Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
Top Pentagon Official Warns Allies on Cyberthreats
By THE ASSOCIATED PRESS
Published: June 16, 2011 at 11:58 AM ET
PARIS (AP) — A top Pentagon official has warned that cyber threats against governments and companies are growing and insists more cooperation is needed to defend against them.
U.S. Deputy Defense Secretary William J. Lynn III says the cyber threat is moving up "a ladder of escalation": from network intrusions to service disruptions to possible attacks on infrastructure that could cause physical damage and "even loss of life."
Lynn said Thursday that a terrorist group could disrupt or destroy computer systems — and noted that al-Qaida has expressed a desire to carry out a cyberattack.
He spoke at a conference hosted by the Center for Strategic Decision Research and attended by military officials and corporate executives from 40 nations.
Thieves Found Citigroup Site an Easy Entry
By NELSON D. SCHWARTZ and ERIC DASH
Published: June 13, 2011
Think of it as a mansion with a high-tech security system — but the front door wasn’t locked tight.
Enlarge This Image
Jonathan Fickies/Bloomberg News
Security experts said that data thieves exploited a vulnerability in Citigroup's Web site for its credit card customers.
Enlarge This Image
Using the Citigroup customer Web site as a gateway to bypass traditional safeguards and impersonate actual credit card holders, a team of sophisticated thieves cracked into the bank’s vast reservoir of personal financial data, until they were detected in a routine check in early May.
That allowed them to capture the names, account numbers, e-mail addresses and transaction histories of more than 200,000 Citi customers, security experts said, revealing for the first time details of one of the most brazen bank hacking attacks in recent years.
The case illustrates the threat posed by the rising demand for private financial information from the world of foreign hackers.
In the Citi breach, the data thieves were able to penetrate the bank’s defenses by first logging on to the site reserved for its credit card customers.
Once inside, they leapfrogged between the accounts of different Citi customers by inserting various account numbers into a string of text located in the browser’s address bar. The hackers’ code systems automatically repeated this exercise tens of thousands of times — allowing them to capture the confidential private data.
The method is seemingly simple, but the fact that the thieves knew to focus on this particular vulnerability marks the Citigroup attack as especially ingenious, security experts said.
One security expert familiar with the investigation wondered how the hackers could have known to breach security by focusing on the vulnerability in the browser. “It would have been hard to prepare for this type of vulnerability,” he said. The security expert insisted on anonymity because the inquiry was at an early stage.
The financial damage to Citigroup and its customers is not yet clear. Sean Kevelighan, a bank spokesman, declined to comment on the details of the breach, citing the ongoing criminal investigation. In a statement, he said that Citigroup discovered the breach in early May and the problem was “rectified immediately.” He added that the bank had initiated internal fraud alerts and stepped up its account monitoring.
The expertise behind the attack, according to law enforcement officials and security experts, is a sign of what is likely to be a wave of more and more sophisticated breaches by high-tech thieves hungry for credit card numbers and other confidential information.
That is because demand for the data is on the rise. In 2008, the underground market for the data was flooded with more than 360 million stolen personal records, most of them credit and debit files. That compared with 3.8 million records stolen in 2010, according to a report by Verizon and the Secret Service, which investigates credit card fraud along with other law enforcement agencies like the Federal Bureau of Investigation.
Now, as credit cards that were compromised in the vast 2008 thefts expire, thieves are stepping up efforts to find new accounts.
As a result, prices for basic credit card information could rise to several dollars from their current level of only pennies.
“If you think financially motivated breaches are huge now, just wait another year,” said Bryan Sartin, who conducts forensic investigations for Verizon’s consulting arm.
The kind of information the thieves are able to glean is shared in online forums that are a veritable marketplace for criminals. Networks that three years ago numbered several thousands users have expanded to include tens of thousands of hackers.
“These are online bazaars,” said Pablo Martinez, deputy special agent in charge of the Secret Service’s criminal investigation division. “They are growing exponentially and we have seen the entire process become more professional.”
For example, some hackers specialize in prying out customer names, account numbers and other confidential information, Mr. Martinez said. Brokers then sell that information in the Internet bazaars. Criminals use it to impersonate customers and buy merchandise. Finally, “money mules” wire home the profits through outlets like Western Union or MoneyGram.
1 2 NEXT PAGE »
Riva Richmond contributed reporting.
Citi Data Theft Points Up a Nagging Problem
By ERIC DASH
Citigroup’s revelation that hackers stole personal information from more than 200,000 credit card holders makes it one of the largest direct attacks on a major bank.
The attack reported by Citigroup is one of the largest on a major bank.
Even more striking is that similar data breaches have been occurring for years — and the financial industry has failed to prevent them.
Details remain scarce, but the disclosure of the Citigroup breach on Thursday quickly turned into a debate on whether the banks and major credit card companies had invested enough money to safeguard the personal information of their customers.
“They’re not at all on top of it,” said Avivah Litan, a financial security analyst at Gartner Inc. “It’s almost shocking.”
In Washington, the finger-pointing has already begun. Sheila C. Bair, the chairwoman of the Federal Deposit Insurance Corporation, said on Thursday that she planned to call on some banks to strengthen their authentication procedures when customers log onto online accounts. That’s on top of new data security rules that federal regulators are completing.
Lawmakers, meanwhile, said they were outraged that Citigroup waited since early May to notify its customers; some are preparing legislation.
Representative James R. Langevin, a Rhode Island Democrat, said he was “shocked and disappointed” to learn of Citi’s delayed disclosure. “They knew the customers’ data was potentially exposed in May and only now are they telling them about the threat,” he said. “Being more forthcoming is essential.”
Consumers, meanwhile, are feeling increasingly vulnerable amid recent reports of data breaches at big companies, like Lockheed Martin, Epsilon and Sony.
A. J. Angus, a 25-year-old Google employee, was put in double jeopardy. On Thursday, he learned that his Citi credit card data had been stolen. Only a few weeks earlier, he learned that personal data on his Sony PlayStation 3 was compromised.
“You have to be vigilant,” he said, adding that he periodically checks his credit report and looks over his transactions almost daily on a personal finance Web site.
On Thursday, Citigroup began notifying about half of the 200,000 affected customers that it planned to replace their credit cards after it discovered last month that hackers had gained access to its computer systems. The bank said that the thieves obtained customer names, card numbers, addresses, and e-mail details.
Social security numbers, expiration dates and the three-digit code found on the back of most credit cards were not compromised — a move that security experts say makes the exposed cardholders less likely to become fraud victims.
Neither Citigroup’s debit card business nor its online banking operations were breached.
“Citi has implemented enhanced procedures to prevent a recurrence of this type of event,” the company said in a statement.
The intrusion is not all that unique. Over the last six years, there have been 288 publicly disclosed breaches at financial services companies that exposed at least 83 million customer records, according to the Identity Theft Resource Center.
Credit card industry officials say security issues go to the heart of their brands and they are trying to keep up with ever-more sophisticated criminals.
“We’re not dealing with 14-year-old hacker kids,” said Steve Elefant, the chief information officer at Heartland Payment Systems, which overhauled its security measures after the systems it used to process credit and debit card transactions were hacked in 2008. “We’re talking about 21st-century bank robbers — sophisticated, organized criminal gangs, located mostly in Eastern Europe and the U.S.”
Making matters worse, nearly every step along the payment chain is outsourced from the time a card is swiped to the time a monthly statement arrives, leaving plenty of openings for enterprising thieves. Security is further hampered by a patchwork of data protection laws and regulatory agencies, each with limited mandates.
“We need a uniform national standard for data security and data breach notification,” said Representative Mary Bono Mack, a California Republican who is pushing for legislation on better consumer safeguards. “In the meantime, regulators need to do a better job of being a consumer watchdog.”
11:00 A.M. The Next Pearl Harbor? Cyber Attacks
Mr. Panetta was just asked about cyber warfare. His answer was interesting.
"The next Pearl Harbor that we face could well be a cyber attack," Mr. Panetta said. "This is a real possibility in today's world."
Mr. Panetta cited concerns about electronic attacks on the nation's electrical grid, the infrastructure and the communications networks.
"It's going to take both defensive measures as well as aggressive measures to deal with it," he said.
Citi Breach May Have Compromised Customer Data: Report
By REUTERS
Published: June 8, 2011 at 9:42 PM ET
(Reuters) - Citigroup Inc has acknowledged that a computer breach may have given hackers access to the data of hundreds of thousands of bank card customers, the Financial Times reported on Thursday.
The bank said it had discovered the breach in early May through routine monitoring, and it revealed details on Wednesday after being questioned by the Financial Times, the paper reported.
The bank said about 1 percent of its card customers were affected by a breach at Citi Account Online, which holds basic customer information such as names, account numbers and email addresses, the Financial Times said. Citi Cards has about 21 million customers in North America, according to Citi's annual report, the paper said.
Other information such as birth dates, social security numbers and card security codes is held elsewhere and was not compromised, the paper reported.
The bank said it had contacted law enforcement and tightened its fraud detection practices but declined to give further details or say whether customers had reported suspicious transactions, the FT said.
Citigroup was not immediately available for comment.
(Reporting by Abhishek Takle in Bangalore)
RSA Faces Angry Users After Breach
By NELSON D. SCHWARTZ and CHRISTOPHER DREW
Published: June 7, 2011
The nation’s biggest banks and large technology companies like SAP rushed Tuesday to accept RSA Security’s offer to replace their ubiquitous SecurID tokens as many computer security experts voiced frustration with the company.
Enlarge This Image
Tony Cenicola/The New York Times
An RSA Security SecurID device. The company made the admission on Monday that its SecurID tokens were vulnerable.
The company’s admission of the RSA tokens’ vulnerability on Monday was a shock to many customers because it came so long after a hacking attack on RSA in March and one on Lockheed Martin last month. The concern of customers and consultants over the way RSA, a unit of the tech giant EMC, communicated also raises the possibility that many customers will seek alternative solutions to safeguard remote access to their computer networks.
Bank of America, JPMorgan Chase, Wells Fargo and Citigroup said they planned to replace the tokens as soon as possible. The banks declined to say how many customers would be affected, although SAP said that most of its 50,000 employees used RSA’s tokens and that it was seeking to replace them all.
Defense industry officials said Tuesday that concerns about the tokens had prompted some of the nation’s largest military contractors to accelerate their plans to shift to computer smart cards and other emerging security technology.
The RSA tokens provide security by requiring users to enter a unique number generated by the token each time they connect to their networks.
Competitors eyeing the dominant market share of RSA are offering special deals like $5 rebates per token to customers that are considering a switch.
For now, however, the biggest worry for RSA is how to appease angry customers as well as mollify computer security consultants, who have been increasingly critical of how long it took the company to acknowledge the severity of the problem.
Industry officials said that Lockheed, the nation’s largest military contractor, made the security changes suggested by RSA after its attack in March. They included increased monitoring and addition of another password to its remote log-in process. Yet the hackers still got into Lockheed’s network, prompting security experts to say that the tokens themselves needed to be reprogrammed.
Arthur W. Coviello Jr., RSA’s executive chairman, made the offer in a letter posted on the company’s Web site on Monday. He said RSA was expanding the offer to companies other than military contractors, particularly those focused on protecting intellectual property and their corporate networks. He also said it was suggesting that banks use two additional RSA services to avert fraud in authenticating computer log-ins.
Mr. Coviello said in the letter that characteristics of the attack on RSA “indicated that the perpetrator’s most likely motive” was to steal security information that could be used to obtain military secrets and intellectual property. He said that RSA had worked with military companies to replace their tokens “on an accelerated timetable.”
Michael Gallant, an EMC spokesman, said, “We have not withheld any information that would adversely affect the security of our customers’ systems.”
“We provided very specific recommendations, we provided details of the attack, and we worked closely with customers to strengthen their overall security,” Mr. Gallant said.
The company’s admissions were too little, too late, industry experts said.
“They got pushed really hard by some of their customers, particularly in the financial services sector,” said Gary McGraw, chief technology officer for Cigital, a computer security consulting company based in Washington. “They came around, but they came around late.”
Mr. McGraw said that companies would be wise to replace RSA’s tokens and that some companies — banks, in particular — had done so. Like many people, he criticized RSA for failing to disclose the potential danger of the problem to its customers.
Until Monday, RSA said publicly and privately in meetings with customers that replacements were unnecessary, he said. “They shared their party line that everything is fine — pay no attention to the explosion in the corner,” Mr. McGraw said.
1 2 NEXT PAGE »
Reporting was contributed by Verne G. Kopytoff, Riva Richmond and Eric Dash.
June 6, 2011, 7:41 PM
Sony’s Security Problems Could Take Years to Fix
By NICK BILTON
Screenshot, via the Pirate Bay
LulzSec, a group of hackers, has attacked Sony several times in the past week and posted the company’s propriety server code online.
It’s been a tough couple of months for Sony. The company’s PlayStation Network was breached by hackers in late April and now several other units of the company have suffered broad security breaches.
In the last week alone, half a dozen Sony Web sites and servers, including some in the United States and Brazil, have been breached. On Monday a group of hackers calling themselves LulzSec posted proprietary Sony source code on file-sharing Web sites.
Although the members of LulzSec have gone after other organizations in the past, including Fox.com and PBS.org, the attacks against Sony have been unrelenting.
“These attacks are a combination of Sony’s lax security and a number of groups being very vigilant about breaking in to show how powerful they can be,” explained Frank Kenney, vice president of global security at Ipswitch, a company used to securely transfer files online. “What Sony has to do is re-examine their entire security system including the type of code they are using and the type of servers; they have to acknowledge that their brand is at stake.”
Mr. Kenney said that no server was impervious to hackers, but a company like Sony, with millions of credit cards and users’ personal information on file, had a responsibility to ensure protection “equivalent to the Department of Homeland Security’s servers is in place.” He said that the fact that dozens of Sony Web sites and servers had been breached indicated it was clearly a companywide problem.
“Any type of environment can be breached, but Sony has to come up with a plan that not only protects their infrastructure, but also convinces their customers that their credit cards and personal information is safe,” Mr. Kenney said.
In an interview in New York last month, Howard Stringer, Sony’s chief executive, said the company was working with a number of outside security companies and the Federal Bureau of Investigation to prevent further attacks. But Sony is definitely up against some untenable foes in this fight.
LulzSec doesn’t show any signs of easing its attacks on Sony, and the group is not deterred by the F.B.I., even taking up a fight with some of the organization’s affiliate groups. LulzSec also said in a Twitter message on Monday that it was receiving thousands of dollars in donations to continue its attacks on Sony.
Ron Gula, chief executive of Tenable Network Security, an enterprise security company, said the problems at Sony likely went back years when the company first built its infrastructure. “A lot of times these problems are more holistic, and that’s usually evidence by the fact that Sony has been attacked multiple times,” he said.
Mr. Gula said Sony would be unable to stop the attacks overnight and that it could take years for the company to get sufficient security in place to protect all its servers, databases and Web sites.
“Microsoft used to be the laughing stock of security and now they are now the shining example of good security,” said Mr. Gula. “It’s going to take a while for Sony to fix this, I think this will take years.”
WSJ.com Editors to me
show details 8:10 PM (1 hour ago)
__________________________________
News Alert
from The Wall Street Journal
RSA Security is offering to replace its well-known SecurID tokens—devices used by 40 million corporate workers to securely log on to their computers—"for virtually every customer we have," the company's Chairman Art Coviello said in an interview.
In a letter to customers Monday, the EMC Corp. unit openly acknowledged for the first time that intruders had breached its security systems at defense contractor Lockheed Martin Corp.
http://online.wsj.com/article/SB10001424052702304906004576369990616694366.html?mod=djemalertNEWS
____________
Again and Again!
Sony Confirms New Hacker Attack
PR Newswire
Talk about kicking someone when they're down. Sony Pictures confirmed they had indeed been hacked by LulzSec, a hacker group that had boasted about stealing more than one million user email addresses, passwords, and dates of birth. Sony says the data had been collected by a third-party contractor as part of a free-gift promotion. The promotion required people to enter their email and create a password, but the site for it had been offline for as long as seven years. Nevertheless, it appears to have remained on a Sony server, unencrypted. The latest attack comes after Sony got its online game service back online following an April attack that compromised over 100 million user accounts.
Read it at The Wall Street Journal
Posted at 7:38 AM, Jun 4, 2011
4
(79%) |
(21%)
Really Scary! If not now? When? Houston, we have a humongous problem!
TECHNOLOGYAPRIL 26, 2011, 4:49 P.M. ET
Hacker Got Personal Data on PlayStation Users
Article
Stock Quotes
Comments (8)
MORE IN TECH »
EmailPrint
Save This
? More
+ More
Text
By IAN SHERR
Sony Corp. said a hacker has obtained customer information, potentially including credit-card numbers, for the 77 million members of its online PlayStation Network, which has forced the company to take down its service.
The Japanese electronics giant said it has informed PlayStation Network customers that personal information—including names, addresses, billing history and birthdays—was obtained by an "unauthorized person" following a hacking attack that caused Sony to shut down its Internet gaming service last week. Sony said customer credit-card numbers may also have been compromised.
The Japanese game maker said it has hired a security firm to conduct an investigation into what happened. In the mean time, Sony said it expects to restore its Internet gaming service within a week.
The network connects 77 million global PlayStation customers over the Internet, letting them play videogames and chat together. Users can also use the service on their game console to rent movies or TV shows.
"Out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained," the company said in a blog post Tuesday.
"Although we are still investigating the details of this incident, we believe that an unauthorized person has obtained the following information that you provided: name, address (city, state, zip), country, email address, birthdate" as well as the user password and login for Sony's service, the company said.
"It is also possible that your profile data, including purchase history and billing address (city, state, zip), and your PlayStation Network/Qriocity password security answers may have been obtained."
The company said while there was no evidence that credit card data was taken, "we cannot rule out the possibility." It advised users to change the their log on and password once the PlayStation Network service is restored, and to change those passwords if they are used for other accounts.
MORE IN TECH
EmailPrinter FriendlyOrder Reprints
I sense a great opportunity!
Security Firm Is Vague on Its Compromised Devices
By JOHN MARKOFF
Published: March 18, 2011
SAN FRANCISCO — More than a day after RSA security posted an “urgent” alert warning that a sophisticated intruder might be able to initiate a “broad attack” on a password device used by millions of customers, the announcement and its meaning remain shrouded in mystery.
Enlarge This Image
The New York Times
RSA didn't say how its SecurID tokens, carried on key chains and in wallets, were compromised.
RSA, a division of the data management company EMC Corporation, will not say how its system was compromised and what specific kinds of threats its customers are facing. But from its extremely limited disclosure on Thursday afternoon about what might have been taken, customers and computer security specialists are scratching their heads about what the risks may actually be.
There was wide bewilderment about the company’s claim that the intruder was “extremely sophisticated,” as it suggested that one of the nation’s premier security firms had no better security than dozens of companies that have fallen victim to a computer break-in that deceives employees and exploits unknown software vulnerabilities.
On Friday, a spokesman for RSA said it was briefing its customers individually but added that its executives were declining to speak publicly about the breach.
The announcement touched off intense speculation about whether RSA’s popular SecurID tokens, which are carried on key chains and in wallets of millions of corporate and government users, have been significantly compromised.
“It’s a weird situation,” said Dan Kaminsky, an independent Internet security specialist. Referring to the Tokyo Electric Power Company, he said, “It’s like the Tepco situation in Japan, but here everyone is freaking out” and “nobody has Geiger counters.”
The system is intended to provide additional security beyond a simple user name and password by requiring users to append a unique number generated by the token each time they connect to their corporate or government network.
A potential weakness that could be exploited involves a factory-installed key called a seed. Typically 16 characters, it is different for each token and is stored on a corresponding computer server program, which authenticates the session each time a user connects to a secure network.
If the database containing customers seeds was taken, the intruder might still not know which user had which seed, but cryptographers said it would be possible to use a reverse-engineered version of the RSA algorithm to determine that information by simply capturing a single log-in session. That would be a potentially serious vulnerability that could be exploited by a sophisticated attacker.
A technical expert in New York whose financial services firm uses the SecurID system said that even after listening to a telephone briefing on Thursday evening, he was uncertain about which potential threats he should be concerned about.
The company offered only extremely general “belt and suspenders” advice, the expert said. A copy of the company’s terse “RSA Securcare Online Note” posted on the Securities and Exchange Commission Web site on Thursday offers such advice as “Focus on security for social media applications” and “We recommend customers re-educate employees on the importance of avoiding suspicious e-mails.”
RSA notified the federal government, whose agencies widely use the tokens to guard access to its networks, some time before the public announcement was made. On Wednesday, the Computer Emergency Readiness Team in the Department of Homeland Security posted a “Technical Information Paper” on its Web site describing a set of security practices meant to limit vulnerability to attacks based on the stolen information, according to a person close to the organization.
“We have notified all of the federal agency chief information officers to take remediation steps,” said a government official who declined to be identified because he had not been authorized to speak about the breach.
What the actual risk is and what precautions a user of the key fobs and wallet-size cards depends on what was taken in the theft.
“I’m speculating, but I’m pretty confident that somebody has the root seed file,” said a former RSA employee, referring to the master file at the company, which is based in Bedford, Mass. He asked not to be identified because he still has a business relationship with the firm.
The worst case, many security consultants say, is that the vulnerability created by the theft might require companies to replace the secure tokens, which, according to analysts, cost $15 a year or more to maintain. The vulnerability might also force RSA to rethink the design of its SecurID system.
“They may have to change their security model to one where a third party does not hold the keys to your devices,” said Paul Kocher, president of Cryptography Inc., a San Francisco computer security consulting firm.
A version of this article appeared in print on March 19, 2011, on page B3 of the New York edit
New Jersey Nearly Sold Secret Data
By RICHARD PÉREZ-PEÑA
Published: March 9, 2011
Files on abused children. Employee evaluations. Tax returns. A list of computer passwords. Names, addresses, birth dates and other information on hundreds of foster children and abused children. And, of course, Social Security numbers.
The information could hardly have been more sensitive — the raw material of identity theft and invasion of privacy — yet the State of New Jersey was about to turn it over to the highest bidder, the state comptroller, Matthew A. Boxer, reported on Wednesday. After the comptroller’s office reviewed computer equipment that the state was preparing to auction to the public last year, it found that 46 out of 58 hard drives, or 79 percent, still had data on them, much of it confidential.
Mr. Boxer’s investigation stopped that sale, but it points to the near-certainty that the state had already inadvertently released privileged information on thousands of people. The state sells or gives away hundreds of computers annually at several auctions, and Mr. Boxer said that as far as he knew, no outside agency had looked into the handling of the equipment before his office did.
“What happened before our auditors got there is obviously an issue of concern,” he said. “The risk here is enormous.”
His report said that one agency had a device that magnetically erased computer drives, but that employees did not like to use it because it was noisy. “I find that offensive,” Mr. Boxer said.
Informed of the security breach, the State Treasury Department, which manages surplus equipment, stopped auctioning computers last year. It is working on a new set of practices for handling them.
Reports of the exposure of private data have become common, each one leading to a round of warnings about identity theft. Computers are lost or stolen, people accidentally post information online, and people are tricked into revealing their secrets.
The Privacy Rights Clearing House, a nonprofit group, keeps a database of 2,380 such episodes over the past six years, including 453 releases by government.
“Public-agency breaches are disheartening because they have so much data, and much of it is sensitive,” said Beth Givens, director of the group. “Data stewardship should be the top priority for them.”
State offices send used equipment to a warehouse in Hamilton, near Trenton, which is supposed to notify every state agency that it is available. Anything unclaimed after 30 days is given to local governments or nonprofit groups, or is sold at auction.
But the comptroller’s office found that the warehouse staff often failed to follow the rules for notification, steering computers, cellphones and other equipment to favored people in and out of state government. The investigation stemmed from a 2007 inquiry into auction-rigging, theft and other violations at that warehouse, which led to the conviction of four employees.
Thirty-two of the hard drives Mr. Boxer’s team examined held information that should not be made public. Six of the drives had Social Security numbers, including those contained in personnel reviews found in an e-mail archive.
The computers came from the judiciary branch, the Department of Children and Families, the Department of Health and Senior Services, and the Office of Administrative Law. In some cases, no attempt had been made to erase files. In others, investigators were able to recover deleted files using commonly available software.
One laptop had apparently been used by a judge, and contained confidential memos the judge had written about possible misconduct by two lawyers, and the emotional problems of a third. The computer also had extensive personal financial information on the judge, including tax returns.
Another drive had been used by a high-ranking official under a previous governor — the report did not say which one — and included private contact information for other top officials.
A list of children supervised by the state included their birth dates and Medicaid numbers. Another gave their immunization records. And there were files on more than 230 investigations into reports of endangered or abused children, including their names and addresses.
I do not know about the rest of the shorted market but I have a deep hunch that the sorts will be deeply hurt by WAVX in the near future.Already at the retail level the CYO theme has begun.FINALLY,soon,the SP will balloon!
Many Thanks!
Just noticed on my TD Ameritrade acct. that both earnings and the CC will be on March 15 after the bell...originally earnings was on March 7 and CC on March 15.
What would be causing the delay? lol
According to TD Ameritrade Earnings are announced on Mach 7 after the bell.CC is on March 15 after the bell.
Interesting! The CC is on March 15.
Fullmoon,I was referring to the Neeedham Conference.
Gracias!
I went to the WAVX website but cannot access the presentation.
Ohio State Says Hackers Breached Data on 760,000
By TAMAR LEWIN
Published: December 16, 2010
Ohio State University is notifying about 760,000 people whose personal information was stored in the university’s computer server that a data breach could put them at risk for identity theft.
The university, located in Columbus, began sending letters on Wednesday to current and former faculty and staff members, students and applicants, telling them that hackers had broken into the server that stored their names, Social Security numbers, dates of birth and addresses.
The university said that although there was no evidence that the information had been used for identity theft, it was nonetheless offering a year of free credit protection to everyone whose data was on the server.
“We regret that this has occurred and are exercising an abundance of caution in choosing to notify those affected,” Joseph A. Alutto, the university provost, said in a news release.
While suspicious activity on the server was discovered in late October, said Jim Lynch, a university spokesman, the disclosure was delayed to give Ohio State time to investigate and set up support systems, including a call center, for those affected.
Mr. Lynch said that as soon as the university found that unauthorized people had logged into the server, it hired computer forensic consultants to investigate.
“They found no evidence that any of the data was taken out of the system,” he said. “They did find evidence that the purpose of the unauthorized access was to launch cyberattacks on online business entities. Apparently, if you’re going to flood a company with e-mails, you don’t use your home computer, but you slip into someone else’s server.”
While dozens of universities have been plagued by hackers gaining access to their servers, the Ohio State intrusion was, by far, the largest breach of security this year, according to the Privacy Rights Clearinghouse, a nonprofit consumer group.
Paul Stephens, director of policy and advocacy at the clearinghouse, said that despite the university’s assertion that no information had been taken from the server, people whose information was compromised should take heed.
“If it were me, obviously, I’d take the year of credit protection,” he said. “The fact that there are Social Security numbers involved makes it somewhat worrisome. On the other hand, one can take some comfort in the fact that there are so many records involved. Would it be physically possible for a criminal to use them all?”
Those who could be affected by the breach can get information at www.osu.edu/creditsafety.
SAN FRANCISCO (MarketWatch) - Dell Inc. (DELL) on Thursday reported a third-quarter income of $822 million, or 42 cents a share, compared with a profit of $337 million, or 17 cents a share, for the year-earlier period. Revenue was $15.4 billion, up from $12.9 billion. Adjusted income was 45 cents a share. Analysts had expected the Round Rock, Tex.-based company to report earnings of 33 cents a share, on revenue of $15.7 billion, according to a consensus survey by FactSet Research.
China Has Ability to Hijack U.S. Military Data, Report Says
By Jeff Bliss and Tony Capaccio - Oct 21, 2010 2:20 PM ET
China in the past year demonstrated it can direct Internet traffic, giving the nation the capability to exploit “hijacked” data from the U.S. military and other sources, according to a new report.
Recent actions raise questions that “China might seek intentionally to leverage these abilities to assert some level of control over the Internet,” according to excerpts from the final draft of an annual report by the U.S.-China Economic and Security Review Commission. “Any attempt to do this would likely be counter to the interests of the United States and other countries.”
On April 8, China Telecom Corp., the nation’s third-largest mobile-phone company, instructed U.S. and other foreign-based Internet servers to route traffic to Chinese servers, the report said. The 18-minute re-routing included traffic from the U.S. military, the Senate and the office of Defense Secretary Robert Gates.
“Although the commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications,” the report said. The re-routing showed how data could be stolen and communications with websites could be disrupted, the report said.
Chinese Denial
Wang Baodong, a spokesman for the Chinese Embassy in the U.S., denied that China had any intention of using the capability to harm the U.S. or other nations.
“Chinese laws strictly forbid hacking or any other illegal activities that’ll compromise the legitimate interests of China or any other countries,” he said in an e-mail.
The report reaches “unacceptable” conclusions, Wang said in an interview. “The report was based on unfounded, groundless information,” Wang said.
Created by Congress in 2000, the commission has been documenting what China’s economic and military rise means for the U.S. An October 2009 report Northrop Grumman Corp. prepared for the commission detailed the importance the Chinese military places on computer networks.
China’s Internet policies raised concerns in the Obama administration after Google Inc., owner of the world’s most popular search engine, said in January it would stop censoring search results in China following a security breach.
Shortly after Mountain View, California-based Google’s announcement in January, Secretary of State Hillary Clinton said perpetrators of cyber attacks such as the one made on Google must face consequences.
The Chinese government repeatedly has said it wasn’t behind the attacks on Google, which the company said originated in China.
Decline in Attacks
The report also focuses on how China is interested in stripping away the Internet’s anonymity.
China wants to create a system that would require people to provide their given names and potentially other information to gain access to the Internet, the report said, citing a Chinese official’s speech.
The Chinese government has farmed out much of its censorship activities to the private sector, such as Baidu Inc., which operates the country’s most popular search engine, according to the report.
Executives at Beijing-based Baidu have criticized the censorship, which they’re required to fund, the report said.
While the government’s strategy is to control as much of the Chinese Internet dialogue as possible, it’s been “selectively responsive” to grievances aired on the Web, giving citizens a sense of empowerment, the report said.
The commission’s report also said that 2010 “could be the first year in a decade” the Defense Department recorded a decline in attacks against its computer networks. The department said the decrease is the result of pre-emptive measures it’s taken to thwart attacks.
To contact the reporters on this story: Jeff Bliss in Washington at jbliss@bloomberg.net Tony Capaccio in Washington at acapaccio@bloomberg.net
You are right on!
Earnings Report on November 8 according to TD Ameritrade
Here It Is!
United States Patent Application 20100223656
Kind Code A1
Ray; Kenneth D. ; et al. September 2, 2010
TRUSTED ENTITY BASED ANTI-CHEATING MECHANISM
Abstract
An anti-cheating system may comprise a combination of a modified environment, such as a modified operating system, in conjunction with a trusted external entity to verify that the modified environment is running on a particular device. The modified environment may be may be modified in a particular manner to create a restricted environment as compared with an original environment which is replaced by the modified environment. The modifications to the modified environment may comprise alternations to the original environment to, for example, detect and/or prevent changes to the hardware and/or software intended to allow cheating or undesirable user behavior.
Inventors: Ray; Kenneth D.; (Seattle, WA) ; Alkove; James M.; (Woodinville, WA) ; McMichael; Lonny Dean; (Fall City, WA) ; Lewis; Nathan T.; (Monroe, WA) ; Schnell; Patrik; (Issaquah, WA)
Correspondence Address:
WOODCOCK WASHBURN LLP (MICROSOFT CORPORATION)
CIRA CENTRE, 12TH FLOOR, 2929 ARCH STREET
PHILADELPHIA
PA
19104-2891
US
Assignee: Microsoft Corporation
Redmond
WA
Serial No.: 394430
Series Code: 12
Filed: February 27, 2009
Current U.S. Class: 726/3; 463/29; 463/42; 726/2
Class at Publication: 726/3; 463/29; 463/42; 726/2
International Class: G06F 11/00 20060101 G06F011/00; A63F 13/12 20060101 A63F013/12; A63F 9/24 20060101 A63F009/24
Claims
1. A method for preventing cheating comprising:monitoring by a trusted component a device and a restricted environment, wherein the restricted environment is provided by modifying a previous environment executing on the device;restricting access to resources based on the results of the monitoring.
2. The method of claim 1, wherein the resources are necessary secrets.
3. The method of claim 1, wherein the resources are network services.
4. The method of claim 1, wherein the resources are additional hardware.
5. The method of claim 1, wherein the trusted component is a trusted platform module.
6. The method of claim 5, wherein trusted platform module combined with software running on the device generate a static root of trust measurement.
7. The method of claim 6, further comprising performing a code integrity operation.
8. The method of claim 7, further comprising performing a disk integrity operation.
9. The method of claim 7, further comprising performing a proxy execution operation.
10. The method of claim 9, wherein the proxy execution operation utilizes a cryptographic channel brokered by an external server.
11. The method of claim 7, further comprising performing an individualization mechanism.
12. The method of claim 1, further comprising performing a watchdog operation.
13. A computer readable medium comprising instructions for preventing cheating, the instructions comprising:monitoring by a trusted component a device and a restricted environment, wherein the restricted environment is provided by modifying a previous environment executing on the device;restricting access to resources based on the results of the monitoring.
14. The computer readable medium of claim 13, wherein the resources are necessary secrets.
15. The computer readable medium of claim 13, wherein the resources are network services.
16. The computer readable medium of claim 13, wherein the resources are additional hardware.
17. A system for preventing cheating comprising:a device;a restricted environment for execution of at least one application on the device; anda module configured to:monitor the device and the restricted environment by a trusted component; andrestrict access to resources based on the results of the monitoring.
18. The system of claim 17, wherein the resources are necessary secrets.
19. The system of claim 17, wherein the resources are network services.
20. The system of claim 17, wherein the resources are additional hardware.
Description
BACKGROUND
[0001]Computer gaming has become a highly lucrative industry. Computer games have evolved from simple text based games to multimedia immersive environments including sophisticated animated graphics, music and sound. To augment the interactivity and social networking aspects of gaming, the online environment has become an integral part of the gaming experience allowing gaming enthusiasts to participate in multiplayer games, download new games, add new features to existing games they own, etc.
[0002]The online environment has also created new opportunities for gamers to engage in cheating. Cheating refers to any activity of a user such as software augmentation to gain unfair advantages over other players. In certain environments, such as multiplayer gaming, online cheating may become more important than offline cheating.
[0003]Cheating can take various different forms. The simplest includes modifying local data files, to obtain different specs for in-game assets (e.g. a much faster car) or to modify the in-game environment, to alter game achievements, to change the contents of or to load the saved games of other players. It can also take a physical form. On the Web are several specifications for creation and modification of a controller to enable faster than human actions, such as rapid fire.
[0004]These cheats can take the form of a simple software addition such as a filter driver or add-ons available for popular online multiplayer games. These may vary from, for example, heads-up displays, auto-mapping and guiding tools, auto-targeting, auto-spell casting, extensive macro capabilities, and creation of bots, which can run as automatons with the absence of direct user input. For example, in a game with walls, a user might find a "cheat" to make walls invisible or generate auto-targeting.
[0005]Cheating may also refer to a user's illicit garnering of achievements or awards in a game. Achievements may be accolades provided during game play and represent a badge of honor in game play. Achievements may be obtained offline or online and thus the cheating may occur in either mode. However, often achievements are reported online.
[0006]A user may engage in online cheating by, for example, augmenting or modifying an executable or data files on their system. Cheating not only refers to simple modifications to the input stack to enable rapid fire and changes to a race car, for example, but can also include complex add-ons seen for multiuser games including heads-up displays ("HUDs"), auto targeting, bots, etc.
[0007]Software cheating represents a significant economic threat to the viability of gaming software development. When online cheating runs rampant it stifles interest of users in gaming and thus negatively impacts both game sales as well as online subscription sales.
SUMMARY
[0008]An anti-cheating system may comprise a combination of a modified environment, such as a modified operating system, in conjunction with a trusted external entity to verify that the modified environment is running on a particular device. The modified environment may be may be modified in a particular manner to create a restricted environment as compared with an original environment which is replaced by the modified environment. The modifications to the modified environment may comprise alternations to the original environment to, for example, detect and/or prevent changes to the hardware and/or software to allow cheating or undesirable user behavior.
[0009]According to one embodiment, the anti-cheating system may be implemented via creation of a modified operating system, which includes anti-cheating restrictions, and the employment of a trusted platform module ("TPM") and associated static root of trust measurement ("SRTM"), which is used to validate that the modified operating system is running in an untampered form. The use of a TPM may be combined with other technologies to aid the efficiency of a security solution. A TPM may perform measurement up to a pre-determined point where the security of the remainder of the system may be inferred through another mechanism such as via a code integrity and/or disk integrity mechanism.
[0010]According to alternative embodiments, validation that the modified operating system is running in an untampered form may be implemented by any external trusted entity, so long as that entity has the ability to measure the modified operating system and has a way itself to be trusted. A trusted entity anti-cheating mechanism may be implemented by a secure hardware device such as a cell phone or in software by a hypervisor environment. Another alternative embodiment includes a system where the trusted entity validates a modified execution environment which runs a game on systems where an operating system does not exist, or validates a modified emulation environment inside an otherwise trusted operating system or hypervisor.
BRIEF DESCRIPTION OF THE DRAWINGS
[0011]FIG. 1a depicts an anti-cheating system according to one embodiment.
[0012]FIG. 1b is a flowchart depicting an operation of an anti-cheating process according to one embodiment.
[0013]FIG. 2 is a block diagram of a trusted platform module and static root of trust module for performing an anti-cheating function.
[0014]FIG. 3a depicts a code integrity operation according to one embodiment.
[0015]FIG. 3b depicts an operation of a disk integrity mechanism according to one embodiment.
[0016]FIG. 4a depicts a proxy execution process according to one embodiment.
[0017]FIG. 4b depicts an operation of a watchdog process according to one embodiment.
[0018]FIG. 4c, depicts an anti-cheating system is implemented via a restricted hardware device.
[0019]FIG. 4d depicts an operation of an anti-cheating system via a hypervisor according to one embodiment.
[0020]FIG. 5 shows an exemplary system for implementing the example embodiments including a general purpose computing device in the form of a computer.
DETAILED DESCRIPTION OF ILLUSTRATIVE EMBODIMENTS
[0021]FIG. 1a depicts an anti-cheating system according to one embodiment. According to one embodiment, anti-cheating system 101 may comprise a combination of an engineering of a modified environment, such as modified operating system 102 on client device 110 in conjunction with the operations of trusted external entity 104 to verify in fact that the modified environment, e.g., modified operating system 102 is in fact running on client device 110. The modified environment, e.g. modified operating system 102 may be modified in a particular manner to create a restricted environment as compared with original operating system 103, which it has replaced. According to one embodiment, the modifications in modified operating system 102 may comprise alternations to original operating system 103 to prevent cheating such as, for example, modifications to prevent cheating behavior by user 105.
[0022]Modified operating system 102 may create isolated execution environment 108 on client device 110. Isolated execution environment 108 may be a spectrum that runs from requiring all software be directly signed by a single vender to allowing a more flexible system which allows for third party software to become certified, by passing certain restricting requirements, and thereby be allowed to run in the isolated execution environment. According to one embodiment, a TPM may be a root of trust and isolated execution environment 108 may be established primarily through code measurements and unlocking of secrets if the code measures correctly.
[0023]Isolated execution environment 108 may comprise an environment in which the software running on client device 110 can be controlled and identified. In a fully isolated environment, an attacker cannot run any code on client device 110 and must resort to more costly and cumbersome hardware based attacks. External entity 104 may operate to verify in fact that isolated execution environment 108 is installed and intact on client device 110 by performing monitoring functions on client device 110 to verify that isolated execution environment 108 is operating, i.e., modified operating system 102 is installed and executing.
[0024]Referring again to FIG. 1a, user 105 may utilize client device 110 to play games such as game title 112 or run other entertainment software. User 105 may utilize client device 110 in both an online and offline mode. User 105 interacting with game title 112 in either an offline or online mode may garner achievement awards or other representations regarding game play. Achievement awards may be, for example, representations of a level obtained, number of enemies overcome, etc. In addition, user 105 may set various parameters of game title 112, which controls features of game title 112. Features may comprise various functions related to game play such as difficulty levels, etc.
[0025]During an online mode, user 105 may interact with other players (not shown in FIG. 1a) to allow multiplayer game play. In particular, client device 110 may be coupled to entertainment server 116 via network 114 in order to allow user 105 to interact with other users (not shown) in multiplayer game play. During a multiplayer game session, user 105 may enjoy various features related to operation of game title 112 that affect game play. These features may comprise the operations of the game such as whether the user's player is invisible or has certain invulnerabilities.
[0026]User 105 may also interact with client device 110 in an offline mode, for example, during single player game play. Subsequently, user 105 may cause client device 110 to go online. After this transition from an offline mode to an online mode, various achievements user 105 has garnered during offline game play may be represented to other players who are online.
[0027]According to one embodiment, a pre-existing or original environment, e.g., original operating system 103 may be replaced in client device 110, which upon replacement by modified operating system 102, may now support running of game title 112 but only in a restricted manner. Modified operating system 102 may be, for example, an operating system that hosts entertainment or gaming software but restricts user 105 from engaging in particular undesirable cheating behavior.
[0028]According to one embodiment, modified operating system 102 may be an operating system that creates a restricted environment with respect to running of game titles, e.g., 112. That is, modified operating system 102 may be engineered from original operating system 103 in such a way as to restrict the ability of user 105 from performing certain cheating behavior.
[0029]For example, original operating system 103 may allow for the installation of any device driver without restriction so long as the driver has been signed by a key which has been certified by one of several root certificate authorities. Modified operating system 102 may be modified to prevent certain types of cheating behavior by requiring any device drivers to be signed by a particular key of a centralized authority and may further prohibit updating of device drivers by a local administrator.
[0030]Trusted external entity 104, may perform functions with respect to client 110 to verify in fact that modified operating system 102 is in fact installed and executing on client device 110. Trusted external entity 104 may be trusted in the sense that its operations are trusted to a higher degree than the entity that trusted entity 104 is verifying, i.e., modified operating system 103. That is, the operations of trusted entity 104 are trusted to a much greater degree than the behavior of user 105 to have actually installed modified operating system 102.
[0031]FIG. 1b is a flowchart depicting an operation of an anti-cheating process according to one embodiment. The process is initiated in 120. In 124, an original operating system is modified to crate an isolated execution environment, which may be a restricted execution environment to preclude a user from engaging in various anti-cheating behavior. In 126, a trusted external entity performs a verification to determine whether the modified operating system is in fact running and installed on a particular client device. The process ends in 128.
[0032]FIG. 2 is a block diagram of a trusted platform module and static root of trust module for performing an anti-cheating function. In particular, as shown in FIG. 2, the functions of trusted external entity shown in FIG. 1 a have been replaced by TPM 204. According to one embodiment, TPM 204 may perform an attestation function or operation.
[0033]In particular, TPM 204 may perform an attestation function via attestation module 208. Attestation may refer to a process of vouching for the accuracy of information, in particular the installation and execution of modified operating system 102 on client device 110. TPM 204 may attest, for example, to the boot environment and the specific boot chain which loaded on to the client device 110.
[0034]Attestation allows changes to the software running on the client device; however all such changes to that software are measured allowing an authorization decision to release secrets or to allow access to network functionality. Attestation may be achieved by having hardware associated with client device 102 generate a certificate stating what software is currently running, e.g., modified operating system 102. Client device 102 may then present this certificate to a remote party such as entertainment server 116 to show that its software, e.g., modified operating system 102, is in fact intact on client device 110 and has not been tampered with. Attestation may, although need not necessarily, be combined with encryption techniques, such as for example public-key encryption, so that the information sent can only be read by the programs that presented and requested the attestation, and not by an eavesdropper. Such encryption techniques can protect both the privacy of the user as well as the confidentiality of the protocol in use by the system.
[0035]According to one embodiment, attestation may be applied in the context of anti-cheating to determine whether a user is running a particular version of a system or operating system. That is, attestation may be performed by attestation module 208 on TPM 204 to verify that modified operating system 102 has been installed and is executing on client device 110. For example, it may be desirable to force user 105 to run modified operating system 102 rather than original operating system 103 as the modified version may have enhanced security and anti-cheating protection itself. That is, as described with respect to FIG. 1a, modified operating system 102 may comprise a restricted environment represented by isolated execution environment 108.
[0036]However, user 110 may attempt to engage in cheating behavior by pretending to run modified operating system 102 when in fact user 110 is in fact running an old version of the operating system, i.e., original operating system 103. This might be accomplished by gleaning certain bits from the new version (modified operating system 102) while in fact running the old version (original operating system 103), thereby falsely representing that user 105 is running the new version (modified operating system 102). Such techniques are common today, whereby after a patch is made to a breached DRM system, the attacker either obtains the new secret data from the patched system and places that data into the old breach system, falsely making the old breached system appear to be the new patched one, or by applying the same form, or slightly modified form, of attack on the new patched system creating a new breached system. In both cases the attacker is not running the newly patched DRM system. Increasing the difficulty of the attacker to perform either of those actions represents the majority of the work in releasing a patch. The developer must keep in mind the ease with which the new secrets can be extracted and the ease in which the same class of attack can be applied to the new patched system. Thus, it may be desirable to have TPM 204 attest to the fact that user 105 is running modified operating system 102 as opposed to either the original operating system 103, or a combination of both. Alternatively, the desired component may alternatively be a hardware component. In this case, it may be desirable for a trusted component to attest to the fact that a user has the particular hardware component. An additional alternative is for the hardware component to directly enforce restrictions on what software can run, preventing direct modification to the environment. A further alternative is for the hardware component to both enforce restrictions on what software can load and to measure and provide attestations of the software that did load. Likewise a hypervisor can perform both or either action.
[0037]TPM 204 may comprise a secure crypto processor (not shown in FIG. 2) that may store cryptographic keys that protect information. TPM 204 may provide facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. Furthermore, as described, TPM 204 may also provide capabilities such as attestation and sealed storage. Attestation may be achieved by TPM 204 creating a nearly un-forgeable hash key summary of a hardware and software configuration, a hardware configuration alone or a software configuration alone such as the hardware and software configuration of client device 110 (e.g., system 102 and application 112). According to one embodiment, the un-forgeable hash key summary(s) may be stored in platform configuration registers ("PCRs") 206.
[0038]A third party such as entertainment server 116 may then verify that the software such as modified operating system 204 is intact on client device 110 and has not been changed, using that attestation, for example as described with respect to FIG. 1a. TPM 204 may then perform a sealing process, which encrypts data in such a way that it may be decrypted only if TPM 204 releases the associated decryption key, which it only does for software which has the correct identity as measured into the PCRs of TPM 204. By specifying during the sealing process which software may unseal the secrets, the entertainment server can allow off-line use of those secrets and still maintain the protections.
[0039]While SRTM 209 provides strong measurement, it may become cumbersome when dealing with the number of individual binaries in a modern operating system. In order to address this issue, TPM 204 may perform measurement up to a pre-determined point where the security and integrity of the remainder of the system may be managed through another mechanism such as using a code integrity and disk integrity or other integrity based mechanism (described below).
[0040]FIG. 3a depicts a code integrity operation according to one embodiment. Code integrity may require that any binary loaded be cryptographically signed by a trusted root authority. Thus, as depicted in FIG. 3a, binary files 304(1)-304(N) as well as OS kernel 302 are cryptographically signed, i.e., exist in cryptographically secure environment 315. In order for various files 304(1)-304(N) and 302 to be utilized they must be verified by trusted root authority 306.
[0041]For example, some operating systems may include a code integrity mechanism for kernel mode components. According to one embodiment, this existing mechanism may be leveraged by measuring the responsible component (and the contents of the boot path up to that point) and then inferring the security of the operating system kernel. According to one embodiment, the binary signature may be rooted to a new key to limit the set of drivers that can load. In addition, an extension may be grafted onto this system to require that user mode binaries possess the same signatures. The use of code integrity may nevertheless still leave a set of non-binary files that are essential to security such as the registry or other configuration files.
[0042]According to one embodiment, a disk integrity mechanism may provide a method to patch those remaining holes. FIG. 3b depicts an operation of a disk integrity mechanism according to one embodiment. Disk integrity may attempt to ensure an isolated execution environment through control of the persisted media, such as the hard disk. Thus, as depicted in FIG. 3b, integrity protected disk files 320(1)-320(N) in environment 324 are integrity checked using module 322 before they can be utilized. By assuring that data read from the disk is cryptographically protected (e.g. digitally signed), the difficulty of injecting attacking software into the system may be elevated, thus making it particularly difficult to persist an attack once it is established.
[0043]According to the disk integrity model, files on a partition, e.g., 320(1)-320(N), may be signed by a root key. This may require that the disk be effectively read-only (since files cannot be signed on the client). The disk integrity model may address a vulnerability of code integrity by ensuring that the data is signed as well as the code.
[0044]According to an alternative embodiment, a proxy execution mechanism may be employed. Proxy execution may refer to running code somewhere other than the main central processing unit ("CPU"). For example, code may be run on a security processor, which may be more tamper and snooping resistant than the main CPU. In this manner, the hardware may be leveraged by moving the execution of certain parts of the code to a security processor in various ways.
[0045]According to one embodiment, proxy execution may be further strengthened by requiring that the channel between the CPU and the security processor be licensed. In particular, FIG. 4a depicts a proxy execution process according to one embodiment. Code 406 may be executed on security processor 404. Security processor 404 may communicate with CPU 402 via licensed channel 410.
[0046]According to one embodiment, a proxy execution mechanism may be used to tie the security processor to a particular SRTM code measurement and, if the license expires periodically, can be used to force rechecks of the system as a form of recovery. According to this embodiment, all communication between the security processor and the CPU (other than the communication needed to establish a channel) may require knowledge of a session key. To establish this, the security processor may either directly check the attestation from the TPM if it has that capability or if it doesn't or if more flexibility of versioning is required, a trusted third party, such as an entertainment server 116, can be used to negotiate between the TPM and the Security Processor, whereby the entertainment server checks the attestation from the TPM and then provides proofs and key material to allow for establishment of a cryptographically protected channel between the security processor and the TPM. The TPM can then provide those secrets to the CPU on subsequent reboots of the device in the same way the TPM protects all secrets to authorized PCR values.
[0047]According to an alternative embodiment, an individualization mechanism may also be employed. Individualization may refer to a process of building and delivering code that is bound to a single machine or user. For example, necessary code for the operation of the applications may be built (either on-demand or in advance and pooled) on a server and downloaded to the client as part of an activation process.
[0048]According to one embodiment, individualization may attempt to mitigate "Break Once Run Everywhere" breaches by making the attacker perform substantial work for each machine on which he desires to use the pirated content. Since the binaries produced by the individualization process are unique (or at least "mostly unique"), it becomes more difficult to distribute a simple patcher that can compromise all machines.
[0049]Individualization may require some form of strong identity--for a machine binding, this would be a hardware identifier. In traditional DRM systems this has been derived by combining the IDs of various pieces of hardware in the system. According to one embodiment, the security processor may be leveraged to provide a unique and strong hardware identifier.
[0050]In certain systems such as those with a poor isolation environment, a method for detecting cheating (and, to a lesser degree, piracy) may employ a watchdog process, which may respond to challenges from game server 116. The data collected by game server 116 may later be used to determine if a machine has been compromised, and if so the machine can be banned from gaming server 116 and prevented from acquiring additional licenses for content.
[0051]In one embodiment the watchdog process may itself be integrity protected by the same mechanisms which protect the operating system or execution environment as described in previous embodiments above.
[0052]FIG. 4b depicts an operation of a watchdog process according to one embodiment. As depicted in FIG. 4b, anti-cheating system 101 has further been adapted to include watchdog process 430 on client device 110. Entertainment server 116 may generate security challenge 432, which is transmitted over network 114, and received by watchdog process 430. Watchdog process 430 in turn may generate response 434, which it may then transmit over network 14 to entertainment server 116. In addition to executing within modified operating system 102, watchdog process 430 may also execute in a hypervisor.
[0053]Implementation of watchdog process 430 may require enforcement of several criteria. First, it should not be easy to trivially create a codebook of responses for these challenges, which means that the set of challenges should be large and the correct answers must not be obviously available to the client. Watchdog process 430 may require sufficient agility such that new challenges can be added at will. In the worst case, an attacker could set up a clean system on the Internet somewhere, such that client's systems running attack software could use it as an oracle. To prevent this, encryption may be applied to the channel between the gaming server 116 and watchdog process 430 (to prevent trivial snooping and man in the middle attacks), and potentially responses may be tied in to a security processor, machine identity, or other security hardware, such as a TPM, in some way.
[0054]A layered protection scheme may also be employed, wherein multiple technologies are layered in various combinations. For example, a "dual boot" solution may be employed that makes use of a reduced attack footprint, disk integrity and SRTM.
[0055]According to an alternative embodiment, rather than utilize trusted external entity 104 as shown in FIG. 1a, which may be a TPM as described previously, trusted entity may comprise the very hardware device upon which modified operating system 102 is hosted so long as that hardware device can enforce that modified operating system 102 is in fact running on it. Thus, as shown in FIG. 4c, anti-cheating system 101 is implemented via restricted hardware device 430, which internally can enforce the operation and execution of a desired operating system such as modified operating system 102. Restricted hardware device 430 may be, for example, a cellular telephone or a cable set top box.
[0056]According to yet another alternative embodiment, rather than employing trusted external entity 104, hypervisor 440 may be provided internally to client device 110. FIG. 4d depicts an operation of an anti-cheating system via a hypervisor according to one embodiment. Hypervisor 440 may receive the burden of measurement instead of employing SRTM in a TPM environment as described previously. According to one embodiment, hypervisor 440 may be a measured boot hypervisor. According to this embodiment, a mechanism may be provided to determine an identity of a particular hypervisor 440 that is running, e.g., via hypervisor identity module 442. Thus, for example, entertainment server 116 may communicate with hypervisor identity module to identify the nature of hypervisor 440. Hypervisor 440 in turn may communicate with entertainment server 116 to inform entertainment server 116 of the existence or non-existence of modified operating system 102. The installation of modified operating system 102 ensures a non-cheating context to operation of game title 112.
[0057]FIG. 5 shows an exemplary computing environment in which aspects of the example embodiments may be implemented. Computing system environment 500 is only one example of a suitable computing environment and is not intended to suggest any limitation as to the scope of use or functionality of the described example embodiments. Neither should computing environment 500 be interpreted as having any dependency or requirement relating to any one or combination of components illustrated in exemplary computing environment 500.
[0058]The example embodiments are operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well known computing systems, environments, and/or configurations that may be suitable for use with the example embodiments include, but are not limited to, personal computers, server computers, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, embedded systems, distributed computing environments that include any of the above systems or devices, and the like.
[0059]The example embodiments may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The example embodiments also may be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network or other data transmission medium. In a distributed computing environment, program modules and other data may be located in both local and remote computer storage media including memory storage devices.
[0060]With reference to FIG. 5, an exemplary system for implementing the example embodiments includes a general purpose computing device in the form of a computer 510. Components of computer 510 may include, but are not limited to, a processing unit 520, a system memory 530, and a system bus 521 that couples various system components including the system memory to processing unit 520. Processing unit 520 may represent multiple logical processing units such as those supported on a multi-threaded processor. System bus 521 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus (also known as Mezzanine bus). System bus 521 may also be implemented as a point-to-point connection, switching fabric, or the like, among the communicating devices.
[0061]Computer 510 typically includes a variety of computer readable media. Computer readable media can be any available media that can be accessed by computer 510 and includes both volatile and nonvolatile media, removable and non-removable media. By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CDROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by computer 510. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term "modulated data signal" means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer readable media.
[0062]System memory 530 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) 531 and random access memory (RAM) 532. A basic input/output system 533 (BIOS), containing the basic routines that help to transfer information between elements within computer 510, such as during start-up, is typically stored in ROM 531. RAM 532 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processing unit 520. By way of example, and not limitation, FIG. 5 illustrates operating system 534, application programs 535, other program modules 536, and program data 537.
[0063]Computer 510 may also include other removable/non-removable, volatile/nonvolatile computer storage media. By way of example only, FIG. 6 illustrates a hard disk drive 540 that reads from or writes to non-removable, nonvolatile magnetic media, a magnetic disk drive 551 that reads from or writes to a removable, nonvolatile magnetic disk 552, and an optical disk drive 555 that reads from or writes to a removable, nonvolatile optical disk 556, such as a CD ROM or other optical media. Other removable/non-removable, volatile/nonvolatile computer storage media that can be used in the exemplary operating environment include, but are not limited to, magnetic tape cassettes, flash memory cards, digital versatile disks, digital video tape, solid state RAM, solid state ROM, and the like. Hard disk drive 541 is typically connected to system bus 521 through a non-removable memory interface such as interface 540, and magnetic disk drive 551 and optical disk drive 555 are typically connected to system bus 521 by a removable memory interface, such as interface 550.
[0064]The drives and their associated computer storage media discussed above and illustrated in FIG. 5, provide storage of computer readable instructions, data structures, program modules and other data for computer 510. In FIG. 5, for example, hard disk drive 541 is illustrated as storing operating system 544, application programs 545, other program modules 546, and program data 547. Note that these components can either be the same as or different from operating system 534, application programs 535, other program modules 536, and program data 537. Operating system 544, application programs 545, other program modules 546, and program data 547 are given different numbers here to illustrate that, at a minimum, they are different copies. A user may enter commands and information into computer 510 through input devices such as a keyboard 562 and pointing device 561, commonly referred to as a mouse, trackball or touch pad. Other input devices (not shown) may include a microphone, joystick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to processing unit 520 through a user input interface 560 that is coupled to the system bus, but may be connected by other interface and bus structures, such as a parallel port, game port or a universal serial bus (USB). A monitor 591 or other type of display device is also connected to system bus 521 via an interface, such as a video interface 590. In addition to the monitor, computers may also include other peripheral output devices such as speakers 597 and printer 596, which may be connected through an output peripheral interface 595.
[0065]Computer 510 may operate in a networked environment using logical connections to one or more remote computers, such as a remote computer 580. Remote computer 580 may be a personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to computer 510, although only a memory storage device 581 has been illustrated in FIG. 5. The logical connections depicted in FIG. 5 include a local area network (LAN) 571 and a wide area network (WAN) 573, but may also include other networks. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet.
[0066]When used in a LAN networking environment, computer 510 is connected to LAN 571 through a network interface or adapter 570. When used in a WAN networking environment, computer 510 typically includes a modem 572 or other means for establishing communications over WAN 573, such as the Internet. Modem 572, which may be internal or external, may be connected to system bus 521 via user input interface 560, or other appropriate mechanism. In a networked environment, program modules depicted relative to computer 510, or portions thereof, may be stored in the remote memory storage device. By way of example, and not limitation, FIG. 5 illustrates remote application programs 585 as residing on memory device 581. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
[0067]Computing environment 500 typically includes at least some form of computer readable media. Computer readable media can be any available media that can be accessed by computing environment 500. By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by computing environment 500. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term "modulated data signal" means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of the any of the above should also be included within the scope of computer readable media. Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.
[0068]Although the subject matter has been described in language specific to the structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features or acts described above are disclosed as example forms of implementing the claims.
[0069]The inventive subject matter is described with specificity to meet statutory requirements. However, the description itself is not intended to limit the scope of this patent. Rather, it is contemplated that the claimed subject matter might also be embodied in other ways, to include different steps or combinations of steps similar to the ones described in this document, in conjunction with other present or future technologies.
* * * * *
September 3, 2010, 7:26 AM
Why I.B.M. Took a Different Path in Storage
By STEVE LOHR
10:38 a.m. | Updated to correct the name of the company that EMC purchased last year.
The high-stakes sumo match between Hewlett-Packard and Dell ended on Thursday, with H.P. paying about $2.3 billion for 3Par.
I.B.M. has said it looked at 3Par and other companies more than two years ago, when it was building up in the field of clustered storage, an important technology in handling data remotely for so-called cloud computing systems. Instead of 3Par, it bought an Israeli clustered-storage specialist, XIV.
I.B.M. did not report the price tag on XIV. But analysts estimate it probably paid less than $200 million for a business that now generates more sales than 3Par’s revenue of $194 million last year.
I.B.M. will not comment on those estimates, but it does point to the XIV deal as an example of how its research labs are used to inform the company’s merger, acquisition and divestiture strategy.
In fact, Big Blue’s storage business has been bolstered by a series of early-stage purchases in the sector over the last couple of years, including Arsenal Digital, Storwize and Diligent. I.B.M. has not gotten in the middle of pricey bidding wars like the one over 3Par or over Data Domain, which EMC bought last year for $2.4 billion, after beating out NetApp.
The labs, explains Robert Morris, a vice president of I.B.M. Research, provide strategic “headlights” for the company as a whole. At the end of each year, the lab researchers prepare a global technology outlook, which presents senior management with an assessment and predictions about key technologies over the coming several years.
As a senior research manager, Mr. Morris also meets with members of I.B.M.’s M.&A. teams four times a year. “It’s not enough to see in the future, you have to act,” he said. “If you’re ahead of the game, you can go in and get companies at a good price, before others recognize the value.”
The researchers, Mr. Morris adds, learn things from the I.B.M. acquisition teams as well. “They’ll say, ‘Have you seen this little company?’ ” he said. “They’re like sensors in the marketplace. We develop a lot inside I.B.M., but most innovation is going on outside any single company.”
An earlier version of this post misstated the name of the company that EMC bought last year. It is Data Domain, not Digital Domain.
e, Hackers, Internet, Internet Security, Secure Sockets, Technology News
Email Comments 33
LAS VEGAS — Researchers have uncovered new ways that criminals can spy on Internet users even if they're using secure connections to banks, online retailers or other sensitive Web sites.
The attacks demonstrated at the Black Hat conference here show how determined hackers can sniff around the edges of encrypted Internet traffic to pick up clues about what their targets are up to.
It's like tapping a telephone conversation and hearing muffled voices that hint at the tone of the conversation.
The problem lies in the way Web browsers handle Secure Sockets Layer, or SSL, encryption technology, according to Robert Hansen and Josh Sokol, who spoke to a packed room of several hundred security experts.
Encryption forms a kind of tunnel between a browser and a website's servers. It scrambles data so it's indecipherable to prying eyes.
SSL is widely used on sites trafficking in sensitive information, such as credit card numbers, and its presence is shown as a padlock in the browser's address bar.
SSL is a widely attacked technology, but the approach by Hansen and Sokol wasn't to break it. They wanted to see instead what they could learn from what are essentially the breadcrumbs from people's secure Internet surfing that browsers leave behind and that skilled hackers can follow.
Their attacks would yield all sorts of information. It could be relatively minor, such as browser settings or the number of Web pages visited. It could be quite substantial, including whether someone is vulnerable to having the "cookies" that store usernames and passwords misappropriated by hackers to log into secure sites.
Hansen said all major browsers are affected by at least some of the issues.
Story continues below
"This points to a larger problem – we need to reconsider how we do electronic commerce," he said in an interview before the conference, an annual gathering devoted to exposing the latest computer-security vulnerabilities.
For the average Internet user, the research reinforces the importance of being careful on public Wi-Fi networks, where an attacker could plant himself in a position to look at your traffic. For the attacks to work, the attacker must first have access to the victim's network.
Hansen and Sokol outlined two dozen problems they found. They acknowledged attacks using those weaknesses would be hard to pull off.
The vulnerabilities arise out of the fact people can surf the Internet with multiple tabs open in their browsers at the same time, and that unsecured traffic in one tab can affect secure traffic in another tab, said Hansen, chief executive of consulting firm SecTheory. Sokol is a security manager at National Instruments Corp.
Their talk isn't the first time researchers have looked at ways to scour secure Internet traffic for clues about what's happening behind the curtain of encryption. It does expand on existing research in key ways, though.
"Nobody's getting hacked with this tomorrow, but it's innovative research," said Jon Miller, an SSL expert who wasn't involved in the research.
Miller, director of Accuvant Labs, praised Hansen and Sokol for taking a different approach to attacking SSL.
"Everybody's knocking on the front door, and this is, 'let's take a look at the windows,'" he said. "I never would have thought about doing something like this in a million years. I would have thought it would be a waste of time. It's neat because it's a little different."
Another popular talk at Black Hat concerned a new attack affecting potentially millions of home routers. The attack could be used to launch the kinds of attacks described by Hansen and Sokol.
Researcher Craig Heffner examined 30 different types of home routers from companies including Actiontec Electronics Inc. and Cisco Systems Inc.'s Linksys and found that more than half of them were vulnerable to his attack.
He tricked Web browsers that use those routers into letting him access administrative menus that only the routers' owners should be able to see. Heffner said the vulnerability is in the browsers and illustrates a larger security problem involving how browsers determine that the sites they visit are trustworthy.
The caveat is he has to first trick someone into visiting a malicious site, and it helps if the victim hasn't changed the router's default password.
Still: "Once you're on the router, you're invisible – you can do all kinds of things," such as controlling where the victim goes on the Internet, Heffner said.
Helpful....a very cogent and astute analogy!
White House Issues Progress Report On Cybersecurity
Obama administration looks to raise awareness in private sector
Jul 15, 2010 | 04:39 PM
By Tim Wilson
DarkReading
President Obama and cybersecurity czar Howard Schmidt both made statements on cybersecurity yesterday, offering optimistic progress reports and encouraging more activity in the private sector.
In its progress report, the White House pointed to recent organizational changes and new cybersecurity initiatives as evidence that the administration is making advances on the cybersecurity front.
"President Obama appointed a Cybersecurity Coordinator to provide White House leadership on cybersecurity issues," the progress report says. "The Cybersecurity Coordinator leads a new Cybersecurity Directorate within the National Security Staff (NSS), works closely with the economic team, and has created a close partnership with the Office of Management and Budget (OMB) and the Office of Science and Technology Policy."
The White House says it is putting cybersecurity into its agenda as a "key management priority."
"Enhancing cybersecurity is a central component of the Administration's Performance Management Agenda," the progress report says. "The Federal Chief Performance Officer has targeted key performance strategies for improving government operations, which include moving to real time monitoring and integrating cybersecurity into system design, rather than bolting it on as an afterthought."
The administration also pointed to changes in FISMA guidance. "This new guidance shifts the focus from departments and agencies developing static, paper-based compliance reports to continuous, real time monitoring of federal networks," the report says. "Risk-based performance metrics are being established based on this real time monitoring, and these metrics will eventually be incorporated into senior official performance plans.
"This change means that agencies will be able to identify vulnerabilities faster and actively protect against attacks," the report says. "The new approach builds on government and industry best practices that will make our cybersecurity efforts more effective."
In a blog, Schmidt reported that President Obama visited a meeting of government cybersecurity leaders in Washington.
"Of course, the real highlight came when the President stopped by to emphasize the increasing importance our society will place on digital communications and information infrastructure as we seek to unleash the potential of these new media," Schmidt said.
"He emphasized the need for continued collaboration between the private sector and government, stating, "that's why we're going to need all of you to keep coming together -- government, industry, academia, think tanks, media and privacy and civil liberties groups -- to work together, to develop the solutions we need to keep America safe and prosperous in cyberspace.”
The progress report recaps a broad range of cybersecurity initiatives in government, including the development of an incident response plan and a new scheme for identity management.
In addition, the report discusses several lesser-known initiatives, including a program to research the risks associated with smartphones and other mobile devices.
"Working together, NIST, NSA, and the private sector have created a checklist to identify vulnerabilities in smart phones," the report says. "Many new phones are actually unified communication platforms that incorporate web browsing, still camera, video, and other functions, but the integration of these platforms creates an ever more vulnerable system by multiplying each unique platform’s vulnerabilities. The use of this checklist can reduce these vulnerabilities."
Ameritrade stated that Earnings Report is August 10 after the close.
CBS 60 Minutes is showing a segment on Cyber warfare.Brazil is featured where Brazil has been blacked-out, Scary.Hope US and WAVX and HAP are moving very fast.Theft of high security databases have been admitted.
Ramsey2.....Why would WAVX which is trying to conserve cash employ senior HP sales-oriented management if they thought that HP was a dead issue.SKS is more clever than the bashers give him credit.There is a great deal of intentional FUD.I would follow Snackman's advice: do not let them put you to sleep and take your shares!
Been following you for some time....keep up the good work!
Google ditches Windows on security concerns
By David Gelles and Richard Waters in San Francisco
Published: May 31 2010 23:26 | Last updated: May 31 2010 23:26
Google is phasing out the internal use of Microsoft’s ubiquitous Windows operating system because of security concerns, according to several Google employees.
The directive to move to other operating systems began in earnest in January, after Google’s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally.
EDITOR’S CHOICE
In depth: Google - Dec-21
Tech blog - Apr-26
EU rebukes search engines over data storage - May-27
Google stops deleting Street View WiFi data - May-21
UK activists warn Google on erasing data - May-21
“We’re not doing any more Windows. It is a security effort,” said one Google employee.
“Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,” said another.
New hires are now given the option of using Apple’s Mac computers or PCs running the Linux operating system. “Linux is open source and we feel good about it,” said one employee. “Microsoft we don’t feel so good about.”
In early January, some new hires were still being allowed to install Windows on their laptops, but it was not an option for their desktop computers. Google would not comment on its current policy.
Windows is known for being more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems.
Employees wanting to stay on Windows required clearance from “quite senior levels”, one employee said. “Getting a new Windows machine now requires CIO approval,” said another employee.
In addition to being a semi-formal policy, employees themselves have grown more concerned about security since the China attacks. “Particularly since the China scare, a lot of people here are using Macs for security,” said one employee.
Employees said it was also an effort to run the company on Google’s own products, including its forthcoming Chrome OS, which will compete with Windows. “A lot of it is an effort to run things on Google product,” the employee said. “They want to run things on Chrome.”
The hacking in China hastened the move. “Before the security, there was a directive by the company to try to run things on Google products,” said the employee. “It was a long time coming.”
The move created mild discontent among some Google employees, appreciative of the choice in operating systems granted to them - an unusual feature in large companies. But many employees were relieved they could still use Macs and Linux. “It would have made more people upset if they banned Macs rather than Windows,” he added.
Google and Microsoft compete on many fronts, from search, to web-based email, to operating systems.
While Google is the clear leader in search, Windows remains the most popular operating system in the world by a large margin, with various versions accounting for more than 80 per cent of installations, according to research firm Net Applications.
Cisco Warns Of Security Flaws In Building Management System
Multiple vulnerabilities could enable attackers to access power, HVAC, and physical security systems
May 27, 2010 | 10:44 PM
By Tim Wilson
DarkReading
Cisco Systems yesterday revealed details of multiple security vulnerabilities in a device that many companies use to centrally control building power, ventilation, lighting, and security systems remotely via the data center.
In a security advisory issued Wednesday, Cisco warned users of its Network Building Mediator products to patch the vulnerabilities, which could allow access to obtain administrative passwords and read system configuration files, making it possible for hackers to take control of a building's most critical control systems.
"Successful exploitation of any of these vulnerabilities could result in a malicious user taking complete control over an affected device," the advisory states. The flaws also have been found in older products from Richards-Zeta, the company that originally designed the system, which was acquired by Cisco.
One flaw could enable low-level employees to gain full control of the device by accessing default administrative accounts, Cisco says. Other bugs might allow insiders to intercept traffic as it travels between an administrator and the Building Mediator.
The device, which collects data in a variety of formats and presents it on a single screen, is designed to automate a multitude of facilities management tasks. However, this consolidation could also turn the system into a single point of attack, experts say.
Cisco has released free software updates that address the vulnerabilities. Workarounds that mitigate some of the listed vulnerabilities are also available.
The bugs were discovered during internal testing, and Cisco does not know of any actual expoits yet, the advisory says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
What is the definition of a Block Owner? TIA
OT
Goldman Sachs Sued For Illegal Database Access
Employees at Goldman allegedly used misappropriated credentials to grab intellectual property from market intelligence service's database
May 11, 2010 | 04:58 PM
By Ericka Chickowski, Special To Dark Reading
DarkReading
Goldman Sachs has been slapped with a $3 million lawsuit by a company that alleges the brokerage firm stole intellectual property from its database of market intelligence facts.
Filed last week in the U.S. District Court for the Southern District of New York, the lawsuit claims Goldman Sachs employees used other people's access credentials to log into Ipreo Networks's proprietary database, dubbed Bigdough. Offered on a subscription basis, the information contained within Bigdough offers detailed information on more than 80,000 contacts within the financial industry. Ipreo complained to the court that Goldman Sachs employees illegally accessed Bigdough at least 264 times in 2008 and 2009.
Adrian Lane, an analyst with Securosis, says this is a textbook case for why companies with important intellectual property held in databases need to implement robust monitoring tools to supplement sound access control policies and procedures.
"Insider threats of CRM systems is literally the genesis of [the database activity monitoring] industry," Lane says. "This is a prototypical example of why you want to have monitoring over and above access controls to verify usage. You want to check to make sure that the individual is looking at the records that are appropriate to that account."
According to the suit, Goldman Sachs did acknowledge that the IP address used to make the unauthorized access belonged to the brokerage firm, but that it was just the act of a lone employee.
Phil Lieberman, president of Lieberman Software, believes that defense won't wash well in court. "The only place this rogue-employee defense works is if the employee goes nuts off-site of the company with no company direction and hurts someone while not conducting company business," he explains. "Sharing a bucket of KFC chicken with a friend is OK. Sharing the secret formula for KFC chicken with a friend who then goes out and makes money from the information is not OK. In this last case, if the cook gets the formula for the chicken and makes more money for the restaurant as a result of the secret information, the owner will be liable for the stolen information."
As Lieberman puts it, shared accounts are a sad fact of life when IT manages its own systems. Things become a lot trickier, though, when that account-sharing involves third-party services. "Many online companies provide a per-seat licensing model that does not enforce restrictions or stop sharing. In many cases, these per-seat costs are very high and it is deemed to be too troublesome for low-level employees without executive titles to purchase additional seats, so theft is the usual outcome," Lieberman says. "In this case, it appears that friends probably shared these licenses outside of their company as a 'favor.'"
In most cases, when the service provider informs the infringing party that they need to pay for what they stole, the offending party basically pays for the stolen property and that's it, he says. "[But] it appears that Goldman decided to take the road less traveled and enter into a less-than-savory legal and business position that has now landed them in court," he says.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Discuss This
Add Your Comment: