of a Linux operating system and is a 2 Rack Unit (19 inches wide by 28 inches deep) appliance.

The appliance includes four Gigabit Ethernet capture ports and can have up to 2TB of archival storage capacity. Blocking SQL Injection While the IDS-6300 can detect SQL injection attacks, the system does not currently automatically block attacks. "One issue we found is that customers don't like blocking; they don't want to be blocking at the database tier because it can have some side effects from not tearing down the session properly,"  Sabo said. "A future feature in this product is a way to communicate forward to whatever perimeter device an organization has, to block the session at the Web tier." Today, after an organization sees an attack, it can manually take the information provided by the IDS-6300 and use it to create a signature for a perimeter device like a firewall, Sabo said. The system can also send data back into an enterprise Security Information and Event Management (SIEM) system to do further correlation and analysis as well as alert notification, according to Hunt. Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

SpeedCast Introduces SIGMA Net

A new standard in cloud-based vessel management with security by design

Sydney, Australia, November 30, 2016 - SpeedCast International Limited (ASX: SDA), a leading global satellite communications and network service provider, today announced the official release of SIGMA Net, the new standard for shipping and remote site network management designed specifically for VSAT and MSS.

SIGMA Net is a small but powerful industrial-grade VSAT and MSS network management device designed for ships and remote sites, providing automated and efficient management of multiple WAN links. Cyber security is at the heart of SIGMA Net, which incorporates a stateful firewall and Virtual Private Networking between the vessel and the Internet plus unique methods to regulate Internet access, including rejection of update services to Windows or mobile devices. Voice calling across multiple satellite equipment is simplified via SIGMA Net’s integrated VoIP server, allowing a caller to choose the outbound call route via a prefix. National numbers can also be allocated, allowing for cost-effective calling from shore to a vessel. Feature and performance enhancements are automatically applied, ensuring that the SIGMA Net’s software is always kept up to date.

SIGMA Net offers flexible crew services, including innovative pre-paid PIN-based BYOD (Bring Your Own Device) Internet and voice calling services, allowing for simplified voucher generation and management from shore. SIGMA Net provides managed network segmentation between business critical, crew or M2M networks at the remote location.

The cloud-based SIGMA Net Portal brings a vessel or remote site closer to IT management through its innovative and secured portal. The browser-based SIGMA Net Portal provides remote management and configuration of SIGMA Net from shore. Any configuration changes made from the portal are instantly replicated to one or more SIGMA Net terminals, with full auditing of amendments recorded. Reliability and redundancy is a primary feature of SIGMA Net, with its configuration securely synchronized and stored to the portal. The portal also presents fully-featured and interactive reporting of all data transferred via the SIGMA Net WAN links onboard.

“SIGMA Net has introduced a new degree of connection and network management to the Danaos fleet,” said Mr V Fotinias, Vessel IT Manager at Danaos Shipping, Greece. “The SIGMA Net Portal provides a web interface that enables remote configuration of SIGMA Net terminals across our fleet. The reporting provided by the SIGMA Net Portal gives us full visibility on traffic sent and received via the WAN links. Our vessel IT support team is able to easily and quickly resolve problems on board via SIGMA Net. The Danaos crew are extremely happy with the SIGMA Net prepaid vouchers for Internet access or crew calling.”

Danaos Shipping is one of the world’s largest containership owners, with a modern fleet of 59 container ships operating globally.

“SIGMA Net is a robust and secure cloud-based management platform that will both revolutionize and simplify vessel IT administration, both for shore-based support staff and a vessel’s crew,” said Dan Rooney, Maritime Product Director for SpeedCast. “The highly-configurable and flexible prepaid voucher services allow for time-consuming administrative tasks such as voucher generation to be managed centrally, rather than relying upon the Captain.”

About SpeedCast International Limited
SpeedCast International Limited (ASX: SDA) is a leading global satellite communications and network service provider, offering high-quality managed network services in over 90 countries and a global maritime network serving customers worldwide. With a worldwide network of 42 sales and support offices and 39 teleport operations, SpeedCast has a unique infrastructure to serve the requirements of customers globally. With over 5,000 links on land and at sea supporting mission critical applications, SpeedCast has distinguished itself with a strong operational expertise and a highly efficient support organization. For more information, visit

Social Media: Twitter | LinkedIn | Facebook

SpeedCast® is a trademark and registered trademark of SpeedCast International Limited. All other brand names, product names, or trademarks belong to their respective owners.

© 2016 SpeedCast International Limited. All rights reserved.

For more information, please contact:
Clara So
SpeedCast International Limited
Tel: +852 3919 6800

About Danaos Corporation
Danaos Corporation is one of the largest independent owners of modern, large-size containerships. Our current fleet of 59 containerships aggregating 353,586 TEUs, including four vessels owned jointly with Gemini Shipholdings Corporation, is predominantly chartered to many of the world's largest liner companies on fixed-rate, long-term charters. Our long track record of success is predicated on our efficient and rigorous operational standards and environmental controls. Danaos Corporation's shares trade on the New York Stock Exchange under the symbol "DAC". Please visit for more information.

Operator of DDoS protection service named as Mirai author

Krebs says he's fingered author of epic IoT web assault code The author of the massive distributed denial-of-service attack malware Mirai, which ropes infected routers and internet of things devices into remotely controlled armies, is a New Jersey man, according to journo Brian Krebs. On his website this week, Krebs names a chap called Para Jha, owner of a distributed denial-of-service (DDoS) attack mitigation company ProTraf Solutions, for the creation and dissemination of the Mirai software nasty. Mirai is one of the worst DDoS botnets ever to grace the internet and is fingered for fingered for downing large chunks of the internet, including record-breaking attacks on Krebs' own site. Previous analyses have suggested the malware was penned by a person named "Anna-Senpai". Krebs builds a case to link Anna-Senpai to Jha and says that he, along with other players, built the Miari code and used it to attack Minecraft servers to lure disgruntled customers. He tells of how Jha contacted upstream providers to have command and control servers of rival IoT shut down, and how the hacker built malcode into his botnet that eliminated rival Qbot botnets. Those upstream providers that ignored Jha's requests were also subject to large DDoS attacks. Mirai evolved from earlier incarnations of botnet code designed for DDoS attacks.
In 2014 an earlier variant was used to launch DDoS attacks against Minecraft servers which can generate up to US$50,000 a month. Krebs found that Jha lists the same skills on his LinkedIn page as on HackForums, a large marketplace where low level grey hat activities, cybercrime, and bragging takes place. He details many other compelling links between Jha's older identities he used online while learning to code, including 'OG_Richard_Stallman', and his recent aliases including Anna-Senpai. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub

New backdoor worm found attacking websites running Apache Tomcat

Tomdep harnesses strength of servers to wage powerful denial-of-service attacks.    

Gooligan: Malware is not the only problem

Comment by Dennis Monner, CEO of German security specialist Secucloud

Hamburg, Germany. 14 December 2016 – Many users of Android mobiles have been alarmed by a recent warning that the Gooligan malware has infected over a million devices around the world, although only about 9 per cent of the victims are located in Europe.

Gooligan targets the older versions 4 and 5 of the Android operating system – and is very successful doing so.

That should start the warning bells ringing. Malware like Gooligan is unfortunately not uncommon and will continue to make headlines in the future.
It is an illusion to think that users are going to change their behaviour and are really able to take control of their security.

That is why we need a different solution to block this and similar threats.

Dennis Monner, CEO at Secucloud

The cyber-criminals behind Gooligan exploit two security vulnerabilities that enable them to take control of smartphones, steal access codes for the user’s Google accounts and misuse them.

That does not only sound threatening, it really is. While the security vulnerabilities have been resolved in the current version of Android, Marshmallow – or version 6.x – had only been installed on just over 10 per cent of devices in June this year and 24 per cent by November.

This number is increasing, but it will still take some time until at least half of all Android smartphones are protected against Gooligan.

This is because device manufacturers only provide irregular updates and some Android versions and devices cannot be updated at all.

User behaviour – risky but impossible to change
However, the risk of being infected by malware like Gooligan does not only come from the operating system.

Cyber-criminals exploit user behaviour too – such as when users download apps from third-party providers’ app stores instead of the very secure Google Play Store.

These providers may not check the uploaded app for threats as thoroughly as Google does, so infected apps often find their way into the stores and are then downloaded and installed by unsuspecting users.

It is easy to say that it is the users’ own fault if they get infected.
If they want to use apps of dubious provenance, they should at least install a decent security solution on all their devices and take responsibility for their security themselves. However, this is totally unrealistic.

Children and teenagers in particular will override warnings and install a must-have app, even if its source is dubious.

And then there are all the mobile threats that can infect devices without the user doing anything, such as drive-by downloads.

This is why it is cynical to expect users to take sole responsibility for their own security.

Local protection is no longer enough
Another aspect is that cyber-criminals will be targeting more and more devices due to the internet of things (IoT).

For these devices, local protection may not exist or may be impossible to provide.

The recent attacks on routers and IP cameras are examples of this.
So how can we ask users to please make sure they are secure? Do we want to make them responsible and liable if their smart light bulb becomes part of an IoT botnet that carries out denial-of-service attacks? That would be unfair.

Threats like Gooligan make it even clearer that we need to think differently.

The approach until now has been to protect devices individually – and this will be increasingly insufficient.
Instead, security needs to be built into the internet itself.

That is where threats must be detected and blocked.

Effective protection from Gooligan and others
This works best when the security solution is based in the cloud, such as in telecom providers’ infrastructure.

That would ensure that all the customer’s internet traffic would be routed through this separate security system and searched for threats, but without violating the user’s privacy.

This type of solution also requires a multi-layer structure in order to maximise its security effectiveness.
It would need to combine a variety of security technologies, ranging from signature-based malware detection and reputation services through to deep packet inspection, IDS/IPS, sandboxing and more.

That would achieve a level of protection that, until recently, was only available to large enterprises.

A solution like this would protect all Android device owners from Gooligan, even if they were running an older version of the operating system. One example is our cloud-based security solution ECS2, which has been protecting devices from this threat since February 2015.

Further information:
phronesis PR GmbH
Marcus Ehrenwirth
Ulmer Strasse 160
D-86156 Augsburg
Tel.: +49 (0) 821 444 800
Fax: +49 (0) 821 444 80 22

Secucloud GmbH
Kai Bulau
Poststrasse 6
D-20354 Hamburg
Tel.: +49 (0) 180 5 015 437
Fax: +49 (0) 180 5 015 438

About Secucloud
Secucloud is the first German-based provider of a comprehensive, completely cloud-based, enterprise-class security system for telcos and mobile phone operators.

The modular Elastic Cloud Security System (ECS2) is installed directly into the carrier’s network infrastructure, enabling it to protect its customers from all cyber-threats on the internet in a centralised way.

Customers do not need to install any software on their devices, so no setup or maintenance is required.

The Secucloud solution scales elastically and can protect more than 100 million users effectively and in real time. While customers are surfing the web, the various analysers in ECS2 scan all data traffic for malicious and damaging content.

To ensure extensive protection, Secucloud combines multiple powerful security technologies, including multi-AV engines, next generation firewall, packet analysers (including deep packet inspection as well as IDS and IPS systems), global cloud intelligence, DNS layer analysers, SSL scan decision, trust & reputation analysers, APT sandbox analysers and content analysers.

Further information about the company and its solutions is available on