Happy New Year to everyone, and all the best to all of you and your families in 2010. 2009 has been a busy year of ups and downs in the Infosec community and I am sure we will all have more fun and frolics as we roll into 2010.
With this in mind I thought I would share some predictions for 2010 as I look into my Security Crystal Ball Its all very mystic meg I know…
The buzz that is cloud security will continue to grow, and as more organisations look to realise the possible savings we find out how some of the early adopters didn’t do security right.
Increased focus on compliance and regulation. Organisations failing to meet PCI:DSS compliance to be met with stricter penalties, I think we are going to see more action less talk. The Information Commissioner and his team are going to be more proactive with identifying organisation not meeting their data protection obligations. Finally the FSA’s new task force are going to uncover more insecure goings on in the financial institutions as they start lifting the carpets to find whats been swept under there for years.
With increasing threats from various governments to impose restrictions on Internet access, and deep packet inspection, the growth in knowledge and usage of darknets will increase.
Continued adoption of full disk, endpoint encryption technologies and data loss prevention solutions as organisations attempt to get more control of their data and where it flows.
Increased disclosure laws in Europe. I have said this before but I think as the consumer becomes more aware about the regulations that exist, pressure is going to come to have a better understanding of breaches and data loss, similar to what exists in the US.
People will continue to do things insecurely, so called hackers will break things, get caught and claim some form of illness, the fairies made me do it.
Increased security awareness around the use and adoption of social networking sites. This may lead to more organisations restricting the usage, and hopefully increased consumer awareness to share less information.
Windows 7 to be bashed about increasing number of found security vulnerabilities, and the time taken to patch.
Increasing PDF related security issues and Adobe fail. Exploit writers will become more creative and not rely on the simple Java stuff.
A slight growth in awareness of security threats to mobile platforms. I don’t think we are going to suddenly see loads of exploits targeted as mobiles as I still don’t think the value is there, but there will be some more talk and research as we continue to rely and do more whilst mobile.
More exploits targeting virtualised environments. I think there is going to be a greater push for virtulisation in 2010, Googles OS is a perfect example, so researchers will start looking at this more.
So basically alot of the same really I am sure if I could think of more, but its all just guessing really, no one really knows for sure.
What does 2010 hold for me, well……. I am looking forward to some great interviews we have coming up on the Eurotrash Security Podcast, I will also hopefully be setting up a couple of UK based Security Bloggers Meet Ups in 2010, and I also hopefully have some reviews of the IronKey S200 Personal and Enterprise coming in Jan, along with DESLock.
I am hoping for a year of more Infosec challenges and learning opportunities to fuel my passion for the industry. Also time and funds available I am looking forward to seeing more of my Infosec buddies and conferences, and meeting new people also. Oh and I also still need to work out to use my new Mac properly, its a learning curve
So all the best to all of you, and I hope 2010 brings you more ups than downs.
Most people will have heard of Microsoft COFEE (Computer Online Forensics Evidence Extractor), the free forensics tool that has been handed out to law enforcement to aid in investigations. This tool was leaked online a month or so ago, and has been met with varying opinions in the security community.
A couple of hackers released (for a short period of time) a counter tool DECAF, this tool apparently provided various countermeasures to detect and impact the presence of COFEE.
Decaf boasts a huge variety of user-driven countermeasures against COFEE. In addition to nuking temporary files within seconds of detecting files or processes associated with the investigative tool, Decaf can also clear all COFEE logs, disable USB drives, and contaminate or spoof a variety of MAC addresses
I personally never saw this tool, and have not done any searching to find a copy, but the developers have now removed the tool.
DECAF wasn’t fake. It did what it was set out to do and did it well, we just respect authority and experts in the field and would rather promote a positive move then a negative one.
Some will understand, some will not. We did not remove the tool because of Microsoft. In fact, they did not even release a statement until after the tool was pulled offline. Going after major corporations like Microsoft is no easy task. Just understand we did what we feel is best for the safety and well being of our nation and other governments.
The forums are up, come check us out: www.cruxt.org
This may have been short lived, but its certainly interesting.
A very special Xmas episode recorded together with the Exotic Liability crew. Chris, Craig, Dale and Wim are joined by Chris and Ryan to discuss what moved the infosec community on both sides of the big pond in 2009 and are looking forward to 2010. One certainty being you will receive more and better Exotic Trash / EuroLiability.
Have a very merry Christmas and may your information not be compromized in 2010.
Once again I have been having trouble finding the time to make blog posts, but I thought I should make the effort for a quick one so to speak.
Unless your living under a rock you will be familiar with all the buzz around cloud computing. There is alot of discussion about the benefits, risks etc, but I think no one can deny the possible power that can be leveraged.
A perfect example of this is the new WPA Cracker offering.
WPA Cracker is a cloud cracking service for penetration testers and network auditors who need to check the security of WPA-PSK protected wireless networks.
WPA-PSK networks are vulnerable to dictionary attacks, but running a respectable-sized dictionary over a WPA network handshake can take days or weeks. WPA Cracker gives you access to a 400CPU cluster that will run your network capture against a 135 million word dictionary created specifically for WPA passwords. While this job would take over 5 days on a contemporary dual-core PC, on our cluster it takes an average of 20 minutes, for only $17.
I have not had the opportunity to try this out myself yet, but I think the costs sound reasonable, and the time reduction would be very handy on a pentest.
So Shodan, I am sure most people have heard about this now, I have just struggled with work to find the time for any blogging, but I kept meaning to do a quick blog about this.
We all know search engines spider anything that’s visible on the Internet, Shodan helps you identify network devices and the versions they are running. As with all tools they can be used for good and evil. Obviously Shodan makes finding things a little easier, so this could make compromise a little easier, but you could also take the stance organisations should utilise this tool to see what is available online and re-mediate.
I think its a good tool so check it out, there is some speculation about how long the site will be allowed to remain due to typical political correctness. So check it out whilst its still hot.
Its all very mystic meg I know…
