Security Executive Council’s New Approach

The Security Executive Council has pioneered a new approach for the security executive called the Next Generation Security Leader. There are some problems with this focus. The Security Executive Council should consider the following.

The current approach to Cyber Security is based on the pretense that there is a technological solution to Cyber Security. Cyber offense is outstripping Cyber defense and academia cannot even offer proof that a software system is trustworthy. In addition vendors are on the verge of destroying the category by over promising and under delivering.

While Cyber Security threatens every aspect of Internet use, its users have not demonstrated the will to protect themselves and those they leave exposed? Their neglect and failure to act impact the public as well as the critical infrastructure with its defense industrial base.

The practical technologies to protect against insider threats, ensure against unauthorized access, and protect against unauthorized file access are often ignored by organizations. These include passive forensics, three factor authorization, and encryption. However, it requires a commitment to some level of effort to use these; and organization executives lack the will to act, and vendors benefiting from the chaos lack the motivation to press the issue.

Recapping the situation:

  1. Nondeterministic software systems cannot be proved trustworthy (Rice’s Theorem).
  2. Innovation in Cyber offense is outstripping innovation in Cyber defense.
  3. Cyber vendors and Cyber researchers in academia benefit from the chaos that has descended on Cyber Space and lack the motivation to impact the current state.
  4. In particular, Cyber vendors are on the verge of destroying the category by over promising and under delivering… and withholding common sense and straightforward advice.
  5. Organization executives have yet to demonstrate the will to exercise due diligence and to take the steps necessary to use the Internet in a prudent fashion.
  6. Government needs to take the steps to eliminate the moral hazard factor since the impact of Cyber Security disruptions is not restricted to the Internet using organizations but extends to the public, the critical infrastructure, and the defense industrial base.

Mobile Security: Small Devices, Big Threat

According to the 2010 Annual US Cost of a Data Breach study 35% of US organizations reported that a lost or stolen mobile device caused a data security breach. Increasingly, employees use their laptops, Androids, iPads and other personal mobile devices for work and blend their unprotected devices with business data. This introduces even greater risk to an organization’s data, network and reputation. Feature-rich mobile devices are blurring the line between phones, tablets and computers. And, users are placing demands on IT to use the device of their choice. So how can your organization enable your users while securing these devices from malware and data loss? The answer may be in the Sophos publication, 7 Tips for Securing Mobile Workers. We are making available to our clients, if you are interested in a copy, please contact Steve Cline (scline at to get your copy.

It covers:

  • Build a successful enterprise strategy for mobile security
  • Educate employees about their personal responsibilities
  • Raise end-user awareness about emerging threats and corporate mobile device security policies
    Proactively prevent mobile security breaches

Here are some great tips for you from this publication:

Insufficient passwords
Using passwords and a watchful eye is the smartest way to keep the data on your smartphone from falling into the wrong hands.

Malicious Apps
Malicious code that steals data from your mobile phone for fun and profit? They exist, and Droid Dream is just one example.

Lack of Mobile Provider Patching
To avoid malicious apps and other cyberthreats that target smartphones, make sure your device has the latest software patches.


‘Stuxnet-Like’ Virus making the rounds

Security researchers on Tuesday issued a warning about a virus, dubbed Duqu, that’s similar in nature to the Stuxnet worm that targeted Iranian critical infrastructure last year.

International researchers alerted Symantec about Duqu last week and Symantec found that “parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose”—information gathering rather than system sabotage.

Duqu’s purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.

According to our security alerts, Duqu is a “precursor to a future Stuxnet-like attack” and was authored by the same people as Stuxnet, or at least by those who had access to Stuxnet source code.

At this point, however, Duqu does not appear to contain any code that singles out any particular industrial control system (ICS); it’s primarily a remote access Trojan (RAT). It appears as though the perpetrators are targeting a limited number of organizations, but it’s possible that other attacks are being conducted against other organizations in a similar manner with currently undetected variants.

The fact that Duqu creators have the Stuxnet source code is troubling. Stuxnet source code is not out there. Only the original authors have it.

Courier CLIB – an app worth looking at

The product of Microsoft’s cancelled Courier skunksworks project may never see the light of day, but a new app for no other than the iPad called “Clibe” might just be the closest thing you can find today. Although Microsoft’s not behind the slick looks, there is however a subtle connection to Courier.

If you’ve ever seen Courier, you will be immediately struck by how much it reminds you of the Courier concept images and videos (emphasis concept). From the way how the digital ink looked to the concept based around journals.

It turns out the company behind the app is Visere, a digital creative agency who has done contractual design work in the past. You’ve probably worked it out by now that Microsoft was one of their clients.

Although Clibe doesn’t do nearly as much as what was envisioned for Courier (which I believe to have been overly exaggerated), it lives within the confines of the iPad, it does take one of the ideas and execute it very well – digital journals.

As an example of how refined it is, users can customize the cover of their journals and even publish them online as an interactive HTML5-powered book (a portrayed feature of Courier too).

With Courier under their belt, I’m confident these can make “Clibe” even better over time. Especially with some of the clipping ideas that’s yet to be integrated, it would be a shame to see some great ideas go to waste. The beta app is free for a limited time.

IOS 5 Update – a lesson from an impatient user

After 2 failed attempts to download the update yesterday, I can report many of the download problems have been solved, at lease as of 6 am this morning.

That said, please know that the upgrade process is full of steps and decisions you must make to get your device back to normal.

First, make sure you back up your device. Once you install the software, you will see the notifications about restoring your device to Factory Settings. You will also see notifications about failures and errors in iTunes after the restoration. All these warnings about the device failure, the failure to communicate or restore can mostly be ignored.

You will be prompted to set up your device from the beginning – selecting a language, a network to connect to (choose your wi-fi), your method of synching (iCloud or iTunes – choose iTunes for now to enable you to restore your settings to your device) and location services (note – if you say no to allowing apps to know where you are and collecting this information, they will just keep asking you until you say yes)

You will then start the restore process from your iTunes backup. It will tell you it takes 4 min but you will see nothing has been restored after that time. Instead, the synching process has just begun, even though your device will allow you to use it instead of the old way – locking your device from use and only allowing you to cancel it if you need to take that call.

If you do as I did, and actually remove the plug since it appears nothing is happening and you are impatient, you will have to reconnect the device and resume the restore. It takes time so just leave it alone and let it do it’s thing.

I should have full access any moment now… I hope!

Why and How Zombie Computers put you at Risk

Here’s all you want to know about zombie computers such as how they are used by cybercriminals in DoS attacks and for sending out Spam for example. In this article you also find tips for preventing your computer from becoming a zombie and what to do should your system be infected by botnet software.

In IT security we talk of a zombie computer if, in absence of the owner’s or user’s awareness, a computer is being remotely controlled by a person or group of cybercriminals. Such people create an army of zombie computers also known as botnet with the intention of doing something wrong or illegal with the computers they bring under their control. Zombie computers can, for instance, be used to send Spam or launch a DDoS attack.

As Spam and DDoS attacks also use up the victim computer’s bandwidth the user of the zombie computer will likely notice network and Internet congestion, but it can be doubted that users in general can tell what’s going on or are able to differentiate the phenomenon from other relatively heavy network traffic such as that caused by downloading large OS updates / upgrades for example. Other, less noticeable forms of using zombies include smart DDoS attacks and click fraud, which, in the context here, is when zombie computers are being instructed to visit web sites and click the perpetrator’s own advertisements thereby cheating ad networks such as Adbrite or Adsense for example.

Zombie computers have been infected with a blended threat consisting of remote control software plus malware which will not make any noise but wait silently till the cybercriminals decide they want to monetize them or launch an attack, and thus wake up their army of zombies. Zombie computes are being controlled by a number of intermediate computers which are also undermined but are not directly used in sending out Spam or participating in an attack, rather they send the wake up calls and instructions to the zombies whilst adding an additional layer of protection for the owner of the botnet which are difficult to trace and apprehend.

As a best practice of protecting against your computer becoming a zombie is a powerful up to date anti-virus and anti-spyware software running on top of a patched operating system. Unless there is a corporate firewall, perhaps even a network intrusion prevention and detection system, it is also recommend turning on Window’s integrated firewall or that of your anti-malware solution. Should you suspect your computer being zombie I recommend calling for help – do not power off your computer but disconnect the network cable.

Ever Wonder How to …..

If so, we have a web site for you! is one of those sites that makes curious people happy. It started out as an effort to find, curate and index all the great videos on the internet, and now provides more than 170,000 how-to videos & articles from more than 17,000 specialized creators, spanning 35 vertical categories and 424 sub-categories.

The success of the site is based people powered curation with a focus on quality with their front page an ongoing update of how to information and the latest DIY news. Current trends include “Mastering Security, Part 2: How to Create a Home VPN Tunnel” and “How Hackers Steal Your Internet & How to Defend Against It” – both are done rather well.

The categories page is nicely organized for easy reading, with the amount of videos per category displayed neatly next to the title.
If you like how-to videos then this is the place for you. Videos vary in length and overall the site is graphics intensive. Definitely worth a visit if you have the bandwidth. Even if you are just a little bit curiuos, check it out!