Home Tags Intrusion Detection

Tag: Intrusion Detection

How Active Intrusion Detection Can Seek and Block Attacks

Researchers at Black Hat USA will demonstrate how active intrusion detection strategies can help administrators detect hackers who are overly reliant on popular attack tools and techniques.

Sandia Testing New Intrusion Detection Tool That Mimics Human Brain

Neuromorphic Data Microscope can spot malicious patterns in network traffic 100 times faster than current tool, lab claims.

Threat Attribution: Misunderstood & Abused

Despite its many pitfalls, threat attribution remains an important part of any incident response plan. Here's why. Threat attribution is the process of identifying actors behind an attack, their sponsors, and their motivations.
It typically involves forensic analysis to find evidence, also known as indicators of compromise (IOCs), and derive intelligence from them. Obviously, a lack of evidence or too little of it will make attribution much more difficult, even speculative.

But the opposite is just as true, and one should not assume that an abundance of IOCs will translate into an easy path to attribution. Let’s take a simple fictional example to illustrate: François is the chief information security officer (CISO) at a large US electric company that has just suffered a breach.

François’ IT department has found a malicious rootkit on a server which, after careful examination, shows that it was compiled on a system that supported pinyin characters. In addition, the intrusion detection system (IDS) logs show that the attacker may have been using an IP address located in China to exfiltrate data.

The egress communications show connections to a server in Hong Kong that took place over a weekend with several archives containing blueprints for a new billion-dollar project getting leaked. The logical conclusion might be that François’ company was compromised by Chinese hackers stealing industrial secrets.

After all, strong evidence points in that direction and the motives make perfect sense, given many documented precedents. This is one of the issues with attribution in that evidence can be crafted in such a way that it points to a likely attacker, in order to hide the real perpetrator’s identity.

To continue with our example, the attacker was in fact another US company and direct competitor.

The rootkit was bought on an underground forum and the server used to exfiltrate data was vulnerable to a SQL injection, and had been taken over by the actual threat actor as a relay point. Another common problem leading to erroneous attribution is when the wrong IOCs have been collected or when they come with little context. How can leaders make a sound decision with flawed or limited information? Failing to properly attribute a threat to the right adversary can have moderate to more serious consequences.

Chasing down the wrong perpetrator can result in wasted resources, not to mention being blinded to the more pressing danger. But threat attribution is also a geopolitical tool where flawed IOCs can come in handy to make assumptions and have an acceptable motive to apply economic sanctions.

Alternatively, it can also be convenient to refute strong IOCs and a clear threat actor under the pretext that attribution is a useless exercise. Despite its numerous pitfalls, threat attribution remains an important part of any incident response plan.

The famous “know your enemy” quote from the ancient Chinese general Sun Tzu, is often cited when it comes to computer security to illustrate that defending against the unknown can be challenging.
IOCs can help us bridge that gap by telling us if attackers are simply opportunistic or are the ones you did not expect. More Insights

HPE Details Global Security Operations Center Maturity Levels in New Report

Hewlett Packard Enterprise's 2017 State of of Security Operations Report reveals that 82 percent of Security Operation Centers are not running at the optimal level of maturity and meeting business goals. Hewlett Packard Enterprise (HPE) released its St...

GCHQ feeds first crop of infosec startups to Cyber Accelerator

Tech 'créche' will nurture firms to compete on the world stage The first infosec startups selected for the GCHQ Cyber Accelerator have been unveiled. The accelerator, which officially launches in Cheltenham later today, is part of a UK government-funded Cyber Innovation Centre. The tech créche is designed to nurture information security startups to the point where they can compete on the world stage, boosting British exports in the process. The seven early stage startups selected will receive benefits including access to technological and security expertise, networks, office space and mentoring during a three-month development programme. Contact with an extensive investor network and access to GCHQ's personnel and technical expertise form part of the package. The "magnificent seven" companies selected to join the programme include: CounterCraft, which has developed a cyber-security deception platform, designed to fool hackers with decoy computers, false data and fake identities Cyberowl, an early warning system for cyber attacks Cybersmart, a platform that automates implementation, certification and compliance with cyber-security standards FutureScaper, a collective intelligence platform that provides data visualisations that gives security analysts a better handle on security threats Spherical Defence, an intrusion detection system geared to the needs of the banking sector and featuring deep-learning technology StatusToday, providers of technology designed to detect insider attacks and inadvertent mistakes Verimuchme, a digital wallet and exchange platform The accelerator is a partnership between GCHQ, the Department of Culture, Media and Sport (DCMS), and Wayra UK, the corporate accelerator that is part of the global Telefónica Open Future_ network. The cyber-security sector contributes around £2bn a year in exports to the UK economy, according to backers of the new programme. The accelerator forms part of the Cheltenham Innovation Centre, the first of two innovation centres created as part of the government's National Cyber Security Programme. A second innovation centre will open in London later this year. DCMS is contributing up to £50m over the next five years to deliver the two innovation centres. Minister of State for Digital and Culture Matt Hancock MP said: "I congratulate all the companies selected to join the new accelerator facility which is now open for business. This is an important step in delivering our National Cyber Security Strategy, and supported by £1.9bn transformative investment in cyber security. Based in Cheltenham, the accelerator will help UK entrepreneurs create cutting-edge technology to better protect the nation from cyber attacks and make going online safer for all." Government ministers backed plans for GCHQ to become an incubator for the next generation of infosec firms, first floated two years ago. The idea is inspired, in part, by the production line of successful cyber-security firms set up by alumni from Unit 8200, Israel's military intelligence unit. They have gone on to found Check Point, Palo Alto Networks, and numerous successful security firms. These companies went through their incubator phase while their future founders were serving compulsory military service, which even taken alone is a big difference from the UK model. The cyber-security company production line in Israel is 30 years old and therefore well established, not least thanks to links with US companies, investors and entrepreneurs. Team8, a cyber-security foundry created by members Unit 8200, this week announced a strategic funding round with investments from Microsoft and Qualcomm, among others. Team8 has raised $92m to date from previous investors including AT&T, Accenture and Eric Schmidt's Innovation Endeavors. This is all a long way from a three-month boot camp close to GCHQ but, then again, you have to start somewhere, assuming you agree that government has a role in backing this sort of investment, which is open to debate. ® Sponsored: Next gen cybersecurity. Visit The Register's security hub

Wick Hill Feature: Delivering Secure Wi-Fi

Tony Evans from Wick Hill (part of the Nuvias Group) highlights the risks of Wi-Fi and provides some advice for delivering a secure hotspot

The fact that Wi-Fi stands for Wireless Fidelity hints at how long Wi-Fi has been around, but it was only in 1999 that the Wi-Fi Alliance formed as a trade association to hold the Wi-Fi trademark, under which most products are sold.

Today, Wi-Fi is on the top of the list of must-haves for businesses of all types and sizes. People will simply vote with their feet if good and, usually free, Wi-Fi is not available.

But this demand for anytime, anyplace connectivity can mean that some of us are prepared to jump onto Wi-Fi hotspots at cafes, hotel, airports or company guest networks, with only a fleeting consideration of security – a fact that has not gone unnoticed by cyber criminals.

There are over 300,000 videos on YouTube alone explaining how to hack Wi-Fi users with tools easily found online.

Risks from unprotected Wi-Fi:

Wi-Fi Password Cracking
Wireless access points that still use older security protocols such as WEP, make for easy targets because these passwords are notoriously easy to crack. Hotspots that invite us to log in by simply using social network credentials are increasingly popular, as they allow businesses to use demographic information such as age, gender and occupation to target personalised content and advertisements.

Eavesdropping
Without encryption, Wi-Fi users run the risk of having their private communications intercepted, or packet sniffed, by cyber snoops while on an unprotected network.

Rogue Hotspots
Cyber criminals can set up a spoof access point near your hotspot with a matching SSID that invites unsuspecting customers to log in leaving them susceptible to unnoticed malicious code injection.
In fact, it is possible to mimic a hotspot using cheap, portable hardware that fits into a backpack or could even be attached to a drone.

Planting Malware
There are common hacking toolkits to scan a Wi-Fi network for vulnerabilities, and customers who join an insecure wireless network may unwittingly walk away with unwanted malware.

A common tactic used by hackers is to plant a backdoor on the network, which allows them to return at a later date to steal sensitive information.

Data Theft
Joining an insecure wireless network puts users at risk of losing documents that may contain sensitive information.
In retail environments, for example, attackers focus their efforts on extracting payment details such as credit card numbers, customer identities and mailing addresses.

Inappropriate and Illegal Usage
Businesses offering guest Wi-Fi risk playing host to a wide variety of illegal and potentially harmful communications.

Adult or extremist content can be offensive to neighbouring users, and illegal downloads of protected media leave the businesses susceptible to copyright infringement lawsuits.

Bad Neighbours
As the number of wireless users on the network grows, so does the risk of a pre-infected client entering the network. Mobile attacks, such as Android’s Stagefright, can spread from guest to guest, even if the initial victim is oblivious to the threat.

Best practices
There are established best practices to help secure your Wi-Fi network, alongside a drive, from companies such as WatchGuard, to extend well-proven physical network safeguards to the area of wireless, providing better network visibility to avoid blind spots.

Implementing the latest WPA2 Enterprise (802.1x) security protocol and encryption is a must, while all traffic should, at a minimum, be inspected for viruses and malware, including zero day threats and advanced persistent threats.

Application ID and control will monitor and optionally block certain risky traffic, while web content filtering will prevent unsuspecting users from accidentally clicking a hyperlink that invites exploitation, malware and backdoors to be loaded into your network.

The use of strong passwords, which are changed frequently, should be encouraged, along with regular scanning for rogue Access Points (APs) and whitelisting MAC addresses, when possible.

WatchGuard’s latest cloud-managed wireless access points also have built-in WIPS (Wireless Intrusion Prevention System) technology to defend against unauthorised devices, rogue APs and malicious attacks, with close to zero false positives.

While WIDs (Wireless Intrusion Detection Systems) are common in many Wi-Fi solutions, WIDs require manual intervention to respond to potential threats.

This may be OK for large organisations with IT teams that can manage this, however WIPs is a fully-automated system, which makes it far more attractive to SMEs and organisations such as schools and colleges.

Using patented, Marker Packet wireless detection technology, WatchGuard WIPS differentiates between nearby external access points and rogue access points.
If a rogue access point is detected, all incoming connections to that access point are instantly blocked. WIPS also keeps a record of all clients connecting to the authorised access points, so if a known device attempts to connect to a malicious access point, the connection is instantly blocked. WIPS will also shut down denial-of-service attacks by continuously looking for abnormally high amounts of de-authentication packets.

Wi-Fi as a marketing tool
While Wi-Fi networks have traditionally been viewed as part of the IT infrastructure and the responsibility of the IT department, the latest Wi-Fi systems deliver more than just connectivity, which makes them an attractive proposition for customer services and marketing departments.

For example, the WatchGuard Wi-Fi Cloud provides visibility into marketing data, including insights into footfall and customer demographics and also makes it possible to have direct communication with individual customers in the form of SMS, MMS or social networks.

And with customised splash pages, businesses can personalise the customer Wi-Fi experiences by offering promotional opportunities or surveys and promoting all-important branding.

It is clear that Wi-Fi is here to stay and is becoming much more than simply a way to get online. While the rapid speed of Wi-Fi adoption has led to a disconnect between physical and wireless security, this is now changing and there is no longer any excuse for providing insecure Wi-Fi.

ENDS

About Wick Hill
Established in 1976, value added distributor Wick Hill specialises in secure IP infrastructure solutions.

The company sources and delivers best-of-breed, easy-to-use solutions through its channel partners, with a portfolio that covers security, performance, access, networking, convergence, storage and hosted solutions.

Wick Hill is particularly focused on providing a wide range of value-added support for its channel partners.

This includes strong lead generation and conversion, technical and consultancy support, and comprehensive training. Wick Hill has its headquarters in the UK and offices in Germany and Austria. Wick Hill also offers services to channel partners in fourteen EMEA countries and worldwide, through its association with Zycko, as part of Nuvias Group, the pan-EMEA, high value distribution business, which is redefining international, specialist distribution in IT.

For further press information, please contact Annabelle Brown on 01326 318212, email pr@wickhill.com Wick Hill https://www.wickhill.com

Thales Releases Advanced Encryption Solutions for Secure Docker Containers, Simplified Deployment...

Vormetric Data Security Platform expansion includes patented, non-disruptive encryption deployment and advanced Docker encryption

December 8, 2016 – Thales, a leader in critical information systems, cybersecurity and data security, today announced the release of new capabilities for its leading Vormetric Data Security Platform.

These advances extend data-at-rest security capabilities with deeply integrated Docker encryption and access controls, the ability to encrypt and re-key data without having to take applications offline, FIPS certified remote administration and management of data security policies and protections, and the ability to accelerate the deployment of tokenization, static data masking and application encryption.

Announced today by Thales:

  • General availability of Vormetric Transparent Encryption Live Data Transformation Extension: A patented solution that enables organisations to deploy and maintain encryption with minimal downtime.

    Enables initial encryption and rekeying of previously encrypted data while in use.

    Available previously as a pilot – now generally available.
  • Vormetric Transparent Encryption Docker Extension: Extends Vormetric Transparent Encryption’s OS-level policy-based encryption, data access controls and data access logging capabilities to internal Docker container users, processes and resource sets.

    Deploys and protects without the need to alter containers or applications.

    Enables compliance and best practices for encryption, control of data access, and data access auditing for container accessible information.

    Find additional information here: https://www.vormetric.com/products/containers.
  • FIPS 140-2 level 3 certified remote data security management and policy control for Vormetric Data Security Manager V6100 appliance.

    This innovation enables organisations with the most stringent compliance and best practice requirements to easily manage the full Thales line of Vormetric data security platform solutions without physical visits to data centers.
  • Batch Data Transformation: Eases initial encryption or tokenization of sensitive database columns in environments that are protected with Vormetric Application Encryption or Vormetric Tokenization.

    Also supports Static Data Masking requirements.

"IT system downtime is costly for any business, even when it is planned," said Bob Tarzey of UK-based Quocirca. "The financial consequences of IT disruptions arise from lost sales and productivity; in addition, consequent reputational damage can have a longer term knock-on effect," he added. "Downtime need not be caused by system outage, it can be due to data processing, which includes encryption.

The idea behind Vormetric's Live Data Transformation is to solve this problem, even for large databases with high transaction volumes.

Any organisation which needs to ensure both constant data security and availability should take a look at such technology."

Compliance requirements and best practices increasingly call for organisations to encrypt and control access to sensitive data, while also logging and auditing information about sensitive data access.

The company’s recent 2016 Vormetric Data Threat Report revealed that perceived “complexity” is the number-one reason that enterprises do not adopt data security tools and techniques that support these capabilities more widely.

These advanced data security controls directly address this problem by enabling enterprises to confidently support their digital transformation more easily and simply, and in more environments, than ever before.

“Thales continues to innovate by providing advanced data security solutions and services that delivers trust wherever information is created, shared, or stored,” said Vice President of Product Management for Thales e-Security, Derek Tumulak. “No other organisation offers the depth and breadth of integrated data security solutions, or enables enterprises to confidently accelerate their organisation’s digital transformation, like Thales.”

Availability: All new offerings are planned to be available in Q1 2017

About Thales e-Security
Thales e-Security + Vormetric have combined to form the leading global data protection and digital trust management company.

Together, we enable companies to compete confidently and quickly by securing data at-rest, in-motion, and in-use to effectively deliver secure and compliant solutions with the highest levels of management, speed and trust across physical, virtual, and cloud environments.

By deploying our leading solutions and services, targeted attacks are thwarted and sensitive data risk exposure is reduced with the least business disruption and at the lowest life cycle cost.

Thales e-Security and Vormetric are part of Thales Group. www.thales-esecurity.com

About Thales
Thales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 62,000 employees in 56 countries, Thales reported sales of €14 billion in 2015. With over 22,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements.
Its exceptional international footprint allows it to work closely with its customers all over the world.

Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe’s leading players in the security market.

The Group’s security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.

Thales offers world-class cryptographic capabilities and is a global leader in cybersecurity solutions for defence, government, critical infrastructure providers, telecom companies, industry and the financial services sector. With a value proposition addressing the entire data security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, data protection, digital trust management and design, development, integration, certification and security maintenance of cybersecured systems, to cyberthreat management, intrusion detection and security supervision through cybersecurity Operation Centres in France, the United Kingdom, The Netherlands and soon in Hong Kong.

Contact:
Dorothée Bonneil
Thales Media Relations – Security
+33 (0)1 57 77 90 89
dorothee.bonneil@thalesgroup.com

Liz Harris
Thales e-Security Media Relations
+44 (0)1223 723612
liz.harris@thales-esecurity.com

Just Half Of Organizations Employ Threat Intelligence

PwC survey finds half of enterprises worldwide swap actionable information with industry peers, and 45% with ISACs. Roughly 50% of IT managers worldwide say they use some form of threat intelligence, according to a new PriceWaterhouseCoopers study. The survey, Towards New Possibilities in Threat Management, was sliced from PwC’s Global State of Information Security Survey 2017 that polled more than 10,000 IT managers of all stripes in more than 133 countries. “We looked at the data from the global study and found that while roughly half the group were using threat intelligence tools, we also wanted to bring out that half the group are not using these tools and more work was needed in this area,” says Christopher O’Hara, a PwC partner who specializes in cybersecurity and privacy. Data from the threat management study does show some positive trends: 52% have intrusion detection tools 51% actively monitor and analyze information security intelligence 48% conduct vulnerability assessments 47% conduct threat assessments 47% have SIEM tools 45% use threat intelligence subscription services 44% conduct penetration tests “We think the number for threat intelligence subscription services is actually much higher,” says O’Hara, who adds that PwC recommends that companies consider using cloud-based threat intelligence products to more effectively manage emerging threats. O’Hara points out that in the past, global companies would gather threat intelligence from each location. With cloud-based tools and more powerful analytics, companies can get increased visibility across multiple sites, putting them in a stronger position to respond to threats. In the study, PwC says along with using cloud tools, companies need to develop expertise in the following four areas: 1.      Ingest and surface meaningful, validated intelligence in real-time. Companies need to start by setting up a network of intelligence services, including the ISACs, and subscription services.

The survey found that 50% share with and receive more actionable information from industry peers, while 45% share with and receive more actionable information from ISACs. 2.      Assess the organizational impact of that intelligence. By using cloud-based tools, security managers can determine which information is relevant to their company.

For example, a retailer would be more interested in transaction information while a medical practice cares much more about PII and HIPAA compliance. 3.      Identify actions to mitigate threats. A good example is an ecommerce company that asks users challenge questions when they register online.

A user might run transactions for several days or months then suddenly get prompted with a challenge question.

Typically, this means that the analytics system has noticed a different pattern and wants to be sure the right user is being authenticated.

They will then ask for a second level of authentication in the form of one of the challenge questions. While ecommerce companies routinely do this, more companies need to find ways to insert a second level of authentication. 4.      Take prompt, technical, legal and operational action. Many companies take prompt action when an incident hits. Once an infected device is identified, they cut off the employee, shutting down the person’s laptop, cell phone, and any other devices the company has issued to them.

They will also take an image of the computer, documentation that’s useful in the event the company needs to present the information in a legal proceeding, or simply share it with other industry peers or various government entities.  Related Content: Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology.
Steve is based in Columbia, Md.
View Full Bio More Insights

Vormetric Live Data Transformation from Thales Wins 2016 Computing Security Excellence...

Vormetric Live Data Transformation solution recognised for innovation, functionality and originalityLONDON, England, November 25, 2016 – Thales, a leader in critical information systems, cybersecurity and data protection, has announced that its Vormetric Live Data Transformation was named Security Innovation of the Year in the Computing Security Excellence Awards, following a ceremony in London. Judged by an independent panel, the awards celebrate the achievements of the IT industry's best security companies, solutions, products and personalities.

This category was highly competitive, with the judges looking for products and services that can demonstrate something truly new and innovative. With cyber threats and compliance requirements increasing in tandem, it is important that encryption can be deployed and managed with minimal impact on business processes and user experience. However, when very large data sets are involved, initial encryption deployments can reduce data availability and require lengthy maintenance windows.

Compounding matters further, maintaining data security compliance often requires routine encryption key rotation even after initial deployments have been successfully completed. When large data sets have been encrypted, significant processing time and long periods of planned downtime may be required to support the rekeying of data.

These realities have often forced security and IT teams to make tough trade-offs, fundamentally having to choose between security and availability. “The use of encryption is critical to securing data at rest, but trying to encrypt very large databases or millions of files can span hours and even days, which can be a non-starter for applications that can’t afford long maintenance windows,” said Louise Bulman, Vice President of U.K. and Ireland Sales for Thales. “Our Vormetric Live Data Transformation is a real game-changer.

For the first time, the operational impact of protecting data is effectively zero – organisations can be confident that their data, wherever it resides, is secured, without worrying about the disruption traditionally associated with encryption.

As such, we are very proud to have been recognised in this category at the Computing Security Excellence Awards.” With Vormetric Live Data Transformation from Thales, encryption is delivered with minimal disruption, effort, and cost.

The solution’s transparent approach enables security organisations to implement encryption without changing application, networking, or storage architectures. Launched earlier this year, the product offers patented capabilities that deliver breakthroughs in resiliency and efficiency, while also highlighting Thales’ drive to continue offering organizations the most innovative, easy to deploy and operate data security solutions available. “With this solution, businesses can ensure data protection while continuing to operate without interruption – no matter how many files are involved or how large their databases are,” continued Bulman. “Our Vormetric Live Data Transformation product offers significant improvements in security and data availability, while reducing the operational costs typically associated with encryption. We thank the judges for recognising our ongoing commitment to data encryption and protection.” # # # About Thales e-SecurityThales e-Security + Vormetric have combined to form the leading global data protection and digital trust management company.

Together, we enable companies to compete confidently and quickly by securing data at-rest, in-motion, and in-use to effectively deliver secure and compliant solutions with the highest levels of management, speed and trust across physical, virtual, and cloud environments.

By deploying our leading solutions and services, targeted attacks are thwarted and sensitive data risk exposure is reduced with the least business disruption and at the lowest life cycle cost.

Thales e-Security and Vormetric are part of Thales Group. www.thales-esecurity.com About ThalesThales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 62,000 employees in 56 countries, Thales reported sales of €14 billion in 2015. With over 22,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements.
Its exceptional international footprint allows it to work closely with its customers all over the world. Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe’s leading players in the security market.

The Group’s security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure. Thales offers world-class cryptographic capabilities and is a global leader in cybersecurity solutions for defence, government, critical infrastructure providers, telecom companies, industry and the financial services sector. With a value proposition addressing the entire data security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, data protection, digital trust management and design, development, integration, certification and security maintenance of cybersecured systems, to cyberthreat management, intrusion detection and security supervision through cybersecurity Operation Centres in France, the United Kingdom, The Netherlands and soon in Hong Kong. Contact:Dorothée BonneilThales Media Relations – Security+33 (0)1 57 77 90 89dorothee.bonneil@thalesgroup.com Liz HarrisThales e-Security Media Relations+44 (0)1223 723612liz.harris@thales-esecurity.com

Antivirus tools are a useless box-ticking exercise says Google security chap

Advocates whitelists and other tools that 'genuinely help' security Kiwicon Google senior security engineer Darren Bilby has asked fellow hackers to expend less effort on tools like antivirus and intrusion detection to instead research more meaningful defences such as whitelisting applications. The incident responder from Google's Sydney office, who is charged with researching very advanced attacks including the 2009 Operation Aurora campaign, has decried many existing tools as ineffective "magic" that engineers are forced to install for the sake of compliance but at the expense of real security. "Please no more magic," Bilbly told the Kiwicon hacking conference in Wellington today. "We need to stop investing in those things we have shown do not work." "And sure you are going to have to spend some time on things like intrusion detection systems because that's what the industry has decided is the plan, but allocate some time to working on things that actually genuinely help." Bilby wants security types to focus on tools like whitelisting, hardware security keys and dynamic access rights efforts like Google's Beyond Corp internal project. "Antivirus does some useful things, but in reality it is more like a canary in the coal mine.
It is worse than that.
It's like we are standing around the dead canary saying 'Thank god it inhaled all the poisonous gas'," Bilby said. The Google hacker also argued that networks are not a security defence because users are so easily able to use mobile networks to upload data to cloud services, bypassing all traditional defences. Advice on safe internet use is "horrible", he added.

Telling users not to click on phishing links and to download strange executables effectively shifts blame to them and away from those who manufactured hardware and software that is not secure enough to be used online. "We are giving people systems that are not safe for the internet and we are blaming the user," Bilby says. He illustrated his point by referring to the 314 remote code execution holes disclosed in Adobe Flash last year alone, saying the strategy to patch those holes is like a car yard which sells vehicles that catch on fire every other week. ® Sponsored: Customer Identity and Access Management

Ixia's ATIP Speeds Up Intrusion Detection Process

New enhancements to Application and Threat Intelligence process technology debut along with a new centralized cloud management interface for security appliances. Network security vendor Ixia announced a series of new product capabilities on Nov. 9 in a...

Multiple RCE flaws found in Memcached web speed tool

Facebook, Twitter, YouTube, Reddit among big ticket sites possibly affected A remote code execution vulnerability in popular website backend performance tool Memcached has been found and squashed. Cisco penetration tester Aleksandar Nikolich reported three remote code execution holes in the tool used by big name sites including Facebook, Twitter, YouTube, and Reddit to help decrease database burdens and increase performance. Nikolich says the flaws can compromise the many sites that expose Memcache servers to the internet. He says attackers can further use the vulnerabilities to bypass exploit defences address space layout randomisation. Here's his take on the situation: "Multiple integer overflow vulnerabilities exist within Memcached that could be exploited to achieve remote code execution on the targeted system.

These vulnerabilities manifest in various Memcached functions that are used in inserting, appending, prepending, or modifying key-value data pairs.
Systems which also have Memcached compiled with support for SASL authentication are also vulnerable to a third flaw due to how Memcached handles SASL authentication commands. The integer overflows flaws (CVE-2016-8704, CVE-2016-8705, CVE-2016-8706) affect version 1.4.31 of Memcached and earlier. Nikollich says attackers can send repeat specifically-crafted Memcached commands to targeted servers making the attacks reliable and considered "severe". It took Memcached authors only two days to build a patch but another 19 to prep it for release on 31 October. A patch notice explains that "serious" remote code execution bugs were fixed relating to the binary protocol and SASL authentication. "If you do not use the binary protocol at all, a workaround is to start memcached with -B ascii - otherwise you will need the patch in this release," they say. Nikollich warns admins to apply the patch even to Memcached servers exposed to trusted environments, since attackers with existing access could move laterally into those networks. "While it's strongly recommend that Memcached servers are setup so that they are only accessible within a trusted environment, many Memcached servers are setup so that they are accessible over the internet," he says. Cisco has released Snort intrusion detection rules to detect Memcached exploitation attempts. ®

1

Attach Id ( 959790 ) not integer for post_thumbnail 835201

1

Attach Id ( 856794 ) not integer for post_thumbnail 761607

1

Attach Id ( 856801 ) not integer for post_thumbnail 734000

1

Attach Id ( 856800 ) not integer for post_thumbnail 734000

1

Attach Id ( 856806 ) not integer for post_thumbnail 725032

1

Attach Id ( 1035932 ) not integer for post_thumbnail 1030349

1

Attach Id ( 1097605 ) not integer for post_thumbnail 1021772

1

Attach Id ( 1070445 ) not integer for post_thumbnail 1031592

1

Attach Id ( 1088817 ) not integer for post_thumbnail 1084937

1

Attach Id ( 1097146 ) not integer for post_thumbnail 1034023

1

Attach Id ( 1097756 ) not integer for post_thumbnail 1081891

1

Attach Id ( 1366067 ) not integer for post_thumbnail 1064018

1

Attach Id ( 1114278 ) not integer for post_thumbnail 1112807

1

Attach Id ( 1120202 ) not integer for post_thumbnail 1110638

1

Attach Id ( 1130484 ) not integer for post_thumbnail 1128829

1

Attach Id ( 1130811 ) not integer for post_thumbnail 1070037

1

Attach Id ( 1438854 ) not integer for post_thumbnail 1037929

1

Attach Id ( 1138547 ) not integer for post_thumbnail 1066943

1

Attach Id ( 1155230 ) not integer for post_thumbnail 1037716

1

Attach Id ( 1298248 ) not integer for post_thumbnail 1046394

1

Attach Id ( 1164146 ) not integer for post_thumbnail 1054729

1

Attach Id ( 1188679 ) not integer for post_thumbnail 1062534

1

Attach Id ( 1204758 ) not integer for post_thumbnail 1042440

1

Attach Id ( 1246234 ) not integer for post_thumbnail 1037938

1

Attach Id ( 1247909 ) not integer for post_thumbnail 1063879

1

Attach Id ( 1248171 ) not integer for post_thumbnail 1229545

1

Attach Id ( 1416639 ) not integer for post_thumbnail 1188979

1

Attach Id ( 1257328 ) not integer for post_thumbnail 1120206

1

Attach Id ( 1297465 ) not integer for post_thumbnail 1157604

1

Attach Id ( 1301705 ) not integer for post_thumbnail 1060130

1

Attach Id ( 1323365 ) not integer for post_thumbnail 1204453

1

Attach Id ( 1334069 ) not integer for post_thumbnail 1050182

1

Attach Id ( 1387557 ) not integer for post_thumbnail 1371756

1

Attach Id ( 1445991 ) not integer for post_thumbnail 1349107

1

Attach Id ( 1466435 ) not integer for post_thumbnail 1192477

1

Attach Id ( 1474161 ) not integer for post_thumbnail 1447310

1

Attach Id ( 1470572 ) not integer for post_thumbnail 1189340

1

Attach Id ( 1473842 ) not integer for post_thumbnail 1077177

1

Attach Id ( 1476739 ) not integer for post_thumbnail 1476740

1

Attach Id ( 1476744 ) not integer for post_thumbnail 1476745

1

Attach Id ( 1476749 ) not integer for post_thumbnail 1476750

1

Attach Id ( 1476752 ) not integer for post_thumbnail 1476753

1

Attach Id ( 1476767 ) not integer for post_thumbnail 1476769

1

Attach Id ( 1476808 ) not integer for post_thumbnail 1476813

1

Attach Id ( 1476819 ) not integer for post_thumbnail 1476823

1

Attach Id ( 1476975 ) not integer for post_thumbnail 1476977

1

Attach Id ( 1476995 ) not integer for post_thumbnail 1477003

1

Attach Id ( 1477005 ) not integer for post_thumbnail 1477012

1

Attach Id ( 1477218 ) not integer for post_thumbnail 1477219

1

Attach Id ( 1477231 ) not integer for post_thumbnail 1477232

1

Attach Id ( 1477335 ) not integer for post_thumbnail 1477338

1

Attach Id ( 1477345 ) not integer for post_thumbnail 1477346

1

Attach Id ( 1477351 ) not integer for post_thumbnail 1477352

1

Attach Id ( 1477401 ) not integer for post_thumbnail 1477402

1

Attach Id ( 1477483 ) not integer for post_thumbnail 1477484

1

Attach Id ( 1477486 ) not integer for post_thumbnail 1477487

1

Attach Id ( 1477489 ) not integer for post_thumbnail 1477490

1

Attach Id ( 1477562 ) not integer for post_thumbnail 1477563

1

Attach Id ( 1477723 ) not integer for post_thumbnail 1477724

1

Attach Id ( 1477732 ) not integer for post_thumbnail 1477733

1

Attach Id ( 1477735 ) not integer for post_thumbnail 1477736

1

Attach Id ( 1477738 ) not integer for post_thumbnail 1477739

1

Attach Id ( 1477741 ) not integer for post_thumbnail 1477742

1

Attach Id ( 1478283 ) not integer for post_thumbnail 1478284

1

Attach Id ( 1478286 ) not integer for post_thumbnail 1478287

1

Attach Id ( 1478291 ) not integer for post_thumbnail 1478292

1

Attach Id ( 1478967 ) not integer for post_thumbnail 1478968

1

Attach Id ( 1480085 ) not integer for post_thumbnail 1480087