02 Sep Lab Matters - Kaspersky Academy - a platform for connection Ryan Naraine
01 Sep Insights from the 1st Ibero-American Summit Dmitry Bestuzhev
18 Apr Infiltrate 2011 and Offensive Security Kurt Baumgartner
01 Mar Kaspersky Analyst Summit 2011 Costin Raiu
11 Jan Techfest Mumbai 2011 Costin Raiu
Join our blog
You can contribute to our blog if you have +100 points. Comment on articles and blogposts, and other users will rate your comments. You receive points for positive ratings.
Dan Geer's fantastic Keynote Speech kicked off Day 2 of SOURCE Conference Boston this morning. The talk itself was heady and complex, something to keep up with. Notable talks also were Jeremey Westerman's "Covering *aaS - Cloud Security Case Studies for SaaS, PaaS and IaaS", and Dan Rosenberg's "Android Modding for the Security Practitioner".
"The internet will never be as free as it is this morning." Dan Geer is one of the best, sharpest computing/network security speakers around. His talk descended from a high-level, lengthy, example-laden description of most every developed nation's dependency on the internet: "Dependence with respect to the internet is transitive, dependence on television is not...We are at the point where it may no longer be possible to live your life without having a critical dependence on the Internet, even if you live at the end of a dirt road but still occasionally buy nails or gasoline." And, he wound through multiple examples of failures in US systems to provide fallback options. He talked about his little local bank, whom he wrote a letter to close down the auto-created online account he wouldn't use. They, as an exception, closed it down immediately. His 401k account administrator Fidelity Investments, on the other hand, would not accept customer instructions from him in writing. The company continues to send him mailed marketing content of all kinds in writing at the address from which he sends his letters. Their auditors apparently approve of Fidelity's rejection of customer-initiated hand-written delivered communications, instead, accepting email/online chat messaging or instructions over the phone. This discussion made its way through systems design, unified field theory, and fault tolerance, eventually landing on key points that intrusion prevention is agreed not to be a workable model, instead, the elegance of "intrusion tolerance" must be built into systems, and countries and organizations that cannot build tolerance into their systems are not sustainable. Favorite quotes: "forget the banks, it is the internet that is too big to fail", "Is there room for those who choose simply to not participate in the internet?", "HTML5 is Turing complete. HTML4 is not", and "Should we preserve a manual means? Preserving fallback is prudent if not essential."
Jeremy Westerman's "Covering *aaS - Cloud Security Case Studies..." presented several design cases for Universities and other organizations. The single most important point to learn from this talk is that API key management is unfortunately not handled with as much urgency and awareness as private SSL keys for large organizations. This API key, in the context of multiple, popular single sign-on (SSO) solutions in use at large universities, is the key to tens of thousands, if not hundreds of thousands, of email accounts. Similar API key schemes are implemented on IaaS solutions like the Xen supported Amazon EC2 environment and VMWare vCloud Teramark environments. Without appropriate awareness, developers are storing that key in improper locations like the hard drive of the sign-on machine, or the developers themselves are storing keys on their development system hard drives in non-obvious places, emailing/"dropboxing" them around to each other and then simply transferring the API keys to the production environment, instead of re-issuing production API keys. It is practically imperative that these keys are taken out of the hands of developers. These loose handling practices are bad news - viral code like Sality and other viral code and worms previously high in our prevention stats have maintained functionality to steal FTP and web admin account passwords in order to silently host malicious code, encrypted or otherwise, on legitimate web sites without the owner's knowledge. In other words, developers have been effective and weak targets in the past for credential theft, enabling silent site compromise and malicious use. Most schools don't want that - I remember one unfortunate notification at a small Arts college, where the web admin really didn't want to believe that the encrypted blob of data hosted on his school's web server was a viral payload updating other students' infected systems, located there because his credentials were Sality-stolen after trying to run cracked software distributed over a P2P network. Anyway, it happens and it can be planned for and prevented.
Kaspersky Lab is paying a lot of attention to IT security education & literacy development sharing its knowledge & experience actively through its educational program "Kaspersky Academy" which offers unique opportunities for students & young professionals to improve their knowledge of IT security, gain new experience and communicate with industry experts, realize their scientific potential as well as get exciting career opportunities & open the door to the professional world of IT security. Ram Herkanaidu, educational manager, is telling about academic initiatives of the company.
Security researchers from around the world are digesting the weekend's fare at Infiltrate2011, organized by security outfit Immunity. "No policy or high-level presentations, just hardcore thought-provoking technical meat" was promised, and presenters served it up sizzling.The sessions folded in a variety of topics slicing up current offensive security issues with some defensive interest mixed in. Discussions spread from technical wizardry attacking hardened linux kernels to general network exploration and reconnaisance. Infiltrate2011 itself follows somewhat on the Blackhat/Defcon conference model, but reduces the corporate marketing at those conferences. The peer reviewed set of presentations and research sponsored by one of the best known offensive security/penetration testing groups in the business sets the bar high and undistracted for the level of technical content. The final agenda is listed here.
Twice every year, analysts from Kaspersky meet for a couple of days to brainstorm over ongoing security issues, think about new ways to protect the users and fight against new breeds of threats.
The first summit for 2011 took place earlier in February, and brought together over 100 people from various departments inside the company. Although the exact subjects of the talks are secret as usual, the discussions revolved around subjects such as Android threats, targeted attacks, whitelisting and digital certificates.
Every company has its basis, the community, which greatly helps to improve the products by giving feedback and input. Kaspersky Lab can count itself lucky to have very diligent people which honorary moderate our official Kaspersky Lab forums, test our beta versions to find bugs before new products hit the market and create community projects.
This week we finally met some of our friends in person since they visited our German office in Ingolstadt to exchange ideas and discuss possibilities to improve our cooperation. Colleagues from retail support, the localization and testing team as well as virus analysts attended the meeting from our side.
We learned about community projects and what role Kaspersky Lab could play in it to support the undertakings. We discussed our products and my colleague Stefan Ortloff demonstrated how to reverse malware.
Looks like Moscow, but it isn't. Winter has now officially started off in Germany.
Overall, this was a very fruitful event. Thank you all for visiting us despite the adverse weather conditions. And an additional BIG thank you to all the active people in the community, your help is greatly appreciated!
This was the first meeting of this kind in Germany, but certainly not the last!
It was a special event for Kaspersky Lab since we had a record-breaking total of seven speakers: who covered the most interesting and hot topics such as mobile malware, on-line fraud and black markets, targeted attacks. Last, but not least, we were able to reveal some new details about Stuxnet in a joint presentation with Microsoft. The VB conference demonstrated again how important cooperation between researchers is. Between the joint work on Stuxnet and the Zeus-related arrests we saw how AV researchers from different countries; cultures and companies join forces to fight cyber crime and to make this world safer.
Last year when we were in Dubrovnik, Croatia, I made a WiFi study. The statistics I obtained showed quite a dangerous situation regarding security in the local WiFi networks. In many cases the network traffic wasn’t encrypted at all and susceptible to a data leak.
One year later the subject of WiFi security is even more apparent. If you remember, the Google Sniffing beta recently made their own study, and my colleague Costin Raiu wrote a blog post about it, giving important security tips to protect yourself and your network from intruders.
This year our Security Analysts Summit takes place in Limassol, Cyprus. So, I decided to see what the local WiFi security situation is, and what the Google Sniffing beta would find if they performed it right here.
Aside from the beautiful views (you can see in the picture above) we can say the following:
We've just held the first European edition of our international student conference, IT Security for the Next Generation. Young researchers, masters and PhD students, professors and Kaspersky Lab experts all presented and discussed different issues relating to cybercrime at the beautiful University of East London.
I was involved as a member of the program committee and had to evaluate students' research reports and papers. To be honest, it wasn't an easy task to choose the best from so many different interesting topics: incidents caused by botnets, analysis of drive-by download attacks, measuring malware & spam, psychology of cybercrime, etc...
The event gave young IT professionals to attend lectures and workshops led by Kaspersky analysts and experts: my colleague, Denis Maslennikov made an interesting workshop about mobile malware, Georg Wicherski let participants into some of the basics of malware analysis, Eddy Willems talked about the human factor and security, and Sergey Golovanov revealed how he became a Kaspersky expert.
But the conference wasn't just about lectures and learning: we had two days full of fun, drive, meeting new people and great teambuilding, as well as surviving the English weather!
It's sad that the conference is over, but we'll be running more events like this on a regular basis around the world. And I'm sure that meetings like this inspire everyone to new challenges, new research, new opportunities, and that everyone who came is motivated to be with us on the light side!