Cisco Blogs


Cisco Blog > Security

The Check Is Not In the Mail

A bank in the United States, USAA, recently announced a new way their customers can deposit a check into a bank account: capture images on an iPhone and transmit them using an application provided by the bank. In fact, USAA has offered the capability to deposit checks using an ordinary document scanner for several years. Of course, scanners don’t fit in your pocket or purse and are connected to a more traditional personal computer — hence most of us are likely to trust the security of the scanner-based solution because it utilizes technology that has become familiar through regular usage in a variety of ways. More specifically, few people question the security of the transaction when they are able to view the lock icon in their browser while connected to their bank.A cursory read of USAA’s terms and conditions suggest that the security (and potential misuses) of the iPhone application have been duly considered. Indeed, USAA is planning to expand the capability to other popular ‘smart’ phones as well. Given the number of publicized security incidents at financial institutions in the last couple of years, does this have the potential to become another vector for miscreants? Read More »

What Makes a Security Website Valuable To You?

It seems like the amount of security information about new vulnerabilities, threats, and attacks is increasing weekly. Staying on top of this information while still getting other work done can become a real challenge. Network World rated the Cisco Security Intelligence Operations Portal one of the top twenty IT Security resources last year, but we want to make it even better. You can help; in just a few minutes, you can complete an online survey and tell us what you want and expect from a security site. We value your input. Read More »

Proving the Negative – Jail Time for Undisclosed Encryption Keys

Since 2000, the United Kingdom has been operating under the Regulation of Investigatory Powers Act (RIPA). Part 3, Section 49 of RIPA has been of particular interest to the security community because it concerns the disclosure of decrypted data or encryption keys. In the course of an investigation, law enforcement officers can invoke Section 49 to compel notice recipients to provide the encryption keys or disclose the decrypted contents of encrypted files. Failure to do so can lead to prosecution, with a potential for two years in jail, or five years in the case of a national security investigation. For the first time since RIPA’s inception, the latest annual report from the Chief Surveillance Commissioner has revealed that this has resulted in jail time. Read More »

Lessons From an Insider Attack on SCADA Systems

The Cyber Risk Report For June 29 to July 5 covered the story of an insider attack at a Dallas, Texas (United States) hospital. The attacker, Jesse “GhostExodus” McGraw, allegedly was able to leverage his position as a night security guard at the hospital to gain physical access to heating, ventilation, and cooling (HVAC) control systems and manipulate those systems. The intrusion was discovered when security researcher Robert Wesley McGrew from Mississippi State University discovered screenshots taken from the control systems. McGrew approached the United States Federal Bureau of Investigation (FBI) with this evidence, who then took action against the security guard. The guard was recently indicted by the FBI under felony charges of “transmitting a malicious code” according to the Department of Justice press release.

McGrew, a supervisory control and data acquisition (SCADA) systems security researcher, realized the seriousness of the threat, leading to the notification of law enforcement authorities of his findings. Significant danger to the facility could have occurred if the HVAC infrastructure could have been changed in such a way to compromise pharmaceutical storage or stress the health of patients within the medical facility. Read More »

Surprise, All Your Prefix Are Belong To Us!

Prefix Filter Background

An important Border Gateway Protocol (BGP) protection mechanism is the filtering of routing prefixes received from eBGP peers to prevent the BGP process from inadvertently installing unwanted or illegal prefixes in the routing table, whether due to malicious intent or simple misconfiguration. Prefix filtering allows a network administrator to permit or deny specific prefixes that are sent to or received from each eBGP peer, and ensures that network traffic is sent over the intended paths.A real-life example of what can happen when proper prefix filtering is not implemented was generously provided to us by those ISPs peering with Pakistan Telecom (AS17557) back in February 2008. RIPE NCC published an excellent case study on the event.Everything was going well and YouTube (AS36561) was announcing 208.65.152.0/22, that is until Sunday, 24 February 2008 when the longest prefix match game began. On Sunday, 24 February 2008 at 18:47 (UTC), Pakistan Telecom (PT) announced a more specific route (208.65.153.0/24), also known as longest prefix match rule for YouTube, a route which should have been filtered, and then PCCW Global (AS3491) subsequently propagated the announcement, resulting in traffic to YouTube being redirected to Pakistan Telecom. In a nutshell, this was a prefix hijack as a result of the BGP announcement by PT. This, of course, was not exactly what PT envisioned when they invited YouTube to their BGP Party, nor was it the type of party invite that PCCW Global wanted to propagate. Prefix Filters to the rescue! Read More »