The SecurityOrb Show – Vivek Ramachandran
Vivek Ramachandran is the Founder and Chief Trainer at SecurityTube.net. He discovered the Caffe Latte attack, broke WEP Cloaking, a WEP protection schema in 2007 publicly at DEF CON and conceptualized enterprise Wi-Fi Backdoors. He is also the author of the book “Backtrack 5 Wireless Penetration Testing“. His book “The Metasploit Megaprimer” focused on Advanced Metasploit usage for Pentesting and Exploit Development is up for release in July 2013.
Vivek currently runs the SecurityTube Wi-Fi Security, Metasploit Framework, Python Scripting, iOS Security, GNU Debugger Expert online course and certifications, which is currently being taken by students from over 67+ countries around the world. He also conducts in-person trainings in the US, Europe and Asia.
In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection and Anomaly based Intrusion Detection Systems.
Vivek’s work on wireless security, has been quoted in BBC online, InfoWorld, MacWorld, The Register, IT World Canada etc. places. He has spoken/trained at top conferences around the world including Black Hat USA and Abu Dhabi, DEF CON, Hacktivity, Brucon, ClubHack, SecurityByte, SecurityZone, Nullcon, C0C0n etc.
‘Blackshades’ Trojan Users Had It Coming
‘Blackshades’ Trojan Users Had It Coming
The U.S. Justice Department today announced a series of actions against more than 100 people accused of purchasing and using “Blackshades,” a password-stealing Trojan horse program designed to infect computers throughout the world to spy on victims through their web cameras, steal files and account information, and log victims’ key strokes. While any effort that discourages the use of point-and-click tools for ill-gotten gains is a welcome development, the most remarkable aspect of this crackdown is that those who were targeted in this operation lacked any clue that it was forthcoming.
The U.S. Justice Department Charged Members of the Chinese Military with Conducting Cyber-Espionage against American Companies
On Monday, May 19th, The U.S. Justice Department charged members of the Chinese military with conducting cyber-espionage against American companies such as Westinghouse and U.S. Steel to name a few. This marks the first time that the United States has ever brought charges against a foreign country for conducting cyber-espionage against its assets for stealing significant amounts of trade secrets and intellectual property.
Attorney General Eric H. Holder stated in a news conference, “The range of trade secrets and other sensitive business information stolen in this case is significant and demands an aggressive response. Success in the global marketplace should be based solely on a company’s ability to innovate and compete, not on a sponsor government’s ability to spy and steal business secrets.”
Below are a list of the names of the defendants and the companies that were victims to the hack:
“Defendants : Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, who were officers in Unit 61398 of the Third Department of the Chinese People’s Liberation Army (PLA). The indictment alleges that Wang, Sun, and Wen, among others known and unknown to the grand jury, hacked or attempted to hack into U.S. entities named in the indictment, while Huang and Gu supported their conspiracy by, among other things, managing infrastructure (e.g., domain accounts) used for hacking.
“Victims : Westinghouse Electric Co. (Westinghouse), U.S. subsidiaries of SolarWorld AG (SolarWorld), United States Steel Corp. (U.S. Steel), Allegheny Technologies Inc. (ATI), the United Steel, Paper and Forestry, Rubber, Manufacturing, Energy, Allied Industrial and Service Workers International Union (USW) and Alcoa Inc.”
NSA vs. Cloud Encryption: Which is Stronger?
A guest posting by Gilad Parann-Nissany
- Have the recent stories of NSA snooping, data collection, and attempts at breaking encryption made you reconsider how you store and use data in the cloud?
- Are you wondering what information is being collected (or can one day be collected) about your business?
- Is the NSA watching? Do hackers have a way into your systems? Do you need to ease your customers’ fears (or your own)?
- In these Orwellian times, is there any way to limit the reach of Big Brother?
I offer: Strong Cloud Encryption.
Revelations from the NSA leaks shows that the NSA can steal or use the law to demand encryption keys from providers. The NSA (and possibly other organizations) are not only keeping pace with technology, but also planning for the future of data in the cloud.
Business must also be looking and planning for the future. Starting now. Starting with strong cloud encryption.
CNN reports that NSA has a number of methods for accessing data: “the use of supercomputers to crack codes, covert measures to introduce weaknesses into encryption standards and behind-doors collaboration with technology companies and Internet service providers themselves.” According to CNN, most of NSA’s information comes from moles placed in companies, not from technology. This means that the less information the cloud provider is privy to, the less can be passed on to the government.
Edward Snowden, the former computer technician at NSA who leaked documents belonging to the agency, has said that “properly implemented strong crypto systems are one of the few things that you can rely on.” Weak encryption will be easily infiltrated by the NSA, but stronger encryption is still out of its reach.
It has been suggested that regular users shouldn’t be concerned about NSA infiltration since they aren’t engaging in suspicious activity. However, there is reason to be extra-vigilant: NSA’s activities may have weakened overall internet security, making their back door strategies available to technologically advanced criminals as well as to government agencies. The persistent question of “is my data secure in the cloud?” has been answered clearly: data is only as secure as you make it.
And to make data secure in the cloud, you must use strong cloud encryption.
In response to the NSA news, businesses must transcend the way they have been thinking about their data in the cloud and how to secure it. One of the strongest encryption technologies, split-key and homomorphic key encryption, makes it impossible for hackers and internal staff to get access to data they shouldn’t have access to. Split-key encryption creates two unique keys. To unlock the encryption, both keys are required. One of those keys stays in the hands of the customer at all times and it ensures that private data remains private. The master key is known only to the application owner and is encrypted when in use in the cloud, so even if it is stolen, it cannot be used to hack into data. This solution also avoids the usual homomorphic encryption lack of speed. With split-key encryption, applications maintain their regular speed, running quickly and securely.
Encryption works, and when implemented correctly, can secure your cloud data. You can also take additional steps to reduce your exposure from attack.
In conclusion, the NSA is powerful: they watch, they listen, they collect data. In cases of national security, perhaps this is a good method to catch terrorists. In cases of private business data, there is a way to block the NSA from getting to your sensitive information: strong data encryption.
About the Author
Gilad Parann-Nissany is the founder and CEO of Porticor Cloud Security. He is a pioneer in the field of cloud computing who has built SaaS clouds, contributed to SAP products and created a cloud operating system. He has written extensively on the importance of cloud encryption and encryption key management for PCI and HIPAA compliance. Gilad can be found on his blog, Twitter, LinkedIn, and Google+ discussing cloud security.
AppSecEU 2014 June 23-26, 2014 Cambridge, UK
AppSecEU 2014 invites you to join top security architects, developers, technology thought leaders, and executives from Fortune 500 firms to the OWASP AppSec Europe global conference in the beautiful city of Cambridge, UK from June 23-26 2014. This conference is an opportunity to hear about the latest research on a myriad of topics related to web security, as well as establish connections between developers, security experts, and business leaders who are all stakeholders in ensuring applications are as secure as possible.
What to Expect
- Cutting-edge topics presented by renowned security professionals from industry and academia.
- Training and speeches on a variety of security topics including: web security, mobile security, cloud security, vulnerability analysis, defence and much more
- Premier gathering place for executives from Fortune Global 500 companies and technology thought leaders
- Group sessions, panel discussions, workshops and learning opportunities for developers, business owners and security experts
Sponsorships are still available. Please see our sponsorship opportunities to learn how you can join other well known companies to showcase your company at this top notch event too!
To learn more or to register please visit https://2014.appsec.eu/
New Vulnerability Hits Internet Explorer
A newly discovered flaw affecting several versions of Microsoft’s Internet Explorer has left a significant portion of the world’s web browsers vulnerable to attack.
Disclosed in an unusual Saturday alert from Microsoft, the flaw is being called a serious “Zero Day” vulnerability by security company FireEye, which claims it affects more than 56 percent of the world’s web browsers currently in use.
It’s a remote code execution vulnerability, which in English means a bad guy can make a target computer run software after a successful attack. “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer,” Microsoft’s alert reads. The phrase “arbitrary code” means pretty much any software that the attacker chooses to run.
In a post to its Security Response Center blog, Microsoft explains that the company has so far seen only “limited attacks” exploiting the vulnerability. It says attacks typically occur when a target has been convinced to click on a link.
FireEye, in a post of its own has declared the exploit a zero-day vulnerability, so named because they’re undisclosed or leave potential victims with zero days of warning. The company claims a gang of attackers has already launched a campaign exploiting the flaw.
Read the rest here.
