A software platform from startup Verodin launches simulated attacks against live networks as a way to check the effectiveness of their defenses and also train security operations personnel.Verodin’s gear includes software probes that are deployed in customer networks to act as both attackers and targets. Data about the effectiveness of the simulated attacks is fed to a Web-based management platform called a controller that shows how well the network defended itself.Verodin’s platform is similar to that from another startup called AttackIQ.To read this article in full or to leave a comment, please click here
A software platform from startup Verodin launches simulated attacks against live networks as a way to check the effectiveness of their defenses and also train security operations personnel.Verodin’s gear includes software probes that are deployed in customer networks to act as both attackers and targets. Data about the effectiveness of the simulated attacks is fed to a Web-based management platform called a controller that shows how well the network defended itself.Verodin’s platform is similar to that from another startup called AttackIQ.To read this article in full or to leave a comment, please click here
The Department of Homeland Security is publicizing eight new cyber security technologies developed under federal grants that are looking for private businesses to turn them into commercial products.In its fourth “Cyber Security Division Transition to Practice Technology Guide”, DHS outlines the eight technologies that range from malware analysis tools to behavior analysis platforms to randomization software that protects Windows applications.+More on Network World: IRS: Tax deadline looms, scammers get more frantic+To read this article in full or to leave a comment, please click here
The Department of Homeland Security is publicizing eight new cyber security technologies developed under federal grants that are looking for private businesses to turn them into commercial products.In its fourth “Cyber Security Division Transition to Practice Technology Guide”, DHS outlines the eight technologies that range from malware analysis tools to behavior analysis platforms to randomization software that protects Windows applications.+More on Network World: IRS: Tax deadline looms, scammers get more frantic+To read this article in full or to leave a comment, please click here
The first draft of long awaited federal encryption legislation that would govern to what lengths vendors and service providers have to go in order to comply with court decryption orders has finally been released.It takes a stab at defining how to give law enforcement the authority to access encrypted information and under what circumstances that is OK. It also tells vendors and service providers to what lengths they would have to go to help out.The proposal has not been filed formally as a bill in Congress, but its release will generate discussion.To read this article in full or to leave a comment, please click here
The first draft of long awaited federal encryption legislation that would govern to what lengths vendors and service providers have to go in order to comply with court decryption orders has finally been released.It takes a stab at defining how to give law enforcement the authority to access encrypted information and under what circumstances that is OK. It also tells vendors and service providers to what lengths they would have to go to help out.The proposal has not been filed formally as a bill in Congress, but its release will generate discussion.To read this article in full or to leave a comment, please click here
The first proposed federal encryption legislation has been released, and had it been established law earlier this year Apple would have had to provide the help the FBI asked for in accessing encrypted data on the iPhone used by a terrorist in San Bernardino.The draft published by Sen. Richard Burr of North Carolina and Sen. Dianne Feinstein of California calls for encryption vendors and others to obey court orders that command them to deliver intelligible versions of encrypted data or to provide technical assistance to make it intelligible.To read this article in full or to leave a comment, please click here
The first proposed federal encryption legislation has been released, and had it been established law earlier this year Apple would have had to provide the help the FBI asked for in accessing encrypted data on the iPhone used by a terrorist in San Bernardino.The draft published by Sen. Richard Burr of North Carolina and Sen. Dianne Feinstein of California calls for encryption vendors and others to obey court orders that command them to deliver intelligible versions of encrypted data or to provide technical assistance to make it intelligible.To read this article in full or to leave a comment, please click here
PowerShell used as a tool in compound malware attacks is becoming more common, with 38% of all attacks seen by IT security vendor CarbonBlack and its partners involving the native Windows scripting language.
Ben Johnson
Its use is so common in enterprises for legitimate purposes that most security devices and personnel don’t regard it as a threat, says Ben Johnson, the chief security strategist at CarbonBlack.That makes it all the more effective as a component of attacks. Its scripts can run in memory only so it never creates a file on disk, Johnson says. “It creates less noise on the system,” so it’s less likely to draw attention to itself, he adds.To read this article in full or to leave a comment, please click here
PowerShell used as a tool in compound malware attacks is becoming more common, with 38% of all attacks seen by IT security vendor CarbonBlack and its partners involving the native Windows scripting language.
Ben Johnson
Its use is so common in enterprises for legitimate purposes that most security devices and personnel don’t regard it as a threat, says Ben Johnson, the chief security strategist at CarbonBlack.That makes it all the more effective as a component of attacks. Its scripts can run in memory only so it never creates a file on disk, Johnson says. “It creates less noise on the system,” so it’s less likely to draw attention to itself, he adds.To read this article in full or to leave a comment, please click here
Startup Seceon has joined a growing number of firms focused on quickly analyzing behaviors on corporate networks to identify and prioritize threats that ought to be dealt with, cutting down on the manual work required to spot and stop attacks.In addition to identifying intrusions, the company’s Open Threat Management (OTM) platform can also automatically block suspect behaviors using scripts to other devices on the network.The company competes against a number of others including Damballa, LightCyber and Vectra as well as vendors with broader portfolios such as Carbon Black, Black Ensilo, Fireeye, Guidance, Promisec, Resolution1 Security, and Tanium.To read this article in full or to leave a comment, please click here
Startup Seceon has joined a growing number of firms focused on quickly analyzing behaviors on corporate networks to identify and prioritize threats that ought to be dealt with, cutting down on the manual work required to spot and stop attacks.In addition to identifying intrusions, the company’s Open Threat Management (OTM) platform can also automatically block suspect behaviors using scripts to other devices on the network.The company competes against a number of others including Damballa, LightCyber and Vectra as well as vendors with broader portfolios such as Carbon Black, Black Ensilo, Fireeye, Guidance, Promisec, Resolution1 Security, and Tanium.To read this article in full or to leave a comment, please click here
The Open Source Vulnerability Database shut down this week posed yet another security challenge for developers who routinely inject massive amounts of free off-the-shelf code into new software.As the name suggests, OSVD was a resource where non-commercial developers could look – free - for patches to known vulnerabilities.+More on Network World: 10 best cloud SLA practices+To read this article in full or to leave a comment, please click here
The Open Source Vulnerability Database shut down this week posed yet another security challenge for developers who routinely inject massive amounts of free off-the-shelf code into new software.As the name suggests, OSVD was a resource where non-commercial developers could look – free - for patches to known vulnerabilities.+More on Network World: 10 best cloud SLA practices+To read this article in full or to leave a comment, please click here
President Obama won’t push for legislation that forces encryption vendors to decrypt when ordered to do so by a court, Reuters is reporting, essentially choosing to sit on the fence, at least for now.Combined with his comments earlier this year at South by Southwest Interactive, it seems that Obama, like many others, is torn between privacy and law enforcement’s desire to crack encryption to further investigations.White House sources say he will withhold public support for draft legislation that would force encryption vendors to help law enforcement to decrypt messages protected by their technology, Reuters says.To read this article in full or to leave a comment, please click here
President Obama won’t push for legislation that forces encryption vendors to decrypt when ordered to do so by a court, Reuters is reporting, essentially choosing to sit on the fence, at least for now.Combined with his comments earlier this year at South by Southwest Interactive, it seems that Obama, like many others, is torn between privacy and law enforcement’s desire to crack encryption to further investigations.White House sources say he will withhold public support for draft legislation that would force encryption vendors to help law enforcement to decrypt messages protected by their technology, Reuters says.To read this article in full or to leave a comment, please click here
If encryption is something to be feared in the hands of terrorists, WhatsApp just delivered them a tool that will give the FBI nightmares much worse than the encryption on iPhones.
WhatsApp enlisted the help of Open Whisper Systems to implement the encryption, and according to that company’s blog, “This includes chats, group chats, attachments, voice notes, and voice calls across Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10.”
This will likely drive law enforcement crazy, the FBI in particular, because it makes it impossible for WhatsApp to obey court orders to decrypt specified communications. Even if it wanted to comply, it couldn’t. The encryption is set up between the endpoints in the communication and WhatsApp just moves the traffic.To read this article in full or to leave a comment, please click here
If encryption is something to be feared in the hands of terrorists, WhatsApp just delivered them a tool that will give the FBI nightmares much worse than the encryption on iPhones.
WhatsApp enlisted the help of Open Whisper Systems to implement the encryption, and according to that company’s blog, “This includes chats, group chats, attachments, voice notes, and voice calls across Android, iPhone, Windows Phone, Nokia S40, Nokia S60, Blackberry, and BB10.”
This will likely drive law enforcement crazy, the FBI in particular, because it makes it impossible for WhatsApp to obey court orders to decrypt specified communications. Even if it wanted to comply, it couldn’t. The encryption is set up between the endpoints in the communication and WhatsApp just moves the traffic.To read this article in full or to leave a comment, please click here
Now that it has found a way to do so for its own purposes in a California terrorism case, the FBI is helping Arkansas prosecutors break into an iPhone and iPad.This time it’s to look for evidence in a murder trial, and it’s without asking Apple for help to crack the iOS devices. Instead prosecutors in Faulkner County, Ark., asked the FBI to take a shot at it, given its recent success breaking into the phone used by a terrorist in San Bernardino, Calif., according to the Associated Press.The FBI is also helping break into an iPod related to the case, the AP says.To read this article in full or to leave a comment, please click here
Software security for automobiles is improving but it will take another three or four years until manufacturers can put overarching security architecture in place, says Stefan Savage, winner of the 2015 ACM-Infosys Foundation Award in the Computing Sciences.“We’re at a point where the industry has to recognize that this is a real issue for them,” says Savage, a professor in the Computer Science and Engineering department at the UC San Diego Jacobs School of Engineering.+ MORE CAR SECURITY: Car hackers urge you to patch your Chrysler, Ram, Durango, or Jeep +To read this article in full or to leave a comment, please click here
Tim Greene