Apple releases security updates for both its Mac OS X and iOS operating systems. Once again, Google is a leading contributor to improving Apple security.
Apple today released security updates for its desktop Mac OS X 10.11 and mobile iOS 9 operating systems. The patched security issues span all aspects of both operating systems, including networking, graphics and wireless operations.
Of particular note in both the Mac OS X 10.11.2 and mobile iOS 9.2 updates is the volume of security vulnerabilities patched that were reported to Apple by a single man, Ian Beer, a security researcher with Google's Project Zero. Apple credits Beer with reporting nine vulnerabilities impacting OS X (CVE-2015-7110, CVE-2015-7078, CVE-2015-7106, CVE-2015-7077, CVE-2015-7112, CVE-2015-7068, CVE-2015-7083, CVE-2015-7084 and CVE-2015-7047). Of those issues, five also impacted iOS 9 (CVE-2015-7112, CVE-2015-7068, CVE-2015-7083, CVE-2015-7084 and CVE-2015-7047).
Among the issues reported by Beer that impacted both OS X and iOS is a memory corruption one (identified as CVE-2015-7112) in the Apple IOHIDFamily library. The vulnerability could have potentially enabled an application to execute arbitrary code with full system rights.
Beer also found a pair of memory corruption issues (identified as CVE-2015-7083 and CVE-2015-7084) in both the OS X and iOS kernels. According to Apple's advisory, these issues could have enabled a local user to execute arbitrary code with kernel privileges.
Of particular note in Apple's updates is also the CVE-2015-7094 fix for the CFNetwork HTTPProtocol that impacts both iOS and Mac OS X. CFNetwork is the Apple operating system component that helps enable networking services. "An attacker with a privileged network position may be able to bypass HSTS [HTTP Strict Transport Security]," Apple warns in its advisory.
HSTS is a security configuration that forces Web connections to occur over Secure Sockets Layer/Transport Layer Security (SSL/TLS) encrypted communications. The risk of an HSTS bypass is that a site that should only be available over SSL/TLS is accessible over a nonencrypted connection, where an attacker could easily view a user's data traffic. The CVE-2015-7094 issue was reported to Apple by security researchers Tsubasa Iinuma and Muneaki Nishimura.
As part of both the OS X 10.11.2 and IOS 9.2 updates, Apple is fixing another SSL/TLS vulnerability.
"A remote attacker may cause an unexpected application termination or arbitrary code execution," Apple's explanation of the CVE-2015-7073 vulnerability states. "A memory corruption issue existed in handling SSL handshakes."
The CVE-2015-7073 vulnerability was reported to Apple by security researcher Benoit Foucher of ZeroC.
Networking-related flaws aren't the only issues that Apple's updates fix. The CVE-2015-7015 vulnerability in Apple's CoreGraphics library impacts both iOS and OS X and was reported by security researcher John Villamil of the Yahoo Pentest Team.
"Processing a maliciously crafted font file may lead to arbitrary code execution," Apple warns. "This issue was addressed through improved input validation."
Looking specifically at iOS 9 vulnerabilities, the CVE-2015-7037 flaw in the Photos app is particularly interesting in that it could have enabled an attacker to get access to a user's system by way of the mobile backup features.
"A path validation issue existed in Mobile Backup," Apple's advisory states. "This was addressed through improved environment sanitization."
Apple also patched its Siri assistant technology for an information disclosure vulnerability identified as CVE-2015-7080. "A person with physical access to an iOS device may be able to use Siri to read notifications of content that is set not to be displayed at the lock screen," Apple warns.
The new OS X and iOS updates follow the last major set of security updates, which debuted in October with the OS X 10.11.1 and 9.1 releases.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Apple Updates OS X, iOS With Numerous Security Fixes
↧
↧
Tender Armor Adding New Layer of Security to Credit Card Transactions
The startup's CvvPlus fraud prevention technology provides another layer of authentication via a randomly generated CVV number sent to the credit card holder.
Privately held security startup Tender Armor today is exiting stealth mode with the announcement of its CvvPlus credit card fraud prevention technology.
On the back of almost every major credit card there is a Card Verification Value (CVV), which is a three-digit number that is used by banks and payment processors to verify payments when the physical credit card is not present—for example, with online transactions. (American Express cards have a four-digit number on the front of the card.) The CVV is a static number on a consumer's printed credit card and as such is at risk when a credit card itself is stolen. The goal with Tender Armor's CvvPlus technology is to provide another layer of authentication via a randomly generated CVV number that is sent to the credit card holder, much like a two-factor authentication token for common types of Web access.
"We built the system from scratch and have filed for patents on it," Tender Armor CEO Madeline Aufseeser told eWEEK.
When a customer uses a point-of-sale (PoS) terminal, the authorization process for a credit card occurs within seconds, Aufseeser said. The authorization process verifies that cardholders are who they say they are, the card is in good standing and there are funds to approve the transaction. What Tender Armor is doing, she said, is adding another element, such that a bank can check for the CvvPlus code that is coming in to determine the validity of a given credit card.
"We communicate with the authorization platform with batch files in an asynchronous manner to give them the CvvPlus codes that we produce in our system," Aufseeser said.
The CvvPlus system provides consumers with a code that is updated on a daily basis. Even though those codes can have a life of up to one day, Aufseeser is confident that users will be secure.
"Since CvvPlus is a dual-factor, out-of-band authentication method, a hacker would not only have to get the code, they would also have to get the card number associated with the code," Aufseeser said. "So even if a crook was to steal a consumer's credit card, they'd also have to steal the consumer's phone [and] they'd have to know that the customer is using CvvPlus and where on the phone the code is found."
Users can choose from a number of mechanisms to get the CvvPlus code. Codes can be delivered via a text message or an email. Tender Armor is in the process of also building a stand-alone mobile app, Aufseeser said.
"What we have also planned is that in the future users will be able to request up to seven days' worth of codes," she said.
Currently, Tender Armor is selling the CvvPlus technology directly to bank and credit card processors. Consumers will be able to opt in to CvvPlus technology security from the banks and credit card issuers that offer the platform.
"We suspect that most entities will give the CvvPlus service away for free to cardholders," Aufseeser said. "This is a huge opportunity for banks to save money on chargeback losses and card replacement costs."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
IBM Launches Security App Exchange Marketplace
IBM's new Security App Exchange gives organizations access to collaboratively built security solutions.
IBM has made a couple of moves to open up its security platform, including launching the IBM Security App Exchange, a marketplace for the security community to create and share apps based on IBM security technologies.
Big Blue also announced it is opening its security analytics platform, IBM Security QRadar, enabling customers, business partners and other developers to build apps that take advantage of the platform's security intelligence capabilities.
The opening of its security analytics platform is the second major step IBM has taken this year to advance industry collaboration and innovation to battle cyber-crime. In April, IBM opened its 700 terabyte database of security threat data through IBM X-Force Exchange. More than 2,000 organizations have joined the threat sharing platform since it was announced.
With the combination of opening its security analytics platform and its database of threat intelligence, IBM is promoting deeper industry collaboration and enabling organizations to share both data and expertise to stay ahead of cyber-criminals.
IBM and partners including Bit9 + Carbon Black, BrightPoint Security, Exabeam and Resilient Systems already have populated the IBM Security App Exchange with dozens of apps that extend IBM Security QRadar security analytics in areas like user behavior, endpoint data and incident visualization. These new apps take advantage of new open APIs for QRadar. The platform uses data analytics and threat intelligence to detect security incidents for thousands of security operation centers across the globe, IBM said. Dozens of organizations have joined IBM App Exchange, and partners such as STEALTHbits and iSIGHT Partners also have apps in development.
"With thousands of customers now standardizing on IBM's security technologies, opening this platform for closer collaboration and development with partners and customers changes the economics of fighting cybercrime," said Marc van Zadelhoff, vice president of strategy and product management for IBM Security, in a statement. “Sharing expertise across the security industry will allow us to innovate more quickly in order to help stay ahead of increasingly sophisticated attacks.”
Through integration with third-party technologies, these new apps are designed to provide customers with better visibility into more types of data and also offer new automated search and reporting functions which help security specialists focus on the most pressing threats. The apps are freely available through the IBM Security App Exchange.
"Organizations will not only have the confidence that apps on the App Exchange are curated by IBM, but also that the security community as a whole is able to review and contribute to them," said Chris Meenan, product manager for QRadar, in a blog post.
Examples of these new applications include the Exabeam User Behavior Analytics app, which integrates user-level behavioral analytics and risk profiling directly into the QRadar dashboard. This real-time view of user risk allows companies to detect subtle behavioral differences between a normal employee and an attacker using that same credential. A new IBM-developed app lets QRadar users pull in any threat intelligence feed using the open standard STIX and TAXII formats, and use this data to create custom rules for correlation, searching, or reporting. For example, users could bring in public collections of dangerous IP addresses from IBM X-Force Exchange and create a rule to raise the magnitude of any offense that includes IP addresses from that watch list.
↧
French Police Looking to Ban Tor Network and Free WiFi
A crackdown on insecure and unsecured networks follows Paris terrorist attacks last month.
By Michael Moore
The French government is set to consider a series of recommendations for monitoring online activity in the country following the terrorist attacks in Paris last month that could see the use of Tor banned and free WiFi networks restricted during a state of emergency.
The proposals, one concerning counter-terrorism and the other national state of emergency protections, will now be considered before the laws are drafted, which according to French newspaper Le Monde, could be as early as January.
Blocked
Tor provides online anonymity by obscuring the real point of origin of Internet communications by rerouting traffic across several different points.
It was in part created by the U.S. government as part of a project for the U.S. Navy, which still helps fund its ongoing development, due to the fact that some of its operations rely on the network, and also is popular with journalists and whistleblowers, most famously Edward Snowden.
However, the network also has been widely used for criminal purposes, such as operating contraband Websites in the past, and it is increasingly being used by attackers to hide their identities as they scan for vulnerabilities or carry out attacks.
There is no concrete information on how the French government would actually block the Tor network, as it may need to involve Internet Service Providers (ISPs) to help detect whenever a customer is visiting a site using it.
However Le Monde suggests that the French authorities would like to introduce legislative measures blocking Tor, as well as technological barriers that would prevent people inside the country accessing it, much like the current situation in China.
As for restrictions on free WiFi, Le Monde reported that French police wish to "Forbid free and shared WiFi connections" during a state of emergency. This follows the opinions of police forces that using public WiFi networks makes people harder to track in cases of emergency.
↧
United Kingdom Is Leading Source of DDoS Attacks
An Akamai report identifies the United Kingdom as the leading originator of DDoS attacks.
By Tom Jowitt
The United Kingdom has been identified as the leading originator of DDoS attacks, in Akamai's latest Sec...
↧
↧
Wick Hill Now Shipping WatchGuard T30 And T50 Firebox Appliances
WatchGuard Brings Security and Convenience to the Distributed EnterpriseFirebox T30 and T50 appliances deliver high-performance, enterprise-grade security from an easy to configure, deploy, and manage tabletop appliance that is perfect for SMEs, distributed environments and franchise environments Woking, Surrey: 10th December 2015 - Wick Hill is now shipping WatchGuard’s Firebox T30 and T50 powerful, enterprise-strength Unified Threat Management (UTM) appliances. The T30 and T50 are engineered specifically to address the rapidly changing security threats faced by small- and medium-sized enterprises (SMEs) and distributed enterprises. Faster, more widely accessible connectivity is enabling organisations to be more distributed than ever before. In addition to securing the communications between a traditional corporate headquarters and remote employee sites, many distributed enterprises must also support multiple locations which operate like a typical small business. This relationship between a centralised entity and many independent business locations is especially common in the retail, hospitality, medical, and financial industries and creates very unique network security challenges.For these organisations, a centralised security policy is critical, as is the ease of deployment of the security solution at the remote business location. The ability to maintain visibility across their entire network is equally as important for compliance reporting, health monitoring, and business intelligence purposes. Access to value-added services, such as secure wireless, is also a huge benefit."Organizations are becoming increasingly decentralized and it is our responsibility to deliver security solutions to operate seamlessly within those distributed environments," said Andrew Young, vice president of product management, WatchGuard. "In addition to consolidating critical network and security functions into a single, centrally managed platform, we've made it our mission to make our solutions easy to deploy, easy to manage, and generally accessible to companies of all sizes."Ian Kilpatrick, chairman Wick Hill Group, commented: “The rapidly changing threat environment makes it increasingly important for decentralised organisations to not only deploy to, and secure their remote offices, but also to be able to manage and report on them. T Series is a cost effective secure solution to some of the new challenges facing IT teams.” WatchGuard's T Series of tabletop UTM appliances are ideal for remote sites, branch offices, and SMEs. Their small form factor makes them easy to conceal in environments where there is most likely not a dedicated datacentre and their new built-in power over Ethernet (PoE) port makes it easier than ever to add secure wireless services with a WatchGuard Access Point.All of WatchGuard's Unified Threat Management (UTM) appliances include access to the company's unique, RapidDeploy feature which enables centralised IT teams to pre-configure appliances for quick and non-technical installation at distributed remote sites. This feature is especially ideal for retailers, hospitality chains, healthcare co-ops, and other Distributed Enterprises. Also standard with all WatchGuard appliances is access to Dimension, the company's award-winning, actionable threat intelligence platform*. Dimension aggregates data from all WatchGuard appliances across a customer's network and translates that data into visually rich and actionable information. With Dimension, customers can easily see not only what is going on in their network but proactively take steps, faster than ever before, to update their security policy immediately, right from the reporting dashboards, to stop malicious sites, applications and users. WatchGuard's Firebox T30 and T50WatchGuard Firebox T30 and T50 consolidate the most important network and network security functions in one tabletop platform. Offered as both a wired and a wireless solution, the products provide high-performance, enterprise-grade network security to small and medium sized organizations and distributed enterprises alike.High Performance – Enhanced firewall speeds up to 1.2 Gbps and UTM security speeds up to 165 Mbps to enable modern encryption and usage trends.PoE Port for Easy Wi-Fi Upgrade – Eliminate the need to have AC power running to peripheral devices. All T30 and T50 products come standard with one Power over Ethernet (PoE) port, which allows the painless deployment of technology like access points or security cameras.Integrated 802.11ac Wireless – Enjoy faster, more reliable Wi-Fi with the latest 802.11 ac wireless standard is available on both the T30-W and T50-W models.Rapid Deploy – Preconfigure appliances for secure branch office/remote deployment without the need for technical staff to travel to deployment sites.Advanced Malware Detection – Catch malware that signature-only AV solutions miss. Next-generation sandboxing in the cloud with full system emulation (CPU and memory) provides visibility into every instruction that malware executes, not just the operating system calls, to expose evasive behavior that other sandbox solutions do not see.Actionable Threat Intelligence – Leverage a centralised, real-time view into all network activity with the power to take immediate action against harmful sites and users.Crypto co-processing for SHA-2 – Increase performance while meeting compliance standards that require an upgrade from older crypto algorithms like SHA-1.About Wick Hill Established in 1976, value added distributor Wick Hill specialises in secure IP infrastructure solutions. The company sources and delivers best-of-breed, easy-to-use solutions through its channel partners, with a portfolio that covers security, performance, access, networking, convergence, storage and hosted solutions.Wick Hill is particularly focused on providing a wide range of value added support for its channel partners. This includes a strong lead generation and conversion programme, technical and consultancy support for reseller partners in every stage of the sales process, and extensive training. Wick Hill currently has offices in Woking, Surrey, with sister offices in Hamburg. Wick Hill Group is part of Rigby Private Equity, a subsidiary of Rigby Group Investments, an independent company within Rigby Group plc. About WatchGuard Technologies, Inc.WatchGuard® Technologies, Inc. is a global leader of integrated, multi-function business security solutions that intelligently combine industry standard hardware, best-of-breed security features, and policy-based management tools. WatchGuard provides easy-to-use, but enterprise-powerful protection to hundreds of thousands of businesses worldwide. WatchGuard is headquartered in Seattle, Wash. with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.ENDS * New Dimension 2.0 features are only available for customers with an active support contract that are running Fireware® version 11.10.1 or later.WatchGuard is a registered trademark of WatchGuard Technologies, Inc. All other marks are property of their respective owners.For further press information, please contact Annabelle Brown on 01326 318212, email pr@wickhill.com. For reader queries, contact Wick Hill on 01483 227600. Web http://www.wickhill.com. Twitter - twitter.com/wickhillSource: RealWire
↧
Content Theft Websites Delivering More Than Just Content
New research shows a thriving $70 million a year market for malware delivery on content theft Websites.
In the dark reaches of the Internet are hundreds, if not thousands, of sites that offer users the promise of entertainment content, including TV shows, movies and music, that has been stolen from content authors. While visitors to content theft sites are hoping to get entertainment, they're also getting something they might not be expecting—malware.
A new study sponsored by the Digital Citizens Alliance and conducted by RiskIQ of 800 content theft sites found that a third of those sites are exposing users to malware.
"We're seeing stolen content used as a bait to lure consumers onto Web pages," Tom Galvin, executive director of the Digital Citizens Alliance, told eWEEK. "Content is the bait, and malware delivery is the objective."
The malware is delivered in variety of ways, including links that infect users once they click on them as well as "drive-by" malware infections that require no user interaction.
The drive-by malware that RiskIQ observed was not zero-day exploits. The drive-by issues were all known exploits that vendors had already patched, according to Ross Reynolds, product manager at RiskIQ.
"While they were known exploits, they still have an effective conversion rate," Reynolds told eWEEK. "There are plenty of unpatched systems out there waiting to be exploited."
As it turns out, the placement of malware on content theft sites isn't always just an ad hoc, unstructured approach. There are malware advertising and affiliate networks that content theft sites can plug into, according to Reynolds. RiskIQ researchers were able to infiltrate one such malware advertising organization that claimed to be responsible for 150 million malware installations. The same advertising organization was willing to pay 10 to 20 cents per malware install to content theft sites that participate in their network.
"It's a mature economic model for the content theft sites, with a going rate for goods and services," Reynolds said.
Going a step further, RiskIQ built a financial model to attempt to gauge the revenue potential for content theft Websites from malware distribution. RiskIQ estimates that approximately $70 million a year is being generated by malware distribution from content theft Websites.
Looking at the distribution of malware across different types of sites also provides a solid link to revenue models. There is a difference in malware distribution across gambling, adult-themed and content theft Websites, according to Galvin, adding that on gambling sites, Digital Citizens Alliance's own analysis found little malware.
"That made sense to us as the gambling sites want users to give their credit card information and want users to feel comfortable," Galvin said.
When it comes to adult sites, Galvin said there is a mixed amount of malware depending on the site. While there is more malware on adult sites than gambling sites, it is still less than what Galvin expected. The reason for this, he said, is because for some of those sites, the goal of the site operators is to convert the users to paid subscriptions.
On the content theft sites, there was significantly more malware than either the gambling or adult sites, he said.
"On gambling sites, they want users to spend money; on pornography sites, they also ultimately want users to spend money. But on content theft sites, they're not asking users to spend any money," Galvin said. "You don't really get anything for free in this world and in the end, content thieves are using the lure of stolen content to infect people's computers for their own gain."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
Dispel’s Privacy as a Service Technology Emerges From Stealth
Using multiple cloud providers, the service provides private connections and systems to enable user privacy.
Privately held startup Dispel (dispel.io) officially launched its privacy-as-a-service offering on D...
↧
Data Breaches Put Spotlight on Growing Threats to Kids’ Data Privacy
With a major breach at toy maker VTech and privacy advocates criticizing Mattel and Google, 2015 put a spotlight on the growing threats to children's privacy.
It has not been a good year for children's privacy.
On Nov. 14, digital thieves breached two services at toy maker VTech, compromising the company's Learning Lodge app store and Kid Connect servers and accessing information on more than 6.3 million kids and their 4.8 million parents.
While parents' accounts included names, email and IP addresses, password retrieval information, mailing addresses, download history and encrypted passwords, most of the children's data consisted only of their name, gender and birth date. In some cases, however, photos and unsent messages may have been stored as well, the company said in a statement.
"Upon discovering the breach we immediately conducted a comprehensive check of the affected sites and are taking thorough actions against future attacks," the statement said. "The investigation continues as we look at additional measures to strengthen our Learning Lodge database and Kid Connect security."
The breach has forced the Hong Kong-based toy firm to refocus on securing data. Yet, VTech is not the only company to fall afoul of privacy issues. Toy maker Mattel received loud criticism earlier this year for its marketing of Hello Barbie, a version of the well-known doll that converses with a child, but also sends the conversations to a third party for processing—and alleged data mining—and which apparently has wireless flaws that could allow a hacker to eavesdrop on the conversation as well.
Privacy advocates are also leery of major companies' educational services and how much data they are collecting on young students. On Dec. 1, the Electronic Frontier Foundation filed a complaint with the U.S. Federal Trade Commission alleging that Google had violated its own privacy pledge by collecting information on students through the syncing service on Chromebooks sold or provided to schools.
Along with Apple, Microsoft and 100 other school-service providers, Google has signed the Student Privacy Pledge, in which the companies promised to not collect, use or share students' information without parents' permission or for legitimate educational purposes.
Google stressed that it continues to abide by the pledge and that the data from Chromebooks is only used to allow students to save their settings and, as anonymous data, to improve the service. The two organizations that authored the pledge agreed with Google's interpretation, not the EFF's complaint.
However, the incident, along with the VTech breach and Mattel's Barbie missteps, highlights the privacy problems that manufacturers and online service providers will increasingly have to solve. As the Internet of things increasingly intersects with toys and children's games, privacy issues will become more acute, Jason Hart, vice president of cloud solutions and data protection at Gemalto, told eWEEK.
↧
↧
TeslaCrypt criminals launch ‘very strong’ spam campaign to spread crypto-malware
Trojan's authors change tactics in apparent attempt to infect businesses with crypto-malware
↧
77,000 Steam Gaming Accounts Are Hijacked Each Month
Valve's popular gaming platform is finally set to come to terms with rampant fraud and insecurity on its platform.
Gaming vendor Valve is admitting that it has a problem with account theft in its Steam gaming community and is now taking steps to protect users. Whether or not the new user protections put in place by Valve are enough to protect Steam remains to be seen.
"We see around 77,000 accounts hijacked and pillaged each month," Valve stated in a post explaining its new security efforts. "Users can be targeted randomly as part of a larger group or even individually. Hackers can wait months for a payoff, all the while relentlessly attempting to gain access. It's a losing battle to protect your items against someone who steals them for a living."
A key target for account hijackers has been the Steam Trading community, which enables users to trade items with each other.
Valve is now introducing a two-factor authentication (2FA) system for Steam accounts called Steam Guard Mobile. The basic idea behind all 2FA systems is that by having a second factor, or device, that a user needs to have in order to gain access, the risk of account theft is reduced. Rather than simply plugging into an existing 2FA technology, Valve created its own for Steam. Among the popular 2FA technologies in use today is Google's Authenticator.
"Requiring users to take a code from a generic authenticator and enter it into a hijacked PC to confirm a trade meant that hackers could trick them into trading away items they didn't intend to," Valve stated. "This basically made it impossible to use a generic third party authenticator, such as Google Authenticator, to confirm trades."
Security experts contacted by eWEEK are not surprised by the new security effort from Valve to protect Steam users. According to Mark Stanislav, senior security consultant at Rapid7, Steam and other gaming platforms that involve digital currency have always been an attractive target for criminals. Although Steam is a target, Stanislav noted that only a small percentage of Steam's approximately 125 million users have had an account hijacked. With approximately 77,000 stolen accounts a month, that represent less than 1 percent of the user base being compromised.
"While this amount is of course a big problem and nontrivial, it shows just how much opportunity attackers have to be successful against a population that immense," Stanislav told eWEEK.
Rob Sadowski, director of marketing at RSA, the security division of EMC, commented that any service or system where there is potential for financial gain is a target, and the popularity of Steam with the volume of in-game commerce makes it a high-value target. Opportunity is created by the fact that there may not be the type of robust security and fraud controls found in more "conventional" transaction systems—for example, banking—and as such, gaming platforms may be easier to exploit, he said.
"It should also not be overlooked that users may not perceive the same level of risk for their gaming accounts or virtual goods as they would for a banking account or financial transactions," Sadowski told eWEEK. "So they may be less careful or circumspect in terms of protecting their gaming accounts."
Regarding the new Steam Guard Mobile two-factor authentication system, Sadowski said strong authentication can be a very effective control to ensure that users are who they say they are.
"However, authentication should be augmented by additional fraud monitoring and controls that can analyze user behavior and highlight high-risk activities that may indicate patterns of fraud or abuse," Sadowski said.
Stanislav also is optimistic that the Steam Guard Mobile 2FA system will be successful at protecting users, though there are past cases in the gaming world where such systems were defeated.
"Early last year, we saw a piece of malware that would actually intercept two-factor authentication codes for the game World of Warcraft," he said. "This issue is exactly why Steam implements a process where the user doesn't simply transmit a code generated on their mobile device into their PC, which may already be infected, but instead performs that authentication action out-of-band via their phone directly to the Steam infrastructure."
In Stanislav's view, the method and implementation of Steam's 2FA system should result in a vast reduction of digital theft if widely used by gamers.
"There's always a risk that new security issues will be found that could allow an attacker to work around this security control, find weaknesses in the mobile application or social engineer the gamer into doing an action that weakens account security," Stanislav said. "Still, these new avenues are much harder for your average criminal to achieve and perhaps may result in them looking for a different platform or population to target due to the complexity for success."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
Cyber-Scammers Step Up Volume of Robocall Schemes During Holidays
NEWS ANALYSIS: The advent of the holiday season seems to increase the number of phone scammers trying to install malware on your computer.
Today's call came the same way it has almost daily for the last couple of weeks. Shortly after I got to my desk, the phone rang, and a voice with a thick South Asian accent said, "This is Windows support…"
Then it went on to tell me that my computer was infected with all sorts of dreaded malware. The person on the other end wanted me to open up a support session so he could look at my computer.
For a while it was a minor enjoyment to play with the caller, to see how long it would take to throw them completely off of their script. On today's call it happened when I said, "But my computer runs Linux."
While a call to me might be a scammer's nightmare, the same isn't true everywhere. In far too many small and medium businesses, the person who answers the phone has only a vague idea of who Windows Support might be and likely will fall for the trick.
Once that happens, your network security is gone as the scammer breezes through most forms of protection while he installs some handy malware onto the unfortunate employee's computer.
This basic scam has been going on for a while now, and apparently it's successful enough that it's still going. Worse, this scam and others have been ramping up lately. Robocalls, for example, have peaked during November. According to YouMail, which keeps track of such things, these calls are up 43 percent in the month of November. That comes out to nearly one billion calls in just one month.
Of course, those are robocalls, but indications from others are that other scam calls are also rising rapidly. One of the most insidious are those calls purporting to be from Microsoft, but of course actually aren't.
With those calls, the scammers prey on the ignorance of people who aren't experts in IT or security, but rather on people who have heard about bad things, but who aren't familiar enough with their computers or with their company's IT policies to know when something isn't right.
"We hear via our front-line support team, and even from friends and family, that these scammers are getting bolder," a Microsoft executive said in a recent blog. The blog goes on to explain how these calls work.
"This tech scam follows a well-known pattern. A phone call comes in from a blocked or international number, and the caller urgently claims to be a Microsoft-certified tech agent who has detected viruses or malware on your Windows PC that must be fixed right away.
These callers use scare tactics such as telling you to check your Event Viewer to reveal a bunch of 'errors' or even ask to take over your PC remotely to reveal more so-called problems. And, inevitably, they demand payment via credit card or online payment system, usually to the tune of several hundred dollars, to clean your PC. If you resist, they often get angry or even threaten to destroy data on your computer."
↧
Retailers Lack Proper Security Control and Visibility, Report Finds
Bay Dynamics sheds light on some critical gaps between the perceptions and realities of retail security.
According to a new report sponsored by Bay Dynamics, there are some critical areas of security where retailers are lacking. Ryan Stolte, co-founder and chief technology officer at Bay Dynamics, noted that there were a couple of unexpected findings and contradictions in the report.
According to the report, which was conducted by Osterman Research and surveyed IT decision makers at 125 retail organizations, 62 percent of respondents indicated that they know everything their permanent employees are doing on their corporate systems, while 50 percent claimed to know what temporary employees are doing.
"Yet they also said a significant percentage of employees—21 percent of permanent retail floor workers and 61 percent of temporary floor workers—use shared accounts," Stolte told eWEEK. "If they are using shared accounts, IT and security teams do not have visibility into what those employees are doing on their corporate systems—a complete contradiction in their response."
Stolte added that 37 percent of respondents also said they cannot identify which systems their temporary employees have accessed, which also demonstrates a lack of visibility into what those employees are doing on their network.
The other surprising finding in the study, according to Stolte, was that in spite of the lack of visibility, the majority of retailers still thought they were doing a good job protecting their information. On a scale of 1 to 7, with 7 being the most proactive, the majority of retailers (80 percent or higher) gave themselves a 6 or greater when it came to identifying critical assets that must be protected, detecting theft or data leakage, and controlling employee access to critical assets.
"Those findings combined with being unable to identify which systems their workers have accessed and the lack of training in topics like phishing and social engineering is a toxic mix that can lead to data walking out the door without a trace," Stolte said.
When it comes to retail security, a hot topic for the past two years has been point-of-sale (PoS) malware, which has been tied to thousands of retail breaches. PoS malware risks were not specifically addressed in the Bay Dynamics-sponsored report, though there is a connection that can be made with the report's findings.
"In a culture that has pervasive credential sharing and access to sensitive data, there are probably many shared service accounts that are not locked down or logged regarding how they are used," Stolte said. "Once service accounts are compromised, it gives the attacker free rein to access and compromise critical assets like PoS systems."
Retailers also are typically required to be compliant with the Payment Card Industry Data Security Standard (PCI-DSS) 3.1, which includes multiple visibility and logging requirements. According to Stolte, based on the data in the report, many retailers would not pass PCI-DSS 3.1.
"However, very often audits are viewed as checklists, confirming that certain systems or controls exist, but do not confirm their effectiveness," he said. "The checklist method results in a state of being compliant, not secure, because the focus is on passing the audit per the letter of the code, not on the spirit of the standard to actually secure the environment."
As to why many retail organizations don't seem to have proper access control and visibility in place, Stolte suspects that the root of the problem is prioritization. In his view, retail organizations have a particularly strong culture of striving to provide the best customer service above all else. Their focus is on acquiring and servicing customers with as little friction as possible.
"As such, additional processes and controls that may delay signing up a customer or conducting a transaction are viewed as obstacles and not a necessary cost of doing business," he said.
The Target breach in late 2013 and the spate of retail breach disclosures that followed in 2014 helped in part to raise awareness about the issue of retail security. Yet despite that fact, there is still a gap in retail security in 2015.
"There is still a disconnect between how business is conducted and the need to secure information," Stolte said. "IT and security teams are telling executives that they are handling both, but they fail to report the true security posture so investments in corrective actions are not always being made with complete information."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
↧
WinMagic to power NCR Secure™ Hard Disk Encryption solution
London, UK – 14 December 2015 – WinMagic Inc., the leading provider of encryption and intelligent key management solutions, today announced a strategic partnership with NCR, the global leader in consumer transaction technology, to prevent offline malware attacks on ATMs around the world. The new partnership means NCR will offer NCR Secure Hard Disk Encryption, powered by WinMagic SecureDoc, as an optional security upgrade for many NCR and multi-vendor ATMs. It will also be offered as a security option for all new NCR ATMs.Given ATMs do not have trusted users or administrators for local authentication, protecting the Operating System (OS) from offline threats is a prime motivation for encryption. With WinMagic PBConnex pre-boot network authentication, NCR Secure Hard Disk Encryption ensures the machine is authenticated before the ATM OS decrypts and loads, making it impossible to insert malware or access local data.John Morrow, VP and General Manager of NCR Management and Security Solutions, said: "NCR Secure Hard Disk Encryption will help ensure that malware cannot be added to an ATM’s hard disk when it is offline. This will help to prevent the offline malware attacks such as Ploutus, Tyupkin and PADPIN cashing out an ATM. Moreover, NCR Secure Hard Disk Encryption will protect against ATM cores or Hard Disks being stolen and used to reverse engineer ATM software or harvest data on the Hard Disk. This solution will form a vital component of our security offering, allowing our customers to benefit from WinMagic’s expertise in encryption management and safeguarding data.”In addition to protecting physical ATMs, NCR Secure Hard Disk Encryption includes centralised monitoring capabilities and real-time network status updates on individual machines to provide an early warning system for potential attacks.Darin Welfare, EMEA VP for WinMagic, said: “Like many Internet of Things devices, ATMs must boot without a trusted user present. Using a locally stored or derived encryption key to authenticate the machine would not be PCI compliant and expose the machine to offline threats. Using our encryption and pre-boot authentication expertise, the NCR solution protects ATMs from offline threats while reducing the administration burden.”The NCR partnership with WinMagic is the result of a two-year relationship and has involved rigorous testing of WinMagic’s solution on all NCR ATM models. NCR Secure Hard Disk Encryption solution is available immediately.*********************ENDS*********************About NCR CorporationNCR Corporation (NYSE: NCR) is the global leader in consumer transaction technologies, turning everyday interactions with businesses into exceptional experiences. With its software, hardware, and portfolio of services, NCR enables more than 550 million transactions daily across retail, financial, travel, hospitality, telecom and technology, and small business. NCR solutions run the everyday transactions that make your life easier.NCR is headquartered in Duluth, Georgia with over 30,000 employees and does business in 180 countries. NCR is a trademark of NCR Corporation in the United States and other countries. Web sites: www.ncr.com Twitter: @NCRCorporationFacebook: www.facebook.com/ncrcorp LinkedIn: www.linkedin.com/company/ncr-corporation YouTube: www.youtube.com/user/ncrcorporation About WinMagic, Inc.WinMagic provides intelligent key management for everything encryption, with robust, manageable and easy-to-use data security solutions. WinMagic’s SecureDoc secures data wherever it is stored, providing enterprise grade data encryption and key management policies across all operating systems. SecureDoc is trusted by thousands of enterprises and government organizations worldwide to minimize business risks, meet privacy and regulatory compliance requirements, while protecting valuable information assets against unauthorized access.For more information, please visit www.winmagic.com. WinMagic, SecureDoc, SecureDoc Enterprise Server, Compartmental SecureDoc, SecureDoc PDA, SecureDoc Personal Edition, SecureDoc RME, SecureDoc Removable Media Encryption, SecureDoc Media Viewer, SecureDoc Express, SecureDoc for Mac and SecureDoc Central Database are trademarks and registered trademarks of WinMagic Inc., registered in the US and other countries. All other registered and unregistered trademarks herein are the sole property of their respective owners. © 2015 WinMagic Inc. All rights reserved.Press Contacts:Elvis Moyo MSLGROUP020 3219 8756Elvis.moyo@mslgroup.com Source: RealWire
↧
Google Pulls Trust for Symantec Root Certificate
For security reasons, Chrome, the Android OS and other Google products will no longer trust digital certificates from an old Symantec root certificate.
Google's Chrome browser, Android OS and other products will soon stop trusting digital certificates issued from a particular Symantec root certificate because of security concerns.
That means that Chrome and Android users who visit Websites that use certificates linked to the banned root will receive an alert informing them the site's security certificate cannot be relied upon for authentication or encryption purposes.
In a blog post Dec. 11, Google software engineer Ryan Sleevi said the company's decision stemmed from a Symantec notification earlier this month that it was discontinuing the use of the root certificate in question for public code signing and encryption certificates.
In its note, Symantec said its decision is consistent with industry best practices that it has asked browser companies to remove trust for certificates issued from Verisign G1 root certificates. Those using these browsers will start getting error messages when they encounter an encryption or code-signing certificate that is linked to the Verisign G1 roots, the company said
"Symantec has decided that this root will no longer comply with the CA/Browser Forum's Baseline Requirements," Sleevi said, referring to standards that a certificate authority needs to meet for using digital certificates. "As these requirements reflect industry best practice and are the foundation for publicly trusted certificates, the failure to comply with these represents an unacceptable risk to users of Google products."
However, Symantec plans to continue using the root certificates—issued back in 1996—for purposes other than issuing publicly trusted certificates, Sleevi said.
According to Sleevi, Symantec has not disclosed the purposes for which it will continue to use the root certificates. Instead, it has asked Google to remove and distrust the root certificate.
Sleevi described the certificate as being widely trusted on Windows, Android and certain versions of OS X.
"Google is no longer able to ensure that the root certificate, or certificates issued from this root certificate, will not be used to intercept, disrupt, or impersonate the secure communication of Google's products or users," he said.
Google has twice previously aired its concerns publicly over the security of Symantec's digital certificate-issuing process. In September, the company said that it had discovered a Symantec-issued Extended Validation "pre-certificate" for two Google domains that it had neither asked for nor authorized. At that time, Symantec had explained the issuance as a miscue that happened during an internal testing process, Google had said.
In a follow-up blog in October, Google said it had discovered many more questionable certificates issued by Symantec, involving Google domains and that of others. In response, Symantec conducted an audit and disclosed that it had issued some 164 certificates for 76 domains that had not requested or authorized the certificates. It found another 2,458 certificates for domains that were not even registered.
Websites use digital certificates to authenticate themselves to browsers and to encrypt communications between the browser and the Website. They are designed to ensure that a site is indeed what it purports to be. A compromised, or wrongly issued, certificate can be used to hijack traffic to a Website, or to impersonate a legitimate site.
Certificate Authorities (CAs) like Symantec are responsible for issuing the certificates in a secure manner and maintain lists of certificates that are compromised. But in the past, security researchers have found problems in the processes surrounding the use and revocation of digital certificates.
Recently, researchers at Akamai Technologies and several academic institutions reviewed how major Internet browsers use certificate revocation lists and found big gaps in the way browser companies handle such lists and also how CAs distribute the lists to them.
↧
Cisco Opens Up Vulnerability Disclosure With OpenVuln API
Cisco's Product Security Incident Response Team pushes a new approach that makes security advisories easier to consume and act upon.
IT professionals are inundated on a daily basis with security advisories, but making sense of it all and understanding the impact is a challenge—a challenge that Cisco's Product Security Incident Response Team is aiming to help solve with the official launch Dec. 14 of the openVuln API.
The new API builds on Cisco PSIRT efforts to improve security disclosure information that were first announced in October.
"We're creating a programmatic approach to how organizations can consume vulnerability information and accelerate the vulnerability management process," Omar Santos, principal engineer of Cisco PSIRT Security Research and Operations, told eWEEK.
Cisco's goal with the openVuln API is to help push the IT industry as a whole toward the broader use of security automation standards, including Open Vulnerability and Assessment Language (OVAL) and the Common Vulnerability Reporting Framework (CVRF), which power the new Cisco API, according to Santos.
"CVRF is an XML-based language, and Cisco is a major contributor to the development of the language and it was incubated at the nonprofit Industry Consortium for Advancement of Security on the Internet [ICASI]," he said. "OVAL on the other hand was created by Mitre and is part of the Security Content Automation Protocol [SCAP] that helps security administrators with configuration best practices."
The openVuln API is a representational state transfer (REST) API, enabling it to be consumed and integrated into many types of existing IT management systems. OpenVuln API-based information is machine-readable content, said Santos, noting that the information provided by Cisco includes details about vulnerabilities as well as the associated risks. Of particular importance is the fact that there is also information included about all the specific versions and configurations of a given piece of software impacted by a vulnerability.
In the open-source world, the OpenSCAP tool that is included in Red Hat Enterprise Linux is a widely deployed technology for consuming OVAL information. Santos noted that OpenSCAP users can benefit from the Cisco openVuln API, as well as organizations that build their own tools.
Other security vendors can also use the openVuln API to improve security overall. For example, the API can be used by network security scanner technologies, such as Tenable's Nessus or Qualys' network scanning platform.
"So they can leverage the openVuln API information to make their scanners better," Santos said.
Cisco already has multiple ways that it provides users with security vulnerability information, including Web pages with advisories, email lists and RSS feeds, according to Santos. The openVuln API goes a step further to help automate what an organization can do with Cisco security information. For example, a large service provider could have a million Cisco devices deployed, with a need to be able to rapidly identify when and where firmware should be updated for a security vulnerability. With the openVuln API, the service provider can now rapidly determine impact and then create its own advisory in a network operations center (NOC) to facilitate and accelerate the patch management process, he said.
"So the moment Cisco publishes an advisory, the service provider can take whatever relevant information that they want and can display it for the specific teams that need to know about it," Santos said.
Going a step further, Cisco is building a new community on its DevNet to help organizations build tools, sample code and best practices for consuming openVuln API information.
Looking forward, Santos said more still can and will be done to help improve and automate security disclosure.
"We want there to be more security disclosure automation across the industry," he said. "The next step is to get more vendors to adopt security automation standards so we can automatically exchange vulnerability information."
Part of the increased adoption is likely to come through continued collaboration at ICASI, where Cisco is active. Santos noted that Cisco rival Juniper is also active at ICASI, as is VMware, Oracle, A10 Networks, Microsoft and IBM.
"The next step that I see is taking the vulnerability disclosure part and marrying it with things like threat intelligence and indicators of compromise," he said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
Analyst Survey Reveals Pros And Cons Of Cloud Commodity Trade And Risk Management Solutions
Over the past 15 years a lot has changed in terms of technology, including the understanding and acceptance of the cloud, as evidenced by a recent Commodity Technology Advisory (ComTech Advisory) research project. Results of this project are published in a 7-page report “Evolving CTRM In The Cloud” which can be downloaded here http://www.aspectenterprise.com/resources/analyst-survey-evolving-ctrm-in-the-cloud/. Against a backdrop of rising costs and decreasing margins and a requirement to comply with a variety of regulations, CTRM in the cloud has found a broader appeal in a cost-conscious market and is rapidly gaining ground. In the report, ComTech Advisory revisits the pros and cons of the cloud for CTRM deployment from an original 2014 survey. The advantages refer to lower total cost of ownership, lower entry costs and lower implementation costs combined with some efficiencies in terms of demand on IT resources and speed of upgrades and deployment.Meanwhile, data security was among key concerns cited for why some trading shops might not procure CTRM in the cloud. But there is a tipping point at which the cost and efficiency gains outweigh the concerns side of the equation. Since the survey was performed, the basic dynamics of the industry have significantly and permanently changed perhaps moving the tipping point in favor of cloud as witnessed by leading cloud trade and risk management solutions vendor Aspect, which was the first to deliver ETRM software over the Internet in 2000.“Back in 2000 security was the main barrier we faced when talking to large trading houses. The question of data safety was number one on our prospect’s list of concerns. Fast-forward to 2015, and we’re having our best year ever, with trading houses big and small relying on our solutions every day for their mission critical trades and supply chain activities. We’re removing the risks from their business which is what a CTRM system is supposed to do,” says Aspect President & CEO, Steve Hughes. Hughes went on to say, “Since the recession of 2008, Aspect’s business has taken off, largely due to our advancements in technology, improvements in our supply chain functions such as logistics and inventory management, and the low cost of entry to deploy and leverage AspectCTRM company-wide. This study supports our financial results, and the industry’s thirst for cloud CTRM can only get stronger, as the world demands Internet-based solutions for everything.”Download the 7-page report here (http://www.aspectenterprise.com/resources/analyst-survey-evolving-ctrm-in-the-cloud/) to find view survey results of the advantages and disadvantages cited by respondents. Learn why ComTech Advisory suggests that concerns in security will be eased, and ComTech’s estimated growth rates for cloud CTRM. Also see Aspect’s release on “Any Cloud” (http://www.aspectenterprise.com/pick-a-cloud-any-cloud-aspect-unveils-flexible-cloud-ctrm-hosting-strategy/) and how Aspect is further evolving choices for clients with flexible cloud hosting offerings including public cloud by providers such as Amazon, Microsoft and Google. About ComTech AdvisoryCommodity Technology Advisory (ComTech Advisory) is the leading analyst organization covering the Energy and Commodity Trading and Risk Management (E/CTRM) technology markets. Led by Patrick Reames and Dr. Gary M. Vasey, ComTech Advisory provides invaluable insights, backed by primary research and decades of experience, into the issues and trends affecting both the users and providers of the applications and services that are crucial for success in markets constantly roiled by globalization, regulation and innovation. For more information, visit http://www.comtechadvisory.com About AspectAspect is a leading global provider of multi-commodity trade, risk and operations management applications delivered Software-as-a-Service (SaaS) in the cloud. With almost 500 customers in 90 countries, it’s one of the fastest growing providers with rapid deployment, affordable subscriptions, and immediate ROI for all size companies. Solutions include AspectCTRM®, a full-featured commodity trading and risk management enterprise suite for front, middle and back office. It’s available in three editions: Lite, Standard and Enterprise, expanding in functionality according to the needs and budgets of clients. Aspect is the only ETRM/CTRM solutions provider with market data and analytics tools delivered with its trade and risk functions on the same platform. This provides users with a seamless packaged solution beginning with pre-trade pricing analysis and market assessments via AspectDSC. Aspect’s solutions are available on desktop, tablets and mobile devices and through its new Aspect Partner Program (APP).Source: RealWire
↧
↧
Mimecast talks social engineering, and how your organisation can be compromised in just 82 seconds
And email is still the path of least resistance
↧
How Connected Analysis Can Put a Dent in Cyber-crime
Sample Scenario: E-Commerce Fraud
Online transactions typically take place with identifiers. These include facets such as user ID, IP address, geolocation, a tracking cookie and a...
↧
UK Police Make Arrest in Connection With VTech Hacking
British law enforcement officials arrest a 21-year-old man in connection with attack on toy maker VTech that exposed 6 million parents and children to risk.
Barely three weeks after the first public disclosure about a massive data breach at toy vendor VTech, an arrest related to the incident has been made.
Law enforcement officials from the United Kingdom's South East Regional Organized Crime Unit (Serocu) publicly announced the arrest this morning of a 21-year-old male in Bracknell, 32 miles west of London. Serocu is not publicly disclosing the name of the individual at this time.
The arrested individual was apprehended on the suspicion that he is connected to the VTech hack. The two charges against the 21-year-old include suspicions of unauthorized access to a computer to facilitate the commission of an offense, which is contrary to section 2 of the UK's Computer Misuse Act 1990. The second charge is suspicion of causing a computer to perform a function to secure/enable unauthorized access to a program/data, which goes against section 1 of the UK's Computer Misuse Act 1990.
As part of the arrest, Serocu's Cyber Crime eForensics Unit seized multiple electronic items from the suspect.
"We are still at the early stages of the investigation and there is still much work to be done," Craig Jones, head of the Cyber Crime Unit at SEROCU, said in a statement. "We will continue to work closely with our partners to identify those who commit offenses and hold them to account."
VTech did not become aware of the breach until Nov. 24, though the breach occurred Nov. 14. In response to the attack, VTech suspended the Learning Lodge apps store as well as 13 affected VTech Websites.
In total, VTech estimates that the breach affects 4,854,209 parent and 6.3 million associated child profiles. From a geographical perspective, consumers in the United State were the most impacted, with 2.2 million parent and 2.9 million child profiles affected. In the United Kingdom, the breach affected 560,487 parent accounts and 727,155 child accounts.
After the initial reports emerged about the VTech breach, a individual claiming to be the VTech hacker contacted Motherboard and claimed to have been able access 190GB of photo and audio files from parents and children. There is no public confirmation at this time whether the individual arrested in the United Kingdom is the same as the individual that claimed to have access to the VTech data.
VTech did not respond to a request for comment from eWEEK by press time.
VTech has admitted that the attacker was able to get access to information by way of the company's database.
"We are currently investigating how the hacker was able to access the database," a VTech FAQ on the hack states. "What is clear is that this was a criminal act and a well-planned attack."
Security that eWEEK contacted were somewhat surprised at how quickly an arrest was made in the VTech hacking incident.
"This arrest coming so quickly is certainly is a surprise," Marcus Carey, founder and CTO of vThreat, told eWEEK. "The fact that he was tracked down so quickly indicates that he practiced bad OPSEC [operations security]. Either he performed the attacks from an easily traceable IP address, which may have been detected during the VTech incident response, or he may have been identified by friends, family or online acquaintances whom he told of the attack."
Justin Harvey, chief security officer of Fidelis Cybersecurity, was also surprised at the speed of the arrest, which involved multiple legal jurisdictions. Harvey noted that the quick arrest could herald a new era of fighting and investigating cyber-crime if governments can communicate and act faster.
"In this example, the United Kingdom and the Special Administrative Region of Hong Kong were able to cooperate in an expeditious manner to apprehend this suspect," Harvey told eWEEK.
Harvey said he suspects that the VTech attacker did not take precautions to hide his tracks very well, namely routing and proxying traffic through multiple hops in order to avoid investigation and detection.
"If he were to have routed his traffic through a variety of countries, that would have made it extremely difficult to get cooperation from all of the governments where the proxies were," Harvey said.
Andrew Blaich, lead security analyst at Bluebox Security, also commented about the digital trail that the arrested VTech hacker must have left in order to get caught.
"If investigators did find the suspect related to the VTech data breach this fast, then it's very likely the person left a digital footprint or breadcrumb trail that forensic investigators were able to follow," Blaich told eWEEK.
There are still many unknowns in the VTech attack that could yet expose consumers to risk, Blaich said. "What is scarier is if the person responsible for the attack shared the trove of data they have with anyone else," he said. "This means that even finding the culprit won't necessarily prevent the release of the personal information for millions of children."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
↧
