George C. Dimitriou

Technology and Strategy Consulting
Subscribe

Archive for the ‘Security’

German Government: Stop Using Internet Explorer.

January 16, 2010 By: George Category: Security No Comments →

In a statement issued yesterday, the German Federal Office for Security in Information Technology recommends that all Internet Explorer users switch to an alternative browser. They may resume using Explorer after a fix is issued by Microsoft for a critical vulnerability that has been implicated in the Chinese cyber attack against Google.

Affected are the versions 6, 7 to 8 Internet Explorer on Windows systems XP, Vista and Windows 7 Microsoft has released a security advisory in which it discusses ways of minimizing risk and is already working on a patch to close the security gap. The BSI expects that this vulnerability will be used in a short time for attacks on the Internet.

According to the statement from BSI, even running Internet Explorer in “protected” mode is not enough to prevent a hacker from exploiting this security flaw.

Code Broken.

January 08, 2010 By: George Category: Computing, Security No Comments →

Researchers of the Cryptology and Information Security group of the Centrum Wiskunde & Informatica (CWI) in Amsterdam with partners from Germany (BSI and Bonn University), France (INRIA Nancy), Japan (NTT) and Switzerland (EPFL) have broken a 768-bit RSA key by finding its prime factors. This new record demonstrates the vulnerability of 768-bit RSA keys.

The first 512-bit RSA key was broken in 1999, in 2005 followed by the first 663-bit key. Extrapolating this trend, it is reasonable to expect that 1024-bit keys will exhibit a similar degree of vulnerability within the next decade as 768-bit keys do now.
The 768-bit factored key is an integer of 232 digits. During a timeframe of 2.5 years many thousands of CPUs on a large number of different locations were deployed to break this key. The total amount of computing power used is equivalent to 1700 2.2 GHz CPUs during one year.

Technical summary:
https://documents.epfl.ch/users/l/le/lenstra/public/papers/rsa768.txt
Preprint paper:
http://eprint.iacr.org/2010/006.pdf

State of the Internet 2009 report

January 08, 2010 By: George Category: Digital World, Security No Comments →

The latest «State of the Internet 2009» report issued by CA, Inc. profiles the top online threats from 2009. The study, based on data compiled by CA’s Global Security Advisor researchers, found that rogue security software, search index poisoning, social networks and cybersquatting were among the most notable online threats of 2009.

CA security researchers also offer predictions for the top Internet threats for 2010, including an increase in “malvertising” and the potential for another big computer worm outbreak like Conficker.

View/Download (529 KB PDF)

Security in the Ether.

December 26, 2009 By: George Category: Computing, Security No Comments →

The January issue of Technology Review features an important article discussing whether cloud computing is secure enough for broad public use. “Security in the Ether,” by David Talbot, brings to light some of the serious technology concerns from cloud based applications including Gmail, Twitter and Facebook.

Cloud crowd: Some 4,000 servers hum at Cloud crowd: Some 4,000 servers hum at IBM’s cloud computing center in San Jose, CA.   Credit: Jason Madara, CA.   Credit: Jason Madara

Cisco 2009 Midyear Security Report.

September 28, 2009 By: George Category: Security No Comments →

Report Highlights:
• Criminals are exploiting traditional vulnerabilities because they believe security experts and individual users are paying little attention to these types of threats.
• Compromising legitimate websites for the purpose of propagating malware remains a highly effective technique for criminals.
• Web 2.0 applications, prized for their ease of use and flexibility, have become lures for criminals.
• Criminals are now targeting online banking customers using well-designed, localized text message scams that leave virtually no trail in their wake.
• The Obama administration has made strengthening U.S. cybersecurity a high priority, and plans to meet threats by using technological innovations and partnering with the private sector. Other countries are similarly increasing efforts to enhance cybersecurity and prevent cybercrime.
• Compared to 2008, the number of vulnerabilities and discrete threats has not risen as quickly. According to research by Cisco, this is a clear sign that the security community is succeeding in making it more difficult for attacks to take root and grow.

Read the Cisco 2009 Midyear Security Report.  (PDF – 5.7 MB)
Read the Cisco 2008 Annual Security Report     (PDF – 4.3 MB)

Korea will Train 3.000 Cyber Sheriffs.

September 14, 2009 By: George Category: Digital World, Security No Comments →

The South Korean government will train 3.000 “cyber sheriffs” by next year to protect the country from future cyber attacks, reports the South Korean Newspaper Korea Herald.

Cyber sheriffs are trained experts capable of maintaining cyber security for businesses from cyber attacks and malicious hackers. The Korean government plans to encourage colleges to open intensive courses to train cyber experts. Graduates of the courses will be hired by government offices and businesses in the future, officials said.

Bill Would Give U.S. President Emergency Control of Internet.

September 01, 2009 By: George Category: Digital World, Security No Comments →

Internet companies and civil liberties groups were alarmed this spring when a U.S. Senate bill proposed handing the White House the power to disconnect private-sector computers from the Internet.

They’re not much happier about a revised version that aides to Sen. Jay Rockefeller, a West Virginia Democrat, have spent months drafting behind closed doors. CNET News has obtained a copy of the 55-page draft of S.773 (excerpt), which still appears to permit the president to seize temporary control of private-sector networks during a so-called cybersecurity emergency.

The new version would allow the president to “declare a cybersecurity emergency” relating to “non-governmental” computer networks and do what’s necessary to respond to the threat. Other sections of the proposal include a federal certification program for “cybersecurity professionals,” and a requirement that certain computer systems and networks in the private sector be managed by people who have been awarded that license.

Read the full post on the original site.