Blog Single Author Fullwidth | SecurityOrb.com

New Stuxnet clues suggest sabotage of Iran’s uranium enrichment program

2010-11-16/0 Comments/in General Security/by SecurityOrb_Staff

More information about the Stuxnet worm By Gregg Keizer of ComputerWorld.com

Computerworld – Researchers have uncovered new clues that the Stuxnet worm may have been created to sabotage Iranian attempts to turn uranium into atomic bomb-grade fuel.

According to Eric Chien, one of three Symantec researchers who have dug into Stuxnet, the worm targets industrial systems that control very high speed electrical motors, such as those used to spin gas centrifuges, one of the ways uranium can be enriched into fissionable material.

One expert called Symantec’s discovery “very interesting indeed.”

Chien reported Symantec’s new findings in a blog post last Friday and in a revised paper first published in September.

Stuxnet, considered by many security researchers to be the most sophisticated malware ever, targeted Windows PCs that managed large-scale industrial-control systems in manufacturing and utility companies. Those control systems, called SCADA, for “supervisory control and data acquisition,” operate everything from power plants and factory machinery to oil pipelines and military installations.

Since the worm was first detected in June, researchers have come to believe that it was crafted by a state-sponsored team of programmers, and designed to cripple Iran’s nuclear program.

In September, Iran officials confirmed that Stuxnet infected 30,000 PCs in the country, but have denied that the worm had caused any significant damage or infiltrated the SCADA systems at the Bushehr nuclear reactor.

Symantec’s latest analysis indicates that the reactor was not the target. Instead, Stuxnet aimed to disrupt uranium enrichment efforts.

Stuxnet looks for devices called “frequency converter drives” connected to a SCADA system, said Chien. Such drives take electrical current from a power grid, then change the output to a much higher frequency, typically 600 Hz or higher.

You can read the rest of Gregg Keizer’s article here at computerworld.com

Xbox 360 Kinect controller hacked; use Kinect with a PC

2010-11-14/0 Comments/in General Security/by admin

An interesting article from TopNewsOnline – The full article can be located here: http://www.topnewsonline.co.uk/archives/01348.com

A hacker named Hector Martin is the first person to claim a prize of £1,870 for successfully producing drivers for the Kinect controller. These drivers will be continually updated by a growing community. Hector’s drivers are for Linux systems at the moment.

Be Prepared for Cyber Monday…

2010-11-12/0 Comments/in General Security/by admin

The weekend after Thanksgiving marks the massive start of the holiday shopping season. However, it has also become the time when hackers come out to play, creating mischief and mayhem for unsuspecting computer users and online shoppers.

The term “Cyber Monday” refers to the Monday immediately following Black Friday, the ceremonial kick-off of the holiday online shopping season in the United States between Thanksgiving Day and Christmas. Whereas Black Friday is associated with traditional brick-and-mortar stores, “Cyber Monday” symbolizes a busy day for online retailers.

The premise was that consumers would return to their offices after the Black Friday weekend, making purchases online that they were not able to make in stores. Although that idea has not survived the test of time, Cyber Monday has evolved into a significant marketing event, sponsored by the National Retail Federation’s Shop.org division, in which online retailers offer low prices and promotions.

This year “Cyber Monday” will fall on November 29, 2010 and here are 3 safety tips to help you stay safe:

1. Know the website you are purchasing from. Many users will conduct a search for a product, and may end up on shady looking sites. Try to stick with the notable names. A good way to check up on a merchant is to get information through the Better Business Bureau or through comparison shopping sites such as buysafeshopping.com.

2. Make sure your system is online ready by having the latest updated anti-virus, anti-malware installed on your PC. In addition, make sure your firewall is on too.

3. Try to shop at home on your personal computer. Shopping on computers shared by other or a public system may have malicious software to monitor your input.

Howard Schmidt, Cybersecurity Coordinator for the White House will be a Keynote Speakers for SC World Congress

2010-11-02/0 Comments/in Conference/by SecurityOrb_Staff

From an SC World Congress email:

SC World Congress
Nov. 10-11, 2010
Sheraton New York Hotel & Towers
New York City

We are pleased to announce that we have confirmed Howard Schmidt, cybersecurity coordinator for the White House, as one of the keynote speakers for SC World Congress.

Catch Howard Schmidt on Thursday, Nov. 11 at 4:30 p.m. Registration for this keynote is complimentary. Use priority code HOWARD when registering and we’ll automatically upgrade your registration to Expo Plus status, which gives you one of our paid conference sessions absolutely free. Collect your pass when you arrive and you can choose which session you want to attend as our guest. Register herehttp://sc.haymarketcomm.net/r/?ZXU=1380219&ZXD=83737801 Choose Expo Plus during the registration process.

Keynote 4: U.S. national cybersecurity strategy: Progress and the path forward

Howard Schmidt, special assistant to President Barack Obama and White House cybersecurity coordinator, will present a topline summary of progress in the nation’s cybersecurity efforts, as well as outline some of the key challenges faced by both the public and private sectors. Schmidt will also discuss some of the current initiatives and the way forward for pursuing the Obama administration’s cybersecurity goals. He will also address what those in the private sector can do to help keep our nation’s cyber infrastructure secure.

We look forward to seeing you next week. http://sc.haymarketcomm.net/r/?ZXU=1380220&ZXD=83737801

The Security Innovation Network (SINET) 2010 – Increasing Awareness of Innovative Cyber-Security Companies and Products

2010-10-28/0 Comments/in Conference/by admin

The Security Innovation Network (SINET) Workshop was held on October 26th and 27th at The National Press Club in Washington, D.C. The workshop was truly a place were security issues of today were being solved with innovative solutions of tomorrow.

The purpose of SINET was to bring innovative cyber-security companies together with government and corporate customers as well as venture capitalist for possible continued funding and product expansion.

The Keynote Speaker for the event was none other than Former Secretary of Homeland Security, Michael Chertoff, now the Co-founder and Managing Principal of the Chertoff Group, a Washington, D.C. based risk management and security consulting company.

Mr. Chertoff stated in his keynote address, “cyber-security concerns are growing in public and private perception and importance, but the issue still hasn’t gripped the public imagination as the dire threat that it is. It may take a huge 9/11-like electronic event to translate the abstract idea of an attack that occurs through an invisible network to concrete motivation to act in the physical world.” denoting the need for continued information security awareness and an increase to current information security priorities to better protect individuals and critical infrastructure.

Other events at SINET included panel discussions with topics such as “Call to Action: Entrepreneurs and Cyber Security, The Way Ahead” and “The Next Generation of Innovation: Building Global Collaborative Entrepreneurial Networks” which included experts from the public, private, venture capitalist and academic sectors. The panelist included participants such as Nadia Short of General Dynamics Advanced Information Systems, Curt Carlson, CEO of SRI International and Vivek Wadhwa, Visiting Scholar at UC Berkeley and Director of Research at the Center for Entrepreneurship and Research Commercialization at Duke University.

The Chairman and Founder of SINET, Robert D. Rodriguez stated, “I believe the Defense Industrial Base (DIB) is missing approximately 50% to 70% of all early stage and emerging growth in the cyber security emerging company market.” Mr. Rodriguez’s goal with SINET is to aid in closing that gap. He further stated, “If we have one acquisition, one investment, purchase of a product or partnership to move the technology forward, to advance the security field, then we all win”. A sentiment shared by many who attended the event.

Among some of the innovated companies in attendance, SecurityOrb.com had the opportunity to speak with Trustifier Inc., Invincea, Inc. and FireEye, Inc. To view a full list of the other companies click here.

Trustifier Inc. makers of a secure web based application called “ryu”, which stops attacks on your web servers in real-time.

Invincea, Inc. makers of a virtual web browser that shields PC users against all types of Web-borne threats by seamlessly moving desktop Web browsers into a controlled virtual environment.

FireEye, Inc. makers of a very advance malware detection appliance that has the ability to stop zero-day attacks and outbound callbacks while inoculating networks from future attacks.

SINET is what the security industry needs to help protect against current security issues and future ones as well.

About Robert D. Rodriguez

Mr. Rodriguez spent twenty-two years as a Special Agent with the United States Secret Service and held numerous leadership roles within Executive Protection at the White House serving Presidents Ronald W. Reagan, George H. Bush, William J. Clinton, Vice President Dan Quayle and Head of States.

About SINET

The Security Innovation Network™ (SINET) was created to increase collaboration between the United States public and private sectors with the mutual objective of accelerating innovation in security technology, practices and implementation. The SINET provides thought leadership and tools to create social and virtual links among persons and organizations involved with the technical, strategic, legal, economic, and policy aspects of IT security. In order for the United States to maintain an innovation advantage, creative and continuous collaboration is imperative between the people within public and private sectors, federal agencies, system integrators, innovators, entrepreneurs, venture capitalists, academics and scientists. Our goal is to help these important groups within the US security community bridge knowledge and cultural gaps, forge ties and attain unity of purpose towards the advancement of IT security innovation.

You can find more information about SINET and upcoming events here.

BackTrack 4 Tutorials, Manuals and Howtos

2010-10-23/1 Comment/in Hack, Training, Video/by SecurityOrb_Staff

I have gather a few resources from various locations on BackTrack 4. Used it for an audit recently and it worked great…

The manuals section provides you with simple information in order to get up and running with Back|Track and help with some additional features unique to the suite.

http://www.backtrack-linux.org/tutorials/

BackTrack 4 Tutorial

http://itv.fiu.edu/play.php?vid=543

http://www.scribd.com/doc/19094991/Backtrack-4-Guide-Tutorial

http://html-pdf-converter.com/pdf/backtrack-4-tutorial.html

SecurityOrb.com Video: