BRKSEC-2010: Emerging Threats – The State of Cyber Security
Presenter: Craig Williams (@security_craig) – Sr Technical Leader / Security Outreach Manager, Cisco TALOS
I’m from Talos. We love to stop bad guys.
Talos by the numbers:
- 1.1 million incoming malware samples per day
- 1.5 billion Sender Base reputation queries per day
Talos has a serious amount of data. For serious.
Data is key. It allows generation of real threat intel.
We basically have a bottomless pit of data
Talos vuln dev team:
- Looking for ways to programmatically find 0-days
- Takes this research and feeds it back into Cisco to a) make Cisco products more secure and b) generate sigs and threat intel to protect customers
With ransomware, you’re basically funding the malware underground.
Malvertizing:
- Malicious ads which redirect user to malware and then infects them
- Kyle & Stan campaign dynamically generated a new .exe every time it was downloaded; prevented matching on the file hash; Cisco AMP can stay on the bleeding edge of this
- blogs.cisco.com/security/talos/kyle-and-stan
Destructive/Wiper Malware:
- Targets your data
- Not just file data, but also seen targetting network devices and wiping their configs
- Cryptolocker 2.0: uses TOR for C&C; encrypted binary to avoid hash fingerprinting; anti-VM check
- Cryptolocker 3.0: still Continue reading
Cisco’s Newest Network Security Product Is the Entire Network
Rather than relying on point products, enterprises should let the network become a security sensor and enforcer, Cisco says.
What’s the state of iPhone PIN guessing
I think even some experts have gotten this wrong, so I want to ask everyone: what's the current state-of-the-art for trying to crack Apple PIN codes?This is how I think it works currently (in iOS 8).
To start with, there is a special "crypto-chip" inside the iPhone that holds your secrets (like a TPM or ARM TrustZone). I think originally it was ARM's TrustZone, but now that Apple designs its own chips, that they've customized it. I think they needed to add stuff to make Touch ID work.
All the data (on the internal flash drive) is encrypted with a random AES key that nobody, not even the NSA, can crack. This random AES key is stored on the crypto-chip. Thus, if your phone is stolen, the robbers cannot steal the data from it -- as long as your phone is locked properly.
To unlock your phone, you type in a 4 digit passcode. This passcode gets sent to the crypto-chip, which verifies the code, then gives you the AES key needed to decrypt the flash drive. This is all invisible, of course, but that's what's going on underneath the scenes. Since the NSA can't crack the AES key Continue reading
Juniper’s Security CTO, Christofer Hoff, Leaves the Valley
Juniper loses a big name to the world outside Silicon Valley.
Menlo Security Raises $25M for Its Isolation Platform
If you can't secure the endpoints, Menlo figures you might as well eliminate them.
PQ Show 51 – LightCyber Magna Active Breach Detection – Sponsored
LightCyber Magna Active Breach Detection automatically detects active attackers by identifying the anomalous operational behaviors sourced from compromised hosts in your network. By focusing on actual attack behaviors, and not technical artifacts like signatures, Magna provides accurate breach indicators and eliminates excessive false positives.
Author information
The post PQ Show 51 – LightCyber Magna Active Breach Detection – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.
How to Enable Dot1x – more complex setup for wired network
How does Internet work - We know what is networking
This one is long. Do not be afraid though, I made it just to give you the fastest way to deploy functional dot1x to your company HQ without reading even more documentation and searching for those little timer default settings. I the article prior to this I showed you how to setup your environment with simple dot1x and make it as simple as possible. I will not repeat again the part about setting up Radius Clients on server side, everything else is here once again just more complex. Now is time for a more complex example that will make your implementation
How to Enable Dot1x authentication for wired clients
How does Internet work - We know what is networking
If your LAN is extending to some places where unauthorised people can just plug in and gain access to your protected network, it’s time to implement some security on your access switch. The best thing to do is to implement IEEE 802.1X port-based authentication which will enable users/machine authentication and prevent unauthorized devices from getting access switch port running when connected. IEEE 802.1X port-based authentication is mostly called simply as dot1x. In this article I will show you how to configure some basic dot1x stuff on switch side. I will also include Windows machine side of configuration as this is something most people presume
Why It’s So Hard To Find Intruders After A Network Penetration
This guest blog post is by Jason Matlof, Executive Vice President, LightCyber. We thank LightCyber for being a sponsor. LightCyber’s Magna Active Breach Detection platform is a behavior-based detection system that integrates network and endpoint context and is designed specifically to find active breaches after a threat actor has already penetrated a network. To hear […]
Author information
The post Why It’s So Hard To Find Intruders After A Network Penetration appeared first on Packet Pushers Podcast and was written by Drew Conry-Murray.
Symantec Does Security Orchestration for NSX, With CIO ‘Pushing’ for ACI
The future of security lies in orchestration, Symantec believes
Intel Security Controller Taps VMware NSX as First Partner
Intel taps NSX over ACI for security controller integration.
Uh, the only reform of domestic surveillance is dismantling it
A lot of smart people are cheering the reforms of domestic surveillance in the USA "FREEDOM" Act. Examples include Timothy Lee, EFF, Julian Sanchez, and Amie Stepanovich. I don't understand why. Domestic surveillance is a violation of our rights. The only acceptable reform is getting rid of it. Anything less is the moral equivalent of forcing muggers to not wear ski masks -- it doesn't actually address the core problem (mugging, in this case).
Bulk collection still happens, and searches still happen. The only thing the act does is move ownership of the metadata databases from the NSA to the phone companies. In no way does the bill reform the idea that, on the pretext of terrorism, law enforcement can still rummage through the records, looking for everyone "two hops" away from a terrorist.
We all know the Patriot Act is used primarily to prosecute the War on Drugs rather than the War on Terror. I see nothing in FREEDOM act that reforms this. We all know the government cloaks its abuses under the secrecy of national security -- and while I see lots in the act that tries to make things more transparent, the act still Continue reading
Understanding TSA Math
At the end of every year, the TSA blogs about the weapons and explosives it prevented from getting on board airplanes. They are trying to brag about all the dangers they've stopped. But the opposite is true, when you do the math, you realize that they are stopping no dangers at all. The TSA stops less than half the bombs that get on board airplanes -- yet airplanes are not falling out of the sky due to the bombs that do get on board. Thus, mathematically, bombs aren't a danger. It therefore doesn't matter if the TSA stops bombs or not.
We know the TSA stops less than 50% of bad stuff from various sources. The first is the government's own tests, such as that described in a recent story where the TSA failed a shockingly 95% of the time.
Another is a statistic reported by the TSA where the number of firearms they stop every year is rapidly increasing. This does not match any other trend in society, such as the number of people carrying firearms. The only reason for such rapid growth is that the TSA gets better every year at detection. That means, historically, the TSA is Continue reading
Understanding Official Repos on Docker Hub
What are Official Repositories? Official Repositories (“Repos”) are a curated set of image repositories that contain content packaged and maintained directly by Docker, our upstream partners, and the broader community. The repository itself contains the same software you can get … ContinuedUlbricht’s judge punished him for political dissent; you should find this outrageous
Silk Road operator Ross Ulbricht was sentenced to life in prison without parole. Maybe this is a fair sentence for selling $200 million in illegal drugs. Or, since all the lawyers I talk to think it's excessive (worse than what even the prosecutors asked for), maybe it's within the normal range of excess in the War on Drugs. I'm not a lawyer, so I can't judge this.But, I'm interested in the comments the judge made justifying her hard sentence. According to Andy Greenberg at WIRED, the judge said:
“The stated purpose [of the Silk Road] was to be beyond the law. In the world you created over time, democracy didn’t exist. ... Silk Road’s birth and presence asserted that its…creator was better than the laws of this country. This is deeply troubling, terribly misguided, and very dangerous.”This is silly on the face of it. The stated purpose of all crime is to "be beyond the law". I mean, when I go above the speed limit in my BMW, my stated purpose is to go beyond the legal limit. I'm not sure I understand the logic here.
I'm being disingenuous, of course, because I do understand. What the Continue reading
Two New Official Repos Added in May
We’re excited to highlight two new Official Repos that we added to Docker Hub in May. These repos are the latest additions to a growing library of curated content maintained by Docker and our partners. Check them out: Cassandra Apache … ContinuedWhy Firewalls Won’t Matter In A Few Years
This presentation from Alex Stamos, CSO of Yahoo during the AppSec conference is explains why firewalls are not part of their security strategy. Firewalls operating at 10G or more are not cost effective. Vertical scaling of performance costs more than the services are worth. At 100G, a firewall has less than 6.7 nanoseconds to “add value” […]
The post Why Firewalls Won’t Matter In A Few Years appeared first on EtherealMind.
Docker Security Tools and Upcoming Webinar
I wanted to follow up on our recent security blog post on May 5th introducing the CIS Benchmark and our Docker white paper. Having the documents is useful, however the ability to easily put these benchmarks into practice is equally … ContinuedFortinet to Buy Meru Networks for $44M
Following HP's purchase of Aruba, Meru finds a new home.
Some notes about Wassenaar
So #wassenaar has infected your timeline for the past several days. I thought I'd explain what the big deal is.What's a Wassenaar?
It's a town in Europe where in 1996 a total of 41 nations agreed to an arms control treaty. The name of the agreement, the Wassenaar Arrangement, comes from the town. The US, Europe, and Russia are part of the agreement. Africa, Middle East, and China are not.
The primary goal of the arrangement is anti-proliferation, stopping uranium enrichment and chemical weapons precursors. Another goal is to control conventional weapons, keeping them out of the hands of regimes that would use them against their own people, or to invade their neighbors.
Historically in cybersec, we've complained that Wassenaar classifies crypto as a munition. This allows the NSA to eavesdrop and decrypt messages in those countries. This does little to stop dictators from getting their hands on strong crypto, but does a lot to prevent dissidents in those countries from encrypting their messages. Perhaps more importantly, it requires us to jump through a lot of bureaucratic hoops to export computer products, because encryption is built-in to virtually everything.
Why has this become important recently?
Last year, Wassenaar Continue reading