Here are a few articles I found interesting this week:
Case Study: Pro-active Log Review Might Be A Good Idea
“Plainly stated, the VPN logs showed him logged in from China, yet the employee is right there, sitting at his desk, staring into his monitor. Shortly after making this discovery, they contacted our group for assistance. Based on what information they had obtained, the company initially suspected some kind of unknown malware that was able route traffic from a trusted internal connection to China, and then back. This was the only way they could intellectually resolve the authentication issue. What other explanation could there be?”
This employee was described as a talented programmer with tenure in the company and a family man. He was outsourcing his job, at a fraction of his own salary, to a consulting firm in China. He granted access for the developer to his work by FedExing his VPN token to China. Evidence later showed that the employee spent his entire workday surfing the Internet. He also was discovered to have the same ruse going with several other firms in the area.
While it’s tempting to chalk this up to an extremely enterprising individual, the employee was terminated, and for good reason. Some argue that he may have simply been “offshoring” just as corporations do, but in reality there were security controls put in place and policies that he accepted at terms of his employment. It doesn’t matter if the contractor was in China or down the street- giving access to a third party to the company network, without authorization, and allowing them to masquerade as someone else is surely in violation of those controls and policies, and therefore his employment agreement.
Kaspersky Lab reports major malware discovery
“In what is being called a new hunt for Red October, a Russian cyber-security company says it has discovered a major international malware system that has attacked and compromised the computers of government agencies, diplomatic consulates, research centers and defense installations, among other sensitive institutions.”
Red October follows in the footsteps of malware such as Flame, and I think is an indicator in what will probably become the norm: malware that targets governments, the defense industry, and infrastructure. Malware targeting individuals is profitable. Malware affecting nation states and the grids that allow them to function is… terrifying.
Red October is another in a line of “attack platforms” that allows for multiple infection vectors and delivery mechanisms. Very talented teams, possibly from well-funded intelligence agencies, write a powerful and flexible code base that exceeds at extracting information from targets.
New Java zero-day attack offered for $5K on black market
“Only days after Oracle patched a critical hole in Java, a new vulnerability is being sold on the black market for $5,000 or the highest bidder.”
I feel like this is déjà vu. We discussed earlier this week how Oracle’s Java fix for a zero day being exploited in the wild was probably not the only issue- and just about 48 hours later, news came out about a new zero day being sold. Ignoring pundits extolling the virtues of Java replacements or hocking products to scan, detect, prevent, bring world peace- it goes to show that defense in depth is here to stay.
If you don’t need the Java browser plug-in- disable it. Don’t use Java at all? Uninstall it! Reduce your attack surface and be cautious because you never know where the next issue will crop up.
Facebook Graph Search leaves little privacy and no opting out
“Graph Search is an overhaul of Facebook's existing search box. It lets people type in naturally-phrased queries such as “Restaurants my friends like” and “Photos of people from college,” and see personalized results. Graph Search respects the user's existing privacy settings. So, for example, if only your friends can see your photos, no one else will be able to see those photos in their own searches. In other words, Graph Search isn't showing any information that people otherwise wouldn't be able to see. Still, the addition of a powerful search tool could bring to the surface information that was once buried. As Gizmodo pointed out, someone could use Graph Search to find a list of single female friends of friends, who live in the same city, and who have similar interests. A user might have second thoughts about sharing those types of details now that they're so easy to aggregate. Also, users may not remember all the things they've “Liked” in the past, and some of those things could be pretty unsavory.”
The aggregation feature is interesting- though thinking about it, I don’t really see a use case where I’d use it. Perhaps that’s just because I’m over the age of 22, though. If younger users get some functionality that befuddles older folks like myself, that’s fine. Where I do see a perfect usage scenario is for Facebook to make money. Those advertising and data mining companies would surely like to know what restaurants my friends and I like, and target ads to our demographic- even better, based on location since some chains might be localized to areas like the southeast or northeast.
Data is big business, and advertising is clamoring for more and better data. It’s quite possible that this is an important feature heralded by Mr. Zuckerberg in the interest of his flock of users. It’s also quite possible that now that Facebook is public and has investors to please, there are pressures to meet revenue targets regardless of the privacy implications.
