Do away with Antivirus?

On Friday, Wired quoted security expert Jeremiah Grossman as someone who doesn’t use anti-virus software, and asked the question: “Is Antivirus Software a Waste of Money?”

Wired spoke to several security experts at last week’s RSA Conference in San Francisco. “If you asked the average security expert whether they use antivirus or not, a significant proportion of them do not,” says the report quoting Grossman, CTO at Whitehat Security. Dan Guido, the CEO of security startup Trail of Bits also doesn’t use AV, saying that if it weren’t required to for other reasons, “almost nobody in the security industry would run it.” Paul Carugati, a security architect with Motorola Solutions, noted:  “Today... it has certainly lost its effectiveness.”

The criticism against anti-virus software is that it is very easy to get passed the first level of defense, signature recognition, by automatically and almost daily altering the malware’s signature. “There’s even a free website called Virus Total that lets you see whether any of the most popular malware scanning engines will spot your Trojan program or virus,” notes Wired. An alternative noted by the report comes from Andy Ellis, chief security officer with Akamai: “Do your own log analysis,” he said, “because that is what’s going to catch the problems.”

But the danger in such comments is that the man or business in the street might start thinking that anti-virus, as one of the layers within a layered security defense, is no longer necessary or useful. ESET senior research fellow David Harley told Infosecurity that the man in the street “should be aware that most individuals and many companies don’t know the technology well enough or simply don’t have time to use the sort of complex tools that security experts do.” And while he admits that anti-virus cannot catch everything, it’s simply “not true to say that AV detects only known malware... AV still detects a substantial amount of malware (and other unwanted code) proactively.”

Harley believes that no single security defense can provide the complete solution. The reader, he suggests, “should bear in mind that some of the security experts who are denigrating AV en masse right now have their own commercial agendas to push, in favor of other technologies that are not the 100% Solution.” This last point is not lost to Panda Security. Marketing manager Neil Martin commented, “From my point of view the comments on [Wired] seem to reflect that a larger proportion of security spend should be on the services their businesses provide,” adding that the security professionals he knows “use antivirus in additional to their personal skills (in the same way stuntmen still use crash helmets).”

The Global Intelligence Files

Visit Wikileaks for browsing these files: http://wikileaks.org/the-gifiles.html

Article below originally posted on wikileaks.org

 

RE: Stratfor Emails (company website: http://www.stratfor.com/) Read what Strafor has to say about this: http://www.stratfor.com/hacking-news

 

LONDON—Monday 27 February, WikiLeaks began publishing The Global Intelligence Files – more than five million emails from the Texas-headquartered "global intelligence" company Stratfor. The emails date from between July 2004 and late December 2011. They reveal the inner workings of a company that fronts as an intelligence publisher, but provides confidential intelligence services to large corporations, such as Bhopal’s Dow Chemical Co., Lockheed Martin, Northrop Grumman, Raytheon and government agencies, including the US Department of Homeland Security, the US Marines and the US Defense Intelligence Agency. The emails show Stratfor’s web of informers, pay-off structure, payment-laundering techniques and psychological methods, for example :

"[Y]ou have to take control of him. Control means financial, sexual or psychological control... This is intended to start our conversation on your next phase" – CEO George Friedman to Stratfor analyst Reva Bhalla on 6 December 2011, on how to exploit an Israeli intelligence informant providing information on the medical condition of the President of Venezuala, Hugo Chavez. 

The material contains privileged information about the US government’s attacks against Julian Assange and WikiLeaks and Stratfor’s own attempts to subvert WikiLeaks. There are more than 4,000 emails mentioning WikiLeaks or Julian Assange. The emails also expose the revolving door that operates in private intelligence companies in the United States. Government and diplomatic sources from around the world give Stratfor advance knowledge of global politics and events in exchange for money. The Global Intelligence Files exposes how Stratfor has recruited a global network of informants who are paid via Swiss banks accounts and pre-paid credit cards. Stratfor has a mix of covert and overt informants, which includes government employees, embassy staff and journalists around the world.

The material shows how a private intelligence agency works, and how they target individuals for their corporate and government clients. For example, Stratfor monitored and analysed the online activities of Bhopal activists, including the "Yes Men", for the US chemical giant Dow Chemical. The activists seek redress for the 1984 Dow Chemical/Union Carbide gas disaster in Bhopal, India. The disaster led to thousands of deaths, injuries in more than half a million people, and lasting environmental damage.

Stratfor has realised that its routine use of secret cash bribes to get information from insiders is risky. In August 2011, Stratfor CEO George Friedman confidentially told his employees : "We are retaining a law firm to create a policy for Stratfor on the Foreign Corrupt Practices Act. I don’t plan to do the perp walk and I don’t want anyone here doing it either."

Stratfor’s use of insiders for intelligence soon turned into a money-making scheme of questionable legality. The emails show that in 2009 then-Goldman Sachs Managing Director Shea Morenz and Stratfor CEO George Friedman hatched an idea to "utilise the intelligence" it was pulling in from its insider network to start up a captive strategic investment fund. CEO George Friedman explained in a confidential August 2011 document, marked DO NOT SHARE OR DISCUSS : "What StratCap will do is use our Stratfor’s intelligence and analysis to trade in a range of geopolitical instruments, particularly government bonds, currencies and the like". The emails show that in 2011 Goldman Sach’s Morenz invested "substantially" more than $4million and joined Stratfor’s board of directors. Throughout 2011, a complex offshore share structure extending as far as South Africa was erected, designed to make StratCap appear to be legally independent. But, confidentially, Friedman told StratFor staff : "Do not think of StratCap as an outside organisation. It will be integral... It will be useful to you if, for the sake of convenience, you think of it as another aspect of Stratfor and Shea as another executive in Stratfor... we are already working on mock portfolios and trades". StratCap is due to launch in 2012. 

The Stratfor emails reveal a company that cultivates close ties with US government agencies and employs former US government staff. It is preparing the 3-year Forecast for the Commandant of the US Marine Corps, and it trains US marines and "other government intelligence agencies" in "becoming government Stratfors". Stratfor’s Vice-President for Intelligence, Fred Burton, was formerly a special agent with the US State Department’s Diplomatic Security Service and was their Deputy Chief of the counterterrorism division. Despite the governmental ties, Stratfor and similar companies operate in complete secrecy with no political oversight or accountability. Stratfor claims that it operates "without ideology, agenda or national bias", yet the emails reveal private intelligence staff who align themselves closely with US government policies and channel tips to the Mossad – including through an information mule in the Israeli newspaper Haaretz, Yossi Melman, who conspired with Guardian journalist David Leigh to secretly, and in violation of WikiLeaks’ contract with the Guardian, move WikiLeaks US diplomatic cables to Israel. 

Ironically, considering the present circumstances, Stratfor was trying to get into what it called the leak-focused "gravy train" that sprung up after WikiLeaks’ Afghanistan disclosures : 

"[Is it] possible for us to get some of that ’leak-focused’ gravy train ? This is an obvious fear sale, so that’s a good thing. And we have something to offer that the IT security companies don’t, mainly our focus on counter-intelligence and surveillance that Fred and Stick know better than anyone on the planet... Could we develop some ideas and procedures on the idea of ´leak-focused’ network security that focuses on preventing one’s own employees from leaking sensitive information... In fact, I’m not so sure this is an IT problem that requires an IT solution."

Like WikiLeaks’ diplomatic cables, much of the significance of the emails will be revealed over the coming weeks, as our coalition and the public search through them and discover connections. Readers will find that whereas large numbers of Stratfor’s subscribers and clients work in the US military and intelligence agencies, Stratfor gave a complimentary membership to the controversial Pakistan general Hamid Gul, former head of Pakistan’s ISI intelligence service, who, according to US diplomatic cables, planned an IED attack on international forces in Afghanistan in 2006. Readers will discover Stratfor’s internal email classification system that codes correspondence according to categories such as ’alpha’, ’tactical’ and ’secure’. The correspondence also contains code names for people of particular interest such as ’Hizzies’ (members of Hezbollah), or ’Adogg’ (Mahmoud Ahmedinejad).

Stratfor did secret deals with dozens of media organisations and journalists – from Reuters to the Kiev Post. The list of Stratfor’s "Confederation Partners", whom Stratfor internally referred to as its "Confed Fuck House" are included in the release. While it is acceptable for journalists to swap information or be paid by other media organisations, because Stratfor is a private intelligence organisation that services governments and private clients these relationships are corrupt or corrupting.

WikiLeaks has also obtained Stratfor’s list of informants and, in many cases, records of its payoffs, including $1,200 a month paid to the informant "Geronimo" , handled by Stratfor’s Former State Department agent Fred Burton. 

WikiLeaks has built an investigative partnership with more than 25 media organisations and activists to inform the public about this huge body of documents. The organisations were provided access to a sophisticated investigative database developed by WikiLeaks and together with WikiLeaks are conducting journalistic evaluations of these emails. Important revelations discovered using this system will appear in the media in the coming weeks, together with the gradual release of the source documents.

Revealed: US plans to charge Assange

UNITED STATES prosecutors have drawn up secret charges against the WikiLeaks founder, Julian Assange, according to a confidential email obtained from the private US intelligence company Stratfor.

In an internal email to Stratfor analysts on January 26 last year, the vice-president of intelligence, Fred Burton, responded to a media report concerning US investigations targeting WikiLeaks with the comment: ''We have a sealed indictment on Assange.''

He underlined the sensitivity of the information - apparently obtained from a US government source - with warnings to ''Pls [please] protect'' and ''Not for pub[lication]''.

Mr Burton is well known as an expert on security and counterterrorism with close ties to the US intelligence and law enforcement agencies. He is the former deputy chief of the counter-terrorism division of the US State Department's diplomatic security service.

Stratfor, whose headquarters are in Austin, Texas, provides intelligence and analysis to corporate and government subscribers.

On Monday, WikiLeaks began releasing more than 5 million Stratfor emails which it said showed ''how a private intelligence agency works, and how they target individuals for their corporate and government clients''.

The Herald has secured access to the emails through an investigative partnership with WikiLeaks.

The news that US prosecutors drew up a secret indictment against Mr Assange more than 12 months ago comes as the Australian awaits a British Supreme Court decision on his appeal against extradition to Sweden to be questioned in relation to sexual assault allegations.

Mr Assange, who has not been charged with any offence in Sweden, fears extradition to Stockholm will open the way for his extradition to the US on possible espionage or conspiracy charges in retaliation for WikiLeaks's publication of thousands of leaked US classified military and diplomatic reports.

Last week the US Army Private Bradley Manning was committed to face court martial for 22 alleged offences, including ''aiding the enemy'' by leaking classified government documents to WikiLeaks.

In December the Herald revealed Australian diplomatic cables, declassified under freedom of information, confirmed WikiLeaks was the target of a US Justice Department investigation ''unprecedented both in its scale and nature'' and suggested that media reports that a secret grand jury had been convened in Alexandria, Virginia, were ''likely true''.

The Australian embassy in Washington reported in December 2010 that the Justice Department was pursuing an ''active and vigorous inquiry into whether Julian Assange can be charged under US law, most likely the 1917 Espionage Act''.

In recent answers to written parliamentary questions from the Greens senator Scott Ludlam, the former foreign affairs minister Kevin Rudd indicated Australia had sought confirmation that a secret grand jury inquiry directed against Mr Assange was under way.

Mr Rudd said ''no formal advice'' had been received from US authorities but acknowledged the existence of a ''temporary surrender'' mechanism that could allow Mr Assange to be extradited from Sweden to the US. He added that Swedish officials had said Mr Assange's case would be afforded ''due process''.

The US government has repeatedly declined to confirm or deny any reported details of the WikiLeaks inquiry, beyond the fact that an investigation is being pursued.

The Stratfor emails show that the WikiLeaks publication of hundreds of thousands of US diplomatic cables triggered intense discussion within the ''global intelligence'' company.

In the emails, an Australian Stratfor ''senior watch officer'', Chris Farnham, advocated revoking Mr Assange's Australian citizenship, adding: ''I don't care about the other leaks but the ones he has made that potentially damage Australian interests upset me. If I thought I could switch this dickhead off without getting done I don't think I'd have too much of a problem.''

But Mr Farnham also referred to a conversation with a close family friend who he said knew one of the Swedish women who had made allegations of sexual assault against Mr Assange, and added: ''There is absolutely nothing behind it other than prosecutors that are looking to make a name for themselves.''

While some Stratfor analysts decried what they saw as Mr Assange's ''clear anti-Americanism'', others welcomed the leaks and debated WikiLeaks's longer-term impact on secret diplomacy and intelligence.

Stratfor's director of analysis, Reva Bhalla, observed: ''WikiLeaks itself may struggle to survive but the idea that's put out there, that anyone with the bandwidth and servers to support such a system can act as a prime outlet of leaks. [People] are obsessed with this kind of stuff. The idea behind it won't die.''

Stratfor says it will not comment on the emails obtained by WikiLeaks. The US embassy has also declined to comment.

"Password1" - most common password...why passwords matter?

The business world has a password problem—starting with the fact that the No. 1 computer password employed by business users is, wait for it: "Password1". Unfortunately, that's just the most cringe-worthy example of bad enterprise security cited by Trustwave in its recently released Global Security Report for 2012.

Why "Password1"? Because "it satisfies the default Microsoft Active Directory complexity setting," the IT security research firm noted. In other words, it's got a capitalized letter, a number, and the requisite number of characters to qualify under basic password security settings.

The password problem is just one of the security issues businesses are running up against in an increasingly hostile cyber-world, according to Trustwave. Other key findings related to hacking incidents and intrusion investigations at companies researched by Trustwave include:

• Customer records remained a valuable target for attackers, making up 89 percent of breached data investigated.

• For the second year, the food and beverage industry made up the highest percentage of investigations at nearly 44 percent.

• Industries with franchise models are the new cyber targets: more than a third of 2011 investigations occurred in a franchise business.

• In 76 percent of incident response investigations, a third party responsible for system support, development and/or maintenance of business environments introduced the security deficiencies.

• Law enforcement detected more breaches in 2011—up from 7 percent in 2010 to 33 percent in 2011.

• Data harvesting techniques continued to target data "intransit" within victim environments showing up in 62.5 percent of 2011 investigations.

• Anti-virus detected less than 12 percent of the targeted malware samples collected during 2011 investigations.

• For Web-based attacks, SQL injection remains the number one attack method for the fourth year in a row.

In addition to detailing the issues above, Trustwave elaborates at length on password issues in business IT environments. Users "are finding creative ways to override" corporate IT policies on passwords, according to the report.

These risk-increasing workarounds include setting usernames as passwords, making simple, often numerically progressive (and thus predictable) changes to passwords, and opting for the simplest possible variations to meet complexity requirements, "such as capitalizing the first letter and adding an exclamation point to the end" of the password.

A big problem for business users is that IT policy requiring that passwords be complex and changed frequently—not to mention environments that necessitate several different passwords—is making it more difficult to commit those passwords to memory.

Hence the workarounds users employ, Trustwave notes, while many business users write down their passwords where they can be discovered—even on the very computers they're meant to protect.

And even if a company has a good password policy that's adhered to by its employees, that isn't the end of it. Trustwave warned in the report that keystroke logging software is relatively easy for hackers to deploy and social engineering techniques for getting employees to reveal how to access IT assets remains a big problem.

FBI: Cyber attacks may soon be top threat to USA

Cyber-attacks loom as the top threat to the United States in the near future, officials of the US Federal Bureau of Investigation said.

A report on PC World quoted FBI Director Robert Mueller as citing threats from hackers, including state-sponsored ones.

"(While terrorism remains the FBI's top priority) in the not too distant future, we anticipate that the cyber threat will pose as the No. 1 threat to our country," it quoted Mueller as saying.

Mueller, who spoke at the RSA Conference, said state-sponsored hackers are patient and calculating.

He said they have the time, the money and the resources to burrow in and wait – in the process taking bits of seemingly innocuous information.

"You may discover one breach, only to find that the real damage has been done at a much higher level," he said.

On the other hand, he said there are hackers for profit who seek information not for political power but for sale to the highest bidder.

He said these once-isolated hackers have joined forces to create criminal syndicates as organized cyber-crime promises higher profit and a lower chance of being identified and prosecuted.

"Unlike traditional crime families, these hackers may never meet, but they possess specialized skills in high demand. They exploit routine vulnerabilities. They move in quickly, make their money, and disappear. No company is immune, from the Fortune 500 corporation to the neighborhood 'mom and pop' business," he said.

Applying lessons from fighting terrorism

For now, Mueller said there are two types of companies: those that have been hacked and those that will be.

But even now, he said they are converging into one category: companies that have been hacked and will be hacked again.

"Given that scenario, we must limit the data that can be gleaned from any compromise. We must segregate mission-centric data from routine information. And we must incorporate layers of protection and layers of access to critical information," he said.

Mueller said the FBI needs to take lessons learned from fighting terrorism and apply them to cyber-crime.

"We are creating a structure whereby a cyber-agent in San Francisco can work in a virtual environment with an agent in Texas, an analyst in Virginia, and a forensic specialist in New York to solve a computer intrusion that emanated from Eastern Europe," he said.

He said they must cultivate the sources necessary to "infiltrate criminal online networks, to collect the intelligence to prevent the next attack, and to topple the network from the inside."

"We must ensure that our ability to intercept communications -- pursuant to court order -- is not eroded by advances in technology. These include wireless technology and peer-to-peer networks, as well as social media," he said.

Hundreds of thousands of attacks a day

For his part, US Defense Secretary Leon Panetta said at a conference at the University of Louisville that the US is "literally getting hundreds or thousands of attacks every day that try to exploit information in various [US] agencies or departments."

"There are, obviously, growing technology and growing expertise in the use of cyber-warfare. The danger is, I think, [that] the capabilities are available in cyber to virtually cripple this nation: to bring down the power grid, to impact on our governmental systems, to impact on Wall Street and our financial system and to literally paralyze this country," Panetta said.

"So the one thing I worry about is in knowing these things are possible and feeling that we haven't taken all the necessary steps we need to protect this country," he said. — LBG, GMA News

Updated Firefox browser extension detects fraudulent SSL certificates

The Electronic Frontier Foundation (EFF) has released a new version of its HTTPS Everywhere for Firefox browser extension, which identifies fake or expired SSL certificates.

The browser extension, called the Decentralized SSL Observatory, sends anonymous copies of SSL certificates from HTTPS websites to EFF’s SSL database, which enables the foundation to detect problems with the site’s cryptographic and security infrastructure and notify users about any problems.

“At the moment, the Observatory will give warnings if you connect to a router, VPN, firewall or similar device that has an insecure private key due to the random number generator vulnerabilities...using data from the SSL Observatory and other sources. We will be adding more kinds of certificate and key auditing to the Decentralized Observatory in the future”, explained Peter Eckersley of the EFF in a blog post.

In addition to this feature, the browser extension provides support for 400 more sites, an improved user interface, and translation capabilities for a dozen languages, Eckersley said.

EFF is currently testing a beta version of HTTPS Everywhere for Google’s Chrome browser.

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed

 
NON-MANAGED=REACTIVE
MANAGED=PROACTIVE
 
 

ourprivacy.org

US-CERT Latest Warnings

Latest US-CERT Released Warnings

Posted Articles