BEAST and TLS/SSL Security: What It Means For Users and Web Admins http://blog.trendmicro.com/beast-and-tlsssl-security-what-it-means-for-users-and-web-admins/
What can users do?
â€˘ Keep time spent on sensitive SSL sessions as short as possible. The attacker needs time to decode the encrypted message. If the session cookie is invalid before the attacker has finished, this attack fails.
â€˘ When leaving an SSL protected site, be sure to actually log out, not just move to a new site. In many cases, actively logging out will invalidate any cookie/session data that the attacker may have successfully decoded.
â€˘ Standard security best practices still work. For this attack to be successful, the attacker must have access to either your network or your computer. At the very least, up-to-date security software will make life harder for an attacker.
What can website administrators do?
â€˘ Make sure your logout button performs the expected action. You are leaving users at risk if your site does not actually invalidate session cookies when they click â€ślog outâ€ť.
â€˘ Ensure that session cookies are tied to an IP address where the session was established. If that IP address changes, consider validating that the source of the requests is still your user. This will not prevent this attack, but it will make it harder to exploit your users.
â€˘ Resist the temptation to change SSL ciphers without carefully considering the risks first. While it is true that RC4 is not subject to this attack, it presents more risk than AES. Also, it isnâ€™t a bad idea to keep an eye on the IETF TLS working group.Â New versions of the TLS standard exist that eliminate the weaknesses used in this attack. Unfortunately HTTP server and browser coverage of these new standards is spotty at the moment at the moment. So you have to carefully consider both your environment and your user base before such a change.
TLS (Transport Layer Security) Working Group http://datatracker.ietf.org/wg/tls/charter/
TDL4 Worm Component Employs Bitcoin Mining http://blog.trendmicro.com/the-worm-tdl4-and-botcoin-miners/
QUOTE: TDL4 is a well known variant of the TDSS malware family known for evading detection by antivirus products by infecting affected systemsâ€™ boot sector. Weâ€™ve been monitoring developments related to TDSS, and earlier this year we saw TDL4 exhibit propagation routines through a worm component that Trend Micro detects as WORM_OTORUN.ASH.
Amazon Unveils $199 Kindle Fire Tablet http://www.bloomberg.com/news/2011-09-28/amazon-unveils-199-kindle-fire-tablet.html
QUOTE: The Kindle Fire will have a 7-inch display and sell for $199, compared with $499 for Appleâ€™s cheapest iPad, Amazon executives said in interviews with Bloomberg Businessweek. The device, a souped-up version of the Kindle electronic-book reader, will run on Google Inc.â€™s Android software, the Seattle-based company said. Amazon also introduced a touch-screen version of its e-reader, to be called Kindle Touch.
F-Secure ShareSafe Beta – Security Application for Facebook http://www.f-secure.com/weblog/archives/00002243.html
QUOTE: Security applications and Facebook tend to mix together like oil and water.Â Therefore, when attempting to develop a security application for Facebookâ€¦ it had better not be boring. And that brings us to our new beta: F-Secure ShareSafe. The development team behind ShareSafe aims to build an entertaining Facebook app, with security benefits tagging along for the ride.
eWeek Microsoft’s Windows 8 Developer Preview: First Look http://www.eweek.com/c/a/Enterprise-Applications/Microsofts-Windows-8-Developer-Preview-First-Look-432584/
QUOTE: Microsoft has offered its Developer Preview of its upcoming Windows 8 to the world. This early glimpse of the operating system, while nowhere near finished, offers a one-of-a-kind perspective into Microsoftâ€™s thinking when it comes to the next generation of Windows. For one thing, the company also intends Windows 8 to make substantial inroads into the tablet category, currently dominated by Appleâ€™s iPadâ€”and it plans to do so by offering a touch-centric â€śMetroâ€ť interface that consists of colorful tiles linked to applications.
Microsoft MSRT – 2nd Release for September 2011
QUOTE: For the month of September, Microsoft is adding the Win32/Kelihos family to a second release of the Malicious Software Removal Tool. This additional release is to support the most recent action in Project MARS- Operation b79 which targets the Kelihos botnet. The Win32/Kelihos malware family distributes spam email messages that may contain links to web sites serving installers of Kelihos itself. It may also communicate with remote computers to exchange information that it uses to execute various tasks such as bootstrapping to the botnet, sending spam emails promoting bogus products or services, stealing sensitive information, or downloading and executing arbitrary files.
Microsoft killed Kelihos botnet http://isc.sans.org/diary/Microsoft+killed+Kelihos+botnet/11644
QUOTE: Great news for Internet security. Microsoft has effectively killed off the Kelihos botnet which has about 42-45K nodes. The signature to remove the botnet agent from infected machine is added to the Malicious Software Removal Tool which will be rolled out to users taking automatic updates. Microsoft also took a proactive approach on the legal front, filing for court order to get Verisign (the domain registrar for the malicious domains) to take down the malicious domains related to the botnet operations.
[Disclaimer: Iâ€™ve received a free copy of this book for reviewing]
A few days ago, Iâ€™ve received a copy of the Parallel Programming With MS VS 2010 book. Before delving into the parallel lib, the books starts by presenting several interesting concepts related with parallel/multithreaded programming. From chapter 2 onwards, itâ€™s all about the Parallel Lib. Chapter 2 presents several concepts related with adding task parallelism in your apps and Chapter 3 moves forward and tries to present several interesting ideas associated with data parallelism. Chapter 5 wraps it up by presenting several PLINQ related concepts. In Chapter 5, the author presents the concurrent collections and Chapter 6 wraps it up by talking a little bit about the available options for customizing the parallel lib.
I must say that I was really excited when I received the book. After all, multithreading programming is one of the areas that I really like to dig into. Unfortunately, the excitement was gone after reading the first 3/4 chapters. Iâ€™ve got two problems with this book: the first is it presents the code step by step and then it shows all the code. In other words, the book has lots of extra pages which really donâ€™t add anything to it. The second issue I have with the book is that it doesnâ€™t go deep enough. The examples shown are rather simple and, in my opinion, donâ€™t really bring much more than the online docs. Overall, Iâ€™m giving it a 5/10.
We’ll be in GĂ¶teborg, Sweden with Mikael Nystrom
03 October 2011 9:30 to 4:30 p.m