John Romant's Technology Blog

If it's technology, I want to know about it.

Category Archives: Security

Duqu Virus attacks Iran. All facilities and equipment are said to be “cleaned”.

On Sunday Iran has indicated that the Duqu Virus (click here to learn about the Duqu super virus) has been detected, but the depth of the contamination is currently unknown. The director of Iran’s Passive Defense Organization, Gholam Reza Jalali, says that the Islamic Republic has produced an antivirus software protecting software and hardware systems of governmental centers against the  Duqu super virus.  All facilities and equipment, which were affected with this virus, have been cleaned, and the virus is under control, Gholam Reza Jalali told IRNA on Sunday.

Side note,  I wander how much the Iranian Duqu anti-virus will go for on the open market ?  I also wander if Iran is still using Siemens control systems.  Sounds like a film plot in the making.

follow me on twitter: @johnromant

Infographic: How often do criminals use social media technology?

Are criminals using technology like Facebook, Twitter, Google Street View and/or Foursquare to help them commit their crimes?   Click here to visit original post.

“Duqu” virus created from original Stuxnet Code. Researchers Warn of Impending Cyber Attack.

PHOTO: Researchers claim a new virus, dubbed "Duqu", could be the first step in a new Stuxnet-like cyber attack.

By LEE FERRAN
Oct. 18, 2011

A new computer virus using “nearly identical” parts of the cyber superweapon Stuxnet has been detected on computer systems in Europe and is believed to be a precursor to a new Stuxnet-like attack, a major U.S.-based cyber security company said today.

Stuxnet was a highly sophisticated computer worm that was discovered last year and was thought to have successfully targeted and disrupted systems at a nuclear enrichment plant in Iran. At the time, U.S. officials said the worm’s unprecedented complexity and potential ability to physically sabotage industrial control systems — which run everything from water plants to the power grid in the U.S. and in many countries around the world — marked a new era in cyber warfare.

Though no group claimed responsibility for the Stuxnet worm, several cyber security experts have said it is likely a nation-state created it and that the U.S. and Israel were on a short list of possible culprits.

READ: Could Cyber Superweapon Be Turned on the U.S.?

Whoever it was, the same group may be at it again, researchers said, as the authors of the new virus apparently had access to original Stuxnet code that was never made public.

The new threat, discovered by a Europe-based research lab and dubbed “Duqu”, is not designed to physically affect industrial systems like Stuxnet was, but apparently is only used to gather information on potential targets that could be helpful in a future cyber attack, cyber security giant Symantec said in a report today.

“Duqu shares a great deal of code with Stuxnet; however, the payload is completely different,” Symantec said in a blog post.

READ: Beware the Cyber War Boomerang?

Duqu is designed to record key strokes and gather other system information at companies in the industrial control system field and then send that information back to whomever planted the bug, Symantec said.

If successful, the information gleaned from those companies through Duqu could be used in a future attack on any industrial control system in the world where the companies’ products are used — from a power plant in Europe to an oil rig in the Gulf of Mexico.

“Right now it’s in the reconnaissance stage, you could say,” Symantec Senior Director for Security Technology and Response, Gerry Egan, told ABC News. “[But] there’s a clear indication an attack is being planned.”

Duqu is also not designed to spread on its own…continue reading.

Be Careful Not To Tweet Away That Job Found Via Social Media

By Catherine Ngai

Mitchell Strobl is your average college junior at DePauw University in Greencastle, Ind., but the way he landed his new job is distinctly 21st century.  “I came across this website [through] a link that was posted [on my Facebook wall],” said Strobl, 20. The site lined up with his interests perfectly, and after contacting the president of HuntingLife.com, he was soon hired to become a writer and then a product reviewer for the hunting and conservation news site.

Stories like Strobl’s are rare, especially in a job market as tough as this one. The U.S. economy lost 95,000 jobs in September, and the unemployment rate is 9.6%, according to the U.S. Labor Department. As a result, new graduates and young professionals are trying new tools to improve their chances of finding work.

“Social media is a great way to learn about different employers as well as build professional networks that will help create opportunities and open doors,” said Holly Paul, PwC‘s U.S. recruiting leader. “I do think now that social media is so prolific and being used by students that…it’s an additive to what they’re doing to connect with other individuals that can help them in their job search.”

A month ago, the buzz about finding work via social-media sites hit a new high. After creating YouTube Instant, a replica of real-time search engine Google Instant for searching videos on YouTube, a 19-year-old Stanford student received a job offer via Twitter–even less than the 140-character limit–from Chad Hurley, co-founder and chief executive of YouTube.

While the success stories generate a lot of excitement, and may prompt some job seekers to rely solely on social media, career experts say that’s not a smart move.

“You really have to be careful with Twitter or Facebook, because it can seduce you into an informality that can really backfire,” said Lonnie Dunlap, director of career services at Northwestern University. “I do think that the traditional methods have to be there. And they have to be very well done. You can get someone’s attention through LinkedIn, but your goal is to get an interview.”

And keep in mind that the hard-copy resume and cover letter are far from obsolete. Mary Spencer, director of career placement at the Milwaukee School of Engineering, said she’s seen an increase in employers asking for paper rather than electronic portfolios at job fairs.

Also, a problem with social media such as Facebook and Twitter is that they may reveal too much personal information to potential employers. Paul, of PwC, oversees new hires and she said social media can cause an unnecessary mix-up of work and personal life. Her suggestion is to keep certain types of social networks completely personal–she says that’s how she uses Facebook–and other types completely professional, such as LinkedIn.

She said job candidates who don’t use social media aren’t likely to be penalized for that by prospective employers. “I personally don’t think that we’re there yet. The employer isn’t there yet,” she said. “The issue with students not using those [methods] means that they are not using a channel and an avenue right there in front of them for free.”

   Tips To Improve Your Chances

The degree to which your job hunt on social-media sites is successful may depend on the type of position being sought. For instance, most public-relations firms already connect to people through Twitter and have designated Facebook pages. Same goes for corporate communications positions. However, Kevin Nicols, the chief executive of a small publishing company, said that a search for any job–entry level and professional–can be enhanced through social media.

Three years ago, Nicols started two LinkedIn groups in the San Francisco Bay Area; they now have about 1,500 members. He said social networking is a tried and true method that has worked for him, as well as many of the people in his group. With social media, applicants are able to connect with people within certain companies who can act as an advocate for them within the company.

Nicols offered the following tips for using social media to enhance your job search:

-Become an active participant on a social network.

-Find people within your desired industry and let them know you’re searching.

-Once you become introduced to someone online, even though that might “soften the blow of cold calling,” don’t forget that meeting people face-to-face is still the ultimate goal.

-Practice what Nicols calls “good job karma”–rather than just asking for help from others, do your part to give back and help others out.

Finally, don’t forget that it’s not always as easy as some make it seem. Brittany Sykes, a recent graduate of Penn State University, has been on the lookout for a public-relations job in the entertainment industry since May. Sykes, 22, said she hasn’t had too much luck, although she follows many PR firms on Twitter and has seen a fair amount of job postings.

The job search can be challenging, she said, but the use of social media is bringing a little hope in her search. “I get stressed out sometimes when my parents drive me crazy [about finding a job]”, she said. “But I get really excited when I make some type of connection.”

(Catherine Ngai is a freelancer for MarketWatch. She can be reached at 415-439-6400 or via email at AskNewswires@dowjones.com.)

Is World War III Going To Be Started via Cyber Warfare? Pentagon is Prepairing.

The Pentagon, headquarters of the United State...

Image via Wikipedia

By Anna Mulrine,
Staff writer, CSMonitor

(AXcess News) Washington – The Pentagon is rapidly preparing for cyberwar in the face of alarming and growing threats, say senior defense officials, who add that sophisticated attacks have prompted them to take the striking step of investigating the feasibility of expanding NATO‘s collective defense tenet to include cyberspace.

But as such planning intensifies, the military is struggling with some basics of warfare – including how to define exactly what, for starters, constitutes an attack, and what level of cyberattack warrants a cyber-reprisal.

“I mean, clearly if you take down significant portions of our economy we would probably consider that an attack,” William Lynn, the deputy secretary of defense, said recently. “But an intrusion stealing data, on the other hand, probably isn’t an attack. And there are [an] enormous number of steps in between those two.”

Today, one of the challenges facing Pentagon strategists is “deciding at what threshold do you consider something an attack,” Mr. Lynn said. “I think the policy community both inside and outside the government is wrestling with that, and I don’t think we’ve wrestled it to the ground yet.”

Equally tricky, defense officials say, is how to pinpoint who is doing the attacking. And this raises further complications that go to the heart of the Pentagon’s mission. “If you don’t know who to attribute an attack to, you can’t retaliate against that attack,” noted Lynn in a recent discussion at the Council on Foreign Relations.

As a result, “You can’t deter through punishment, you can’t deter by retaliating against the attack.” He lamented the complexities that make cyberwar so different from, say, “nuclear missiles, which of course come with a return address.”

How to pinpoint the source of a cyberattack is a subject being discussed by Pentagon officials with their counterparts in Britain, Canada, and Australia, among others, in advance of the upcoming NATO summit in Lisbon in November, at which cyberwarfare is an item on the agenda. Officials from NATO member states are also discussing such fundamental issues as how to share information and exchange related technologies, illustrating that the concept of a collective cyberwarfare defense is still in its infancy.

Lynn is among those working to develop the Pentagon’s new cyberstrategy, which is focusing both on how to defend the military’s classified networks as well as how to protect the Internet itself.

This upending of some key tenets of military doctrine is prompting the Pentagon to look to some surprising new places for strategic models of cyberdefense, including public health. “A public health model has some interesting applications,” Lynn said. “Can we use the kinds of techniques we use to prevent diseases? Could those be applied to the Internet?”

To that end, the Pentagon is now researching means of introducing internal defenses to the Internet so that it acts more like a human organism. When it’s hit with a virus, for example, it might mutate to fend it off. Such strategies are meant to “shift the advantage much more to the defender and away from the attacker,” Lynn said.

The problem is that the Internet currently has very few natural defenses. And sophisticated crafted viruses like Stuxnet are even tougher to fend off. Indeed, the Web “was not developed with security in mind,” he added. “It was developed with transparency in mind; it was developed with ease of technological innovation.” Those same attributes do not lend themselves to good security. Among the potential targets for cyberattack frequently mentioned by cybersecurity experts are the nation’s powergrid and financial system.

It was in 2008 that a cyberattack on Pentagon networks – an attack attributed to an unnamed “foreign intelligence service” – served as a wake-up call for US defense leadership. “To that point, we did not think our classified networks could be penetrated, so it was – it was a fairly shocking development,” said Lynn, adding that it was a “seminal moment” in a new military frontier.

Lynn put forward an analogy to early American warfare that the Pentagon often likes to call upon to illustrate its point. “If you figure the Internet is 20, 20-plus years old, and you kind of analogize to aviation … the first military aircraft was bought, I think, in 1908, somewhere around there. So we’re in about 1928,” he said.

“We’ve kind of seen some … biplanes shoot at each other over France,” he added. “But we haven’t really seen kind of what a true cyberconflict is going to look like.”

He warned, however, that there were a few things that appear clear. It is a kind of war that “is going to be … more sophisticated, it’s going to be more damaging, it’s going to be more threatening” than it appears at the present, Lynn said. “And it’s one of the reasons we’re trying to get our arms around the strategy in front of this rather than respond to the event.”

Have you checked your Facebook PhoneBook yet?

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook has shamefully added all of our friends phone numbers for everyone to see.  Was this a mistake or the evolution of facebook?  See it for yourself, go to the top right of your screen, click “Account” the “Edit Friends”.  On the upper left side of your screen is the “Phone Book”. Everyone’s phone numbers are now being published.  You need to manually change your privacy settings to fix this problem.
Unless Facebook changes their ways, you better get very familiar with the user interface on the facebook privacy page.

Q1 Labs Releases SIEM For Social Media

Image representing Q1 Labs as depicted in Crun...

By Mathew J. Schwartz
InformationWeek
September 28, 2010 08:00 AM

Q1 Labs on Monday announced the release of its latest security information and event management (SIEM) product, QRadar 7.0, which now has the ability to monitor social media networks and online communication tools, including Facebook, Gmail, LinkedIn, Skype and Twitter, in real time.

QRadar, as with most SIEM products, uses deep packet inspection technology to watch, in real time, for the presence of web-based malware or known vulnerabilities being introduced to the network, monitor for behavior that’s outside the norm, as well as to scan for data loss prevention, among other capabilities.

Q1 Labs said that the new QRadar will also be part of its Security Intelligence Operating System — “a unified architecture for collecting, storing, analyzing and querying log, threat, vulnerability and risk related data” — due out by the end of the year.

“Companies today face the increasing challenge of keeping their networks safe from hackers that have evolved, and that are taking advantage of new avenues of attack — such as social networking sites and applications utilized by partners, outsourcers and employees,” said Sandy Bird, CTO of Q1 Labs, in a statement. “They are also faced with keeping productivity up, due to the ‘always connected’ mentality of employees that want to be constantly connected to their social networks.”

Accordingly, the new version of QRadar extends SIEM to social networks, adding the ability to identify which users access which social networks, chart volume and patterns of usage, and inspect any content being transmitted via such services. In addition, the software can be set to automatically alert security managers when application activity, transmitted data or user behavior violates corporate policies or typical usage patterns, which may indicate that an attacker has breached the network.

Other new features in QRadar 7.0 include inventorying applications on enterprise PCs to determine whether they contain known vulnerabilities. In addition, the software can benchmark how users and applications normally behave, to detect anomalies, for example if a worker logs in at unusual times, or suddenly begins downloading excessive amounts of data from a cloud-based application, either of which could be the only indication that an account has been compromised.

Indeed, according to Gartner Group analyst Mark Nicolett, “application activity monitoring is important because application weaknesses are frequently exploited in targeted attacks, and because abnormal application activity may be the only signal of a successful breach or of fraudulent activity.”

%d bloggers like this: