Pulse


Pulse

By GCN Staff


3 tips for secure use of USB drives in the agency

The convenience USB drives offer for portable storage is well known. But so is the potential security threat.

Devices can easily be lost or stolen, putting agency data at risk, or used to deliberately take data from an agency, as Edward Snowden did. They can even be used to introduce malware to a network: A 2011 penetration test by the Homeland Security Department found that 60 percent of USB drives deliberately left in agency and contractor parking lots were picked up and inserted into network computers.

In a recent blog post, Chris LaPoint, vice president of product management at SolarWinds, offered three basic steps agencies can take to ensure USB drive security:

Monitor and track network activity. Unusual activity can indicate breaches or USB-introduced malware. 

Use a secure managed file transfer system. These Web-based systems control access through virtual folders, eliminating the need for physical media and allowing for active monitoring. 

Use a USB defender tool. These provide real-time alerts whenever a USB drive is in use, and block usage if a malicious attack is detected. 

Government agencies have struggled with how to balance the convenience of portable storage devices with the security risks they create. In fact, the Defense Department instituted a ban on these devices for two years, which was eventually lifted in favor of regulated use. Sound precautionary measures, and use of products such as encrypted USB drives, can help agencies store and share their data efficiently.

Posted on Nov 12, 2013 at 7:43 AM0 comments


Microsoft issues fix for zero-day IE flaw

Microsoft’s monthly Patch Tuesday update includes a fix for a recently discovered zero-day vulnerability in Internet Explorer that the company said was being exploited. The flaw is present in all versions of Windows from XP through the most recent version, 8.1.

The security company FireEye said it had found exploits of the flaw carried out against IE 7, 8, 9 and 10, on PCs running XP or Windows 7, Computerworld reported. FireEye said the exploits were part of a watering hole campaign involving an infected website in the United States. The company didn’t identify the site but said it focused on domestic and international security policy.

Watering hole attacks are becoming popular among malicious actors as an alternative to attacks such as spear phishing. Like spear phishing, they’re highly targeted, but instead of sending someone a targeted email that will try to induce them to click on a link to an infected site, watering hole attacks pick sites their targets are likely to visit, infect the site and then lie in wait. When the target — either an individual or someone from a targeted group — visits the site, the user's computers can be compromised.

The exploit FireEye found was unusual because it was designed to erase itself when the PC is rebooted, Darien Kindlund, the company’s manager of threat intelligence, told Computerworld. Such an attack harder to detect because it leaves no trace after the restart, but it also means that the attackers must have operators on hand when a target, likely identified by its IP address, visits the site to take advantage.

Posted on Nov 12, 2013 at 11:10 AM0 comments


A HealthCare.gov denial-of-service attack tool is found. Really.

As if it didn’t already have enough problems of its own, researchers at Arbor Networks have found a denial-of-service attack tool that targets HealthCare.gov, the main federal health care exchange website.

“Destroy Obama Care!” exhorts the writer of the tool, a self-styled American patriot. “ObamaCare is an affront to the Constitutional rights of the people. We HAVE the right to CIVIL disobedience!”

“It’s pretty lame,” said Marc Eisenbarth, manager of the Arbor Security Engineering & Response Team (ASERT).

An analysis of the tool concluded that it is unlikely to succeed in affecting the availability of the site, and Eisenbarth said that there is no indication that it has been used or that the problems being experienced at HealthCare.gov are anything other than self-inflicted.

The tool at one time was available for download on several sites but has since disappeared. “It’s basically gone,” Eisenbarth said, although no exhaustive search for it has been done.

It was found by ASERT through monitoring of peer-to-peer networks using algorithms to detect politically motivated attacks. The anti-ObamaCare tool was interesting more for its motives and rhetoric than for its content, Eisenbarth said. Rather than using any of the available off-the-shelf DDOS attack tools, it was developed by the author using Delphi, a language that often is traced to Russia although that does not appear to be the case this time. Each copy of the tool opens multiple links that make repeated layer 7 -- application layer -- requests to the site, alternating between the URLs for the site’s home page and the contact page.

The author claims that the tool is intended only to deny service to users of the site “and perhaps overload and crash the system,” and that “it has no virus, trojans, worms or cookies.” Eisenbarth said ASERT found no malicious code in it.

ASERT notified the Centers for Medicare and Medicaid Services, which administers the site, and the Homeland Security Department about the tool, and got a callback from DHS. “We talked them off the ledge,” Eisenbarth said.

Posted on Nov 08, 2013 at 12:04 PM1 comments


DHS cites threats from out-of-date Android OS versions

The Homeland Security Department and FBI have warned police, fire departments and security personnel that Android users running out-of-date operating systems on their devices pose a significant security threat to their organizations, NetworkWorld reported.

In the July memo, which was “for official use only” and therefore not widely circulated, DHS said “industry reporting” showed that 44 percent of Android users were “still using versions 2.3.3. through 2.3.7 of the OS – known as “Gingerbread” – which were released in 2011 and carried a number of security flaws that were repaired in subsequent versions.

“The growing use of mobile devices by federal, state and local authorities makes it more important than ever to keep mobile OS[es] patched and up-to-date,” the notice said.

DHS cited three threats to those carrying devices with obsolete Android OSes and outlined a mediation tactic:

SMS Trojans

Text message Trojans account for about half of the malware on older Android devices, DHS said. A common exploit sends texts to premium rate phone numbers owned by criminals and results in high charges to the user. Security suites are now available to knock out the threat, according to the memo.

Rootkits

This is hidden malware that logs a user’s locations, keystrokes or passwords without the user’s knowledge. DHS recommended installing the Carrier IQ test free app that can find and remove the malware.

Fake Google Play domains

Users should install and update antivirus software to knock out these exploits, which trap users into installing apps that let hackers get at financial data and log-in credentials, DHS warned.

Posted on Nov 06, 2013 at 11:23 AM0 comments


Motorola brings modular phones closer to reality

Dave Hakkens’ Phoneblok idea is getting some traction. The project, which envisions phones as open-source, modular devices whose individual components can be changed out and upgraded as needed, got almost a million backers on the Thunderclap website, showing that many people would buy such a phone if it was available. 

Meanwhile, Motorola had been quietly working on a similar idea called Project Ara that, like the Phoneblok, uses a frame to hold the modules in place. A module, according to the Motorola blog, could be a new application processor, a new display or keyboard, an extra battery, a pulse oximeter and so on. 

The idea is to let people customize their phones, or upgrade or replace parts without buying an entire new phone.

Now, Hakkens and Motorola are working together to make the modular phone concept a reality, according to Design Taxi. Motorola will work on Project Ara in the open, engaging with the Phonebloks community throughout the development process. In a few months, the company expects to invite developers to start creating modules for the Ara platform.

Posted on Nov 06, 2013 at 8:30 AM0 comments