marxbitware.com

Attackers' behavior builds better blacklists

Computer scientists from SRI International and the SANS Institute plan to present a paper next week on a technique that correlates an attacker's preference for victims' networks as a way to prioritize additions to a blacklist. The technique, dubbed "highly predictive blacklists," allows network owners to correlate attacks on their network with attackers' preferences for other networks. Using a system conceptually similar to Google's PageRank system, the researchers used firewall logs contributed by participants in the SANS Institute's DShield service to correlate attacker's choice of targets. By matching up the preferred victims of a known attacker, the researchers have been able to develop per-network blacklists that perform better than either massive global lists or more focused local lists, according the paper.

Marx 448 Bit Encryption v2.0 - Released

If you have just dropped by then you are in for a nice surprise. Version 2.0 of Marx 448 Bit Encryption has just been released. The new version has a redesigned interface that makes the entire user experience a little more friendly.

Some new features have been added, such as the option to perform secure file deletion of the plain text versions when encrypting files. A complete help system has been added that should be very easy to follow.

Version 2.0 now installs just like any other Windows application. It has been packaged as a Windows Installer file (.msi) which simplifies the distribution process. Another benefit is that deployment can be controlled on corporate networks via group policy.

As usual, the files will be available on CNET, Softpedia and related networks in the coming weeks. If you can't wait, its now available for download in the downloads section of this site.

5 Signs That You're Under a Targeted Attack

The trouble with most targeted attacks is that by the time you realize your organization is under siege by hackers, you're toast: The attackers are either already well entrenched in your network or have already taken off with your data.

Unlike random attacks, the targeted attack is all about stealing (or sabotaging) documents, data, or intellectual property from a specific organization.

The good news is these attacks aren't as prevalent as random ones. The bad news is that they are on the rise: MessageLabs says there are about five to 10 targeted attack attempts daily on its clients, up from one to two a day 12 months ago, and one to two a week two years ago. And it's not just the big boys that are in the bull's eye anymore, according to MessageLabs -- even a small company with some hot intellectual property is at risk.

Manage Risk, But Don't Become Paralyzed By It

Management philosophers have long held forth on the chief role of the chief information officer. We've been told that these preeminent business technology execs must be adept at managing complexity and managing the accelerating pace of change and even managing their bosses' expectations. Let's hurl another esoteric priority into the mix: managing uncertainty.

Esoteric, yes, but not theoretical or trivial. In fact, a company's life can depend on its ability to anticipate technological, economic, financial, regulatory, and other big forks in the road. That burden doesn't rest wholly on the IT organization, of course--and we must guard vigilantly against creating a culture of bureaucracy and paralysis--but IT leaders must be active players in mitigating a wide range of business risks.

Cipher Strengths - Are They To Weak?

The strength of the encryption now used to protect banking and e-commerce transactions on many websites may not be effective in as few as five years, a cryptography expert has warned after completing a new distributed-computing project.

Arjen Lenstra, a cryptology professor at the Ecole Polytechnique Fédérale de Lausanne (EPFL) in Switzerland, says the distributed computation project, conducted over 11 months, achieved the equivalent in difficulty of cracking a 700-bit RSA encryption key, so it doesn’t mean transactions are at risk — yet.

But “it is good advanced warning” of the coming dusk of 1024-bit RSA encryption — which is widely used now for internet commerce — as computers and mathematical techniques become more powerful, Lenstra says.

{Note - There are several articles included here that point to a gross under-estimate of the ability to break large key lengths.]

Counter-Forensics: A Growing New Trend

May 31, 2007 — CSO — Forensic investigations start at the end. Think of it: You wouldn’t start using science and technology to establish facts (that’s the dictionary definition of forensics) unless you had some reason to establish facts in the first place. But by that time, the crime has already happened. So while requisite, forensics is ultimately unrewarding.

A clear illustration of this fact comes from the field investigations manager for a major credit services company. Sometime last year, he noticed a clutch of fraudulent purchases on cards that all traced back to the same aquarium. He learned quite a bit through forensics. He learned, for example, that an aquarium employee had downloaded an audio file while eating a sandwich on her lunch break. He learned that when she played the song, a rootkit hidden inside the song installed itself on her computer. That rootkit allowed the hacker who’d planted it to establish a secure tunnel so he could work undetected and “get root”—administrator’s access to the aquarium network.

Sounds like a successful investigation. But the investigator was underwhelmed by the results. Why? Because he hadn’t caught the perpetrator and he knew he never would. What’s worse, that lunch break with the sandwich and the song download had occurred some time before he got there. In fact, the hacker had captured every card transaction at the aquarium for two years. The investigator (who could only speak anonymously) wonders aloud what other networks are right now being controlled by criminal enterprises whose presence is entirely concealed. Computer crime has shifted from a game of disruption to one of access. The hacker’s focus has shifted too, from developing destructive payloads to cir*****venting detection. Now, for every tool forensic investigators have come to rely on to discover and prosecute electronic crimes, criminals have a corresponding tool to baffle the investigation. This is antiforensics. It is more than technology. It is an approach to criminal hacking that can be summed up like this: Make it hard for them to find you and impossible for them to prove they found you.

Are security pros worrying about the right stuff?

Worms are scary, but experts say personnel issues should get more attention

Ellen Messmer
Network World
Updated: May 29, 2007 10:05 AM
This is the first in a series of stories on the most important security issues facing the enterprise.

"As a rule, men worry more about what they can’t see than what they can."
----- Julius Caesar

"Security decisions are almost never made for security reasons"
----- Bruce Schneier

Worrying almost seems to define the job of the CSO and CISO. The security chief is the corporate standard bearer for risk management in a world fraught with technical and human error, with hackers potentially lurking within and without.

When asked what they worry about, CSOs and CISOs cite regulatory compliance and security controls overlooked in IT projects. Some acknowledge a general angst that simply boils down to the great unknown of system-wide chaos.

But are security pros worrying about the right things? When asked this, many independent observers — former CSOs or consultants working with CSOs — offer a different perspective. They think security pros need to worry more about retaining the best staff and should be careful not to become too consumed with regulatory compliance.

A Mighty Number Falls

On March 6, computer clusters from three institutions – the EPFL, the University of Bonn and NTT in Japan -- reached the end of eleven months of strenuous calculation, churning out the prime factors of a well-known, hard-to-factor number that is a whopping 307 digits long.

"This is the largest 'special' hard-to-factor number factored to date," explains EPFL cryptology professor Arjen Lenstra. (The number is 'special' because it has a special mathematical form -- it is close to a power of two.) The news of this feat will grab the attention of information security experts and may eventually lead to changes in encryption techniques.

Although it is relatively easy to identify huge prime numbers, factoring, or breaking a number down into its prime components, is extremely difficult. RSA encryption, named for the three individuals who devised the technique (Ronald Rivest, Adi Shamir and Leonard Adleman), takes advantage of this. Using the RSA method, information is encrypted using a large composite number, usually 1024 bits in size, created by multiplying together two 150-or-so digit prime numbers. Only someone who knows those two numbers, the "keys", can read the message. Because there is a vast supply of large prime numbers, it's easy to come up with unique keys. Information encrypted this way is secure, because no one has ever been able to factor these huge numbers. At least not yet.

100% CLEAN award granted by Softpedia

Softpedia is a library of over 70,000 free and free-to-try software programs for Windows and Unix/Linux, games, Mac software, Windows drivers, mobile devices and IT-related articles. Marx Bitware hosts its freeware applications with Softpedia to maximise distribution throughout the globe.

Softpedia runs its own testing labs and awards certificates to software that contains no spyware, adware, viruses, or related forms of malware. Five of Marx Bitware's applications have been subjected to testing at the labs and have been granted Softpedia's "100% CLEAN" award.

To view the awards, or download the products, read on...

SHA-1 & MD5 Hashing Broken - Confirmed

As mention in the release blurb of Marx Bitware's '448 Bit Marx Encryption' (see 'Downloads' section), SHA-1 and MD5 hashing algorithms have been compromised in recent years. As a result, '448 Bit Marx Encryption' employed the Tiger-192 hashing algorithm. Today, we have the public confirmation of the breaking of the algorithm.

From Slashdot -
An article in the Epoch Times (a Chinese newspaper) about a brilliant Chinese professor who has cracked her fifth encryption scheme in ten years. This one's a doozy, too: she and her team have taken out the SHA-1 scheme, which includes the (highly thought of) MD5 algorithm. As a result, the U.S. government and major corporations will cease using the scheme within the next few years.

Read on for further information...