A 64 year old disgruntled employee planted a logic bomb, got caught and will spend the next 8 years in the slammer. That’s exactly the kind of attack that’s really tough to defend against. It’s a perfect example of how disgruntled employees can very easily cause major damage. In this case the guy wasn’t smart enough to cover his tracks but yet he still caused disruption to the company’s service.

How could this happen? Without knowing more about the case, I bet that he was most likely “root” on all the servers he compromised. Things like system based Role Based Access Control (RBAC) have been around for a long time but yet in most IT shops everybody is still running around with the root password. The results are story’s like the one below.
Full article…

Comments: No Comments

PrivacyRights.org actually is counting, but no one seems to care. If the current rate of large scale identity theft is sustained, we stand a good chance to have every US residents’ identity exposed within the next 12-24 months.

Within the last 24 hours alone we learned about almost 1.2 Million exposed identities within the following organizations:

If we take a closer look at the list PrivacyRights.Org is compiling, we can break it down into three different risks that cause the exposure or theft of identity data:

Full article…

Comments: 1 Comment

CERT just posted this podcast that talks about the different type of attacks that come with insider threats. They break it down into three different kind of attacks:

They also look at some of the specific attacks like setting up backdoor accounts or time and logic-bombs that wipe out suspicious log activity.

CERT has an entire section dedicated to insider threat.

Comments: No Comments

So I’m a happy Skype user. I can answer my “phone” anywhere in the Internet-connected world. I can get a phone number in New York City, Chicago, Los Angeles, or a foreign country. There is call forwarding, video calls, voicemail, instant messaging, SMS messaging, file transfers, conference calls, and for a limited time I can call traditional phones in the US and Canada for free. It can be integrated into my web browser and email reader for a more seamless workflow. I can buy the amount of credit I need instead of being shocked when a big bill arrives. What’s not to like about that?

Full article…

Comments: 9 Comments

Vontu which is playing in the same space as earlier mentioned Reconnex has just announced a partnership with gateway security vendor IronPort. The partnership includes the delivery of a integrated solution that allows customers to comprehensively address messaging security needs – especially those who have regulatory requirements.

Vontu’s solution is software based and runs on Linux and Windows platforms. It allows organizations to create custom policies that prevent confidential data loss. For example, an email message that contains confidential information is either blocked or can’t be sent to the outside unless it’s encrypted.

IronPort provides email and web security gateway appliances. Especially their email security appliances can be found in many Fortune 500 data centers.

Comments: No Comments

Reconnex a startup that has specialized in fighting the insider threat just announced a new version of its iGuard appliance. The iGuard appliance allows organizations to discover, monitor, capture and prevent information leakge or IP (intellectual property) theft.

Especially the prevenvtion part will be an extremely useful technology to help companies combat these issues. The fact that a solution like this allows the IT security group to see “what’s going on” in their network – is an eye-opening experience for anyone who is in charge of compliance or security.

Reconnex also offers a free 48-hour risk assesment where they basically drop an appliance into your network and it’ll start looking for (prior defined) strings and information. It’ll then create a – in most cases mind-boggling – report that shows what kind of sensitive information is leaking to the outside world.

There are several other companies that offer solutions against insider threat: Code Green Networks, Vontu, Fidelis, Oakley Networks.

Comments: 2 Comments