We’re hosting a Null Singapore meetup!

We're happy to announce that next week CloudFlare is hosting the Null Security meetup in Singapore. You are invited!

Null is a community for hackers and security enthusiasts. Monthly meetups are organized in a number of Asian cities. Read more at http://null.co.in/.

The lineup for the February meetup:

  • All you ever wanted to know about DDoS attacks Marek Majkowski
  • Security News Bytes Drupan Chandarana
  • DNS Hijacking Michael Smith

If you’d like to sign up for the event, you can do so here:

What: Null Singapore - The Open Security Community meetup

When: February 24th: 6:45pm-8:45pm

Where: The Working Capitol, "The Commons" Room, 1 Keong Saik Road, Singapore 089109

Registration is required

CloudFlare is actively hiring in Singapore!

A new Android banking trojan is also ransomware

A new kind of Android malware steals online banking credentials and can hold a device's files hostage in exchange for a ransom, delivering a particularly nasty one-two punch.The malware, called Xbot, is not widespread yet and appears to be just targeting devices in Australia and Russia, wrote researchers with Palo Alto Networks in a blog post on Thursday.But they believe whomever is behind Xbot may try to expand its target base."As the author appears to be putting considerable time and effort into making this Trojan more complex and harder to detect, it’s likely that its ability to infect users and remain hidden will only grow," Palo Alto wrote.To read this article in full or to leave a comment, please click here

Not even Google can convince Americans to trust online voting

Google this week has been awarded a patent for “a voting user interface” that some are speculating may eventually lead to the United States conducting presidential elections online.Call me skeptical.From a Computerworld story on our site: The new technology easily could go beyond entertainment-oriented online campaigns, though. Patrick Moorhead, an analyst with Moor Insights & Strategy, said the new online election technology would set up Google to handle both fun campaigns and serious political campaigns.To read this article in full or to leave a comment, please click here

Obama taps former NSA CEO to head up cybersecurity

In the waning months of the Obama administration, the White House is racing to lay the groundwork for an enduring plan to shore up the nation's critical digital infrastructure.Yesterday, President Obama described the digital age as a sort of double-edged sword, at once delivering "incredible opportunity, incredible wealth," while also presenting a new set of complex and evolving security challenges that arise from an environment where "more and more of our lives are being downloaded, being stored, and as a consequence are a lot more vulnerable."[ Related: Government ranks last in fixing software security holes ]To read this article in full or to leave a comment, please click here

Twitter password recovery bug exposes 10,000 users’ personal information

Twitter has notified 10,000 users that their email addresses and phone numbers may have been exposed due to a bug in the website's password recovery feature.The incident happened over the course of 24 hours on an unspecified day last week, but the company alerted affected users on Wednesday."Any user that we find to have exploited the bug to access another account’s information will be permanently suspended, and we will also be engaging law enforcement as appropriate so they may conduct a thorough investigation and bring charges as warranted," Twitter said in a blog post.To read this article in full or to leave a comment, please click here

Cato Networks puts network security in the cloud

Shlomo Kramer – co-founder of Check Point Software, Imperva and Incapsula – is at it again with Cato Networks, a cloud-based network security provider aimed at helping midsize companies that are strapped for funds and expertise to tune-up their defenses.Cato kicks off its service sometime before midyear with offers of next-generation firewalling, URL filtering, application control and VPN access to customers who link their networks to the service. The service can protect traditional WAN connections as well as mobile devices. Shlomo KramerTo read this article in full or to leave a comment, please click here

Skullcandy unplugs MPLS, moves to WAN-as-a-Service

The move to a cloud-based ERP system forced Skullcandy to rethink its global network, which ultimately led to the decision to migrate to an offering from Aryaka.  Network World Editor in Chief John Dix recently discussed the migration with Systems Manager Yohan Beghein. Skullcandy Systems Manager Yohan Beghein What WAN problem were you having that encouraged you to go looking for an alternative?To read this article in full or to leave a comment, please click here

Research ‘net: Dirt jumper -smart

Distributed Denial of Service (DDoS) attacks are often used to hold companies—particularly wealthy companies, like financial institutions—to ransom. Given the number of botnets in the world which can be purchased by the hour, and the relative ease with which new systems can be infected (especially given the rise of the Internet of Things), it’s important to find new and innovative ways to protect against such attacks. Dirt Jumper is a common DDoS platform based on the original Dirt, widely used to initiate such attacks. Probably the most effective protection against DDoS attacks, particularly if you can’t pin down the botnet and block it on a per-IP-address basis (try that one some time) is to construct a tar pit that will consume the attacker’s resources at a rate faster than your server’s are consumed.

The paper linked here describes one such tar pit, and even goes into detail around a defect in the Dirt Jumper platform, and how the defenders exploited the defect. This is not only instructive in terms of understanding and countering DDoS attacks, it’s also instructive from another angle. If you think software is going to eat the world, remember that even hacking software has defects that Continue reading