Over the past few months I've been involved (rather luckily!) in some cutting edge technology projects. One project I'm involved in surrounds heuristic technology. Lots and lots of security vendors are showing interest in this technology.
10 years ago I was privileged to work in the R&D department of Nortel Networks Fraud Solutions - this is where neural networks were first developed. Since those heady days, I've not been fortunate to come across this type of technology (or anything near it) until the last 18 months. It seems all the security players are looking for an 'edge' - something that provides their clients with advanced detection capabilities. Signature detection requires considerable resource, whereas the heuristic approach doesn't - so it's no surprise security vendors and clients are looking in this direction.
The behavioural model does have issues, most notably with the algorithm detection which although adapts isn't yet intelligent enough to be used as an 'independent' detection solution. This is where the 'Blended Threat Module' neural approach comes into the picture - and most notably the neural behavioral work we are doing in the AV space. Our work continues (we are in final system testing of some cutting edge software) and we hope to release the product very soon. A number of security vendors have also shown an interest in this technology. More on this in due course.
Symantec (Norton 2010) is also taking an additional approach (I do think others will follow suit here i.e. Spamfighter relies on the community to update a database which then updates everyone elses spam filters) with using it's database Quorum - which makes use of the anonymous software usage patterns of Symantec’s extensive volunteer user community to automatically identify entirely new spyware, viruses and worms. I do like this approach, but to me it says they are giving up the 'malware fight'. Whatever I think, Symantec will no doubt lead the way with others following later on.
I'm also working on another FYEO project (with low memory footprint and kernel protection) which I suspect will interest investors and security companies alike. I'll update you all on developments sometime next month, before the festive activities begin!
Julian (and IDTP Labs)
Thursday, 26 November 2009
Musings from the ID Theft Protect Labs
Monday, 16 November 2009
Two simple ways to disable Adobe Flash Player
Over the past few months we have seen an increased threat from Flash exploits. I've personally received many emails asking me how individuals and businesses should go about stopping the Flash browser threat. If you use Firefox or Internet Explorer 7 (this does not include version 8.0) you can disable Flash whenever you need to. I've found two browser add-ons that are very useful Flash management tools. Here are the two applications (add-ons) I'm recommending:
NoScript - Firefox
- Open the Firefox browser
- Click 'Tools' then 'add-ons'
- Click 'Get add-ons' then click 'browser ALL add-ons' (this will open a new browser TAB)
- Search for 'NoScript'
- Alternatively, you can download directly from this page: http://id-theftprotect.com/redir_adv.php?adv_id=751
- technical knowledge is required as most end-users don't know what 'scripts' are
- user has to right click a web page to enable or disable scripts - would be useful to have a toolbar
- if flash is disabled for example, nothing shows the user why? Some intructional web text would be useful
- doesn't include a 'nobrowser' extension integrated into a 'NoScript' toobar
To install the Internet Explorer application called 'Toggle Flash':
Download here: http://id-theftprotect.com/redir_adv.php?adv_id=751
To install the Internet Explorer application called 'Toggle Flash':
- Open Internet Explorer and click the Toggle Flash button to toggle/disable Flash. If the Toggle Flash button does not appear on the Toolbar, either unlock and resize the Toolbar or customize the Toolbar and add the button
- Since Toggle Flash is currently unsigned, an Internet Explorer Security window might appear. If it does, check “Do not show me the warning for this program again” and click Allow to prevent the Internet Explorer Security window from reappearing
- Doesn't work with IE 8.0
- No options menu i.e. website whitelist; additional restrictions for untrusted sites; no option for status bar icon/label; doesn't show notifications; doesn't provide XSS or JAR document security (NoScript provides this level of protection)
You will be amazed how many browsers crash when Flash is being used - so it's useful to be able to control what Flash content is delivered to your browser. There is also a notable CPU increase when Flash is used too, so having the flexibility to enable/disable Flash is a useful option indeed, outside of the obvious security issues.
Safe surfing folks!
Julian
Wednesday, 11 November 2009
Mobile spy applications pose security risk
In the last few days I couldn’t help but stumble on a story surrounding a mobile spy application for Google Android. The latest mobile spy application is called “Mobile Spy”. The app records a detailed log of calls, visited URLs, incoming and outgoing SMS messages (this includes the entire text message along with the recipients telephone number) and GPS locations.
Now, you might think what’s the problem? Firstly this app (like many others i.e. PhoneSnoop for BlackBerry) runs in total stealth mode. Worse still, if you do a search for the app on your Android phone you’ll be unable to find it even in the installation folder, so once you’ve installed it, how do you remove it?
The problem here is this application is actually running like malware would – hidden from view and collecting sensitive data into a log. This log could (it doesn’t, but there is nothing to stop this from actually happening) be sent ‘silently’ to a hacker, very much the same way that data is maliciously collected from infected PCs without the user ever knowing.
My next thought is - will anti-virus vendors label this app as malware? If they do, expect both the makers of mobile spy applications and the anti-virus vendors to attempt to outwit each other – not that mobile users use mobile anti-virus. My research suggests very few people know that they need anti-virus or even where to look for it.
If you use Windows Mobile, I’d personally suggest you do use a mobile anti-virus – those of us who use the Symbian, Apple and Android platforms are for now very much safe. In the future mobiles will be a greater threat than PCs, especially as more and more users purchase smartphones, so we’d all better be prepared for the changes, challenges and threats that are around the corner.
Finally, let’s not forget that “Mobile Spy” is a commercial app for now, so I don’t want to encourage people that it’s a totally useless piece of software for the average user. Far from it, as I believe some people may find some use - i.e. to track a loved one who may be cheating on you. Hackers in my mind are the real winners here. I’m sure they will in the future find some way to exploit this type of ‘genuine’ software for malicious purposes. For now, mobile users are safe, but for how long?
Source: ID Theft Protect
Safe surfing folks!
Julian
Thursday, 22 October 2009
Fake chip and PIN readers on the rise
Evidence is emerging that fake chip and PIN readers are being swapped for real devices in the UK and around the world. Criminals are targeting credit card data using fake Point of Sale (POS) devices. Criminal businesses adapt to the changing environment just like legal businesses, however criminal enterprise is looking at new crimes where the suppliers of the readers and those using them against customers would both get a cut of the profits. Even the tough economic times can affect fraudsters!
The business model is very simple. A fraudster at the POS obtains a card reader (the chip and pin machines) subsidized from a criminal supplier and then they would swap it out for the real device at the targeted location i.e. restaurant, railway station or retail outlet. A real customer comes along to pay and has their card swiped and the reader behaves exactly the same as a real chip and PIN device.
The big difference here is that when a real customer has their card swiped everything will appear normal. All the cards work just fine, but all the information that is stored on the card including the chip and PIN are copied and transferred for example using wireless to a web server (this is where websites you visit are hosted – so you can imagine just how many web servers are out on the Internet.
The card criminals (operators) also have a great opportunity to earn money from the fraud, and would expect to earn up to 30% of the credit card data value.
Safe surfing folks!
Julian
