Live Chat Software by Kayako
 News Categories
(19)Microsoft Technet (2)StarWind (4)TechRepublic (3)ComuterTips (1)SolarWinds (1)Xangati (1)MyVirtualCloud.net (27)VMware (5)NVIDIA (9)VDI (1)pfsense vRouter (3)VEEAM (3)Google (2)RemoteFX (1)developers.google.com (1)MailCleaner (1)Udemy (1)AUGI (2)AECbytes Architecture Engineering Constrution (7)VMGuru (2)AUTODESK (1)storageioblog.com (1)Atlantis Blog (7)AT.COM (2)community.spiceworks.com (1)archdaily.com (14)techtarget.com (2)hadoop360 (3)bigdatastudio (1)virtualizetips.com (1)blogs.vmware.com (3)VECITA (1)vecom.vn (1)Palo Alto Networks (4)itnews.com.au (2)serverwatch.com (1)Nhịp Cầu đầu tư (3)VnEconomy (1)Reuters (1)Tom Tunguz (1)Medium.com (1)Esri (1)www.specommerce.com (1)tweet (1)Tesla (1)fool.com (6)ITCNews (1)businessinsider.com (1)hbr.org Harvard Business Review (1)Haravan (2)techcrunch.com (1)vn.trendmicro.com (3)thangletoan.wordpress.com (3)IBM (1)www.droidmen.com (2)blog.parallels.com (1)betanews.com (6)searchvmware.techtarget.com (1)www.bctes.com (1)www.linux.com (4)blog.capterra.com (1)theelearningcoach.com (1)www.examgeneral.com (1)www.wetutoringnation.com (1)chamilo.org/ (1)www.formalms.org (1)chalkup.co (1)www.mindonsite.com (5)moodle.org (4)moodle.croydon.ac.uk (1)opensource.com (1)1tech.eu (1)remote-learner.net (1)paradisosolutions.com (2)sourceforge.net (7)searchbusinessanalytics.techtarget.com (1)nscs.gov.sg (1)virten.net (1)fastest.com.vn (1)elearninglearning.com (2)www.computerweekly.com (1)youtube.com (2)computer.howstuffworks.com (2)techz.vn (2)techsignin.com (1)itworld.com (7)searchsecurity.techtarget.com (1)makeuseof.com (1)nikse.dk (1)4kdownload.com (1)thegioididong.com (1)itcentralstation.com (1)www.dddmag.com (1)Engenius (1)networkcomputing.com (1)woshub.com (1)hainam121.wordpress.com (1)www.lucidchart.com (1)www.mof.gov.vn (3)www.servethehome.com (6)www.analyticsvidhya.com
RSS Feed
News
Nov
10
IBM Cloud Private pulls from Big Blue's roots
Posted by Thang Le Toan on 10 November 2017 02:04 AM

IBM sticks close to its roots with IBM Cloud Private, which taps Big Blue's enterprise and middleware strengths to move customers from the data center to private cloud.

Despite continually working to reinvent itself, IBM never strays far from its roots, as evidenced by its move to bring cloud-native technology to the enterprise data center to accelerate digital transformation efforts.

Earlier last week, IBM launched IBM Cloud Private, which enables enterprises to bring modern development technologies such as containers, microservices and APIs -- all attributes of public cloudenvironments -- to private clouds in the data center, where IBM has tenure as a leading technology provider.

Big Blue dominant in the data center

IBM has long held a dominant position in the data center, with its mainframe, database and middleware technology. Now, the company is launching off that base to help its enterprise customers in regulated industries or that have sensitive data -- such as healthcare, government and finance -- gain the benefits of cloud-native computing development tools and processes, portability and integration.

"As part of its private cloud offering, IBM's been enhancing its developer services in the form of an integrated DevOps tool chain via a service catalog featuring a range of runtimes, development frameworks, tools, middleware, OSS and other services," Charlotte Dunlap, an analyst with GlobalData, said. "This plays into IBM's intent to provide developers with the tools, languages and frameworks they're accustomed to using, e.g., extending services to Node.js or Swift developers."

Indeed, the new offering provides developers with access to a variety of management and DevOps tools, including application performance management, Netcool, UrbanCode and Cloud Brokerage. It also includes support for popular tools such as Jenkins, Prometheus, Grafana, and ElasticSearch.

Kubernetes at its core

Yet, it all starts with the Kubernetes container orchestration platform and supports both Docker and Cloud Foundry.

Steve Robinson, general manager of IBM Hybrid Cloud, said that after several entries into the private cloud space with offerings such as Bluemix Local and others, Big Blue "took a clean sheet of paper and took a look at modern development technologies" and decided to base IBM Cloud Private on Kubernetes. "Then, we decided to bring our DevOps stack and middleware stack forward," he said.

IBM introduced container-optimized versions of its core middleware -- IBM WebSphere Liberty, Db2 and MQ messaging middleware -- to complement the new product.

 

Positioning vs. competition

 

Meanwhile, some observers view IBM Cloud Private as IBM's answer to competing offerings such as Microsoft Azure Stack, which provides similar on-premises capabilities. However, IBM said that its strength in middleware and its foundation in enterprise systems set it apart.

 

"This better positions IBM against primary rivals which are Microsoft Azure Stack and VMware/Pivotal, with a cloud strategy that has evolved up the stack from [infrastructure as a service] to [platform as a service] and now to what they call 'enterprise transformation' -- meaning more personalized customer engagement capabilities fulfilled through technologies supporting multi-cloud, cognitive and API, and blockchain," Dunlap said of the new product. "IBM says 71% of its customers today use three or more clouds including public, private and departmental. Private remains their largest customer opportunity with complex requirements and latency issues."

 

This is a key opportunity for IBM in bridging from leading provider for traditional enterprise applications to leading provider for cloud-modernized and cloud-native applications on its IBM Cloud Private and IBM Public Cloud offerings.
Rhett Dillinghamanalyst, Moor Insights & Strategies

 

Based on its own data, IBM estimated that customers will spend more than $50 billion annually on private cloud infrastructure beginning in 2017 and growing at 15% to 20% each year through 2020.

 

Microsoft's one big advantage in the segment is being able to do both public and private cloud almost seamlessly, said Rob Enderle, an industry expert and founder of the Enderle Group.

 

"Recently, Cisco and Google partnered to provide the same capability, and now IBM is moving at the same opportunity," he said. "IBM, like Cisco, should be particularly strong on the on-premises side of this and their execution with SoftLayer has been very strong of late resulting in what should be a very competitive offering. This should expand the available market for IBM's now hybrid solution significantly."

 

In a statement, Tyler Best, CTO of car rental giant Hertz, said, "Private cloud is a must for many enterprises, such as ours, working to reduce or eliminate their dependence on internal data centers." He added that a strategy of public, private and hybrid cloud is "essential" for large enterprises transitioning from legacy systems to the cloud.

 

With such a big opportunity at stake, every cloud vendor is positioning itself to capture as much of the wave of enterprise interest in Kubernetes as possible onto its own platform, said Rhett Dillingham, an analyst at Moor Insights & Strategy. And with IBM Cloud Private, IBM is providing its Kubernetes-based platform for use on private infrastructure with the integrated value of its investment in complementary management and developer tooling.

 

"As part of this, IBM is offering new containerized versions of its software and development frameworks, because it has a big opportunity to help its existing software customers transition to cloud by modernizing their management of IBM WebSphere Liberty-, Db2- and MQ-based applications using containers via Kubernetes," Dillingham said. "This is a key opportunity for IBM in bridging from leading provider for traditional enterprise applications to leading provider for cloud-modernized and cloud-native applications on its IBM Cloud Private and IBM Public Cloud offerings."

Sticking to its knitting

So, with IBM Cloud Private, IBM is sticking to its knitting while helping to advance its enterprise customers with modern development tools.

"IBM Cloud Private extends the value of customers' existing IBM investments rather than being a new, on-premises cloud platform, like Microsoft's Azure Stack," said Charles King, principal analyst at Pund-IT.

The primary benefit of this offering is it enables enterprises to take advantage of the investments they've already made in existing systems, applications and data by bringing them into an elastic cloud platform.

"This will help accelerate application development, more easily expose these applications to new public cloud services and even provide the option of moving applications to the public cloud," said Michael Elder, distinguished engineer for the IBM Cloud Private platform. "We also think it sets an enterprise up with a powerful new tool for workload portability from their datacenter to the public cloud."

The platform provides tools to help bootstrap new applications into containers and enable existing applications for the cloud, he noted.

"We also build IBM Microservice Builder into the platform, which offers preconfigured Jenkins CI service build container images and publishes them to the built-in image registry right out of the box," Elder said.

The system also includes other management and security features, such as multi-cloud management automation, a security vulnerability advisor, data encryption and privileged access, and more.

Moreover, IBM Cloud Private supports Intel-based hardware from Cisco, Dell EMC, Lenovo and NetApp, and it can be deployed via VMware, Canonical and other OpenStack distributions.

 


Read more »



Aug
20
Docker-supported OS list expands with Enterprise Edition update
Posted by Thang Le Toan on 20 August 2017 11:20 PM

Docker Enterprise Edition fired back at Kubernetes with new support for mixed clusters and applications, as well as advanced security features that target large enterprises.

Docker Enterprise Edition has strengthened its case for large IT buyers of container orchestration tools, with new OS support, security and policy-based automation features.

Docker-supported OS types now include IBM z Systems mainframe OSes and Microsoft Windows Server 2016, as well as mixed clusters and applications that run on mainframes, Windows and Linux. Fine-grained, role-based access control and policy-based automation for container images through a DevOps pipeline also are part of this August Docker Enterprise Edition release.

With the addition of these Docker-supported OS features, Windows and Linux containers, as well as mainframe-based ones, can share a cluster of hosts. With this release, mixed OS containers can also be stacked, using a newly developed overlay network, into hybrid applications that may mix, for example, Apache Tomcat servers with Microsoft SQL Server databases.

This will be a key feature for enterprise IT shops that plan to move to container orchestration in the next year or two and use it to modernize legacy applications, said Chris Riley, director of solutions architecture at cPrime, an Agile software development consulting firm in Foster City, Calif.

"Deep container adoption within traditional enterprises is in its formative stages," Riley said. "The addition of z Systems and Windows [Server] native support will show benefits in the next couple of years, as companies upgrade their Windows infrastructure and coordinate that with their mainframe systems."

Mainstream enterprises aren't yet demanding hybrid clusters and applications, according to analysts. However, Docker officials have said HR software giant ADP -- one of the primary beta testers of this Docker Enterprise Edition release -- already mixes and matches Docker-supported OS workloads.

"Typically, these applications are managed separately, but as enterprises move to microservices and DevOps, the ability to manage applications with the same process, regardless of operating system, will be desirable," said Jay Lyman, analyst at 451 Research.

Enterprises also want to run hybrid cloud infrastructures; this portends a future in which such infrastructures are much more flexible and container portability means apps can run anywhere. Docker seems attuned to this with the features it's chosen for this release, Lyman said.

Enterprises that want these abilities from Docker Enterprise Edition should be prepared to open their wallets. Some of the most advanced features introduced in the August 2017 release -- such as node-based security isolation for multi-tenant environments, policy-based container image promotion in DevOps pipelines and continuous security vulnerability scanning -- require Docker Enterprise Edition Advanced licenses, which are priced at $3,500 per node, per year. Advanced licenses also must be purchased separately for Windows and Linux servers.

The pricing makes it clear that Docker is going after "big fish" customers, Lyman said. "They're clearly looking to drive larger deal sizes, as is the Kubernetes community of vendors -- and that's driving intense competition, as well as innovation."

Kubernetes complexity makes IT shops look twice at Docker

The Docker Enterprise Edition update comes weeks after rival container orchestration platform Kubernetes made its appeal to enterprise IT shops with support for granular network security and stateful application support in June's version 1.7.

"These two are increasingly competing and evolving together," 451's Lyman noted. "To some extent, you see [the Kubernetes community and Docker] making moves responsive to what the other is doing."

Kubernetes and the many commercial container orchestration packages that bundle it for enterprises, such as CoreOS's Tectonic and Red Hat's OpenShift, boast reference customers that include Experian, Deutsche Bank, BMW and T-Systems. But big companies also came out in favor of Docker's container orchestration this year, from ADP to Hyatt Hotels and The Northern Trust Company. While Kubernetes was an early mover in the container orchestration space and is backed by the experience of web-scale companies such as Google, Docker has made advanced security features generally available in its products, while many in the Kubernetes community remain in beta.

For some enterprises, Docker swarm mode appeals in contrast to the reputation that Kubernetes has for management complexity. One such firm is Rosetta Stone, which has evaluated Docker swarm mode for its container orchestration against Kubernetes and concluded that Kubernetes would be "overkill" for its container orchestration needs.

"Each of our microservices is crazy simple -- just web apps," said Kevin Burnett, DevOps lead for the global education software company in Arlington, Va. "We want to use the simplest possible orchestration tool that supports our use case."

Docker container orchestration also appeals to enterprises, because it comes from the same vendor that popularized Linux containers in Docker. Adding Docker swarm mode to Docker Engine means that much of Docker's container orchestration is already installed with the infrastructure that Rosetta Stone already runs.

However, the company is not inclined to pay the price for the advanced features in Enterprise Edition, and it likely would adopt the open source Community Edition, Burnett said.

"The features they're adding in this release were not for customers like us, in my estimation," Burnett said. Rosetta Stone has some Windows infrastructure it acquired with another company, but is moving away from that and doesn't have mainframe workloads.

"The security stuff seems nice, but it doesn't seem like they've added major features and wouldn't tip the scales," Burnett said.

 


Read more »



Aug
20
How did a Moodle security vulnerability enable remote code execution?
Posted by Thang Le Toan on 20 August 2017 11:11 PM

A series of logic flaws in Moodle enabled attackers to remotely execute code on servers. Expert Michael Cobb explains how the Moodle security vulnerability can be exploited.

A vulnerability found in Moodle, an open source, PHP-based learning management system used by tens of thousands of universities internationally, left servers and their data open to compromise. According to the researcher that discovered the issue, the Moodle security vulnerability is actually made up of several small flaws, and it can enable attackers to execute PHP code on related servers. What does this vulnerability entail, and what can be done about it?

Netanel Rubin, security researcher and CEO of Vaultra, found that by exploiting a series of minor vulnerabilities, he could chain them together to remotely execute code on a server running Moodle.

Moodle is an open source learning management system that stores a lot of sensitive information, like students' grades, tests and private data, making it an attractive target for hackers. The Moodle security vulnerability is tracked as CVE-2017-2641 and Moodle Tracker issue MDL-58010.

The attack works on almost all Moodle versions, so administrators should move to the latest version, version 3.2.2, to fix the problem as soon as possible. Besides updating to the latest version, administrators should also check for any new administrators, plug-ins or templates within Moodle, and search for any new files in the file system in case the server has been compromised.

The coding and logic flaws that contributed to this Moodle security vulnerability are a consequence of the size and complexity of the Moodle system; it contains thousands of files, hundreds of different components and around two million lines of PHP code, written and updated by various different developers at different times.

A new function, update_user_preferences, was added to Moodle to replace the update_users function. It implemented a privilege check, so even if an attacker could change settings using user preferences, it would only work on their own privileges.

While the new function removed the possibility of changing every user attribute, the code failed to check which preference was being changed. The previous function used the setuserpref.php file to check that the preference that needed to be updated was listed in the ajax_updatable_user_prefs array, which defines the preferences that can be changed via Ajax to ensure no critical values can be altered.

Ironically, in an attempt to reduce any potential abuse of the user attribute update function, the new privilege check actually introduced this Moodle security vulnerability. It's possible the developer thought that user preferences could not be exploited to mount a full-scale attack, as they only affect the graphical user interface part of the system.

However, the lack of containment enables an object injection attack to update any row in the entire database, such as administrator accounts, passwords and site configuration. Rubin discovered that this and other false assumptions made during code development could be leveraged to eventually execute PHP code on the server.

Logic flaws can and will occur in any system featuring a large code base, particularly when it's developed over a long period of time by a changing team of developers.

According to Steve McConnell, author of Code Complete, software projects that reach 512,000 lines of code or more can see four to 100 coding errors per thousand lines of code. A typical web application utilizes multiple languages, such as Java, HTML, PHP, Python, CSS, third-party libraries and components, and so on, and there are very few developers that know or understand how to use and integrate each of them without introducing any security vulnerabilities.

To reduce the chances of developers introducing logic flaws or omitting security and validation checks, it should be a requirement that they add a minimum level of in-code comments using an agreed-upon comment style, along with more verbose supporting documentation. Wikipedia has a comprehensive list of comment styles.

Although time spent on commenting and documenting code will slow down development, it will ensure developers making changes in the future can fully understand what a function does, how it does it and what checks are required on the data it handles. It is important that functions receiving data passed by other functions don't carry the assumption that the data has already been validated, as the previous function may have validated it against a different set of requirements or rules.

A good example is a telephone number. A function to retrieve and display a user's telephone number from a database may well accept + and () symbols, but if that function then passes the data to a function that actually calls the number, these characters could cause the function to fail if they are not removed before being processed.

Ask the expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)

How does your enterprise eliminate logic flaws from code development?


Read more »



Aug
20
How can Google's CAPTCHA challenge be bypassed using Google tools?
Posted by Thang Le Toan on 20 August 2017 11:09 PM

The ReBreakCaptcha exploit can bypass Google's reCAPTCHA verification system using flaws in Google's own API. Expert Michael Cobb explains how the attack works.

Researchers at East-Ee Security demonstrated a proof-of-concept bypass of Google's reCAPTCHA V2 verification system that uses different image, audio or text prompts to verify that a person, as opposed to a bot, is attempting to log in. Their exploit technique, called ReBreakCaptcha, makes use of web-based Google tools to break through Google's system. What are the flaws in Google's API that make this attack possible? What is the threat of bots being able to bypass this measure?

 

A CAPTCHA, or a Completely Automated Public Turing Test to Tell Computers and Humans Apart, is used to protect forms on websites from being abused by bots and other nonhuman interactions, the idea being that it poses a test that humans can pass, but that an automated computer program can't.

CAPTCHA challenge tests include image and text challenges, as well as an audio test option to ensure that users with visual impairments can respond. ReCAPTCHA is a free CAPTCHA service provided by Google that enables developers to easily incorporate CAPTCHA functionality into a website.

A post on the East-Ee Security website explained how a proof-of-concept Python script could automate the breaking of reCAPTCHA challenges by using Google's Speech Recognition API.

The blog explains how to force a site to present an audio CAPTCHA challenge and then convert the audio to the correct WAV file format, before sending it to Google's Speech Recognition API. The API response is a string version of the correct answer that can then be used to answer the CAPTCHA challenge. The script automates the various tasks, and then answers the CAPTCHA in an acceptable period of time without any user intervention. However, according to an update from East-Ee, many users who downloaded the script complained that it failed to correctly solve harder CAPTCHA challenges.

The script may work on a simple challenge, but if Google suspects a nonhuman interaction, or if the answer to a CAPTCHA comes from a public proxy or IP address that Google has flagged as suspicious, then the reCAPTCHA service presents the user with a harder version of the CAPTCHA challenge. The harder audio challenges include background noise and an overlapping voice.

In an apparent effort to patch the vulnerability, Google has also raised the minimum number of digits used in a challenge from four or five to between 10 and 12, and it immediately switches to more complex challenges when a high-volume attack is identified. Even an updated version of the attack doesn't appear to have fully overcome these harder challenges; some of the harder audio challenges are even difficult for humans to decipher due to the constant hissing noises and overlapping voices.

Attempts to beat Google's CAPTCHA have been published before -- by Stiltwalker in 2012 and AppSec Labs in 2016 -- and there are various paid-for services that offer to automate the process, like Captcha Solutions, but the success rate of these tools is not known.

Does your enterprise use a verification system like reCAPTCHA to stop bots?


Read more »



Aug
20

A CAPTCHA is a type of challenge-response system designed to differentiate humans from robotic software programs. CAPTCHAs are used as security checks to deter spammers and hackers from using forms on web pages to insert malicious or frivolous code.

Download Now: Mobile Security Vendor Reviews and Ratings

Are your mobile devices secure against today’s threat landscape? Inside this guide discover 7 secret mobile security tips, top drivers for mobile security purchases, survey data on top mobile trends in 2017, peer reviews on mobile security vendors in the market today and more.

The need for CAPTCHAs began as far back as 1997. At that time, the internet search engine AltaVista was looking for a way to block automated URL submissions to the platform which were skewing the search engine's ranking algorithms. To solve the problem, Andrei Broder, AltaVista's chief scientist, developed an algorithm that randomly generated an image of printed text. Although computers couldn't recognize the image, humans could read the message the image contained and respond appropriately. Broder and his team were issued a patent for the technology in April 2001. 

In 2003, Nicholas Hopper, Manuel Blum, Luis von Ahn of Carnegie Mellon University and John Langford of IBM perfected the algorithm and coined the term CAPTCHA. The name stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart.

Captcha example

How CAPTCHAs work

CAPTCHAs are a kind of Turing test. Quite simply, end users are asked to perform some task that a software bot cannot do. Tests often involve JPEG or GIF images, because while bots can identify the existence of an image by reading source code, they cannot tell what the image depicts.  Because some CAPTCHA images are difficult to interpret, users are usually given the option to request a new test. 

Types of CAPTCHAS

The most common type of CAPTCH is the text CAPTCHA, which requires the user to view a distorted string of alphanumeric characters in an image and enter the characters in an attached form. Text CAPTCHAS are also rendered as MP3 audio recordings to meet the needs of the visually impaired. Just as with images, bots can detect the presence of an audio file, but only a human can listen and know the information the file contains.

 

 
 
 
 

A CAPTCHA is a type of challenge-response system designed to differentiate humans from robotic software programs. CAPTCHAs are used as security checks to deter spammers and hackers from using forms on web pages to insert malicious or frivolous code. 

The need for CAPTCHAs began as far back as 1997. At that time, the internet search engine AltaVista was looking for a way to block automated URL submissions to the platform which were skewing the search engine's ranking algorithms. To solve the problem, Andrei Broder, AltaVista's chief scientist, developed an algorithm that randomly generated an image of printed text. Although computers couldn't recognize the image, humans could read the message the image contained and respond appropriately. Broder and his team were issued a patent for the technology in April 2001. 

In 2003, Nicholas Hopper, Manuel Blum, Luis von Ahn of Carnegie Mellon University and John Langford of IBM perfected the algorithm and coined the term CAPTCHA. The name stands for Completely Automated Public Turing Test to Tell Computers and Humans Apart.

Captcha example
 

How CAPTCHAs work

CAPTCHAs are a kind of Turing test. Quite simply, end users are asked to perform some task that a software bot cannot do. Tests often involve JPEG or GIF images, because while bots can identify the existence of an image by reading source code, they cannot tell what the image depicts.  Because some CAPTCHA images are difficult to interpret, users are usually given the option to request a new test. 

Types of CAPTCHAS

The most common type of CAPTCH is the text CAPTCHA, which requires the user to view a distorted string of alphanumeric characters in an image and enter the characters in an attached form. Text CAPTCHAS are also rendered as MP3 audio recordings to meet the needs of the visually impaired. Just as with images, bots can detect the presence of an audio file, but only a human can listen and know the information the file contains. 

PRO+

Content

Find more PRO+ content and other member only offers, here.

Picture recognition CAPTCHAs, which are also commonly used, ask users to identify a subset of images within a larger set of images. For instance, the user may be given a set of images and asked to click on all the ones that have cars in them.

Other types of CAPTCHAs include:

  • Math CAPTCHAs - require the user to solve a basic math problem, such as adding or subtracting two numbers.
  • 3D Super CAPTCHAs - require the user to identify an image rendered in 3D.
  • I am not a robot CAPTCHA -  requires the user to check a box.
  • Marketing CAPTCHAs - require the user to type a particular word or phrase related to the sponsor's brand. 

Bypassing CAPTCHA

Users who prefer not to solve CAPTCHAs can use any of several browser add-ons that allow users to bypass CAPTCHAs. Popular browser add-ons include AntiCapture, CAPTCHA Be Gone and Rumola. 

The AntiCaptcha automatic CAPTCHA solver plug-in for Chrome and Firefox automatically finds a CAPTCHA on a webpage and solves it for the user. This extension is promoted as being helpful for users with vision impairments, as well as for users who prefer to bypass CAPTCHA codes. As of this writing, the cost of the service starts at $0.70 for 1,000 CAPTCHA images.

The CAPTCHA Be Gone extension detects CAPTCHAs on webpages, solves them and copies the result to a user's clipboard. At this time, the utility is available for Firefox, Chrome and Internet Explorer for a $3.50 per month subscription fee.

The Rumola add-on for Firefox, Chrome and Safari automatically searches for CAPTCHAs on the webpages a user visits. Currently, the cost is either $0.95 for 50 CAPTCHA solutions or $1.95 for 150 solutions. There is also a JavaScript bookmarklet that can be used for devices that connect to the internet.

Because CAPTCHA bypass add-ons are created by third parties, end users should be aware that the browser extension could expose their browsing activity to untrusted sources. Another reason not to use CAPTCHA bypasses is that the performance of the extensions is inconsistent. This is primarily because as bots get smarter, CAPTCHAs are also evolving and it can be difficult for the add-on programs to keep up.

Are CAPTCHAs getting too complicated for people to use easily?


Read more »



Jul
6
NotPetya ransomware trend moving towards sophistication
Posted by Thang Le Toan on 06 July 2017 02:27 AM

NotPetya represented advanced malware compared to its cousin WannaCry, but also showed sophistication experts worry may be a ransomware trend.

The advanced malware techniques used by NotPetya may prove to be signs of a new ransomware trend that may signal more sophisticated attacks designed to mislead and avoid traditional defenses.

 

While NotPetya may have been aimed more at doing damage rather than making money, making it more wiper than ransomware, experts said the delivery and propagation techniques used show an increasing sophistication that may belie a ransomware trend. The NotPetya malware used multiple attack vectors, but experts said its use of legitimate software tools and protocols as the primary delivery method was impressive.

Paul Vixie, CEO of Farsight Security, based in San Mateo, Calif., said NotPetya was "innovative in two important ways."

"First, because it targeted a mandatory watering hole in the form of a Ukrainian tax reporting site and its software update mechanism. This guaranteed a few hundred or perhaps a few thousand initial infections, and may indicate targeting of the Ukrainian economy," Vixie told SearchSecurity. "Second, because it had multiple lateral infection methods: not only trying the SMBv1 EternalBlue vulnerability that was patched by Microsoft in March 2017, but also scanning local memory for WMIC credentials, thus guaranteeing a large expansion of the infected population inside otherwise-secured enterprise networks."

Ransomware trend in delivery and spread

Bob Hansmann, director of security technologies at Forcepoint,said hijacking a legitimate update for tax assessment software MeDoc was "unique."

"We believe this initial infection vector has been via malicious code masquerading as a legitimate software update. While our researchers theorized this possibility last year, this is the first significant use of that method of infection," Hansmann told SearchSecurity. "It has proven frighteningly successful as software updates commonly use channels other than email or typical web downloads, presenting a challenge for traditional perimeter defenses."

John Shier, senior security expert at Sophos, said NotPetya could show a ransomware trend toward sophistication coming from "the combination of elements that we don't see very often."

"There was the malware itself which was a novel packaging of different malicious and non-malicious code. There was also the alleged supply chain compromise at a Ukrainian software company and the possible watering hole attack leveraging a compromised news site," Shier told SearchSecurity. "This points to some deliberate organization on behalf of the criminals and not just some random events."

Tod Beardsley, research director at Rapid7, based in Boston, said the use of standard Windows tools to propagate to patched systems could be a bigger ransomware trend.

“The sophistication of notPetya lies in the initial attack vector -- the MeDoc hijacked update -- and the fact that it doesn't merely rely on exploits to spread. Instead, it uses the fairly commonplace administrative tools of PsExec and WMIC, coupled with a mimikatz build to steal credentials from memory," Beardsley told SearchSecurity. "While all of these techniques have been known for a while, we don't often see them employed in a wide-scale attack like this."

Jake Williams, founder of consulting firm Rendition InfoSec in Augusta, Ga., said this use of Windows tools was more difficult than it appeared.

"Specifically, the watering hole and automatic propagation through a domain was complex," Williams told SearchSecurity via Twitter. "In the case of the Iranian attacks on the Saudi networks (Shamoon) credentials were hard coded into the malware for it to spread. Here, credentials were programmatically dumped from memory."

Hansmann said the potential ransomware trend in this lateral movement was unclear.

"To date, these samples have not been observed attempting to self-propagate to other organizations, instead confining this behavior to local networks. However, movement between trusted networks using stolen valid credentials on both the source and destination networks appears viable," Hansmann said via email. "It is not clear at present whether organizations that have a degree of trust between their networks and those of an external organization (e.g. a managed service provider) are at increased exposure or not."

Advanced malware masquerading as ransomware

Beyond the delivery and propagation techniques used by NotPetya, experts noted the use of ransomware to potentially distract from a more targeted attack may be something enterprises see more often.

Rodney Joffe, senior vice president, technologist and fellow at Neustar, Inc., said the attackers appeared to be targeting "Ukraine, its economy and its citizens."

"The attackers seem to have identified (correctly) that an effective way of disrupting both the country's financial process, and its national economy was via the software mechanisms mandated for the payment of taxes. So they identified the software vendor, and carefully (in a sophisticated way) targeted the update process for the vendors software, and distributed the malware via the update on Tuesday," Joffe told SearchSecurity via email. "By definition, the only companies that would have been affected would be those that did business with the Ukrainian government. And unlike WannaCry, the malware's method of spreading once a system downloaded and updated the software was carefully limited to local LAN segments, not externally over the internet. This was not a high school science project."

By deploying a digital smokescreen, attackers more easily hide in the noise during an operation. Additionally, the true goals of the operation may remain hidden if defenders are overwhelmed with another (seemingly larger) attack.
Jake Williams  Founder of Rendition InfoSec

Beardsley said the value for an attacker attracting this attention makes most sense as a way "to publicize the attack itself."

"Ransomware, by its nature, is obvious, disruptive, and attracts a lot of attention, all by design. Masquerading as ransomware, therefore, brings attention to what might otherwise be a quiet, localized disaster -- but the ruse wouldn't last long once analysis is complete," Beardsley said. "One side effect of this tactic is that users might become even more wary of paying off ransoms in general, and that can only be a good thing. If people get more suspicious that attackers have no capability or intent to offer decryption, that can translate to less bitcoin in the wallets of criminal organizations."

Shier said these types of distraction attacks are "nothing new."

"We've seen criminals use this type of tactic in the past and often the motives aren't clear until much later. Ransomware is a very visible type of attack so it makes some sense to use it in this way" Shier said. "This is why it's very important to resist the temptation of quickly stating attribution and motive."

Hansmann said attack methods will continue to evolve and ransomware trends may lean towards "including the evasive methods to hide their activity as well as their true intent." 

"The trick will be to better understand the 'human' points in these attacks. The intent or motivations of the attackers can range broadly including financial gain, revenge, political or hacktivism. Understanding these intentions can help shape our security strategies," Hansmann said. "This is a key part of how researchers predict future shifts in the threat landscape, and how they foresaw the risk of infection through a compromised product update last year. Understanding your organization's 'human point' can produce more effective security strategies." 

Williams said it was likely a ransomware trend to come from NotPetya will be using "nuisance attacks [to] cover larger cyber warfare objectives."

"I think it helps to think of this type of attack as a smokescreen. With cybersecurity getting better in most organizations, the likelihood of even advanced attackers being caught during any operation is increasing," Williams said. "By deploying a digital smokescreen, attackers more easily hide in the noise during an operation. Additionally, the true goals of the operation may remain hidden if defenders are overwhelmed with another (seemingly larger) attack."


Read more »



Feb
17
Blue Coat DLP: Data loss prevention product overview
Posted by Thang Le Toan on 17 February 2017 12:30 AM

Expert Bill Hayes takes a look at Blue Coat DLP, a single appliance data loss prevention system that works with the company's web security gateway products.

Web security vendor Blue Coat Systems is best known for its appliance-based web security products. As an expansion of its web-centric offerings, Blue Coat offers an integrated data loss prevention product called Blue Coat DLP. This data loss prevention product series includes features for protecting both data at rest and in transit as well as monitoring SSL traffic and fingerprinting data.

Data in motion

This single-appliance product works with an organization's Blue Coat Secure Web Gateway (ProxySG) appliances to provide data in motion DLP protection for SMTP email, webmail, FTP, HTTP/HTTPS web traffic and TCP traffic. For email, the appliance can be configured as an SMTP mail transfer agent.

Data at rest

In addition to functioning as a data in motion DLP monitor, the Blue Coat DLP appliance can also act as a data at rest DLP tool, scanning files on Windows and Linux file servers, WebDAV and EMC Documentum repositories. It can also scan database servers such as Informix, Microsoft SQL, MySQL, Oracle, PostgreSQL, DB2 and Sybase. Additionally, an appliance dedicated for the task can scan cloud-based resources, including Box, Egnyte, ShareFile and other cloud services.

A client-based agent for Windows allows the Blue Coat DLP appliance to discover sensitive data in more than 500 file formats and in compressed archives for Windows hosts and portable media. The DLP product can scan files stored on end-user hard drives, attached and connected Bluetooth and Wi-Fi devices as well as mapped network drives.

Data in use

The client can also function as a data in use DLP tool, monitoring content based file transfers and performing device-based access control based on device type. Blue Coat DLP also has a discovery feature that allows organizations to fingerprint data and track its use.

Deployment

Blue Coat DLP appliances are offered in the DLP700, DLP1700 and DLP2700 models. They can be deployed individually for small or remote offices or work together for high availability, high throughput environments. Deploying multiple appliances for data at rest discovery can be used to search for sensitive data in different geographical and for scanning very large file repositories. Blue Coat also says the DLP product series is designed for fast installation, which typically requires less than one day.

Product summary

Blue Coat DLP features

Blue Coat's DLP product series features support and protection.

Conclusion

The Blue Coat DLP product series is offered in three appliance models and is targeted at a wide range of customers, from large enterprises to smaller and medium-sized businesses. The series offers a broad range of capabilities, from protecting data in motion to data fingerprinting. The DLP appliances are designed to complement the vendor's flagship web security gateway products as well as the overall Blue Coat Security Platform, which covers on-premises networks and the cloud. Blue Coat was recently acquired by Symantec, which has its own DLP offering. It's unclear how the acquisition may affect Blue Coat DLP, if at all.


Read more »




Help Desk Software by Kayako