James Roberts

An EU agency has grappled with thorny issues surrounding the adoption of IoT technology in hospitals to draft a series of best practice guidelines.

The European Union Agency for Network and Information Security (ENISA) study engaged information security officers from more than 10 hospitals across the EU, painting a picture of the smart hospital ICT ecosystem. Security experts at the agency analysed attack scenarios before coming up with a risk-based approach that focuses on relevant threats and vulnerabilities.

Increased risks ranging from ransomware attacks on hospitals IT systems and DDoS assault to hackers selling stolen medical data through cybercrime forums shows that a change in mentality by hospital IT staff and their mangers is required, according to ENISA. Modernisation and innovations such as remote patient care are pushing hospitals towards the adoption of smart solutions. Emerging security and safety issues are sometimes getting overlooked or ignored in this headlong rush.

The introduction of Internet of Things (IoT) components in the hospital ecosystem, increases the variety and volume of potential ways hospitals might become vulnerable to cyber-attacks, ENISA warns.

ENISA's recommendations from its report (PDF) centre on a three point plan.

  • Healthcare organisations should provide specific IT security requirements for IoT components. Only state-of-the-art security measures should be applied.
  • Smart hospitals should identify assets and how these will be interconnected before drawing up policies and practices.
  • Device manufacturers should incorporate security into existing quality assurance systems. Healthcare organisation should be involved in the designing systems and services from the very beginning.

ENISA executive director Udo Helmbrecht commented: "Interconnected, decision-making devices offer automation and efficiency in hospitals, making them at the same time vulnerable to malicious actions. ENISA seeks to co-operate with all stakeholders to enhance security and safety in hospitals adopting smart solutions, namely smart hospitals."

Healthcare is moving up on the policy agenda. The adoption of the EU Directive on Security of Network and Information Systems (NIS) covers healthcare organisations. ENISA plans to support EU member states with the introduction of baseline security measures to the critical sectors, focusing on healthcare organisations, from next year onwards. ®

Sponsored: 10 Reasons LinuxONE is the best choice for Linux workloads


The Register - Security

Vulnerable: Oracle VM VirtualBox 5.0.26
Oracle VM VirtualBox 5.0.22
Oracle VM VirtualBox 5.0.16
Oracle VM VirtualBox 5.0.14
Oracle VM VirtualBox 5.0.13
Oracle VM VirtualBox 5.0.12
Oracle VM VirtualBox 5.0.11
Oracle VM VirtualBox 5.0.10
Oracle VM VirtualBox 5.0.9
Oracle VM VirtualBox 5.0.8
Oracle VM VirtualBox 5.0.18
Oracle VM VirtualBox 5.0
Oracle Solaris 11.3
Oracle Solaris 10
Oracle Mysql 5.7.15
Oracle Mysql 5.7.14
Oracle Mysql 5.7.13
Oracle Mysql 5.7.12
Oracle Mysql 5.7.9
Oracle Mysql 5.7.8
Oracle Mysql 5.7.7
Oracle Mysql 5.7.6
Oracle Mysql 5.7.5
Oracle Mysql 5.7.4
Oracle Mysql 5.7.3
Oracle Mysql 5.7.2
Oracle Mysql 5.6.33
Oracle Mysql 5.6.32
Oracle Mysql 5.6.31
Oracle Mysql 5.6.30
Oracle Mysql 5.6.28
Oracle Mysql 5.6.27
Oracle Mysql 5.6.26
Oracle Mysql 5.6.25
Oracle Mysql 5.6.24
Oracle Mysql 5.6.23
Oracle Mysql 5.6.22
Oracle Mysql 5.6.21
Oracle Mysql 5.6.17
Oracle Mysql 5.6.12
Oracle Mysql 5.6.11
Oracle Mysql 5.6.10
Oracle Mysql 5.6.9
Oracle Mysql 5.6.6
Oracle Mysql 5.6
Oracle Mysql 5.7.11
Oracle Mysql 5.7.10
Oracle Mysql 5.6.8
Oracle Mysql 5.6.7
Oracle Mysql 5.6.5
Oracle Mysql 5.6.4
Oracle Mysql 5.6.29
Oracle Mysql 5.6.20
Oracle Mysql 5.6.2
Oracle Mysql 5.6.19
Oracle Mysql 5.6.18
Oracle Mysql 5.6.16
Oracle Mysql 5.6.15
Oracle Mysql 5.6.14
Oracle Mysql 5.6.13
Oracle Enterprise Linux 5
OpenSSL Project OpenSSL 1.0.2
OpenSSL Project OpenSSL 1.0.2h
OpenSSL Project OpenSSL 1.0.2g
OpenSSL Project OpenSSL 1.0.2f
OpenSSL Project OpenSSL 1.0.2e
OpenSSL Project OpenSSL 1.0.2d
OpenSSL Project OpenSSL 1.0.2c
OpenSSL Project OpenSSL 1.0.2b
OpenSSL Project OpenSSL 1.0.2a
OpenSSL Project OpenSSL 1.0.1s
OpenSSL Project OpenSSL 1.0.1r
OpenSSL Project OpenSSL 1.0.1q
OpenSSL Project OpenSSL 1.0.1p
OpenSSL Project OpenSSL 1.0.1o
OpenSSL Project OpenSSL 1.0.1n
OpenSSL Project OpenSSL 1.0.1m
OpenSSL Project OpenSSL 1.0.1l
OpenSSL Project OpenSSL 1.0.1k
OpenSSL Project OpenSSL 1.0.1j
OpenSSL Project OpenSSL 1.0.1i
OpenSSL Project OpenSSL 1.0.1h
OpenSSL Project OpenSSL 1.0.1g
OpenSSL Project OpenSSL 1.0.1f
OpenSSL Project OpenSSL 1.0.1e
OpenSSL Project OpenSSL 1.0.1d
OpenSSL Project OpenSSL 1.0.1c
OpenSSL Project OpenSSL 1.0.1b
OpenSSL Project OpenSSL 1.0.1a
OpenSSL Project OpenSSL 1.0.1
McAfee ePolicy Orchestrator 5.1.2
McAfee ePolicy Orchestrator 5.1.1
McAfee ePolicy Orchestrator 5.1
McAfee ePolicy Orchestrator 5.3.2
McAfee ePolicy Orchestrator 5.3.1
McAfee ePolicy Orchestrator 5.3.0
McAfee ePolicy Orchestrator 5.1.3
IBM Vios 2.2
IBM Tivoli Provisioning Manager for OS Deployment 5.1.1 build 51.05
IBM Tivoli Provisioning Manager for OS Deployment 5.1 3 Intirim Fix 3
IBM Tivoli Provisioning Manager for OS Deployment 5.1 .3
IBM Tivoli Provisioning Manager for OS Deployment 5.1 .116
IBM Tivoli Provisioning Manager for OS Deployment 5.1
IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.20 build 280.6
IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.19
IBM Tivoli Provisioning Manager for OS Deployment 7.1.1
IBM Tivoli Provisioning Manager for OS Deployment 5.1.Fix Pack 3
IBM Tivoli Provisioning Manager for OS Deployment 5.1.1 build 051.07
IBM Tivoli Provisioning Manager for OS Deployment 5.1.0.2
IBM Tivoli Provisioning Manager for Images System x Edition 7.1.1.0
IBM Tivoli Provisioning Manager for Images 7.1.1.20 build 280.6
IBM Tivoli Provisioning Manager for Images 7.1.1.19
IBM Tivoli Provisioning Manager for Images 7.1.1.0
IBM Sterling Connect:Express for UNIX 1.5.0.9
IBM Sterling Connect:Express for UNIX 1.5.0.13
IBM Sterling Connect:Express for UNIX 1.5.0.12
IBM Sterling Connect:Express for UNIX 1.5.0.11
IBM Sterling Connect:Express for UNIX 1.5.0
IBM Sterling Connect:Express for UNIX 1.4.6
IBM Sterling Connect:Express for UNIX 1.4
IBM Integrated Management Module (IMM) for System x YUOO
IBM Integrated Management Module (IMM) for BladeCenter YUOO
IBM i 7.3
IBM i 7.2
IBM i 7.1
IBM BigFix Remote Control 9.1.2
IBM Aix 7.2
IBM AIX 7.1
IBM AIX 6.1
IBM AIX 5.3
Cisco Wide Area Application Services (WAAS) 0
Cisco WebEx Node for MCS 0
Cisco WebEx Meetings Server - SSL Gateway 0
Cisco WebEx Meetings Server - Multimedia Platform (MMP) 0
Cisco WebEx Meetings Server 2.0
Cisco WebEx Meetings Server 1.0
Cisco WebEx Meetings for Windows Phone 8 0
Cisco WebEx Meetings for BlackBerry 0
Cisco WebEx Meetings for Android 0
Cisco WebEx Meetings Client - On-Premises 0
Cisco WebEx Meetings Client - Hosted 0
Cisco WebEx Meeting Center 0
Cisco WebEx Business Suite 0
Cisco Web Security Appliance (WSA) 0
Cisco Visual Quality Experience Tools Server 0
Cisco Visual Quality Experience Server 0
Cisco Virtualization Experience Media Edition 0
Cisco Virtual Security Gateway for Microsoft Hyper-V 0
Cisco Virtual Security Gateway 0
Cisco Videoscape Control Suite 0
Cisco Videoscape AnyRes Live 0
Cisco Video Surveillance PTZ IP Cameras 0
Cisco Video Surveillance Media Server 0
Cisco Video Surveillance 7000 Series IP Cameras 0
Cisco Video Surveillance 6000 Series IP Cameras 0
Cisco Video Surveillance 4300E and 4500E High-Definition IP Cameras 0
Cisco Video Surveillance 4000 Series High-Definition IP Cameras 0
Cisco Video Surveillance 3000 Series IP Cameras 0
Cisco Video Distribution Suite for Internet Streaming (VDS-IS/CDS-IS) 0
Cisco Universal Small Cell Iuh 0
Cisco Universal Small Cell CloudBase Factory Recovery Root Filesystem 2.99.4
Cisco Universal Small Cell CloudBase Factory Recovery Root Filesystem 0
Cisco Universal Small Cell 7000 Series 3.4.2.0
Cisco Universal Small Cell 5000 Series 3.4.2.0
Cisco Universal Small Cell 5000 Series 0
Cisco Unity Express 0
Cisco Unity Connection 0
Cisco Unified Workforce Optimization - Quality Management Solution 0
Cisco Unified Workforce Optimization 0
Cisco Unified Wireless IP Phone 0
Cisco Unified SIP Proxy Software 0
Cisco Unified SIP Proxy 0
Cisco Unified MeetingPlace 0
Cisco Unified IP 9971 Phone 0
Cisco Unified IP 9951 Phone 0
Cisco Unified IP 8961 Phone 0
Cisco Unified IP 8945 Phone 0
Cisco Unified IP 8831 Conference Phone for Third-Party Call Control 0
Cisco Unified IP 8831 Conference Phone 0
Cisco Unified IP 7900 Series Phones 0
Cisco Unified IP 6945 Phone 0
Cisco Unified IP 6901 Phone 0
Cisco Unified Intelligent Contact Management Enterprise 0
Cisco Unified Intelligence Center 0
Cisco Unified Contact Center Express 0
Cisco Unified Contact Center Enterprise - Live Data server 0
Cisco Unified Contact Center Enterprise 0
Cisco Unified Communications Manager Session Management Edition 0
Cisco Unified Communications Manager IM & Presence Service (formerly C 0
Cisco Unified Communications Manager (CUCM) 0
Cisco Unified Communications Domain Manager 0
Cisco Unified Attendant Console Standard 0
Cisco Unified Attendant Console Premium Edition 0
Cisco Unified Attendant Console Enterprise Edition 0
Cisco Unified Attendant Console Department Edition 0
Cisco Unified Attendant Console Business Edition 0
Cisco Unified Attendant Console Advanced 0
Cisco Unified Attendant Console 0
Cisco UCS Standalone C-Series Rack Server - Integrated Management Cont 0
Cisco UCS Manager 0
Cisco UCS Director 0
Cisco UCS Central Software 0
Cisco UCS B-Series Blade Servers 0
Cisco UCS 6200 Series and 6300 Series Fabric Interconnects 0
Cisco UC Integration for Microsoft Lync 0
Cisco TelePresence Video Communication Server (VCS) 0
Cisco TelePresence TX9000 Series 0
Cisco TelePresence System TX1310 0
Cisco TelePresence System EX Series 0
Cisco TelePresence System 500-37 0
Cisco TelePresence System 500-32 0
Cisco TelePresence System 3000 Series 0
Cisco Telepresence System 3000 0
Cisco TelePresence System 1300 0
Cisco TelePresence System 1100 0
Cisco TelePresence System 1000 0
Cisco TelePresence System TX9000
Cisco TelePresence System 500-37
Cisco TelePresence System 500-32
Cisco TelePresence System 1100
Cisco TelePresence System 1000
Cisco TelePresence SX Series 0
Cisco TelePresence Supervisor MSE 8050 0
Cisco TelePresence Server on Virtual Machine 0
Cisco TelePresence Server on Multiparty Media 820 0
Cisco TelePresence Server on Multiparty Media 310 and 320 0
Cisco TelePresence Server 7010 and MSE 8710 0
Cisco TelePresence Serial Gateway Series 0
Cisco TelePresence Profile Series 0
Cisco TelePresence MX Series 0
Cisco TelePresence MCU 0
Cisco TelePresence ISDN Link 0
Cisco TelePresence ISDN Gateway MSE 8321 0
Cisco TelePresence ISDN Gateway 3241 0
Cisco TelePresence Integrator C Series 0
Cisco TelePresence Content Server 0
Cisco TelePresence Conductor 0
Cisco TAPI Service Provider (TSP) 0
Cisco Tandberg Codian MSE 8320 0
Cisco Tandberg Codian ISDN Gateway 0
Cisco StealthWatch UDP Director (formerly Flow Replicator) 0
Cisco StealthWatch UDP Director 0
Cisco StealthWatch Management Console (SMC) 0
Cisco StealthWatch IDentity 0
Cisco StealthWatch FlowCollector sFlow 0
Cisco StealthWatch FlowCollector NetFlow 0
Cisco SPA525G 5-Line IP Phone 0
Cisco SPA51x IP Phones 0
Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA) 0
Cisco SPA122 Analog Telephone Adapter (ATA) with Router 0
Cisco SPA112 2-Port Phone Adapter 0
Cisco SocialMiner 0
Cisco Smart Net Total Care - Local Collector appliance 0
Cisco Smart Care 0
Cisco Small Business SPA500 Series IP Phones 0
Cisco Small Business SPA300 Series IP Phones 0
Cisco Small Business 300 Series (Sx300) Managed Switches 0
Cisco Small Business 300 Series 0
Cisco Show and Share 0
Cisco Services Provisioning Platform 0
Cisco Security Manager 0
Cisco Secure Access Control System (ACS) 0
Cisco Registered Envelope Service 0
Cisco Proactive Network Operations Center 0
Cisco Prime Performance Manager 0
Cisco Prime Optical for Service Providers 0
Cisco Prime Optical 0
Cisco Prime Network Services Controller 0
Cisco Prime Network 0
Cisco Prime License Manager 0
Cisco Prime LAN Management Solution 0
Cisco Prime IP Express 0
Cisco Prime Infrastructure Plug and Play Standalone Gateway 0
Cisco Prime Data Center Network Manager -
Cisco Prime Collaboration Provisioning 0
Cisco Prime Collaboration Deployment 0
Cisco Prime Collaboration Assurance 0
Cisco Prime Access Registrar 0
Cisco Physical Access Gateways 0
Cisco Partner Support Service 1.0
Cisco Paging Server (Informacast) 0
Cisco Paging Server 0
Cisco Packaged Contact Center Enterprise 0
Cisco ONS 15454 Series Multiservice Provisioning Platforms 0
Cisco OnePK All-in-One VM 0
Cisco onePK All-in-One Virtual Machine 0
Cisco One Portal 0
Cisco Nexus 9000 Series Switches - Standalone NX-OS mode 0
Cisco Nexus 9000 Series Fabric Switches - ACI mode 0
Cisco Nexus 7000 Series Switches 0
Cisco Nexus 6000 Series Switches 0
Cisco Nexus 5000 Series Switches 0
Cisco Nexus 4000 Series Blade Switches 0
Cisco Nexus 3000 Series Switches 0
Cisco Nexus 1000V Series Switches 0
Cisco Nexus 1000V InterCloud for VMware 0
Cisco Nexus 1000V InterCloud 0
Cisco Network Performance Analysis 0
Cisco Network Analysis Module 0
Cisco NetFlow Generation Appliance 0
Cisco NAC Guest Server 0
Cisco NAC Appliance - Clean Access Server 0
Cisco NAC Appliance - Clean Access Manager 0
Cisco MXE 3500 Series Media Experience Engines 0
Cisco Multicast Manager 0
Cisco Mobility Services Engine 0
Cisco MediaSense 0
Cisco Media Services Interface 0
Cisco MDS 9000 Series Multilayer Switches 0
Cisco Management Appliance 0
Cisco Lancope Stealthwatch FlowCollector sFlow 0
Cisco Lancope Stealthwatch FlowCollector NetFlow 0
Cisco Jabber Software Development Kit 0
Cisco Jabber Guest 0
Cisco Jabber for Windows 0
Cisco Jabber for Mac 0
Cisco Jabber for iPhone and iPad 0
Cisco Jabber for Android 0
Cisco Jabber Client Framework (JCF) Components 0
Cisco Jabber 0
Cisco IronPort Email Security Appliance 0
Cisco IP Interoperability and Collaboration System (IPICS) 0
Cisco IP 8800 Series Phones - VPN feature 0
Cisco IP 7800 Series Phones 0
Cisco IOS XR Software 0
Cisco Intrusion Prevention System (IPS) Solutions 0
Cisco InTracer 0
Cisco Intelligent Automation for Cloud 0
Cisco Identity Services Engine 0
Cisco Hosted Collaboration Mediation Fulfillment 0
Cisco FireSIGHT System Software 0
Cisco Expressway series 0
Cisco Enterprise Content Delivery System (ECDS) 0
Cisco Emergency Responder 0
Cisco Emergency Responder
Cisco Email Security Appliance (ESA) 0
Cisco Email Security Appliance 0
Cisco Edge 340 Digital Media Player 0
Cisco Edge 300 Digital Media Player 0
Cisco DX Series IP Phones 0
Cisco Content Security Management Appliance (SMA) 0
Cisco Content Security Management Appliance 0
Cisco Content Security Appliance Update Servers 0
Cisco Connected Grid Routers 0
Cisco Connected Analytics For Collaboration 0
Cisco Configuration Professional 0
Cisco Computer Telephony Integration Object Server (CTIOS) 0
Cisco Common Services Platform Collector 0
Cisco Cloupia Unified Infrastructure Controller 0
Cisco Cloud Web Security (CWS) 0
Cisco Cloud Web Security 0
Cisco Cloud Object Storage 0
Cisco Clean Access Manager 0
Cisco Broadband Access Center Telco and Wireless 0
Cisco ATA 190 Series Analog Terminal Adaptors 0
Cisco ATA 187 Analog Telephone Adaptor 0
Cisco ASR 5000 Series 0
Cisco ASA Next-Generation Firewall Services 0
Cisco Application Policy Infrastructure Controller (APIC) 0
Cisco Application Networking Manager (ANM) 0
Cisco Application and Content Networking System (ACNS) 0
Cisco AnyConnect Secure Mobility Client for Windows 0
Cisco AnyConnect Secure Mobility Client for Mac OS X 0
Cisco AnyConnect Secure Mobility Client for Linux 0
Cisco AnyConnect Secure Mobility Client for iOS 0
Cisco AnyConnect Secure Mobility Client for desktop platforms 0
Cisco AnyConnect Secure Mobility Client for Android 0
Cisco AnyConnect Secure Mobility Client 0
Cisco Aironet 2700 Series Access Points 0
Cisco Agent for OpenFlow 0
Cisco Agent Desktop for Cisco Unified Contact Center Express 0
Cisco Agent Desktop
Cisco Adaptive Security Appliance (ASA) 0
Cisco ACE30 Application Control Engine Module 0
Cisco ACE 4710 Application Control Engine 0
Cisco 910 Industrial Router 0
Cisco 500 Series Stackable (Sx500) Managed Switches 0
Cisco 500 Series Stackable 0
Cisco 4400 Series Digital Media Players 0
Cisco 4300 Series Digital Media Players 0
Cisco 220 Series Smart Plus (Sx220) Switches 0
CentOS CentOS 7


SecurityFocus Vulnerabilities

The impact of a data breach can be disastrous for an organization and can include loss of customer confidence and...

trust, financial penalties and other consequences. The average total cost of a data breach is $ 4 million, up by 29% since 2013 according to the "2016 Cost of Data Breach Study" published by the Ponemon Institute. The average cost per record breached is $ 158, whereas the average cost per record for the healthcare and retail industries are $ 355 and $ 129, respectively. Despite the high risk of the threat, enterprises continue to fall victim to data breaches globally, and it raises significant concerns over protecting the data organizations own, process and store.

While the external threats remain a high priority, the threat to sensitive data also comes from insiders. The threats of employees stealing customer information, personally identifiable information or credit card details are real due to the fact that, in most cases, privileged users like system administrators or database administrators are given authorized access to the data. Often, the real data from the production environment is copied over to the nonproduction environment, which is less secure and not managed with same security controls as the production environment, and resulting data can be exposed or stolen.

Data obfuscation techniques offer different ways to ensure that data remains protected from falling into wrong hands, and fewer individuals can access the sensitive information while meeting business requirements.

 What is data obfuscation?

In the technology world, data obfuscation, which is also known as data masking, is the process of replacing existing sensitive information in test or development environments with the information that looks like real production information, but is of no use to anyone who might wish to misuse it. In other words, the users of test or development environments do not need to see the actual production data as long as what they are looking at looks real and is consistent. Thus, data obfuscation techniques are used to protect the data by deidentifying sensitive information contained in nonproduction environments or masking identifiable information with realistic values, enabling enterprises to mitigate the data exposure risk.

The need for data obfuscation techniques

Organizations often need to copy production data stored in production databases to nonproduction or test databases. This is done in order to realistically complete the application functionality test and cover real-time scenarios or test cases to minimize the production bugs or defects. As a result of this practice, a nonproduction environment can become easy target for cybercriminals or malicious insiders looking for sensitive data that can be exposed or stolen. Because a nonproduction environment is not as tightly controlled or managed as the production environment, it could cost millions of dollars for organizations to remediate reputation damage or brand value should a data breach incident occur. Regulatory requirements are another key driver for data obfuscation. The Payment Card Industry Data Security Standard (PCI DSS), for example, encourages merchants to enhance payment card data security with the broad adoption of consistent data security measures that provide a baseline of technical and operational requirements. PCI DSS requires that merchants' production data and information "are not used for testing and development." Inappropriate data exposure, whether by an accidental or malicious incident, could have devastating consequences and could lead to excessive fines or legal action levied for the violation of the rules.

Data obfuscation use cases

A typical use case for data obfuscation techniques could be when a development environment database is handled and managed by a third-party vendor or outsourcer; data obfuscation becomes extremely important to enable the third-party vendor to be able to perform its duties and functions as needed. By applying data obfuscation techniques, an enterprise can replace the sensitive information with similar values in the database and not have to worry about the third-party vendor exposing that information during development.

Another typical use case could be in the retail industry, where a retailer needs to share customer point-of-sale data with a market research company to apply advanced analytics algorithms and analyze the customers' buying patterns and trends. But instead of providing the real customer data to the research firm, the retailer provides a substitute that looks similar to the real customer data. This approach helps enterprises minimize the risk of data exposure or leakage through a business partner or other type of third-party organization.

Stay tuned for part two of this series on data obfuscation techniques.

Next Steps

Read more on building an information security risk management program

Learn about how cyberattacks use obfuscation techniques

Discover why threat monitoring on the dark web can help enterprises

This was last published in November 2016

PRO+

Content

Find more PRO+ content and other member only offers, here.


SearchSecurity: Security Wire Daily News

Vulnerable: Linux kernel 4.2.3
Linux kernel 4.1.4
Linux kernel 4.1.1
Linux kernel 4.0.6
Linux kernel 3.19.3
Linux kernel 3.18.22
Linux kernel 3.18.17
Linux kernel 3.18.11
Linux kernel 3.18.8
Linux kernel 3.18.7
Linux kernel 3.18.3
Linux kernel 3.18.2
Linux kernel 3.18.1
Linux kernel 3.17.4
Linux kernel 3.17.2
Linux kernel 3.16.7
Linux kernel 3.16.2
Linux kernel 3.16.1
Linux kernel 3.15.10
Linux kernel 3.15.5
Linux kernel 3.15.2
Linux kernel 3.14.54
Linux kernel 3.14.45
Linux kernel 3.14.37
Linux kernel 3.14.4
Linux kernel 3.14.3
Linux kernel 3.14.2
Linux kernel 3.13.11
Linux kernel 3.13.9
Linux kernel 3.13.3
Linux kernel 3.13.1
Linux kernel 3.12.49
Linux kernel 3.12.48
Linux kernel 3.12.44
Linux kernel 3.12.40
Linux kernel 3.12.21
Linux kernel 3.12.18
Linux kernel 3.12.17
Linux kernel 3.12.16
Linux kernel 3.12.11
Linux kernel 3.12.7
Linux kernel 3.12.4
Linux kernel 3.12.3
Linux kernel 3.12.2
Linux kernel 3.11.3
Linux kernel 3.10.90
Linux kernel 3.10.81
Linux kernel 3.10.73
Linux kernel 3.10.45
Linux kernel 3.10.41
Linux kernel 3.10.38
Linux kernel 3.10.37
Linux kernel 3.10.36
Linux kernel 3.10.30
Linux kernel 3.10.27
Linux kernel 3.10.26
Linux kernel 3.10.23
Linux kernel 3.10.22
Linux kernel 3.10.21
Linux kernel 3.10.14
Linux kernel 3.10.10
Linux kernel 3.10.9
Linux kernel 3.10.7
Linux kernel 3.10
Linux kernel 3.8.9
Linux kernel 3.8.6
Linux kernel 3.8.5
Linux kernel 3.8.4
Linux kernel 3.8.2
Linux kernel 3.8.1
Linux kernel 3.7.10
Linux kernel 3.7.9
Linux kernel 3.7.8
Linux kernel 3.7.7
Linux kernel 3.7.5
Linux kernel 3.7.4
Linux kernel 3.7.3
Linux kernel 3.7.2
Linux kernel 3.7.1
Linux kernel 3.6.11
Linux kernel 3.6.10
Linux kernel 3.6.9
Linux kernel 3.6.8
Linux kernel 3.6.7
Linux kernel 3.6.6
Linux kernel 3.6.5
Linux kernel 3.6.4
Linux kernel 3.6.3
Linux kernel 3.6.2
Linux kernel 3.6.1
Linux kernel 3.5.7
Linux kernel 3.5.6
Linux kernel 3.5.5
Linux kernel 3.5.4
Linux kernel 3.5.3
Linux kernel 3.5.2
Linux kernel 3.5.1
Linux kernel 3.4.88
Linux kernel 3.4.87
Linux kernel 3.4.86
Linux kernel 3.4.80
Linux kernel 3.4.76
Linux kernel 3.4.73
Linux kernel 3.4.72
Linux kernel 3.4.71
Linux kernel 3.4.64
Linux kernel 3.4.58
Linux kernel 3.4.42
Linux kernel 3.4.36
Linux kernel 3.4.32
Linux kernel 3.4.31
Linux kernel 3.4.27
Linux kernel 3.4.26
Linux kernel 3.4.25
Linux kernel 3.4.21
Linux kernel 3.4.20
Linux kernel 3.4.19
Linux kernel 3.4.18
Linux kernel 3.4.17
Linux kernel 3.4.16
Linux kernel 3.4.15
Linux kernel 3.4.14
Linux kernel 3.4.13
Linux kernel 3.4.12
Linux kernel 3.4.11
Linux kernel 3.4.10
Linux kernel 3.4.9
Linux kernel 3.4.8
Linux kernel 3.4.7
Linux kernel 3.4.6
Linux kernel 3.4.5
Linux kernel 3.4.4
Linux kernel 3.4.3
Linux kernel 3.4.2
Linux kernel 3.4.1
Linux kernel 3.3.5
Linux kernel 3.3.4
Linux kernel 3.3.2
Linux kernel 3.2.82
Linux kernel 3.2.72
Linux kernel 3.2.62
Linux kernel 3.2.57
Linux kernel 3.2.56
Linux kernel 3.2.51
Linux kernel 3.2.24
Linux kernel 3.2.23
Linux kernel 3.2.13
Linux kernel 3.2.12
Linux kernel 3.2.9
Linux kernel 3.2.1
Linux kernel 3.1.8
Linux kernel 3.0.98
Linux kernel 3.0.75
Linux kernel 3.0.72
Linux kernel 3.0.69
Linux kernel 3.0.65
Linux kernel 3.0.60
Linux kernel 3.0.59
Linux kernel 3.0.58
Linux kernel 3.0.37
Linux kernel 3.0.34
Linux kernel 3.0.5
Linux kernel 3.0.4
Linux kernel 3.0.2
Linux kernel 3.0.1
Linux kernel 2.6.39
Linux kernel 2.6.38
Linux kernel 2.6.37
Linux kernel 2.6.36
Linux kernel 2.6.35
Linux kernel 2.6.34
Linux kernel 2.6.33
Linux kernel 2.6.32
Linux kernel 2.6.31
Linux kernel 2.6.30
Linux kernel 2.6.29
Linux kernel 2.6.28
Linux kernel 2.6.27
Linux kernel 2.6.26
Linux kernel 2.6.25
Linux kernel 2.6.24
Linux kernel 2.6.23
Linux kernel 2.6.22
Linux kernel 2.6.20
Linux kernel 2.6.17
Linux kernel 2.6.16
Linux kernel 2.6.15
Linux kernel 2.6.14
Linux kernel 2.6.13
Linux kernel 2.6.12
Linux kernel 2.6.11
Linux kernel 2.6.10
Linux kernel 2.6.9
Linux kernel 2.6.8
Linux kernel 2.6.7
Linux kernel 2.6.6
Linux kernel 2.6.5
Linux kernel 2.6.4
Linux kernel 2.6.3
Linux kernel 2.6.2
Linux kernel 2.6.1
Linux kernel 2.6
Linux kernel 4.4
Linux kernel 4.3.3
Linux kernel 4.3-rc1
Linux kernel 4.2.8
Linux kernel 4.2
Linux kernel 4.1.15
Linux kernel 4.1
Linux kernel 4.0.5
Linux kernel 4.0
Linux kernel 3.9.8
Linux kernel 3.9.4
Linux kernel 3.9
Linux kernel 3.8
Linux kernel 3.7.6
Linux kernel 3.7
Linux kernel 3.6
Linux kernel 3.5
Linux kernel 3.4.93
Linux kernel 3.4.81
Linux kernel 3.4.70
Linux kernel 3.4.67
Linux kernel 3.4.29
Linux kernel 3.4
Linux kernel 3.3
Linux kernel 3.2.81
Linux kernel 3.2.78
Linux kernel 3.2.65
Linux kernel 3.2.64
Linux kernel 3.2.63
Linux kernel 3.2.60
Linux kernel 3.2.55
Linux kernel 3.2.54
Linux kernel 3.2.53
Linux kernel 3.2.52
Linux kernel 3.2.50
Linux kernel 3.2.44
Linux kernel 3.2.42
Linux kernel 3.2.38
Linux kernel 3.2.2
Linux kernel 3.2
Linux kernel 3.19
Linux kernel 3.18.9
Linux kernel 3.18
Linux kernel 3.17.6
Linux kernel 3.17
Linux kernel 3.16.6
Linux kernel 3.16.36
Linux kernel 3.16
Linux kernel 3.15
Linux kernel 3.14.73
Linux kernel 3.14.7
Linux kernel 3.14.5
Linux kernel 3.14-4
Linux kernel 3.14-1
Linux kernel 3.14
Linux kernel 3.13.7
Linux kernel 3.13.6
Linux kernel 3.13.5
Linux kernel 3.13.4
Linux kernel 3.13.11-ckt28
Linux kernel 3.13.11-ckt27
Linux kernel 3.13.0
Linux kernel 3.13-rc1
Linux kernel 3.13
Linux kernel 3.12.22
Linux kernel 3.12.15
Linux kernel 3.12.14
Linux kernel 3.12.12
Linux kernel 3.12.1
Linux kernel 3.11.9
Linux kernel 3.11.6
Linux kernel 3.11
Linux kernel 3.10.5
Linux kernel 3.10.43
Linux kernel 3.10.31
Linux kernel 3.10.20
Linux kernel 3.10.17
Linux kernel 3.10-rc5
Linux kernel 3.10
Linux kernel 3.1
Linux kernel 3.0.66
Linux kernel 3.0.62
Linux kernel 3.0.18
Linux kernel 3.0
Linux kernel 2.6.38.6
Linux kernel 2.6.38.4
Linux kernel 2.6.38.3
Linux kernel 2.6.38.2
Linux kernel 2.6.35.5
Linux kernel 2.6.35.4
Linux kernel 2.6.35.13
Linux kernel 2.6.35.1
Linux kernel 2.6.34.3
Linux kernel 2.6.34.2
Linux kernel 2.6.33.7
Linux kernel 2.6.32.8
Linux kernel 2.6.32.7
Linux kernel 2.6.32.62
Linux kernel 2.6.32.61
Linux kernel 2.6.32.60
Linux kernel 2.6.32.6
Linux kernel 2.6.32.5
Linux kernel 2.6.32.4
Linux kernel 2.6.32.3
Linux kernel 2.6.32.28
Linux kernel 2.6.32.22
Linux kernel 2.6.32.2
Linux kernel 2.6.32.18
Linux kernel 2.6.32.17
Linux kernel 2.6.32.16
Linux kernel 2.6.32.15
Linux kernel 2.6.32.14
Linux kernel 2.6.32.13
Linux kernel 2.6.32.12
Linux kernel 2.6.32.11
Linux kernel 2.6.32.10
Linux kernel 2.6.31.6
Linux kernel 2.6.31.4
Linux kernel 2.6.31.1
Linux kernel 2.6.30.5
Linux kernel 2.6.30.4
Linux kernel 2.6.30.3
Linux kernel 2.6.28.4
Linux kernel 2.6.28.10
Linux kernel 2.6.25.4
Linux kernel 2.6.25.3
Linux kernel 2.6.25.2
Linux kernel 2.6.25.1
Linux kernel 2.6.24.6
Linux kernel 2.6.24.4
Linux kernel 2.6.24.3
Linux kernel 2.6.23.14
Linux kernel 2.6.23.10
Linux kernel 2.6.23.1
Linux kernel 2.6.20.3
Linux kernel 2.6.20.2
Linux kernel 2.6.20.13
Linux kernel 2.6.20.11
Linux kernel 2.6.20-2
Linux kernel 2.6.18.1
Linux kernel 2.6.18
Linux kernel 2.6.16.9
Linux kernel 2.6.16.7
Linux kernel 2.6.15.5
Linux kernel 2.6.15.4
Linux kernel 2.6.15.11
Linux kernel 2.6.13.4
Linux kernel 2.6.13.3
Linux kernel 2.6.13.2
Linux kernel 2.6.13.1
Linux kernel 2.6.12.6
Linux kernel 2.6.12.5
Linux kernel 2.6.12.4
Linux kernel 2.6.12.3
Linux kernel 2.6.12.2
Linux kernel 2.6.12.1
Linux kernel 2.6.11.8
Linux kernel 2.6.11.7
Linux kernel 2.6.11.6
Linux kernel 2.6.11.5
Linux kernel 2.6.11.4
Linux kernel 2.6.11.12
Linux kernel 2.6.11.11


SecurityFocus Vulnerabilities

Network Break 113: Nutanix Targets Networking; More IoT Threats - Packet Pushers -

Packet Pushers

Where Too Much Networking Would Be Barely Enough

All content ©2015 Packet Pushers Interactive, LLC. All rights reserved.


Information Security Podcasts

The holiday season is a time to reflect on what is really important in life and what brings us all together. That, of course, is identity governance.

IBM Security’s Identity Governance and Intelligence solution will be celebrated at three major upcoming events: the 2016 Gartner IAM Summit, a webinar focused on health care and an analyst webinar in which IBM will host Forrester. At each of these events, IBM will showcase its identity and access management (IAM) portfolio, including real-world use cases, product demonstrations, interactions with the experts and more.

Identity Governance and Intelligence Stars at Gartner IAM Summit

From Nov. 29 to Dec. 1, Gartner will host IAM vendors, business partners and customers in Las Vegas for its annual IAM Summit, arguably the largest IAM event of the year. As a major sponsor of the event, IBM will have a booth and is set to host two speaking sessions by Jason Keenaghan, program director of IAM Offering Management, and Eric Maass, director of IAM Cloud Services Strategy.

The theme of the IBM booth is “Security Starts with People.” It will feature ongoing demonstrations of IBM Security’s IAM solutions, including IBM Security Identity Governance and Intelligence, as well as experts in each area to answer any questions attendees may have. Please stop by one of IBM’s sessions or visit us at booth No. 301. We look forward to seeing you there.

IBM Takes On Health Care

On Dec. 5, IBM will host a webinar focused on governance and health care titled “Safeguard Healthcare Identities and Data With Identity Governance and Intelligence.” Believe it or not, health care is one of the hardest hit industries from an information security perspective due to the difficulty of managing and governing identities with so many complex systems in place.

Join this webinar to learn about IBM’s success in the health care industry with IBM Security Identity Governance and Intelligence, including integration with Epic and other complex electronic medical record (EMR) systems.

Register for the Dec. 5 webinar on Safeguarding Healthcare Identities and Data

Dig Into IAM Trends

On Dec. 8, 2016, IBM is very proud to be hosting Andras Cser, vice president and principle analyst serving security and risk professionals at Forrester, for a webinar titled “Identity and Access Management: What Are the Trends? How Do You Solve Them?”

As the title suggests, Andras and IBM’s Jason Keenaghan will dig into the current trends in IAM and discuss how we can solve new issues as they arise. With a particular focus on identity governance and access management, and what promises to be a lively Q&A session at the end, this is one webinar you won’t want to miss.

Register for the Dec. 8 Webinar on trends in identity and access management


Security Intelligence

Throughout November, I plan to release details on vulnerabilities I
found in web-browsers which I've not released before. This is the
thirteenth entry in that series. Unfortunately I won't be able to
publish everything within one month at the current rate, so I may
continue to publish these through December and January.

The below information is available in more detail on my blog at
http://blog.skylined.nl/20161117001.html.

Follow me on http://twitter.com/berendjanwever for daily browser bugs.

Microsoft Internet Explorer 11 iertutil LCIEGetTypedComponentFromThread
use-after-free
=======================================================================
(The fix and CVE number for this issue are unknown)

Synopsis
--------
A specially crafted web-page can cause the iertutil.dll module of
Microsoft Internet Explorer 11 to free some memory while it still holds
a reference to this memory. The module can be made to use this reference
after the memory has been freed. Unlike many use-after-free bugs in
MSIE, this issue, and apparently all code in this module, is not
mitigated by MemGC. This issue appears to have been addressed in July
2016, as it failed to reproduce after the July security updates were
installed.

Known affected software, attack vectors and mitigation
------------------------------------------------------
+ Microsoft Internet Explorer 11

An attacker would need to get a target user to open a specially
crafted web-page and allow the web-page to open a popup. The target
user may need to run MSIE in the non-default single process mode.
Disabling JavaScript should prevent an attacker from triggering the
vulnerable code path.

Description
-----------
This looks like a pretty straightforward use-after-free, but I did not
investigate at what point in the repro the memory gets freed and when it
gets re-used, so I do not know if an attacker has any chance to force
reallocation of the freed memory before reuse.

The issue can be triggered with MemGC enabled; the object that is freed
does not appear to be protected by MemGC.

The repro requires that MSIE is run in single-process mode in order to
trigger the use-after-free. It is not known if it is possible to tweak
the repro to have MSIE take a similar code-path that leads to a
use-after-free when MSIE is not in single-process mode.

MSIE can be started in single process mode by setting the following
registry key before starting MSIE:

`HKCU\Software\Microsoft\Internet Explorer\Main\TabProcGrowth = DWORD:0`

To revert this change, remove the registry key or set the value to 1 and
restart MSIE.

Exploit
-------
A number of factors appear to be getting in the way of creating a usable
exploit for this issue:
* I did not investigate if it is possible to reproduce the issue without
opening a pop-up to make it exploitable in the presence of a pop-up
blocker.
* I did not investigate if it is possible to reproduce the issue without
running MSIE in single-process process mode to exploit it on a system
with default settings.
* I did not investigate if it is possible to reallocate the freed memory
between the free and the use-after-free in order to modify control
flow.
Because there are so many things that would need to be investigated in
order to write an exploit, I felt it was not cost-effective for me to do so.

Time-line
---------
* July 2016: This vulnerability was found through fuzzing.
* July 2016: This vulnerability was submitted to ZDI and iDefense.
* July 2016: ZDI reports they are unable to reproduce the issue.
* November 2016: Details of this issue are released.

Cheers,
SkyLined

Repro.html

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=5">
<script>
onload = function ()
open("about:blank").close();
createAPopup();
document.write("x");
;
</script>
</head>
</html>


Exploit Files ≈ Packet Storm

People who are upset that Hillary Clinton’s personal email server may have been hacked are missing the big picture. Nearly everything that is worth hacking and connected to the internet is already hacked -- and that which is not can be hacked at will.

I don’t want to get into the morass of whether Clinton’s use of personal email while she was Secretary of State was legal or ethical. That’s been debated to death.

[ Safeguard your data! The tools you need to encrypt your communications and web data. • Maximum-security essential tools for everyday encryption. • InfoWorld's encryption Deep Dive how-to report. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]

Instead, I’m talking about whether it was hacked. Could it have been? I'll say it again: Everything is hackable. Stuxnet took down Iranian centrifuges that were running on an air-gapped private network. The State Department’s email was hacked -- very likely before, during, and after Clinton's tenure there.

Was Clinton's email server hacked?

As for Clinton's personal email server, the fact is we’ll never know whether it was hacked.

Her server ran Microsoft Exchange 2010. Arrested Romanian hacker Marcel Lazăr (aka Guccifer) claimed he had hacked it. But beyond his public claim no evidence has come to light to back up his statement.

The FBI forensic investigation into the server did not corroborate his statement. As far as I can tell, Guccifer socially engineered her aide, Sidney Blumenthal, out of his AOL account password and nothing more. The same hacking technique was used against her senior adviser John Podesta for the thousands of emails now shared via Wikileaks. I’ve yet to hear any evidence that the server itself was exploited.

Could someone have hacked the server without leaving evidence?

Yes, although it seems unlikely. Most hackers leave behind lots of evidence because it doesn't matter if they do. Almost no one gets caught, much less prosecuted. Thus, hackers have become lazy and don’t attempt to clear log files or cover up evidence of their crimes.

For the sake of argument, let's say a Russian superhacker broke into Clinton's server without leaving behind signs of compromise. In that case, wouldn't we see emails other than those coming from two aides? It’s highly unlikely that a hacker would gain complete access, download every email, and fail to leak emails from Hillary and Bill Clinton.

Don't get me wrong -- I think plenty of hackers are capable of hacking her server and not leaving behind evidence. But I seriously doubt those hackers realized the importance of the email server serving up the @clintonemail.com domain. The FBI’s own investigation revealed the server was scanned and a few hacks were attempted, but none seemed to get through.

How would you hack Clinton’s email server?

This is penetration testing 101. First, you canvas your target. It’s Microsoft Exchange 2010 running on Microsoft Windows -- you can get that much by sending a few SMTP query commands to the email service port or running a port scanner like Nmap against the IP address. Using a port scanner and a few fingerprinting apps, you’d likely come away with the Windows version and perhaps even its patch status, along with whatever other services it was running.

We know from reports that it was running Microsoft Outlook Web Access (OWA) and Remote Desktop Protocol (RDP) for remote access. That helps a lot. OWA means it’s also running Microsoft’s Internet Information Services (IIS). Any hacker worth his or her salt already has all the possible exploits that might work against Microsoft Windows, IIS, Exchange, and RDP. Lots of hackers like to use the Metasploit Framework, but I’m partial to custom code for each vulnerability.

RDP and OWA also give you remote logons to try. Even if they have account lockout enabled, you can guess slowly. Better yet, you can guess against the Administrator account. As long as it hasn’t been renamed, you can guess forever as many times as you like and you won’t get locked out. If you have Bill's or Hillary’s email address, the logon account name is likely to be the same as their email address.

One of my favorite penetration tests, when I have the time, is to identify all  running software and wait until a new vulnerability appears. Microsoft releases new patches at least once a month, and almost every Windows server needs to be patched each time. All you need to do is wait for the patch announcement and exploit the identified vulnerability before the system administrator can patch it. You usually have a day or so before the admin patches a server, if not longer.

If the exploit gets you on the email server, you can then configure Exchange to forward copies of all new emails. Or you can use a program like ExMerge to suck up every existing email, including deleted ones. Once you're on the server, you can create new accounts, add backdoors, or do pretty much anything else.

A few critics have noted that Clinton’s email server didn’t have SSL protection. The SSL page was available, but the system admin didn’t populate it with an SSL certificate. This means the connections to the server were in plaintext. While not having an SSL cert to protect the server isn’t great, it isn’t necessarily game over. It isn’t easy to pop onto someone else’s network streams simply because you know they are there. You have to get close to the server’s original point and perform a man-in-the-middle attack on the main connection. It’s easy to do if you’re already on the local network, but not so easy if you’re not.

One of the more interesting feats you can perform with a public email server is to try and take over its domain. Perhaps Clinton’s server is bulletproof -- fully patched and unhackable. Email hackers are famous for gaining control over DNS domains (in this case, clintonemail.com and wjcoffice.com) and, if successful, redirect all email and connections headed to those domains to a fraudulent email server. You wouldn’t be able to see preexisting emails, but you'd be able to capture new inbound emails (and all the long threads of previous emails they probably contain).

What would have stopped the leak?

In the social engineering instances, using a system that required two-factor authentication (2FA) would have helped. Gmail had 2FA available back then, although I’m not sure about AOL. Clinton should have been using the State Department systems for all business email, and her personal email server should have required 2FA (although the system admin would have to know how to set it up and show the Clintons how to use it).

That’s water under the bridge now.

What I’m sure Clinton really wishes she had used, besides the State Department email system, is a mechanism that prevents private email from being easily read by unauthorized parties. There are myriad solutions, including Microsoft’s Rights Management System (RMS).

Information protection software such as RMS is pretty nifty. It encrypts all protected email and requires the user to retrieve an authorized personal digital certificate to view, print, or copy the email. At any time the personal certificate can be revoked. Hence, if a hacker stole the email, as soon as someone noticed, the certificate could be revoked and the email would become unreadable. Try posting that to Wikileaks.

After all the huge corporate hacking incidents, in which embarrassing private emails were leaked, I’m surprised the email information protection market isn’t growing faster. Remember, we are either hacked or the attackers haven't gotten around to it yet. Your confidential emails should be protected in a manner that prevents your emails from being so easy to share.

What happened to Clinton could absolutely happen to any person in any company who fails to use strong information protection for email. That’s the real lesson we all should take away.

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and Twitter stream.


InfoWorld Security Adviser

Is it real? The Trump-Russia server connection

Does the Trump organization have a private internet connection with Russia? That's what a long, detailed article from Slate is asking.

Here's the story in a nutshell: The Russian-owned Alfa Bank appears to have had a private connection to a Trump server. The server in question was registered as belonging to the Trump-Email.com domain. It has a history of sending Trump-branded marketing emails, but in the recent past appeared to have been communicating only with a Russian server registered to Alfa Bank. The Alfa server seems to have regularly communicated with the Trump server, yet other connection attempts from other servers seem to be blocked (likely indicating that the servers only accept connections from each other or a limited list of servers).

[ Make threat intelligence meaningful: A 4-point plan. | Discover how to secure your systems with InfoWorld's Security Report newsletter. ]

When the media started to investigate and asked the Russian organization about the domain name and server, the Trump server, after years of existing in the same place, suddenly changed names and domain names. The first server to reconnect to the Trump server with its new name? The Russian server that had previously connected to it. After the media inquired about the second, newer connection, the Trump server was taken down.

Much of the data and analysis has been shared publicly. I checked it out as much as I could and I agree with experts already quoted in the Slate article: There's no definitive proof, but it's highly likely there was a formal connection. The biggest smoking gun, in my opinion, is the timing of the domain name change and the automatic reconnection to the new name after the server had been moved. That suggests a formal, established, private connection.

This is not my opinion alone. The Slate article quotes internet pioneer Paul Vixie, who after examining the logs concluded that the two parties were communicating in a "secretive" fashion.

Slate reported that both involved entities deny any connection to the other, other than what must be either innocent, random spam or regular DNS traffic. This answer is even more confusing -- and likely wrong. If the data is correct and the Russian server reconnected to the Trump server with its new name and domain, it doesn't seem like either spam or DNS traffic. It's the opposite of random.

Alfa Bank has purportedly hired the trusted industry firm Mandiant to investigate the matter (the founder of Mandiant, along with several other early employees, came from Foundstone, where I used to work). I'd trust what Mandiant says, but in response to a Slate request, Mandiant said it was unable to comment until the investigation was complete.

If I were Alfa Bank or Trump enterprises, and there was nothing illegal or unethical going on, I would release a detailed forensic analysis for both servers. We have enough data outside of their control to confirm or contradict the findings. It would be difficult for anyone to fake a full forensic analysis that agreed with publicly available data.

In the end, even if there was a dedicated private connection between Trump and Russia, who knows what it was about? It could be anything. It could be regular business or marketing emails without a hint of illegal or unethical behavior. But without either side being more forthcoming, we can't know. FBI criminal investigations have been approved with less evidence.

To comment on this article and other InfoWorld content, visit InfoWorld's LinkedIn page, Facebook page and
InfoWorld Security Adviser

It takes a lot for me to write a cybersecurity blog post these days. I spend most of my writing time working on my PhD. Articles like Nothing Brings Banks Together Like A Good Hack drive me up the wall, however, and a Tweet rant is insufficient. What fired me up, you might ask? Please read the following excerpt:

[Troels] Oerting, with no small dose of grudging admiration, says his adversaries excel at something that can’t be addressed with deep pockets or killer software: They’re superb networkers. “The organized crime groups in cyber are sharing much better than we are at the moment,” says Oerting, a Dane with a square jaw and the watchful eyes of a cop who’s investigated the underworld for 35 years. “They are sharing methodologies, knowledge, tools, practices—what works and what doesn’t.”

Statements like these are regularly submitted without evidence. In response, I provide five sources of evidence why organized crime groups do not share more than defenders.

1. Solution providers share. Both commercial and not-for-profit solution providers share enormous amounts of information on the security landscape. Some of it is free, and some of it is sold as products or consulting. Thousands of security companies and not-for-profit providers compete for your attention, producing white papers, Webinars, and other resources. You might argue that all of them claim to be the answer to your problem. However, this situation is infinitely better than the 1980s and early 1990s. Back then, hardly any solutions, or even security companies and organizations, existed at all.

Criminal solution providers share, but they do so by selling their wares. This is true for the open world as well, but the volume of the open world is orders of magnitude greater.

2. Government agencies share. My fellow Americans, has your organization you been visited by the FBI? Federal agents notified more than 3,000 U.S. companies [in 2013] that their computer systems had been hacked. The agents didn't just walk in, drop a letter, and leave. If a relationship did not exist previously, it will now be developed.

Beyond third party breach notifications, agencies such as NIST, DHS, and others regularly share information with organizations. They may not share as much as we would like, but again, historical perspective reveals great progress.

3. Books, articles, and social media share. The amount of readable material on security is astounding. Again, in the late 1980s and early 1990s hardly any books or articles were available. Now, thousands of resources exist, with new material from publishers like No Starch arriving monthly. Where are the books written by the underground?

4. Security conferences share. You could spend every week of the year at a security conference. If you happen to miss a talk, it's likely the incomparable Iron Geek recorded it. Does the underground offer similar opportunities?

5. Private groups and limited information exchange groups share. A final category of defender sharing takes place in more controlled settings. These involve well-established Information Sharing and Analysis Centers (ISACs), developing Information Sharing and Analysis Organizations (ISAOs), and private mailing lists and forums with limited membership. These could possibly be the closest analogue to the much-esteemed underground. Even if you disregard points 1-4 above, the quality of information shared in this final category absolutely equals, if not exceeds, anything you would find in the criminal world.

If you disagree with this analysis, and continue to lament that bad guys share more than the good guys, what evidence can you provide?


TaoSecurity