Security Insights from the Cisco Security Community

The Impact of E-Surveillance on Information Security in India

The unabated proliferation of Information Technology has had significant impact on the manner in which organizations conduct their business, effectively rendering geographical boundaries redundant.  This impact has been particularly notable in developing countries such as India, which has witnessed a meteoric rise in the use of Information Technology and Information Technology services over the past few years.  While immensely contributing to the nation’s economy, this growth has unfortunately also served as an invaluable tool for terrorism and other anti-national activities.  Consequently, citing the best interests of the security and safety of its citizens, the government of India has amended its Information Technology Act (2000), which has recently passed into law.

Read More.

Posted by Prasanna Sambasivan at 03:18PM PST

Cisco SIO Delivering Training at Black Hat DC 2010 - Round 2

A few months back at Black Hat USA 2009 a few members of Cisco Security Intelligence Operations (SIO) delivered our first, of what is expected to be many, training sessions to conference attendees.  Well, here we are three months later with Black Hat DC 2010 just around the corner and we (Cisco SIO) are back on the agenda again to deliver our hands-on Detecting & Mitigating Attacks Using Your Network Infrastructure training session. One small change for round 2 though, John Stuppi will be joining us as an instructor for our training session in Arlington, VA.  Welcome aboard John - oh if he only knew what he was getting himself into. ☺

As described in a previous blog post by one of my fellow instructors and esteemed Cisco Security blogger, Tim Sammut, we will be informing and teaching attendees about the built-in features, solutions, and capabilities that exist in devices within your network infrastructure and how to make practical and effective use of the devices to monitor, detect, prevent, and trigger responses to attacks and threats.

Read More.

Posted by Joseph Karpenko at 05:09AM PST

Internet Safety for Kids and Parents

Cisco is committed to working with the public sector, partners, and customers to ensure cyber security from the workplace to the home.  The month of October is National Cyber Security Awareness Month, and as it comes to an end we thought we’d share a short video from Cisco CSO John N. Stewart where he provides tips on Internet safety for kids and parents to protect themselves online.

When it comes to 21^st century education, parents and kids have an important role.  Recently, Cisco took that message to Piedmont Middle School in San Jose, CA, with the help of the characters from The Realm.

Read More.

Posted by Cisco PR at 11:13AM PST

Considering the Risks and Rewards of Social Media

Social media continues to pervade cultures around the globe, and the usefulness and popularity of social media sites and services has been demonstrated in some impressive ways. The power and reach of social media outlets has empowered individuals to make their voice heard around the world in an instant, most often unfiltered and unrestrained. The extent of social media’s influence on individuals’ lives has pulled it into organizations, many of which have embraced these new technologies and sought to leverage them for profit.

Still, the application of blogs, videos, real-time status updates, and online collaboration are cause for concern, in no small part because of the concentration of power in the hands of the individual employing them. Organizations continue to struggle with whether to allow employees to participate in these networks, how to enforce policies, and how to adjust to all that the networks have to offer—even for industries that are built in large part around individual identities, like the entertainment studios discussed in this week’s Cyber Risk Report.

Read More.

Posted by Seth Hanford at 11:56AM PST

Common Errors Causing DKIM Verification Failures

Cisco recently upgraded its email infrastructure to use our IronPort email security appliances to apply and verify DomainKeys Identified Mail (DKIM) signatures on outgoing and incoming email.  We had previously been using a prototype implementation of DKIM that we had begun early in the process of standardizing DKIM.  In the process, they made available to me some information on DKIM signature verification successes and failures.  While we had previously published information on DKIM signature verification showing the increasing deployment of DKIM signing, this is the first time that we have had comprehensive information on signatures that fail to verify.  The study involved about 14.2 million messages with DKIM signatures, 5.33% of which failed to verify.  The messages came from 16,797 different domains, 10,968 (65%) of which had 100% verification rates and 2,899 of which failed consistently.

Read More.

Posted by Jim Fenton at 05:26AM PST

Cloud Computing: Not a Security Panacea

The Microsoft Sidekick data loss was a pretty big story over the last week or two; for a while, Microsoft was predicting a total loss of all data, although by October 15, things seemed to start looking better in that department.  Some have already discussed whether this failure should be used to represent cloud computing entirely.  (To get it out of the way now—no, it shouldn’t.)  But there remains a gap in expectations and some level of assumptions about what cloud computing has to offer.

Read More.

Posted by Seth Hanford at 01:54PM PST

Securing the Branch

I suspect that when we use the term “branch” when talking about businesses, many minds think of a bank. But actually, the notion of a branch is much more widespread for organizations as they pursue flexible options for expanding their workforce, as well as globalization. From an IT perspective, the branch has changed from a few remote offices each with multiple people to sometimes thousands of remote workers connecting to the network from their home offices. In fact, according to a recent survey, the number of employees working away from headquarters is approaching 90%.

Read More.

Posted by Fred Kost at 07:11AM PST

Seeing The Big Picture With Global Correlation

In a previous post I provided an overview of the Cisco Global Correlation (GC) capability that was recently added to Cisco Intrusion Prevention Systems (IPS). The information sent to SensorBase includes signatures that generated alerts and other relevant data.

I thought it would be interesting to highlight what we can learn from this growing data set. I intend to focus my analysis around FTP-related signatures. Because FTP security issues are relatively well understood, I will be able to highlight the correlation capability we have at our disposal and focus less on the specific threat that is driving my analysis.

Read More.

Posted by Shiva Persaud at 10:06AM PST

Hurry Up, Already!

About a month ago, there was a coordinated disclosure on a flaw in TCP which affected a number of vendors, including Cisco. As is often the case when a vulnerability is disclosed in a widely-deployed technology such as TCP, it’s in the best interests of customers and the industry alike that everyone agrees on a common solution to the issue, as well as a date and time of disclosure. In this most recent event, the issue was first reported over a year ago—so what took vendors so long to formally address the flaw?

Read More.

Posted by Richard Aceves at 08:21AM PST

Spotting Phishers In Three Easy Steps

With the recent deluge of phishing attacks (see 1, 2, 3, 4 and 5) it’s time once again to review some of the more common phishing methods and what you can do to spot and defeat them.  Below I go over three you’re likely to see: Phishers getting to know you, complimenting, and befriending you. You’ll notice the tactics used by phishers build on each other. Unfortunately, as users have become more sophisticated, so have phishers.

[Before we go further you might be wondering… What the heck is phishing? Is it fun? Does it go well with lemon and dill? Answer: Phishing is the term used for the attempt at getting usernames/passwords/other credentials out of someone through subterfuge. It is only fun if you do it to your siblings or friends in jest.  I wouldn’t recommend lemon near your computer.]

Read More.

Posted by Lauren Friedman at 02:30PM PST

Trojan Seeks to Exploit, Create Blindspot in Online Banking

Recent reports from security firm Finjan have highlighted an emerging capability for malicious code. The URLZone Trojan has the ability to alter HTML pages for certain German banks when viewed through a browser on an infected system. As a result, the attacker employing the trojan can make large transfers to the accounts of “mules”, who are often duped accomplices that launder transactions, without alerting the user of the infected system. The end result is that customers who trust only the information that their computer displays from their bank’s web site might not know that they have been defrauded.  It might take an account overdraw or some other out-of-band event to make them aware of the shortfall.

Read More.

Posted by Seth Hanford at 06:01AM PST

Here, Have the Keys to My Whole Life

The web was all in a ruckus in late August, 2009.  Embarrassing screenshots of many Facebook accounts echoed, prompting questions of veracity and user adherence to basic security principles.  In fact, everything actually happened last February.  According to Jimmy Ruska’s detailed analysis of the incident, a Christian singles website accidentally allowed the email addresses and passwords of their entire 35000-strong userbase to be exposed.  Many of the users of this singles website used the same password for all of their online accounts.  This enabled the infamously malicious users of 4chan, an online forum that offers and encourages anonymous posting, to access the email, social networking, e-commerce and online payment processing accounts of the members of the site.  The Register has coverage of the attacks, although they neglect to mention when the attacks actually occurred.

This incident highlights how much risk you are taking whenever you use the same credentials at multiple websites.  With many websites using either your email address as your login name or offering password resets via email, it only takes one unintended exposure of its database of login credentials by one website for a potentially significant portion of your life and identity to be stolen and used by miscreants.  Read on for more details about the risks of re-using passwords or using passwords that are easily guessable, and for helpful advice on how you can reduce the risk to you and your business by managing unique passwords or using two-factor authentication.

Read More.

Posted by Henry Stern at 08:15AM PST

A Digital Trail of Breadcrumbs

A few weeks ago, I talked a little bit about the threat of de-anonymization. In this week’s Cyber Risk Report, we discuss another facet to this growing problem of data collection: persistent digital traces deposited through everyday activities. Specifically, we discussed how mobile phone location and activity can uncover habits, relationships, and other inferences about a person’s habits, identity, friendships, and even job satisfaction. If the threat of de-anonymization is eroding our privacy and putting our personal information at risk, then the persistent collection of digital information that could feasibly be de-anonymized is creating a pervasive threat to our personal lives.

Read More.

Posted by Seth Hanford at 07:50AM PST

Things That The Internet Has Changed

Earlier this month, the online edition of Telegraph published an article under the title “50 things that are being killed by the Internet.” Some of the items listed could not solely be attributed to the Internet, but the Internet has contributed and brought them to light (e.g., not paying for music or wanting free but authoritative reference works), and other items are signs of progress (e.g., moving from printed fanzines to online ones). But all that aside, the Internet and the World Wide Web do have tremendous influence on the way we live, work, play and learn.

Read More.

Posted by Damir Rajnovic at 06:57AM PST

September 2009 Cisco IOS Software Security Advisory Bundle Released

Today we announced the September 2009 bundle of Cisco IOS Software Security Advisories. In line with our previous announcements, this grouping of advisories discloses security vulnerabilities in Cisco IOS Software.

Information on the vulnerabilities disclosed today can be found at the Cisco Security Advisory listing page. Additionally, we create an Event Response Page (ERP) for our advisory bundles as we’ve done for Microsoft vulnerabilities since June 2007. These Event Response Pages are designed to be a starting point for your vulnerability triage needs. The pages contain links to important documents as well as the assigned CVEs and CVSS scores. The ERP for the IOS vulnerabilities disclosed today can be found over at our Security Intelligence Operations portal.

The bundling concept was implemented in response to feedback that the lack of an announced schedule for Cisco IOS Software vulnerability disclosure was not allowing customers to appropriately plan for and integrate security advisories into their management processes. As a general rule, our advisory bundle timelines are limited to Cisco IOS Software and do not include any other Cisco products or operating systems. However, if the same vulnerability exists in Cisco IOS Software and another product—for example Cisco IOS-XE or Unified Communications Manager—we will work to release the corresponding advisories simultaneously. In fact, this was done today and in September 2008 when we disclosed SIP-related vulnerabilities that affected both Cisco Unified Communication Manager and Cisco IOS Software.

Read More.

Posted by Tim Sammut at 09:01AM PST