Security | Bach Seat

Tag Archive for Security

RB | March 9, 2011

Digital Ants May Secure Networks

Researchers have developed “digital” ants to defend networks from worms and other malware. According to DarkReading scientists from Wake Forest University and the Department of Energy’s Pacific Northwest National Laboratory in Washington state have worked together on the project that mimics the defensive behavior of ants. The researchers developed thousands of different types of digital ants that move through a computer network and search for evidence of a malicious threat.

Digital ants When a digital and detects a threat it leaves behind a “scent” or marker to attract other ants, like real ants. Other ants then follow the trail to swarm a potential infection with “swarm intelligence.“ TechRepublic explains that digital Swarm Intelligence consists of three components:

Digital ant: Software designed to crawl through computer code, looking for evidence of malware. There will be 3000 different types of Digital Ants employed.
Sentinel is the autonomic manager of digital ants congregated on an individual computer. It receives information from the ants, determines the state of the localhost, and if any further action is required. It also reports to the Sergeant.
Sergeant is an autonomic manager of multiple sentinels and is the interface with human supervisors. The size of the network determines the number of Sergeants required.

Like their biological counterparts, each individual ant is not very bright. “We are using the ants to sense something very basic, like a connection rate,” said Errin Fulp, a professor of computer science at Wake Forest. There are about 60 technical details the digital ants can detect and leave a tiny digital trail that says something unusual is going on here, and that other ants should check it out .”Then we collect that evidence which points us to a particular infection or security threat,” said Mr. Fulp.

The swarm intelligence approach to finding specific threats is intended to provide better and quicker detection of threats than current anti-malware software can perform. The researchers developed software capable of running multiple security scans contiguously, with each scan targeting a different threat according to the article. It’s also better able to handle morphed versions of malware, according to the research.

“In nature, we know that ants defend against threats very successfully,” Mr. Fulp, says in DarkReading. “They can ramp up their defense rapidly, and then resume routine behavior quickly after an intruder has been stopped. We were trying to achieve that same framework in a computer system.”

In a test of the technology, the digital ants were able to discover a real computer worm planted by Wake Forest on a network of 64 computers in the lab.

“Our idea is to deploy 3,000 different types of digital ants, each looking for evidence of a threat,” Fulp says. “As they move about the network, they leave digital trails modeled after the scent trails ants in nature use to guide other ants. Each time a digital ant identifies some evidence, it is programmed to leave behind a stronger scent. Stronger scent trails attract more ants, producing the swarm that marks a potential computer infection.”

The researchers say the digital ant method works best for big networks with a large number of identical machines. And digital ants can’t take over your machine, either: they have to report back to the humans who control their “colony.”

rb-

Soooo, computers are going to go from having a bad case of worms to having a case of ants in their pants? Will the ants fall victim to Ant eater malware?

The research seems like a remake of the “good viruses” or “anti-virus viruses” idea that people outside the anti-virus industry mainstream bring out from time to time.

If this idea is commercially viable, they have some obvious advantages, compared to static anti-virus programs:

Digital ants do not consume large amounts of computer resources,

Digital ants do not need lengthy, process-hogging scans.

There’s no need to constantly update digital ants because they adapt to malicious code variants

What do you think?

Are the mainstream anti-malware firms creative enough?

Will digital ants work?

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2011, Digital ants, Malware, Security, Swarm intelligence

RB | March 5, 2011

3 comments

Social Media Sites Most Blocked

OpenDNS is the largest global DNS service that handles DNS for 1 percent of all Internet users worldwide. The firm resolves 30 billion DNS queries per day and services 15 million requesting IP addresses per day. OpenDNS has released the OpenDNS 2010 Report Web Content Filtering and Phishing, (PDF) which highlights their 2010 findings of social media content filtering with data from their global vantage point.

Web-based content can be filtered by subscribing to services like OpenDNS. These firms categorize the content on the web into broad categories like porn, hate, gambling or social media. This allows organizations to block all content that the service providers places in these categories. For more granular control content may also be filtered by blocking specific websites via blacklisting or by allowing specific websites via whitelisting.

Blacklists are typically used when there is no wish to block an entire category in principle, but there is a focus on preventing traffic to specific websites based on a combination of their popularity and content.
Whitelists are typically used when there is a desire to block entire categories, but access to selected websites is granted on an exception basis. These sites represent the most trusted sites in their category.

The World’s Most Blocked Websites - OpenDNS

Whitelisted		Blacklisted
Site	%	Site	%
YouTube.com	12.7	Facebook.com	14.2
Facebook.com	12.6	MySpace.com	9.9
Gmail.com	9.2	YouTube.com	8.1
Google.com	9.0	Doubleclick.net	6.4
Translate.Google.com	6.3	Twitter.com	2.3
LinkedIn.com	6.0	Ad.yieldmanager.com	1.9
MySpace.com	4.7	Redtube.com	1.4
Skype.com	4.6	Limewire.com	1.3
Deviantart.com	4.3	Pornhub.com	1.2
Yahoo.com	3.9	Playboy.com	1.2

The report says that businesses have specific goals in mind when blocking websites. They need to ensure compliance with HR policies, while also increasing worker productivity by preventing what they consider to be employee cyberslacking on social media. According to the OpenDNS report, the business list confirms that businesses are singling out popular social media sites considered to be of little value in a work setting, especially if they consume a lot of bandwidth. Filtering by Business Users:

Facebook.com — 23%
MySpace.com — 13%
YouTube.com — 11.9%
Ad.Doubleclick.net — 5.7%
Twitter.com — 4.2%
Hotmail.com — 2.1%
Orkut.com — 2.1%
Ad.Yieldmanager.com — 1.8%
Meebo.com — 1.6%
eBay.com — 1.6%

rb-

The blacklisted sites suggest a concern with the use of bandwidth by streaming sites and with privacy concerns from advertising networks. We will be exploring the web app Meebo, which lets users get on web 2.0 apps like MSN, Yahoo, AOL/AIM, MySpace, Facebook, and Google Talk by simply using a browser and a popular workaround even when the desktops are locked down.

The fact that many of the same sites that appear on both the Whitelisted and Blacklisted lists is a sign of how confused the responses are to social networking, All the better reason to have a social media policy in place.

How does your organization handle content filtering?

Does your AUP address social networking?

If you can’t trust your ISP, who can you trust? (gigaom.com)

Category: Social Networking | Tags: 2011, Content filtering, Facebook, LinkedIn, Meebo, OpenDNS, Security, YouTube

RB | February 28, 2011

One comment

Riskiest Social Media Apps

DarkReading has a report from Seattle-based network security vendor WatchGuard which says that the fastest growing threat to corporate networks is web-based social media applications. The WatchGuard security researchers claim that social media applications can seriously compromise network security, expose sensitive data, and create productivity drains on employees.

There are many reasons why social media applications can pose risk to any size business. WatchGuard noted that productivity and data loss are major risks for organizations of all sizes. Social media sites also serve as malware and attack vectors. Social networks will become the leading malware vector over the next few years for three reasons:

Social media sites breed a culture of trust. The whole point of social media is to interact with others. Typically interactions are with people considered to be “friends”, which implies trust. Meanwhile, social media sites do not have any technical means to confirm that the people you are interacting with really are who they say they are. This environment of trust creates an ideal scenario for social engineers to use.
Many social media sites suffer from technical vulnerabilities. While Web 2.0 technologies offer many benefits, they also harbor many security vulnerabilities. The complexity of Web 2.0 applications can lead to imperfect code, which introduces some social network sites to Web application vulnerabilities, such as SQL injection and cross-site scripting (XSS) attacks. Furthermore, the concept of allowing untrusted users to push content onto social media sites conflicts with traditional security paradigms. Simply put, this means social media sites are more likely to suffer from web vulnerabilities than less complex and less interactive websites.
Hugely popular. According to online analytics firm, Compete, Facebook is now the 2nd most popular Web destination after Google. Many other social networks, such as Twitter and YouTube, follow closely behind. The popularity of social networks attracts attackers because they know it means that they can get a “return on investment” for their attacks.

For these reasons, WatchGuard researchers deemed the following applications the riskiest:

1. Facebook is the most dangerous social media site, largely based upon its popularity according to WatchGuard. With a 500+ million user following, Facebook offers a fertile attack surface for hackers. Add in the potential technical concerns, such as a questionable, open App API and now you have a recipe for disaster.

2. Twitter, many incorrectly assume that very little damage could be done in 140 characters. Twitter’s short-form posts lead to new vulnerabilities such as URL shorteners. While URL shorteners can help hackers hide malicious links. Twitter also suffers from Web 2.0 and API-related vulnerabilities that allow various attacks and Twitter worms to propagate among its users.

3. YouTube attracts attackers because it is one of the most popular online video sites. Hackers often create malicious web pages that masquerade as YouTube video pages. Additionally, attackers like to spam the comment section of YouTube videos with malicious links.

4. LinkedIn bears more burden than other social media sites; it is business-oriented. Thus, it makes a more attractive target to attackers, as LinkedIn is highly trusted. Because most users leverage LinkedIn to form business relationships or find jobs, they tend to post more valuable and potentially sensitive information to this social network.

5. 4chan is a popular imageboard, a social media site where users post images and comments. 4chan has been involved in many Internet attacks attributed to “anonymous,” which is the only username that all 4chan users can get. Some of 4chans image boards contain the worst depravities found on the Internet. Many hackers spam their malware to the 4chan forums.

6. Chatroulette allows webcam owners to connect and chat with random people. The nature of this anonymous webcam system makes it a likely target for Internet predators.

rb-

I have written about social media risks since 2009, yet many organizations still do not have a social media policy. Why take the chances?

Does your organization have a social media policy?

Does anybody actually allow 4Chan or Chatroulette?

Category: Social Networking | Tags: 2011, 4chan, Chatroulette, Facebook, FB, LinkedIn, LNKD, Security, Social media, WatchGuard, YouTube

RB | February 9, 2011

Comments Off

Who Moved My SPAM?

Analysis of the spam trends by security vendor Commtouch reveals a significant drop in global spam levels according to the Help Net Security. The article says that the average spam level for Q4 2010 was 83% down from 88% in Q3 2010. The beginning of December saw a low of nearly 74%.

The New York Times also noted the decline in SPAM during Q4 2010. The NYT cites data from MessageLabs that global spam volumes dropped to about 30 billion messages a day from about 70 billion before Christmas. MessageLabs says the decline added to a downward trend underway since August when spam peaked at some 200 billion spam messages a day or 92.2 percent of all e-mail.

There are several theories why SPAM is drying up. One theory in the NYT article for why the botnets stopped spamming is that an important source of business may have dried up. September 2010 saw the Russians close down SpamIt, the organization allegedly behind much of the world’s pharmacy spam. Without SpamIt, “at least for now, there’s no content to fill the spamming cannons that Rustock has,” John Reid, of Spamhaus, a nonprofit group that tracks spammers, told the NYT.

Another theory put forward is that the botnet operators are intimidated. The NYT reports that in addition to going after SpamIt, Russian authorities recently arrested two spammers in Taganrog, in southern Russia, who had a database of nearly two billion United States and European Union e-mail addresses they had used to spread malicious programs, according to the HostExploit blog. “Even if the people were unrelated, the chilling effect of arrests can cause others to lay low for a while,” Mr. Reid said, adding, “But all this is speculation.”

Matt Sergeant, a senior anti-spam technologist at MessageLabs, a unit of the security software maker Symantec (SYMC) wrote in a blog post, “Did the people in charge of these botnets suddenly go on vacation? Currently, there are no explanations on why these botnets stopped spamming.”

Another theory could be that SPAMmers are changing tactics. The botnet operators seem to be shifting their focus to more lucrative social networking and mobile channels. Jamie Tomasello, Abuse Operations Manager at Cloudmark, told Help Net Security that these platforms allow SPAMmers to reach more responsive recipients compared with traditional email messages.

In a survey of Facebook users by F-Secure, the anti-malware firm, found that social networking spam is now a problem for three out of four Facebook users reported by ITNewsLink. F-Secure also found that 78 percent think spam is a problem on the site and 49 percent report they often see something in their newsfeed that they consider spam.

Ms. Tomasello explains that technically, a botnet can send any kind of content and so they are increasingly being used to send messages that spoof content from social networking sites. This works in a similar way to email phishing attacks, where a message would drive the recipient to a malicious payload, or to a website to capture the recipient’s social network credentials. The cybercriminal could then log in to the social networking site with the compromised credentials and send spam via the platform to the compromised recipient’s friends.

Cloudmark’s Tomasello says that these messages can be much more convincing than email spam messages because social networks, and the friends a user is connected with, are often well trusted. Once a cybercriminal has compromised credentials they will use them to try to gain access to other e-commerce, social network, email, or bank accounts, because many internet users use the same username and password combination across multiple websites.

Mobile devices are also seeing increased threats. Gareth Maclachlan, Chief Operating Officer of AdaptiveMobile, a mobile security firm told ITnewslink “With the increasing pervasiveness of Smartphone devices, 2010 has undoubtedly been the year that fraudsters have truly turned their attention to mobile platforms.” Mr. Maclachlan continues:

With Smartphone penetration reported to reach 37 per cent in Europe and 44 per cent in the US by 2012, we predict that the number of threats targeted at unsuspecting mobile users will continue to increase at an exponential rate throughout the course of 2011. Even more significantly, the nature of the threats we are seeing will increase in sophistication. … next year will see the emergence of the ‘compound threat’ – intelligent scams designed to exploit multiple phone capabilities in order to reap maximum reward for the criminals, before the user even realises they have become a victim.

rb-

My SPAM data tracks what the big boys are saying. The average number of SPAM emails I receive has dropped to a near record-low 12.3 SPAM messages per day in January 2011 from a high of 77.5 SPAM messages in May of 2009. The record low monthly average was 11.0 SPAM messages in May 2010. The number of SPAM messages I get on my Blackberry has been minimal, but the number of junk emails I get even though LinkedIn has climbed.

Monthly SPAM Averages

Are SPAMmers taking a break or reloading?

What are you doing to prevent SPAM on mobile devices?

Who Has Taken Over As the Most Prolific Botnet Since Rustock Was Taken Down? (CircleId.com)

Category: Uncategorized | Tags: 2011, Anti-spam techniques, Botnet, MessageLabs, Rustock, Security, SPAM, Symantec, SYMC

RB | January 24, 2011

Comments Off

Social Media Sites Implement SSL

In the wake of the October 2010 release of Firesheep many social media websites are stepping up their security. Firesheep is a simple-to-use user account hijacking tool that can give attackers temporary full access to accounts from many of the most popular social media websites. Social media sites like Facebook (FB), Twitter, Gmail, Hotmail, Flickr, and WordPress, have begun to add full end-to-end encryption.

George Ou at Digital Society tracks SSL implementations on websites and has created an online services report card. The report card grades the way that social media sites implement full end-to-end encryption, and what generic protocols are deemed safe. The latest report card looks like this:

The table from Digital Society indicated that only Gmail.com and WordPress free hosting site get an “A” and are fully impervious to partial and full sidejacking and full hijacking of HTTP sessions. The report card gives Facebook, Twitter, and Microsoft’s (MSFT) Hotmail failing grades. The bottom part of the table refers to generic protocols that are commonly used by computers and smartphones. The majority of devices use unsafe versions of protocols according to Digital Society.

Microsoft has announced the general availability of the full-session SSL (HTTPS). The security upgrade has also been applied to other Live services, including SkyDrive, Photos, and Devices. MSFT says to activate full session SSL (I recommend you do, especially if you ever access these services on public or shared computers), head on over to account.live.com/ManageSSL. After completing their form SSL is activated and all future Web connections will be protected. It’s important to note, however, that flipping the SSL switch means you won’t be able to reach your Hotmail via Windows Live Mail (desktop), the Outlook Hotmail connector, or the Windows Live app for Windows Mobile 6.5 and Symbian.

The latest Google site to support SSL-encrypted connections is Google’s Picasa Web. As with many other sites, though, not everything displayed on Picasa Web is encrypted. While the home page and upload form are fully encrypted, gallery pages report as being only partly encrypted. The Google Operating System blog says that many Google services now support HTTPS connections: Gmail (enabled by default), Google Reader, Google Groups, Picasa Web Albums, Google Search, Google Finance, YouTube (partly encrypted). Other services only support encrypted connections: Google Calendar, Google Docs, Google Sites, Google Health, Google Analytics, Google AdSense and AdWords, Google Web History, Google Bookmarks, Google Voice, Google Latitude, Google Checkout.

rb-

Even average users are a bit more in-tune when it comes to security and privacy on the Web today (thanks in part to the recent Firesheep threats). There’s a simple solution: browse using HTTPS when possible. The easiest way to do that is to use Mozilla Firefox and the HTTPS Everywhere from the EFF, which I use and wrote about here.

Google to enforce SSL encryption on developer APIs (go.theregister.com)
What is HTTPS and Advantages of it (mstechexplore.wordpress.com)

Category: Social Networking | Tags: 2011, Everywhere, Firesheep, Google, HTTPS, Microsoft, Security, SSL, TLS, YouTube

« Older Entries Recent Entries »

Bach Seat

Tag Archive for Security

Digital Ants May Secure Networks

Who Moved My SPAM?

Related articles

Meta