Article by Tamir Elchayani, Technical Training Engineer

Data Leakage Prevention (DLP) practices are implemented in order to prevent the unauthorized distribution of confidential/private information. Because email was not originally developed with security as a top priority, the transfer of sensitive information is immediately exposed to a range of threats.

The limitations of the SMTP protocol, industrial espionage, disgruntled employees and the growing frequency of identity theft represent only a fraction of the threats to an organization’s emails.

While these threats are real and must be addressed, it is crucial that a DLP system and policy be consistent with a company’s overall strategy so that employee expectations about privacy can be reasonably managed.

Sensitive information is typically characterized by keywords, textual or numerical patterns (i.e. credit card number, social security number etc.) and other content-related phrases. PineApp’s policy-driven DLP module, for instance, scans all outgoing emails for the presence of content that has been defined by an organization’s own policy.

An email that is flagged, due to these predefined criteria, is immediately intercepted and system administrators are instantly notified.

While it may be obvious to company management that all emails ought to be reviewed and scanned for security purposes, a company must make it clear to their employees that someone is NOT reading every email in their system.

This “Big Brother” perception must be acknowledged and addressed from the very beginning stages of a DLP policy development.

When applying DLP to an organization’s email server, IT managers need to maintain a delicate balance between their company’s security interests and the end-user’s privacy. This balance is only possible through a coherent policy that is aligned with the management of sensitive data in all facets of the organization.

Cross-posted from PineApp

With the recent (May 21, 2010) formation of the Cyber Command (Cybercom), the Department of Defense will manage the war on Cyber Terrorism under unified leadership. Domestic Cyber efforts will remain under the Department of Homeland Security (DHS).

An important step in the new CYBERCOM organization is the inclusion of the Cyber assets and capabilities of the Defense Information Systems Agencies which will also move to the Ft. Meade Maryland campus where the National Security Agency is headquartered.

The creation of CYBERCOM is a leap forward in the war on International Cyber Terrorism and the challenges are huge. The new CYBERCOM, as a military and intelligence organization should approach the issue of Cyber Terrorism as a military campaign rather that a criminal action. Offensive Cyber operations and counter strikes will be approached with military precision like any other military campaign.

CYBERCOM is expected to be operational by the end of 2010. This is not soon enough for many observers.

Our Competitors and Potential Adversaries are Significantly Ahead of the United States

Russia and China have a decidedly different attitude toward Cyber Security and attacks.

For a number of reasons, but primarily the refusal by the United States to view International Cyber Terrorism as a military threat, the United States has failed to keep pace with international Cyber Terrorism. And, because of our total dependence on data networking, the U.S. is at greater risk than our competitors.

Many informed sources believe that we are in a Cyber war already and we are losing.

No country in the world is more dependent on its computers than the United States. Data networks now underlie the U.S. power grid, its military operations and the telecommunications, banking and transportation systems. That means the U.S. is uniquely vulnerable to sophisticated computer hackers.

This is not a theoretical problem. In the Department of Defense’s most recent Quadrennial Defense Review, cyber attacks in the military sector have averaged over 5,000 per day for the last two years.

During the first half of 2009, there were reported at least 43,785 incidents of malicious cyber activity directed against the U.S. Department of Defense. These incursions came from a variety of sources, ranging from criminal hackers to foreign governments, and remediation alone cost the Defense Department more than $100 million. That figure does not account for the significant cost of data lost to cyber espionage.

And the source of the attacks has raised troubling questions. China has been identified as a suspect including Denial of service attacks in the networks that affect troop deployments and logistic in crisis areas as well Cyber incursions at the Pentagon , U.S. military bases throughout the world, and the power grid that supplies 90% of the requirements for the Department of Defense.

Cyber-security specialists say Russia and China rely on proxy groups to conduct attacks on enemies, as Russia allegedly did in 2008 against Georgia. China and Russia deny such accusations.

Russia realizes the threat. Senior Russian analysts draw a parallel between nuclear and cyber weapons, because cyber weapons can affect a huge amount of people as well as nuclear. The main difference between nuclear and cyber weapons, the Russian believe is that Cyber weapons are very cheap, easy to use and almost free of charge.

Russia wants to forge a kind of cyber arms-control agreement, but, in the past, the United States was primarily interested in forging formal agreements to fight cybercrime. CYBERCOM however, in a major change of policy is urging now for a Cyber weapons control treaty. This first step is a major positive development.

CYBERCOM and Cyber Jobs

During the formative stages of CYBERCOM, new contracting job opportunities will be small with the military services and other clients procuring the lion’s share of new services. But the wartime approach of CYBERCOM will require significantly more Cyber professionals as that realized threat grows and is addressed.

In addition, the formation of CYBERCOM may open a pathway for service contracting opportunities at the National Security Agency (NSA) where higher level security clearances are required. With the move of DISA (Defense Information Security Agency) to the Ft. Meade campus, contractor access and the security clearance process is better facilitated.

Contractors can hire and place qualified Cyber personnel at DISA and provide services concurrent with obtaining higher level clearances. This opens the window for Cyber professional to access the Intelligence Community without the burden of holding employees on overhead.

Since 2003 Aspiration Software LLC has provided Cyber Security services to the Intelligence Community and the Department of Defense.

 

In one of the funniest cases of website mis-identification to date, recent visitors to the Belvoir Castle website unexpectedly found a black page displaying the Algerian flag and the following Arabic text:

"The cause of this hack is Israel's presence. Internet law does not protect the ignorant. Thank you to all the pirates of Algeria."

So what was the occupants of Belvoir Castle doing that drew the Algerian hackers attention?

Well... They were having a teddy bear picnic!

And these weren't you average, run of the mill Israeli Commando teddys either. They were just your regular, everyday, plush, fluffy, adorable little teddy bears.

Belvoir Castle, the former home of the Dukes of Rutland, is a beautiful castle in the Leicestershire countryside. It is now open to the public and they have weddings, costumed guided tours and apparently, clandestine Israeli Teddy Bear briefings.

Though some say that the Algerians had mistaken Belvoir Castle with Belvoir Fortress, the former crusader castle in Israel, I am not so sure. One look at those coal black teddy bear eyes and you just know that they are highly trained warriors. But if they are right, the Algerian hackers were off target by, oh about 2000 miles...

Pretty funny stuff.

In other news, Iran mysteriously adds all Teddy Bears to their "No Fly list".

Cross Posted from CyberArms. 

Facebook today said it has fixed the bug that allowed a spamming worm to automatically post messages to users' walls earlier this week.

Symantec Tuesday unveiled updated storage and backup gear, giving Enterprise Vault 9.0 a way to integrate archiving and discovery-related legal requests with Microsoft's cloud-based Business Productivity Online Services.

Let's say your organization doesn't have a formal enterprise risk management program. If you're at a big company, ERM might seem daunting because of silos, inertia and so on.

Microsoft is looking into a long-known vulnerability in Internet Explorer that could be used to access users' data and Web-based accounts.

Daunted by the ambition of enterprise risk management? Here's a straightforward exercise to get started delivering ERM's business value.

Microsoft is looking into a long-known vulnerability in Internet Explorer (IE) that could be used to access users' data and Web-based accounts.

Police across Europe conducted raids on Tuesday against ISPs and private individuals to collect evidence against several websites suspected of offering content to file-sharing networks without permission of the copyright holder.

After the DNS root zone was finally signed and a number of Top-Level Domains (TLDs) began signing their zones, we were curious to see how many clients actually request DNSSEC information. We looked at the RIPE NCC server that provides secondary service to several country code top-level domains (ccTLDs).

This server answers around 5,000 queries per second on average. In the image below you can see the percentage of those queries that requested DNSSEC information during August 2010:

More than 50% of all queries request DNSSEC information from this server. This is very encouraging and shows that DNSSEC is being deployed.

Here are some guidelines for configuring your caching resolvers to use the root zone DNSSEC key:

BIND: https://dnssec.surfnet.nl/?p=402
Unbound: https://dnssec.surfnet.nl/?p=212

For more details on this topic, please refer to RIPE Labs:
https://labs.ripe.net/Members/dfk/dns-clients-do-request-dnssec-today

Written by Daniel Karrenberg, Chief Scientist at the RIPE NCC

An ancient vulnerability in Internet Explorer allows attackers to access confidential data by importing web pages as style sheets

URL shortening shenanigans

Microsoft is investigating reports of a new bug in Internet Explorer.…

The TrueCrypt release team has released the first update to version 7.0 of its open source, cross platform, disk encryption tool, addressing a bug that caused some systems to crash when using custom storage device controller drivers

Zeven pretends to be the browsers malware blocker to encourage the user to install a "recommended" update, which turns out to be a rogue antivirus application

Adobe's Flash Player potentially allows web pages to access a computer's web cam and microphone. Using a remote man-in-the-middle attack, the player's settings can be modified so they allow arbitrary web pages to access these components

It's such a bungle, sometimes, it makes you wonder...

Symantec has belatedly secured its laughable HackIsWack competition website.…

Back in 2007, I wrote an essay, "Portrait of the Modern Terrorist as an Idiot," where I said: The JFK Airport plotters seem to have been egged on by an informant, a twice-convicted drug dealer. An FBI informant almost certainly pushed the Fort Dix plotters to do things they wouldn't have ordinarily done. The Miami gang's Sears Tower plot was...

IT chief pilot fish at this financial services company gets an e-mail forwarded by the CEO -- and the big boss is very worried, because it looks to him like someone has done lots of research in order to scam his company.

read more

Posh property presenter pwned

iPad scammers managed to reach a huge potential audience last weekend after they took over a Twitter profile maintained by British TV presenter Kirstie Allsopp.…