Great read on Security Annoyance

This World of Ours by James Mickens

Imperfect Forward Secrecy

How NSA Successfully Broke Trillions of Encrypted Connections - Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

The complete write up https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf

 

True Crypt

The researchers behind the security audit of the TrueCrypt disk-encryption software have completed their work and say they have found no evidence of any deliberate backdoors or serious design flaws in its code.

"Based on this audit, Truecrypt appears to be a relatively well-designed piece of crypto software," crypto boffin Matthew Green said in a blog post on Thursday.

The security community's attention became razor focused on the ongoing audit of TrueCrypt after the software's developers abandoned their work under mysterious circumstances last year. A message posted to TrueCrypt's official page urged users to uninstall it immediately "as it may contain unfixed security holes" and suggested Microsoft's BitLocker as an alternative.

This second phase of the audit examined TrueCrypt's random number generators and other cipher suites, following a first phase that reviewed the blueprints of the software. But although the auditors did find a few problems with TrueCrypt's code, they were minor and could only compromise security under very limited and specific circumstances.

For example, the Windows version of TrueCrypt relies on the Windows Crypto API, which can fail to initialize properly in some circumstances, allowing TrueCrypt to generate cryptographic keys based on predictable numbers, rather than random ones.

"This is not the end of the world, since the likelihood of such a failure is extremely low," Green observed. "But it's a bad design and should certainly be fixed in any TrueCrypt forks."

A number of such forks are already under development using the original TrueCrypt code as reference, among them CipherShed and VeraCrypt. The apparent lack of any serious security flaws in TrueCrypt, however, leaves open the question of why the TrueCrypt developers chose to close up shop to begin with.

One theory is that the cryptic message posted to the software's homepage was meant as a kind of "warrant canary" designed to warn users that pressure from one or more governments had made ongoing development of the software difficult or impossible. If true, that could have ominous implications for any future TrueCrypt derivatives.

"The loss of TrueCrypt's developers is keenly felt by a number of people who rely on full disk encryption to protect their data," Green wrote. "With luck, the code will be carried on by others. We're hopeful that this review will provide some additional confidence in the code they're starting with."

The full findings of the TrueCrypt security audit are available as a PDF, here. ®

 

Neil McAllister

Latest variants of "ransomware"

RANSOMWARE: A type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed - Wikipedia

The tools and tactics being used to go after victims reveal growing sophistication, and gamers need to look out, security researchers say.

The enormous success which attackers have had extracting millions of dollars from individuals and businesses using ransomware appears to be driving more sophisticated tools and tactics from them.

This week researchers sounded the alert on two recent ransomware families that break ground in different ways.

One of them dubbed Virlock is noteworthy because it not only locks the screen of compromised systems like other ransomware, but also infects files on the device. First noticed by security firm ESET in December, Virlock is also polymorphic, meaning the code changes every time it runs making it hard to detect using standard malware detection tools.

In an alert on Friday, security firm Trend Micro described Virlock as the first ransomware that includes file infection in its routine. Unlike most ransomware, which are distributed via botnets and phishing emails, Virlock spreads via infected files, the security firm said.

“Virlock variants may arrive bundled with other malware in infected computers,” Trend Micro security researchers Jaaziel Carlos, Jonh Chua, and Rodwin Fuentes said in their blog.

Once on a system, the malware creates and modifies registry entries to obfuscate itself and then locks the screen and disables several critical functions on the compromised system. Virlock checks for specific file types on the infected system, including executable files and document types such as “.doc”, “.xls” and “.pdf”. It also looks for archive files like “.zip” audio and video files with extensions like “.mp3” and image files such as “.jpg” and “.gif.”

After Virlock locates such files it encrypt them and then embeds them in the body of the malware itself, the researchers said. Infected systems can be hard to clean and even a single infected file that remains undetected in a system can cause the malware to respawn the infection all over again.

“Once Virlock gets into a system network, it will be all over the place; it can infect a whole network system without notice,” the researchers said.

The other ransomware family that has attracted the attention of security researchers because it is different is, TeslaCrypt, a tool that is, for the first time, being used to go after video gamers, specifically. Operationally, the malware is similar to other ransomware, in that it encrypts data on the victim’s computer and then demands a ransom to unlock it.

But by targeting gamers, attckers are increasing what is already a huge target base for ransomware campaigns, Vadim Kotov, a security researcher at Bromium said in a blog post Thursday.

Bromium’s research has shown that data files for more than 20 games are affected by the threat, including Call of Duty, Star Craft 2, Diablo, Minecraft, and online games like World of Warcraft.

“Encrypting all these games demonstrates the evolution of crypto-ransomware as cybercriminals target new niches,” Kotov wrote.

Richard Blech, CEO of Secure Channels, says threats like these showcase the growing sophistication of the ransomware tools and tactics used by attckers to go after potential targets.

“What’s going on is that this is the new mainstream,” Blech says. “This isn’t some script kiddie in the basement,” targeting people with malware tools.  Increasingly, it is the highly sophisticated criminal groups using sophisticated tools that are behind major ransomware campaigns.

Perimeter defense tools like antivirus and anti spam products can help alleviate the threat somewhat by detecting and blocking ransomware where possible. But ultimately a lot of onus for dealing with the threat falls on the user. In most cases, ransomware tools end up getting installed on a system as the direct result of a user action, like clicking on a link in a phishing email.

“Someone has to do something,” to trigger ransomware in most cases. “There is a human factor,” Blech said.

Keeping files backed up is the best way to mitigate the threat posed by ransomware, Blech said. That way, even if data gets locked up or encrypted, it is easy to retrieve a backup copy.

“Be also careful with your DropBox (or other cloud services). If you have folders synchronized with an online storage – malware will get to them too.” Kotov said in his blog post.

Andrew Brandt, senior threat researcher at Blue Coat Systems said ransomware has become a growing threat not just because of how it is distributed but also because it’s ability to destroy data has evolved dramatically.

Small businesses and governments in particular have reason to be concerned about the trend, Brandt said in emailed comments to Dark Reading. “Small business and local government agencies are most likely, out of the panoply of potential commercial or enterprise victims, to lack any kind of integrated IT security infrastructure,” he said.

However HDT managed business clients have multiple layers of security that does help protect against these threats.

Dealing with ransomware requires the same kind of rigor as dealing with any malware he said. Machines or instance, need to be kept up to date, and software needs to be properly patched and updated.

“Networks on which these computers operate can be proxied through devices that prohibit communications with known-bad network addresses,” he said. “And the end users themselves need to be a little less credulous and treat email with greater care and a degree of mistrust".

Links Found between NSA, Regin Spy tool and QWERTY Keylogger

 
 
 
 
 
 
 
 
 
 
 

Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability

The Ponemon State of the Endpoint report shows endpoint management continues to grow more difficult.

As enterprises grow mature in their IT security practices, more of them are attributing endpoint risks to user behavior, rather than fixating on the vulnerabilities attackers ultimately use to break into systems, a new Ponemon Institute survey shows. Querying 703 IT and IT security practitioners, the State of the Endpoint study shows that 78% consider negligent or careless employees who do not follow security policies as the biggest threat to endpoint systems.

"Rather than looking to fix a particular device vulnerability with a single, silver bullet technology, this new study shows IT attributes risk to people," says Chris Merritt, director of solutions marketing for Lumension, which funded the survey. "Cybercriminals launch their attacks, and it's the job of IT and, quite frankly, every user to defend against them. This is a welcome culture shift, but unfortunately, it doesn't necessarily make things any easier."

In fact, 71% of respondents reported that managing endpoint risk has grown more difficult over the last two years. Though they reported user behavior as the biggest obstacle to managing endpoints effectively, the task is not being made any easier by the proliferation of devices connected to consumer cloud applications. Approximately 68% cite the significant increase in the number of personal devices connected to the network as a top endpoint security concern, and 66% point to the use of commercial cloud applications in the workplace as a big problem.

Meanwhile, attacks continue to accelerate. Nearly 70% of respondents said malware at the endpoint increased in severity last year. Approximately 80% of organizations reported web-borne malware as the most frequent attack vector, and the biggest increases in attacks came by way of zero-day attacks, APTs, and spearphishing. The applications most likely to be used by attackers were Adobe applications, applications using Java, and third-party cloud productivity apps.

The combination of user risks, proliferation of devices and apps, and increased attacks has 68% of organizations reporting that endpoint security is becoming a more important component of their overall IT security strategy.

"IT continues to battle malware at the endpoint," said Dr. Larry Ponemon, chairman of the Ponemon Institute. "While it is positive news that companies are making the security of endpoints a higher priority, to win the war they need to recognize the criticality of minimizing employee negligence and investing in technologies that improve the ability to detect malicious attacks."

Those investments will continue to grow at many organizations, with 45% of respondents reporting that they'll get more money to spend on security in 2015. As they figure out how to spend it, 95% of organizations report that they're moving away from prevention-oriented strategy and toward a detect-and-respond approach. They'll do that by employing big data and threat intelligence to analyze threats better in real-time.

This content was originally posted @ http://www.darkreading.com/endpoint/majority-of-enterprises-finally-recognize-users-as-endpoints-weakest-vulnerability/d/d-id/1318617?

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed

 
NON-MANAGED=REACTIVE
MANAGED=PROACTIVE
 
 

ourprivacy.org

US-CERT Latest Warnings

Latest US-CERT Released Warnings

Posted Articles