Detecção de ataques... com armas de fogo


Shot Spotter

Wired,
Issue 15.04 - March 2007

Last year there were 148 homicides in Oakland. Today, when someone fires a gun on a city street, a network of hidden microphones kicks in — triangulating the exact location. And alerting police. Can a tech startup help put a dent in violent crime?

Codificação segura

Groups team to test secure-coding skill
Robert Lemos, SecurityFocus 2007-03-28

A coalition of security companies and organizations announced a plan this week to create assessment tests that would certify programmers' knowledge of secure-coding practices.

Steve Christey, editor of the Common Vulnerability and Exposures (CVE) Project, MITRE “Most educational institutions have failed to teach the most fundamental skills in making secure products.There needs to be a revolution. ”

The groups, led by the SANS Institute, aim to create a set of four tests covering major programming languages that could give companies a tool to measure software developers' ability to create secure code. The tests would also act as a guide to software buyers of the ability of the developers who created the programs, as well as give coders a way to identify gaps in their knowledge of secure programming techniques, said Alan Paller, director of research for the SANS Institute.

"If we are ever going to get ahead of the security problem, we are going to have to take care of the bugs at the development level," Paller said during a conference call with reporters. "There are at least a million and a half people writing programs, and they all need to know this stuff."

Dubbed the Secure Programming Skills Assessment (SPSA), the initiative boasts the support of 362 companies, government agencies and universities, according to the SANS Institute. Among the participants are government contractor MITRE, University of California at Davis, Web security firm SPI Dynamics, code auditing firm Fortify Software, the Open Web Application Security Project (OWASP), and consulting firm Booz Allen & Hamilton. Symantec, the owner of SecurityFocus, has also voiced support for the assessment tests.

The initiative comes as software companies are increasingly being taken to task for the flaws in their programs. Researchers have used month-long release of daily bugs to highlight the security issues in particular classes of software, specific areas of the operating system and specific languages.

Different programming languages hold different pitfalls for programmers. Web applications written in the PHP programming language, for example, likely account for about 43 percent of the more than 8,000 vulnerabilities recorded in 2006. While developers using languages such as Java tend to create more secure code, a recent study found that sample programs provided with large Java-based projects still contain a significant number of bugs.

According to the SANS Institute , nearly 85 percent of all vulnerabilities are due to three common developer errors: input validation, buffer overflows and integer overflows.


Artigo completo em: Groups team to test secure-coding skill (SecurityFocus)

Metasploit 3.0


Interessante para perceber a sofisticação das ferramentas que os hackers têm disponíveis:

Metasploit 3.0 day
By Federico Biancuzzi

The Metasploit Framework is a development platform for creating security tools and exploits. Federico Biancuzzi interviewed H D Moore to discuss what's new in release 3.0, the new license of the framework, plans for features and exploits development, and the links among the bad guys and Metasploit and the law.

http://www.securityfocus.com/columnists/439

Site do Metasploit

IDN and homograph attacks

A propósito do seminário da ICANN hoje na FCUL (com o Vint Cerf e outros membros da ICANN)...

Há alguns anos os nomes de domínio da Internet deixaram de ser escritos em ASCII simples para começarem a suportar outros conjuntos de caracters (p.ex., cirílicos, árabes, com acentos...) -- internationalized domain name (IDN). Na realidade o DNS continua a funcionar com caracteres ASCII mas usa-se o prefixo xn-- para indicar que o resto do nome é uma codificação em ASCII de outro tipo de caracteres (punycode). A tradução entre os 2 formatos é feita no browser.

Essa evolução deu lugar a um novo tipo de ataques --- ataques homográficos -- nos qual existe o atacante cria um URL que graficamente é idêntico a outro pré-existente mas que na realidade é diferente, logo quando "clicado" leva a um servidor diferente. Por exemplo, foi feito um proof of concept com o site paypal.

Um artigo sobre o assunto (já com uns anos), a entrada na wikipedia e um comunicado do ICANN.

A Brief Hacker History

Uma breve história do crime informático na Internet em imagens. Divertido.

http://eyeball-series.org/hacker/hacker-eyeball.htm

SPAM

Um documentário em vídeo de 6 minutos sobre SPAM. Fala da previsão de 2004 do Bill Gates de que o SPAM desapareceria em 2 anos...

Fonte: CBC, The Hour
http://www.cbc.ca/thehour/video.php?id=1368

Será a Web 2.0 um risco de segurança?

Is Web 2.0 a Security Risk?
Tash Shifrin, Computerworld UK

British firms are at risk of data leakage through their employees' increasing use of Web 2.0 technologies and social networking websites, security experts have warned.

A survey of more than 1000 office workers found that 42 percent of those aged between 18 and 29 discussed work-related issues on social networking sites and blogs.

"It's clear from the research that organizations need to take a closer look at the social media sites that their employees are using at work to ensure sensitive business issues or information is not being discussed," said Clearswift CEO Ian Bowles.


Fonte: PC World


Testes de penetração de redes wireless

Mais info sobre o SILICA:

Imagine if it was possible to click a button on a device, slip it in your pocket, walk into a business, and walk out with a full breakdown of their network's insecure systems. Well, with the SILICA this is not only possible, but trivial. This week Seth Fogie was able to take the SILICA device out for a trial run — and it owns.


Cavalo de Tróia e roubo massivo de IDs

Russian (Gozi) Trojan powering massive ID-theft ring

Ryan Naraine

Researchers at SecureWorks have stumbled upon what appears to be a massive identity theft ring using state-of-the-art Trojan code to steal confidential data from thousands of infected machines in the U.S.

The Trojan, which connects to a server in Russia, has so far pilfered information from more than 5,200 home computers with 10,000 account records. The records retrieved included account numbers and passwords from clients of many of the top global banks and financial services companies (over 30 banks and credit unions were represented), the top US retailers, and the leading online retailers.

"The stolen data also contained numerous user accounts and passwords for employees working for federal, state and local government agencies, as well national and local law enforcement agencies. The stolen data also contained patient medical information, via healthcare employees and healthcare patients, whose username and passwords had been compromised via their home PC," Jackson said.

In a fascinating blow-by-blow description posted online, SecureWorks researcher Don Jackson explained how he reverse-engineered the Trojan (named Gozi) and traced it back to a Russian mothership server that contained information and employee login information for confidential government and law enforcement applications.

This data was being offered for sale by Russian Hackers for an amount totaling over $2 million. The subscription service hawking the stolen information has been disabled but, as of today, the server hosting the data is still receiving stolen data.

  • Steals SSL data using advanced Winsock2 functionality
  • Users state-of-the-art, modularized trojan code
  • Launch attacks through Internet Explorer browser exploits
  • Users customized server/database code to collect sensitive data
  • Offers a customer interface for online purchases of stolen data
  • Steals data primarily from infected home PCs
  • Accounts at top financial, retail, health care, and government services affected
  • The black market value of the stolen data is at least $2 million

Even more worrying, Jackson found that the Trojan went undetected for several weeks (and, in some cases, months) by many anti-virus vendors. He also warned that there are two other known Gozi variants making the rounds, which suggests this isn't the last we've heard of Gozi.

....

(See Jackson's description of the identity-theft operation connected to the Gozi Trojan).

Fonte e artigo completo: blog Zero Day

Vista: bom comportamento nos primeiros 90 dias


90-day report card: Windows Vista fared better than competitors

Ryan Naraine

Ninety days after the release of Microsoft's Windows Vista to business customers, the new operating system has a much better security vulnerability profile than its predecessor and several other modern workstation operating systems including Red Hat, Ubuntu, Novell and Apple products.

That's according to Jeff Jones, security strategy director in Microsoft's Trustworthy Computing group.

Fonte e artigo completo: blog Zero Day

Common Body of Knowledge for Information Security


"The need for skilled information security professionals has led various academic, governmental, and industrial organizations to work to develop a common body of knowledge (CBK) for the security domain. A CBK is a framework and collection of information that provides a basis for understanding terms and concepts in a particular knowledge area. It defines the basic information that people who work in that area are expected to know."

Artigo completo na IEEE Security & Privacy

Novo númer da IEEE Security & Privacy


Está disponível em: http://www.computer.org/portal/site/security/

O tema principal é o malware. O artigo de introdução ao tema tem o sugestivo nome de "A Surprise Party (on Your Computer)".

EUA a maior fonte de ataques

Report: U.S. most prolific source of online attacks

U.S. networks pumped out the highest percentage of attacks during the second half of last year, with China running a distant second, according to a report released Monday by security firm Symantec.

The U.S. accounted for 31 percent of malicious activity originating from computer networks, while 10 percent came from China and 7 percent from Germany, Symantec said in its Internet Security Threat Report.

The company also found that 51 percent of all known servers used by attackers to buy or sell stolen personal information, such as credit card or bank account numbers, are located in the U.S.

Fonte: ZDNet

Tool turns unsuspecting surfers into hacking help

Tool turns unsuspecting surfers into hacking help

A security researcher has found a way hackers can make PCs of unsuspecting Web surfers do their dirty work, without having to actually commandeer the systems.

That's possible with a new security tool called Jikto. The tool is written in JavaScript and can make PCs of unknowing Web surfers hunt for flaws in Web sites, said Jikto creator Billy Hoffman, a researcher at Web security firm SPI Dynamics. Hoffman, who developed the tool as a way to advance Web security, plans to release Jikto publicly later this week at the ShmooCon hacker event in Washington, D.C.

Fonte: ZDNet

P.S. A ferramenta chama-se Jitko

Actualizações de segurança prioritárias

Security upgrades are top IT priority

Tom Young, Computing, 15 Mar 2007

Nearly 80 per cent of large European companies cite upgrading security systems as their main IT priority this year, according to a Forrester Research report.

The analyst also found that 56 per cent of IT decision-makers working in companies with more than 1,000 employees include upgrading business continuity and disaster recovery capabilities in their top priorities in 2007.

‘Security spending in Europe will remain healthy in 2007 among enterprises and SMEs alike, with enterprises leading the charge,’ said Bill Nagel, Forrester analyst and one of the report authors.

‘Nearly 80 per cent of firms already using security software plan to upgrade or add to that software this year.’

SMEs are more concerned with purchases of new PCs and consolidating the IT infrastructure than security upgrades.

http://www.computing.co.uk/computing/news/2185482/security-upgrades-top-priority

Detecção de intrusões

Uma introdução interessante, com ligações para vários detectores de intrusões actuais:

Dive Into Intrusion Detection
By the IT Security Staff on March 8th, 2007

http://www.itsecurity.com/features/intrusion-detection-030807/

Compram-se vulnerabilidades (!?)

No seguimento do post: Microsoft e descoberta de vulnerabilidades...

Será que a Microsoft vai comprar infromação sobre novas vulnerabilidades nas suas ferramentas? Ou será que já o faz?

Punditry: Will Microsoft buy flaws?

Fonte: Blog Zero Day

DKIM contra o SPAM

IETF Domain Keys Identified Mail Status

Jim Fenton (Cisco Systems, Inc.)
Mar. 15, 2007

DomainKeys Identified Mail (DKIM) is a specification for cryptographically signing email messages, permitting a signing domain to claim responsibility for a message in the mail stream. Message recipients (or agents acting in their behalf) can verify the signature by querying the signer's domain directly to retrieve the appropriate public key, and thereby confirm that the message was attested to by a party in possession of the private key for the signing domain.

Artigo completo
DKIM

Administração de segurança remota

Um artigo interessante sobre a ferramenta Remote Administrator v3.0 da Famatech e sobre as suas novas capacidades de segurança.

Microsoft e descoberta de vulnerabilidades

Giro! Um post da Microsoft no site sla.ckers.org :

Hello From the Microsoft Security Response Center (MSRC)
Posted by: MSRC (IP Logged)
Date: March 01, 2007 04:58PM

Hello!

The Microsoft Security Response Center investigates all reports of security vulnerabilities sent to us that affect Microsoft products – this includes all of Microsoft online web properties such as *.microsoft.com, *.msn.com and *.live.com to name a few.

If you believe you have found a security vulnerability affecting a Microsoft product or online web property, we would like to work with you to investigate it.

We are concerned that people might not know the best way to report security vulnerabilities to Microsoft. You can contact the Microsoft Security Response Center to report a vulnerability by emailing secure@microsoft.com directly. We answer every mail on a reported issue with 24-hours (and it's not an auto-responder).

We also encourage users to visit [www.microsoft.com] where you can obtain our PGP Key and S/MIME certificate to ensure you provide adequate protection for the sensitive information you send us.

Sincerely,
The folks at the Microsoft Security Response Center

"Crimes na Net estão em alta reconhece PJ"


Do jornal Público, 16.03.2007, José Bento Amaro

Ascende a cerca de 500 mil euros o montante anual que é desviado, em Portugal, através de crimes informáticos. Este tipo de delito, que está a crescer de modo muito significativo - por vezes com aumentos, em áreas específicas, na ordem dos mil por cento -, tem uma taxa de sucesso na ordem dos 80 por cento relativamente às investigações da Polícia Judiciária (PJ).
Ontem, em Lisboa, durante uma conferência sobre Combate à Criminalidade Informática, o inspector Baltazar Rodrigues, da PJ, revelou que só no ano passado foram instruídos 655 processos relativos a este delito, e 526 foram concluídos com êxito.
Baltazar Rodrigues diz que, anualmente, cerca de duas dezenas de pessoas são detidas devido a crimes informáticos. Um aspecto singular neste tipo de delinquência é o de os autores serem, em número quase igual, portugueses e estrangeiros. "São pessoas com idades entre os 20 e os 40 anos, geralmente introvertidas e que possuem alguma formação académica", diz o inspector da Secção de Investigação Criminal de Informática e Telecomunicações.
Os dados da PJ referem que, em relação ao fishing (ver caixa), os bancos têm por hábito indemnizar os clientes a quem são sacadas importâncias. A média, em Portugal, é de dois crimes anuais por cada uma das instituições bancárias. No entanto, este número aumenta substancialmente se se tiver em conta que cada banco tem um número de clientes lesados que oscila, no mesmo período, entre uma a duas dezenas.
Mas existe também a convicção de que os bancos nem sempre comunicam os crimes de que são alvo, potenciando assim a prática de mais ilícitos e impedindo, muitas vezes, a identificação de suspeitos. Quem quase nunca apresenta queixa são as empresas vítimas de extorsão. "Este crime é preocupante, tem cifras negras", diz Baltazar Rodrigues, admitindo que os lesados, por terem absoluta necessidade de terem acesso rápido aos dados que os criminosos encriptam, optam quase sempre por pagar os resgates exigidos. Na conferência, Baltazar Rodrigues salientou ainda que também têm vindo a aumentar os crimes de pedofilia com recurso à Internet, sendo os pedófilos cada vez mais difíceis de localizar.

Segundo a Polícia Judiciária, dos 655 processos instruídos no ano passado, 526 foram concluídos com êxito

CYA Security

Bruce Schneier:

"Since 9/11, we've spent hundreds of billions of dollars defending ourselves from terrorist attacks. Stories about the ineffectiveness of many of these security measures are common, but less so are discussions of why they are so ineffective. In short: Much of our country's counterterrorism security spending is not designed to protect us from the terrorists, but instead to protect our public officials from criticism when another attack occurs.

Boston, Jan. 31: As part of a guerilla marketing campaign, a series of amateur-looking blinking signs depicting characters in Aqua Teen Hunger Force, a show on the Cartoon Network, were placed on bridges, near a medical center, underneath an interstate highway and in other crowded public places.

Police mistook these signs for bombs and shut down parts of the city, eventually spending more than $1 million sorting it out. Authorities blasted the stunt as a terrorist hoax, while others ridiculed the Boston authorities for overreacting. Almost no one looked beyond the finger pointing and jeering to discuss exactly why the Boston authorities overreacted so badly. They overreacted because the signs were weird.

If someone left a backpack full of explosives in a crowded movie theater, or detonated a truck bomb in the middle of a tunnel, no one would demand to know why the police hadn't noticed it beforehand. But if a weird device with blinking lights and wires turned out to be a bomb -- what every movie bomb looks like -- there would be inquiries and demands for resignations. It took the police two weeks to notice the Mooninite blinkies, but once they did, they overreacted because their jobs were at stake.

This is Cover Your Ass security, and unfortunately it's very common."

O artigo completo na Wired ou na Cryptogram.

Microsoft: mês sem patches

Microsoft: No security patches this month

"Microsoft’s Patch Tuesday train will be empty this month.

A advance notice from Redmond says there are no security updates on tap for Tuesday, March 13, the day set aside for software fixes.

Microsoft said it is investigating “potential and existing vulnerabilities” but, because of its rigid patch testing routines, none of the updates are ready for this month’s release cycle.

...

The last time Microsoft did not offer security updates as part of its monthly update cycle was September 2005.

Last month, Microsoft shipped a total of 12 bulletins with patches for at least 20 vulnerabilities in a wide range of software products.

There are several known vulnerabilities affecting Microsoft customers that remain unpatched, including a critical Microsoft Word vulnerability that surfaced one day after the January release of patches. The MS Word flaw was found during an in-the-wild zero day attack.

According to eEye’s Zero Day Tracker, there are five well-known bugs in Microsoft products that are without fixes. FrSIRT has a more comprehensive unpatched list that includes two remote code execution flaws affecting Microsoft Office."

Do blog Zero Day

Top Ten de ameaças para 2007

Listas de ataques e ameaças há muitas. Previsões menos. Estas previsões em forma de "top ten" parecem-me mais bem pensadas do que é costume:

Top Ten Threats for 2007

As primeiras:
1. 100% growth in revenue for cyber crime.
2. DDoS in support of phishing attacks.
3. Successful DDoS attack against a financial services firm.
4. Attacks against DNS are the threat of the year.
5. No abatement in identity theft.


Do blog Threat Caos

O segredo do código seguro

A Fortify Software, que entre outros produtos tem uma das ferramentas de análise estática de código mais conhecidas do mercado, reuniu o seu technical advisory board de luxo. Uma notícia sobre essa reunião, com algumas citações interessantes:

The secret to secure code–stop repeating old mistakes

Fonte: ZDNet

Ataques contra os root servers do DNS de Fevereiro


O ICANN acaba de editar um pequeno relatório sobre os ataques DDoS contra os root servers do DSN do mês passado. Todos menos dois permaneceram funcionais devido a uma tecnologia recente chamada "anycast".
Relatório: http://icann.org/announcements/announcement-08mar07.htm
Discussão no blog do ICANN: http://blog.icann.org/?p=37

Mau tempo no canal: Storm Worm

Stormy weather for malware defenses
Robert Lemos, SecurityFocus 2007-03-05

When the Storm Worm swept through the Internet in mid-January, the program's writers took a brute force approach to evading antivirus defenses: They created a massive number of slightly different copies of the program and released them all at the same time.

On January 18, the day the misnamed program--a Trojan horse, not a worm--first appeared, more than 350 different variants were released, according to report penned by security firm CommTouch Software. Four days later, the number of slightly-different versions jumped to more than 7,300. By the end of January, more than 54,000 variants had hit the Internet, the report (PDF) stated, each one spammed out by computers previously compromised by the program.

"Virus writers' goals have changed," Amir Lev, CEO of CommTouch, said in an e-mail interview with SecurityFocus. "They are doing 'good' business now. They do not focus on finding vulnerabilities in Microsoft and other products, they look for 'vulnerabilities' (in) the AV (antivirus) systems."

Artigo completo na SecurityFocus

Comentário: a questão do polimorfismo em virus e worms não tem nada de novo...

Logging ao nível aplicação

... e detecção em tempo-real de ataques:

Building Secure Applications: Consistent Logging
Rohit Sethi and Nish Bhalla 2007-02-26

This article examines the dismal state of application-layer logging as observed from the authors’ years of experience in performing source code security analysis on millions of lines of code. It argues that effective logging is often ignored in the push for application security and demonstrates how applications can benefit from a real-time detection of attacks. An idea of a practical implementation is discussed, along with an examination of some of the associated risks and costs.

http://www.securityfocus.com/infocus/1888

Ameaças a aplicações Web

Know your Enemy: Web Application Threats

"With the constant growth of the Internet, more and more web applications are being deployed. Web applications offer services such as bulletin boards, mail services such as SquirrelMail, online shops, or database administration tools like PhpMyAdmin. They significantly increase the exposed surface area by which a system can be exploited. By their nature, web applications are often widely accessible to the Internet as a whole meaning a very large number of potential attackers. All these factors have caused web applications to become a very attractive target for attackers and the emergence of new attacks. This KYE paper focuses on application threats against common web applications. After reviewing the fundamentals of a typical attack, we will go on to describe the trends we have observed and to describe the research methods that we currently use to observe and monitor these threats. In Appendix A, we give actual examples of a bot (a variant of PERL/Shellbot), the Lupper worm and an attack against a web Content Management System (CMS) as examples that show how web application threats actually act and propagate."

Um interessante artigo que fala sobre diversos ataques contra aplicações web. No site do projecto Honeynet.

Meias verdades sobre Digital Rights Management

Nota prévia: os direitos de autor são legítimos e necessários; todo o trabalho deve ser pago e o trabalho criativo -- escrita, composição, etc. -- não é excepção.

Depois desta nota, um comentário interessante no CyTRAP Labs a propósito de um artigo de Steve Jobs (Apple):

The half truths about Digital Rights Management (DRM) and your iPod

3ª Conferência Nacional sobre Segurança Informática nas Organizações


A 3ª Conferência Nacional sobre Segurança Informática nas Organizações
(SINO'2007) decorrerá em Lisboa, nos dias 7 e 8 de Novembro de 2007.

Informações sobre o evento: http://sino2007.di.fct.unl.pt

Workshop on Recent Advances on Intrusion-Tolerant Systems

Está disponível o programa do workshop:

Workshop on Recent Advances on Intrusion-Tolerant Systems - WRAITS 2007

In conjunction with the European Conference on Computer Systems – EuroSys 2007

March 23, 2007

http://wraits07.di.fc.ul.pt/

PROGRAMME

14:00-14:15 Welcome & Intro

Miguel Correia and Nuno Ferreira Neves

14:15-15:15 Keynote speech

  • Automatic Recovery from Failures and Attacks Using Bounded Partially Observable Markov Decision Processes (Abstract)
    William H. Sanders
    Donald Biggar Willett Professor of Engineering
    Director, Information Trust Institute
    University of Illinois at Urbana-Champaign

15:15-16:15 Protocols for Intrusion Tolerance

  • Design and Implementation of an Intrusion-Tolerant Tuple Space
    Alysson Bessani, Eduardo Alchieri, Joni Fraga and Lau Lung
  • Refined Quorum Systems
    Rachid Guerraoui and Marko Vukolic
  • Secure Lookup without (Constrained) Flooding
    Bobby Bhattacharjee, Rodrigo Rodrigues and Petr Kouznetsov

16:15-16:45 Coffee break

16:45-18:05 Intrusion-Tolerant Systems and Architectures

  • VM-FIT: Supporting Intrusion Tolerance with Virtualisation Technology
    Hans P. Reiser and Rüdiger Kapitza
  • An Intrusion-Tolerant e-Voting Client System
    André Zúquete, Carlos Costa and Miguel Romão
  • Experiments on COTS Diversity as an Intrusion Detection and Tolerance Mechanism
    Frédéric Majorczyk, Eric Totel and Ludovic Mé
  • The DPASA Survivable JBI - A High-Water Mark in Intrusion-Tolerant Systems
    Partha Pal, Franklin Webber and Richard Schantz

Common Weakness Enumeration


A CWE é uma tentativa de enumeração de todas (!) as vulnerabilidades de software, com base numa série de taxonomias anteriores:

"Targeted to developers and security practitioners, the Common Weakness Enumeration (CWE) is a formal list of software weaknesses created to:

* Serve as a common language for describing software security weaknesses in architecture, design, or code.
* Serve as a standard measuring stick for software security tools targeting these weaknesses.
* Provide a common baseline standard for weakness identification, mitigation, and prevention efforts."

Página de entrada: http://cwe.mitre.org/

Sobre a CWE: http://cwe.mitre.org/about/

Taxonomias: http://cwe.mitre.org/about/sources.html

Árvore de classificação: http://cwe.mitre.org/data/

Hacker

Um vídeo palerma mas que fala de alguns dos alvos actuais dos hackers:

Oracle: cursor injection

"It was previously thought that an attacker needed high-level privileges on the database to exploit so-called PL SQL injection vulnerabilities. With a new attack technique, that's no longer true, David Litchfield, a database security expert with NGS Software, said on Thursday at the Black Hat DC event here.

"It is a trick that can be used by attackers with minimal privileges to gain complete control of the database server," Litchfield said in an interview. "You can use the trick through a large number of vulnerabilities that were previously thought not to be that significant."

Litchfield, who has had Oracle in his crosshairs for some time, detailed his technique, dubbed "cursor injection," in a paper that was originally published last weekend (PDF) and discussed at the event. Examples of attack code that takes advantage of the tricks have already appeared, Litchfield said. "

Notícia completa

Fonte: ZDNet

Malware no kernel

Porque é que nos devemos preocupar?

Um pequeno artigo com ligações interessantes na CyTRAP.

Ferramentas de procura de rootkits para o Windows, na informit.com.

Daily Security Briefing Community

"The Daily Security Briefing site is devoted to the dissemination of information impacting technology security"

"The DSB/Week-in-Review is a weekly Video and Audio presentation delivering the most critical security news of the week in 5 minutes or less. It is intended for an organization's management from the business/risk manager to the executives and board members."

Para ver o vídeo semanal, clicar na imagem perto do canto superior esquerdo.

Estónia vota através da Internet

Alguém me explica como é que garantem que não há coacção na votação?

Estónia elege parlamento por votação on-line

"A eleição vai escolher os 104 deputados que formam o parlamento deste país. Os deputados são responsáveis por indicar o primeiro-ministro, que exerce o poder executivo na Estónia. De acordo com a comissão eleitoral do país, dos 904 mil cidadãos habilitados a votar, 40 mil efectuaram o registo para votar pela Internet. Para efectuar o voto, o utilizador deverá ligar o seu título eleitoral electrónico a uma porta USB do seu PC, com ligação Web, e aceder ao site da comissão de eleições.

O utilizador tem de digitar duas palavras-passe diferentes para votar. A primeira, dá o acesso do eleitor ao cartão de eleitor digital. Uma segunda password é requisitada para confirmar o voto."

Fonte: Exame Informática

Mestrado em Segurança Informática

Estão abertas as inscrições no Mestrado em Segurança Informática (MSc in Information Security) que vai funcionar na Faculdade de Ciências da Universidade de Lisboa em colaboração com a Carnegie Mellon University (diploma conjunto das duas universidades).

As inscrições estão abertas até 15 de Abril, mas atenção pois é preciso previamente realizar os exames GRE e TOEFL.

Mais informação:
http://cmuportugal.di.fc.ul.pt/
http://cmuportugal.di.fc.ul.pt/?Contact_us
http://www.icti.cmu.edu/

Software Seguro: princípios, checklists,...

No IEEE Security & Privacy Forum apareceu uma questão sobre "guidelines" e "requirements" para o desenvolvimento de aplicações seguras. Aqui ficam uma série de links tirados das respostas a essa questão:

Common criteria
Orange book (pdf)
Information Assurance Technical Framework Forum
NIST Security Configuration Checklists Repository
Managing Information Security Risks: The OCTAVE Approach
OWASP Project
NSA CSS Security Configuration Guides
BuildSecurityIn

Segurança do Windows Vista (IV)

A Symantec criou uma página com vários documentos sobre a segurança do Windows Vista:

http://www.symantec.com/enterprise/theme.jsp?themeid=vista_research

Rootkits nos periféricos

PC hardware can pose rootkit threat

"Every component in a PC, such as graphics cards, DVD drives and batteries, has some memory space for the software that runs it, called firmware. Miscreants could use this space to hide malicious code that would load the next time the PC boots, John Heasman, research director at NGS Software, said in a presentation at this week's Black Hat DC event here."

Notícia na ZDNet