Cisco Blogs


Cisco Blog > Security

Text Message Donations May Revolutionize Giving, Scamming

The American Red Cross had a tremendously positive response when it announced a mobile phone giving campaign in the wake of the January 12, 2010 earthquake in Haiti. The campaign was announced at 9pm on Tuesday, Jan 12; by 10am Thursday, Jan 14, the group had collected $3.4 million through mobile donations alone. Each text of the word ‘HAITI’ to the number 90999 was a $10 donation. 340,000 people gave $10 each in just over 36 hours.

I didn’t give a dime via my cell phone. The whole thing smelled like a scam to me, but 340,000 of my fellow Americans did not agree. I was wrong on this one. But given the ubiquity of scams surrounding the Haiti disaster, it would be good to know how we can tell when to trust these campaigns, or when not trust them, down the road.

Read More »

Gartner Recognizes Cisco as a Leader in the Magic Quadrant for SSL VPNs

Mobility is changing the world we work in, and the recent launch of Google’s phone shows that smartphones are here to stay. Whether we are talking about iPhones, Blackberries, or Nokia, Samsung, and Google smartphones, people are using these devices and their laptops to connect to work and personal information, no matter where they are located.

Workers must ensure that they have a secure connection when they are mobile and the key to ensuring secure remote connectivity is VPN technology. Cisco continues to invest in VPN solutions to help the mobile workforce remain secure when they are out of the office with innovative solutions that provide a seamless and secure connectivity experience.

Last month, Gartner recognized and positioned Cisco as a leader in the 2009 Magic Quadrant for SSL VPNs.

Read More »

Wikileaks and the Economics of Information Disclosure

Wikileaks.org is currently experimenting with the economics of information disclosure. As of January 21, the site was offline, soliciting donations that will assist its operators to continue to provide service. That service, of course, is the coordinated disclosure of secret information that once belonged to governments, corporations, and other organizations, and the subsequent efforts to ensure that this information remains public.

When discussing the Wikileaks operational suspension, it is clear to see that there can be both positive and negative aspects to such a disclosure policy. This is to be expected — information disclosure is a risk decision, and as with all risk decisions, there are issues of risk tolerance and risk acceptance that differ among organizations. How Wikileaks chooses to approach information handling and disclosure should give some insight into their motivations and direction. But it is especially interesting to see some of the economic factors behind Wikileaks, some of their operational challenges, and what kinds of risks they are preparing to face.

Read More »

Exploring a Java Bot: Part 3

January 19, 2010 at 1:18 pm PST

Before we begin part 3 in this series, let’s review what we’ve covered so far. In the first post we learned how this bot was discovered and some basics about botnets. In the second post we covered botnet fundamentals like command and control (C&C) and various other capabilities. In this post we will examine some of the offensive features incorporated into a botnet designed to launch attacks and maintain control of hosts (aka victims). First we will discuss how botnets spread and then we will look at flooding and how it’s implemented in this bot.

There are two main ways malware spreads. It’s important to note that these two methods are not mutually exclusive. The first method, made famous by the Morris worm, involves targeting a network-based vulnerability; the author designs an exploit to spread his malware. Once the malware takes over a machine it then infects other machines. Every time the binary moves from one machine to another the botnet has the potential to see exponential growth. Most vulnerabilities only affect a specific operating system at a specific range of patch levels. Malware of this nature often hits big and then its growth rate takes a steep dive as patches become available and as malware is removed. Once the vulnerability is patched, the malware must adapt or accept a shrinking attack surface. Two recent examples of this method are Conficker and Slammer. It is important to note the distinction between the growth rate slowing down and the number of compromised machines. There are still countless machines connected to the Internet running both worms. Even as the growth rate approaches zero, many, many computers have already been infected and continue to run the malware. In two days time on a single Intrusion Prevention System (IPS) we saw over 178,000 slammer attacks.

An attacker simply needs to trick an unsuspecting user into running a binary that is under the control of the attacker. This attack vector is known as a trojan horse. A malware author would package his wares as a link from a friend, a new game of interest, or even a program to create keys for pirated software, etc.

Read More »

Tags: , , , ,

Security – Who is Responsible?

Do you view your security posture in the office as more or less important in comparison to your residence? And how does that compare to the personal security profile that you exercise for you and your family? Who should be shouldering the security responsibility? I posit — you are responsible. And I would add that you also need to hold yourself accountable.

At work you may rely on yourself. If you are fortunate to work for a company with resources focused on security, you may, dare I say, share reliance with a few groups. These groups include the “information security” team who attempts to keep information safe (be it data, network, laptop or smart phone), the “physical security” team who keeps your building safe from intruders, and the local “industrial police force” responsible for keeping your person safe and secure. Such reliance is appropriate. In each instance the person or entity you are relying on the most is also relying on you at least as much, and often times more so.

An example from the physical world: when you ride public transport you rely on the operator of the vehicle to drive in a safe and secure manner and obey the “rules of the road.” These rules are designed to keep order as we meld in amongst the chaos we affectionately call “traffic.” The operators are also relying on you to make the right choices (how to enter and exit, pay fares, sit and stand, etc.) and to understand the consequences — be they intended or unintended — of your choices should you not follow the rules. This is the accountability part of the equation — you own the end result of your choices and actions.

Throughout my 30+ years involved in the practice of security it has been my experience that too often people ascribe responsibility for their security to others. When is the last time you heard someone say, “It is my responsibility to be secure! It is my responsibility to maintain security!” or conversely, “Today I am going to be insecure!” It just doesn’t happen. Though the reality is that every single day my actions demonstrate my desire to be secure and maintain security, and perhaps yours do as well. And yes, it has also been my experience that occasionally I’ve made choices which have caused others to say, “What was he thinking?” and conclude, “There wasn’t any thought process engaged.” I will try to keep those instances to a minimum. However, we all bear responsibility for our own security.

Let me share a few of my thoughts:

Read More »