Four years of Google Security

Google is hard at work on the forefront of the fight against malware. For over five years now, google’s safe browsing initiative has protected users from malware and sites that carry it. This article (
http://googleonlinesecurity.blogspot.com/2011/08/four-years-of-web-malware.html
) shows google’s achievements on the analysis and growth of malware on the internet. Some things they have covered are rates of social engineering, IP cloaking, and new detection capabilities that are state of the art for the safe browsing initiative.

We should be glad that google works so hard to prevent viruses on the internet. As the blog will show us many viruses are impressive and can harm not only your computer, but your information. There is no better thing than being perfectly secure, and with the efforts of google and other anti-virus agents on the internet, we could in due time be looking at a new age free of viruses.

Ultra-sophisticated malware “Duqu” takes several years to complete

The Duqu virus was built to gather intelligence. It is a trogan with many variants. It took four years to finish. Most impressively, it could have been made by the same people who made the Stuxnet worm that sabotoged Iran nuclear program. Not only is it like a precursor to Stuxnet, but it is cleaner and makes less mistakes. It can be used in several different ways to attack the kernel of a Windows machine. The article(
http://www.computerworld.com/s/article/9221760/Hackers_may_have_spent_years_crafting_Duqu?taxonomyId=17&pageNumber=2
) has more details about this trogan malware.

A team of people working on this virus for 4 years can be a tool of computing power. The result of their work is Duqu (and possibly Stuxnet). Groups of hackers working together can have a huge outcome, and no amount of security can stop so many people working together. The internet is vulernable; something needs to be done about hackers and viruses.

Are clouds as safe as they seem

Panda Security’s malware research laboratory’s CI (collective intelligence) engine recently discovered a large amount of malware in cloud based computing systems. The article ( 
http://www.computerworld.com/s/article/9221755/CI_pinpoints_200_millionth_piece_of_cloud_based_malware?taxonomyId=17
 )  tells us that one third of all the malware on the internet was created in the first 10 months of 2010.  This malware Not only are there 200 million instances of malware on clouds today, the number continues to grow at an increasing rate.

Cloud technology is a simple and reliable way to share software. The problem is that the cloud needs to have impressive security, otherwise they will be vulnerable to attack. An attack on a cloud system will allow an attacker access to multiple systems further compromising the integrity of the cloud. Is the cloud as safe as it seems? Or will hackers see them as internet zeppelins, ripe for attacking.

Making you an internet ninja.

It is suprisingly easy to find information about a target on the internet. You could be this target! Every piece of information about you is valuable, especially to people who want it. If you aren’t careful these people can just snatch it up and be you for whatever terrible deeds they want to commit. Thankfully, the good people at squidoo are here to help.

This website
http://www.squidoo.com/personalInformation
has a whole lot of ways to make you an invisible internet lurker. Some questions they answer are:

-How to Remove Your Name and Information from Google Search Engine Results

-How My Personal Information is Exposed

-How to Remove Information from State and City Records

And other means of information removal. Follow the advice they give because someday you could be the target of an attacker and you won’t know until it is too late!

America will not provoke war!

This article (
http://www.wfaa.com/news/politics/Cyber-weaknesses-should-deter-US-from-waging-war–133493833.html
) explains that America is so weak to cyber attack that it would be too risky to initiate war. Many countries could hit us over the internet, a new tool of war, and have devastating effects. Even a battlefield can be harmed! If equipment just stops working then things would turn out pretty badly. It is simply too risky for us to go to war, and we are at huge risk of being attacked. Until we can fix our internet problem, we will be at a severe disadvantage to any opposing forces.

The good news is that now the network is becoming more secure. If we manage to make our internet infrastructure more secure then we might actually transition into a position of advantage over other weaker networks. But for now, we are in a no – attacking position and if we weren’t at such a risk for being attacked (like an unfair cold war) then I would feel pretty happy about our forced pacifism.

A possible way to make people more security aware

The video we watched in class today about the crazy eddie plan made me think that maybe people would understand better security if they understood that people out there are trying to get them. Sal was a likeable person but he was also a criminal. The reason why he was able to get away with so much was because he would prey on human emotion. Thing is once he got you, he would attack your weaknesses as a human and exploit you. If more people understood that attitude maybe they would not want to be “gotten” by the scheme. Then again, it is tough to be truely secure, and maybe teaching people about this attitude would have either no, or a poor effect. What do you think?

Developing the security mindset

What is a mindset? It can be defined as:

• beliefs that affect somebody’s attitude: a set of beliefs or a way of
  thinking that determine somebody’s behavior and outlook

This might be simplified by saying, “the way you think”. So how do you make yourself think in a way that is security focused?

Mild tangent: It’s true that good cops think like criminals. By this logic, who do good security professionals think like? Like hackers? Like information gatherers similarly to China? This is not good enough. A security professional should be a paragon of security; a cop should think like a criminal and the person being offended and the landlord of the apartment being robbed and then so on. Simply put, every angle should be covered.

One such person is Bruce Schneier. On the page
http://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html
where Schneier talks about his views on security he makes statements that might be out of the normal range of statements for a non-security pro, such as “What’s really interesting is that these people will send a tube of live ants to anyone you tell them to.” (talking about a company that does just that). There is always a weakness, something exploitable. Is the security mindset about finding weaknesses, like a therapist’s arch-nemesis?

A security mindset can always use improvement. How do you create a security mindset. Security pros will look at how something can be broken. So are people with this method of thinking applying it to everything they do? Or is there a “security mode” that is turned on when something that has a weakness appears.

Surely, everyone will have their own approach to security. So what is security to you? I think security is an understanding in full, including it’s shadow (what is and what isn’t). It is about repairing or using weaknesses. Imagine new ways to look at a problem, different resources to exploit, and you will be closer to finding a better solution. Understanding the way other people think of security will allow you to be a better security guy or gal. But what really is security, and it’s ‘mindset’?

Anti-Virus webpages actually a virus?

How can you really be sure that a webpage does not carry any viruses? The truth is you cannot. We can find out how other users feel about the security of a website using google’s resources (a tool that allows people to rate websites for their security). You can use https instead of http, and look at the url for disrepancies. You can even look at certain websites and judge if they hide viruses or not. But it is impossible to be completely safe from viruses on the internet.

In 2008, Trendmicro (an anti-virus provider) had a virus named “JS_DLOADER.TZE” on one of their information pages. Apparently a hacker made his way into this page and planted the virus on the page. The virus was planted using SQL injection on web applications on the site’s Virus Information Page (read more here
http://translate.google.com/translate?u=http%3A%2F%2Fjp.trendmicro.com%2Fjp%2Fabout%2Fnotice%2F0312%2Findex.html&langpair=ja%7Cen&hl=ja&ie=UTF8
 I hope its not a virus)

Even anti-virus pages are not safe from viruses. Not to mention anti-virus programs that ARE actually viruses. Even your website could have an unwelcome parasite. Is there a way to be safer on the internet? Now is the best time to start being safe and secure, protecting yourself from threats to you and more importantly your information.

Video Surveillance

Is video surveillance good or bad? Setting up cameras to watch people as they go about their daily lives is no good. It is creepy and Orson Well’s 1984 – like (and 1984 was a very scary read for me).

The advantages of having cameras are obvious. You can have a recording of all the things that passed by your shop or this popular street and so on. If we manage to be able to read people’s faces and mob actions, then they will be more useful and even more prevalent. Crime could seriously be reduced if we can capture the faces of criminals the moment they walk outside.

The disadvantage is its influence on the public. To be honest, it creeps the bejesus outta me to think that I am on camera. Thinking about some weird dude sitting in a dark room, chuckling to himself as he follows some innocent wanderers as they go buy porn or other terrible things makes me very nervous. They already have cameras that take hilarious pictures of people cutting red lights, but if it becomes more about information gathering than protection, we might be at a serious disadvantage to the people in control of cameras (which could end up being the wrong people). Not being able to trust the people videotaping you is fearful.

So what do you think? Are cameras naughty or nice? A security problem or a security solution? Note: sure there are many problems that can be solved by cameras, but are they worth the constant surveillance? (instead of risk assessment, ethical assessment)