Vulnerabilities Archives

Vulnerabilities

Senate Report Warns of Attacks on Military Transport Contractors

September 18, 2014 Paul Roberts

A Senate Armed Services Committee investigation has found evidence that hackers associated with the Chinese government compromised the computer systems of U.S. Transportation Command contractors at least 20 times in a single year. The attacks pose a serious risk to the system that moves military troops and equipment. The Committee released the report on Wednesday. (PDF copy here.) It presented the results of a year-long investigation of U.S. Transportation Command, or “TRANSCOM,” found a serious gap in awareness and reporting requirements. TRANSCOM was only aware of two of the 20 intrusions, while U.S. Transportation Command remained mostly unaware of the computer compromises of contractors during and after the attacks. “These peacetime intrusions into the networks of key defense contractors are more evidence of China’s aggressive actions in cyberspace,” said Sen. Carl Levin, D-Mich., the committee’s chairman in a published statement. “Our findings are a warning that we must do much more to protect strategically significant […]

Cisco Updates ASA Security Appliance To Tackle Zero Day Malware

September 17, 2014 Paul Roberts

We’re used to writing about all the things that are changing in the security field: the onslaught of mobile devices and connected ‘stuff,’ the advent of ‘advanced’ and ‘persistent’ adversaries, the destruction of the network perimeter. But all this talk about change can obscure the fact that so much has not changed. Companies still maintain perimeters, after all, and they rely on nuts-and-bolts technologies to defend them. But these days, those products need to do more – especially in the area of ‘advanced threats’ that are likely to slip past traditional antivirus and IDS products. Enter Cisco Systems, which on Tuesday announced a new version of its ‘next generation firewall‘: the Cisco ASA (Adaptive Security Appliance) with FirePOWER Services. The appliance is the first to make full use of technology from Cisco’s acquisition of Sourcefire last year. Specifically, the latest ASA integrates Sourcefire’s Advanced Malware Protection (or AMP) technology, which gives the […]

Concept Worm Could Spread Between Networked Attached Storage Systems

September 16, 2014 Paul Roberts

Kelly Jackson Higgins over at Dark Reading has a really interesting story about a researcher who is building a NAS worm. That’s right: some automated malware that will be capable of roaming the Internet finding and compromising consumer network attached storage (NAS) devices. Higgins interviewed Jacob Holcomb, a security analyst at the firm Independent Security Evaluators, has rolled more than two dozen previously unknown and undiscovered (‘zero day’) software vulnerabilities in NAS products into a proof-of-concept, self-replicating worm. According to Higgins, the worm scans for vulnerable services running on NAS systems — mostly web servers — and identifies the type of NAS device and whether it harbors the bugs. If a known, vulnerable platform is discovered, the worm launches the corresponding exploit from its quiver to take control of the device. Compromised devices are then used to scan for other, similar devices. Holcomb has already informed affected vendors – a list that includes […]

Building an Unhackable Autonomous Vehicle – CityLab

September 11, 2014 Paul Roberts

The folks over at The Atlantic have an intriguing take on the subject of “connected vehicles” and autonomous driving. Now this is a vision that we’ve been chasing for more than 50 years (consider all the technicolor “highway of tomorrow” films from the 50s and 60s). And we’re on the cusp of realizing it. Google’s self-driving car is racking up the miles and automated features like hands free cruise control and collision avoidance are making their way into production vehicles. As Alexis Madrigal at The Atlantic’s (cool) CityLab writes, however, there’s one major fly in the ointment when you consider the super efficient, algorithmically driven road of the future: humans. Specifically: Madrigal, in the course of writing an article on how to build an ‘unhackable’ car poses a scenario that I think is very likely: humans who subvert or otherwise game vehicle automation features to suit their own needs. Imagining the orderly procession […]

Cyber Insurance Is Sexy

September 9, 2014 Paul Roberts

So bland is the insurance business perceived to be, that it’s the stuff of Hollywood comedy. In the 2004 film Along Came Polly, Ben Stiller played a skittish, risk averse insurance adjuster with actuarial data on bathroom hygiene at his fingertips (no pun). Woody Allen famously depicts his hapless criminal Virgil Starkwell locked in solitary confinement with an eager insurance salesman in the 1969 mocumentary Take the Money and Run. Cruel and unusual punishment, indeed. Boring though they may be, insurance markets are incredibly important in helping society manage risks of all sorts. Insurance markets also have a funny way of shaping behavior – both personal and commercial – in ways that serve the public interest. Take the response to Hurricane Sandy as just one example. Law makers in Washington D.C. may never agree on whether that storm was a product of a warming climate. In fact, they may debate the […]