Monthly archives for December, 2016

How Facebook is using its cloud clout to design your network, datacenter

Facebook is the ringleader in a movement to drive down datacenter, telecom, and networking costs. Here’s why Facebook has won over IT partners via an open source approach.

Facebook is increasingly wielding influence on the infrastructure design that stretches from the fiber optic cables to the datacenter to the last mile of your home. And it’s using an open source approach to rally a vast ecosystem that’ll follow its lead.

In the future, it’s highly likely that Facebook will influence the behind-the-scenes network designs as well as datacenter architecture that’ll run your business. And, presumably, Facebook’s open source and white-box approach will drive costs down.

The progress of the Open Compute Project is fairly well known. Facebook has outlined how it approaches its datacenters and designs its servers and infrastructure. Sure, these designs revolve around Facebook’s use cases, but they increasingly apply to more enterprises that have to operate at web scale.

And now Facebook is taking its Open Compute Project mojo into the Telecom Infrastructure Project. The Open Compute Project took years to land key cloud partners such as Microsoft and Google. The Telecom Infra Project has hit the ground running with partners such as Accenture, Hewlett Packard Enterprise, Broadcom, Cisco, Juniper, and a host of others.


Facebook contributes telecom designs, plans to Telecom Infra Project, adds partners
Open Compute Project: Gauging its influence in datacenter, cloud computing infrastructure
Facebook wants to do to 5G what it has already done to the datacenter
Open Compute Project enlists AT&T, Verizon while growing telco support
Microsoft to release version 2 of its Open Compute Project server design
Microsoft submits new open-sourced networking components to Open Compute Project
Google joins Open Compute Project, contributes 48V rack
Google, Facebook pause rivalries: Here’s their 48V power-saving rack spec for Open Compute Project

Add it up and it’s clear Facebook’s approach has given it a lot of voice in how cloud datacenters are designed. It’s also worth noting that Facebook’s capital spending relative to hyperscale cloud providers is sizable, but the social network’s influence is still punching above its wallet (not that $1 billion or so in capital expenses a quarter is chump change).

According to Stifel, Facebook will spend $4.5 billion on capital expenditures in 2016, up from $2.5 billion in 2015.

TechRepublic: Enterprise IT’s top 4 favorite tech companies | Switching clouds: What Spotify learned when it swapped AWS for Google’s cloud | Photos: A look inside Google’s, Microsoft’s and Facebook’s datacenters

So how did Facebook grow this influence? Here are a few reasons:

Facebook has leveraged open source well largely because it is a customer and not a vendor. Facebook has a core competency in running its own infrastructure, but isn’t trying to sell you a cloud service or hardware. Facebook is looking to squeeze costs via commodity hardware and automation just like enterprises are. Facebook and enterprise customer interests are aligned.
The inclination to throw designs, intellectual property, and architectural models in open source projects have won Facebook a lot of credibility in datacenter circles.
Facebook spends a ton on infrastructure. Why would a vendor play along with Facebook? Perhaps a technical partner will sell Facebook servers, routers, and switches under a white box arrangement. Even with squeezed margins, the volume may make up the profit difference with Facebook as a customer. The other reason vendors play well with Facebook: they can learn new approaches from the ecosystem and then add their value-added intellectual property to it.

Now we all know what’s in it for Facebook. By collaborating with the major datacenter and telecom players, Facebook can influence the next-generation infrastructure to enable everything from artificial intelligence and machine learning (yes, the company open sources a lot of that too) to Oculus virtual reality advertising.

However, the argument is easy to make that Facebook’s approach to influencing enterprise infrastructure will have far more pros than cons.


New software could get Facebook back into China: Report

A new censorship tool developed by Facebook could get the social media giant back into China after a seven-year ban.

Facebook has developed a censorship tool that could allow the social media site back into China after a seven-year ban, according to reports.

According to The New York Times, the software suppresses posts in specific geographies from appearing in users’ news feeds. The company will offer the software to a third party, which will then monitor popular stories and topics, and will have full control over whether they show up in users’ news feeds.

Facebook employees, who wished to remain anonymous, stressed that the software is one of many solutions the company has considered to get back into China, and it may not see the light of day, according to the report.

Facebook’s founder Mark Zuckerberg has also met with top internet executives in the country, including China’s propaganda tsar Liu Yunshan, in an effort to strengthen exchanges and mutual understanding with internet companies there.

“We have long said that we are interested in China, and are spending time understanding and learning more about the country,” Facebook spokeswoman Arielle Aryah said in reports. “However, we have not made any decision on our approach to China.”

China banned the social media giant in July 2009 in an effort to restrict the flow of information about ethnic unrest following the Urumqi riots that left 140 people dead. Despite this, there are a number of users in the country who are said to circumvent the country’s firewall through the use of virtual private networks (VPNs) such as Astrill.

Reports circulated three years after the ban that there were over 60 million Facebook users in China who still used the social media site through the use of proxies and VPNs; however, Facebook’s own statistics had the figure at around 600,000 registered users in China.

Last year, China revamped its internet filter to make it more difficult for users to work around the ban. A senior official at the Ministry of Industry and Information Technology at the time said the move was designed to foster the “healthy development” of the internet in China.
Social media in China is largely dominated by Baidu, Tencent’s WeChat, and Sina Weibo, the latter of which has around 100 million daily users.

Google’s Gmail service was also blocked in China in December 2014 as part of efforts to further regain control over its citizens’ access to content.

Earlier this week, Zuckerberg detailed Facebook’s plan to prevent fake news from circulating the site, including stronger detection to classify misinformation, easier reporting for users to catch misinformation faster, third-party fact checking, flagging more stories, disrupting the fake news economy, and improving the quality of related articles.

“The bottom line is: We take misinformation seriously,” Facebook’s chief explained. “Our goal is to connect people with the stories they find most meaningful, and we know people want accurate information. We’ve been working on this problem for a long time and we take this responsibility seriously. We’ve made significant progress, but there is more work to be done.”

In China, spreading fake news on social media platforms such as Weibo and WeChat can result in criminal punishment of between three to seven years of jail time, as stipulated by an amendment made to Chinese law in November last year.

With AAP


Hacks battered IT optimism in 2016; can 2017 enrich defenses

Awareness, standards, innovation key pieces of formula that could deliver better identity, access management

Lately, cybersecurity has been the place where IT’s optimism goes to die.

It’s been a tough road for companies and organizations the past few years as their network defenses have been bent and broken on a consistent, and often dramatic, basis. Hacks that topple over a billion user accounts are shocking and make a solution seem impossible. But IT is resilient despite on-going challenges in staffing, budgeting, and time.

The question is will a new year bring improvements in cybersecurity, specifically around authentication and access controls? There is no doubt that the environment is caustic. Through last week, the Identity Theft Resource Center (ITRC) has identified 980 hacks in 2016, and the exposure of 35,233,317 records. Business and Health Care were the hardest hit vertical industries.

In 2015, the number of recorded hacks was 781, which was the highest number since 2005. In that year, ITRC was compelled to announce “breaches have become the third certainty in life.”

That’s a grim reality for IT, online services and end-users. What could happen in 2017 that might give the good guys a fighting change against the bad guys? Here are three thoughts that might help define progress next year.


While it might seem like no one is paying attention, internet users are starting to realize their data has value. And it’s a value that deserves better than a password. This is the first move in what will be a multi-year culture shift. Most everyone is sick of passwords, but they will not go away next year – or for many years after. But they have to be removed as a security boundary. Passwords should only be used to signal that a user wants access to a resource. Then the user must produce a secure credential to back up who they are, and then tie into an evaluation of authorization for privileges – and perhaps operations like risk assessment (more on that later).

A recent study by TeleSign showed that 73 percent of respondents want companies to provide extra layers of security beyond the password. The survey also revealed an 18 percent increase in the number of consumers that currently use a second-factor for authentication for at least one online account. Of those, 77% have turned it on for at least one new account in the past year. That’s not a culture shift, but it is an encouraging sign. 2017 has to provide momentum.

If identity is indeed the new security perimeter, than the underlying technology for that perimeter must be built on standards. Without standards, dead-ends emerge that block the flow of identity-based access across the security boundaries of enterprises and online service providers. Today, standards built on OAuth 2.0 and its derivative protocols have gained acceptance as a new foundation to augment or replace current IAM infrastructure, which is mostly built on the Security Assertion Markup Language (SAML). OAuth-derivative OpenID Connect addresses authentication needs and companion technologies like clients built on AppAuth provide hooks to bring mobile devices into the fold. In addition, the FIDO Alliance is on the verge of further enriching strong authentication to protect resources on desktops, browsers and mobile devices. FIDO also has the potential to take a major bite out of phishing, which costs companies with 10,000 or more employees as much as $4 million per year, according to the Ponemon Institute. Separately, existing standards for encryption and digital signing could secure the integrity of data, which Steve Wilson of Constellation Research refers to as the “authentication of data.” These standards have to show maturity in 2017 if the year is to be a milestone.


Identity and authentication is not a 12-month turnaround. Secure identity is one thing, but there is a fabric of cybersecurity defenses that further improve access control. Trust and risk assessments, analytics, data loss prevention, signaling and other technologies are key capabilities for security. End-users seeking resource access will be interrogated on the back-end by having their credentials, their habits and their locations examined and cross-referenced. The concept of Continuous Authentication will incorporate all these variables and keep users moving securely among resources. Also, strategies and standards need to mature to pull mobile devices and the Internet of Things into this access control gauntlet.

Gartner says that companies of 1,000 or more employees spent on average $1.6 million on IAM in 2016. Most of those companies expect to spend more in 2017, including replacing one or more aging and current IAM systems that aren’t meeting today’s sophisticated needs. All this coordination will take collaboration. In 2017, enterprise and service provider security staffs must show holistic efforts around deploying cybersecurity and IAM solutions. Without cooperation across an organization, building out authentication and security won’t be tactical or effective.


How AI-powered cyberattacks will make fighting hackers even harder

Cybersecurity firms are using AI and machine learning to prevent attacks — but what’s to stop criminals using these technologies for ill?

Despite spending more money on security than ever, organisations struggling with a widespread cybersecurity skills gap are often told how technologies like big data, analytics, machine learning, and artificial intelligence can aid them in protecting their data or critical infrastructure from attackers.

Organisations ranging from startups to established large corporations are investing in the building of AI systems to bolster defences by analysing vast amounts of data and helping cybersecurity professionals identify far more threats than would be possible if they were left to do it manually.

But the same technologies that improve corporate defences could also be used to attack them.

Take phishing. It’s the simplest method of cyberattack available — and there are schemes on the dark web which put all the tools required to go phishing into anyone’s hands. It’s simply a case of taking an email address, scraping some publicly available personal data to make the phishing email seem convincing, then sending it to the victim and waiting for them to bite. That could become even more effective if AI is added.

“Spear phishing is going to become really, really good when machine learning is incorporated into it on the attacking side,” says Dave Palmer, director of technology at Darktrace, a cybersecurity firm which deploys machine learning in its technology.

The machine learning algorithms don’t even need to be very advanced; relatively simple sequence-to-sequence machine learning could be installed on an infected device in order to monitor emails and conversations of a compromised victim. After a period of monitoring, the AI could tailor phishing messages to mimic the message style of the victim to particular contacts in their address book, in order to convince them to click on a malicious link.

“If I were emailing someone outside the company, I’d probably be polite and formal, but if I was emailing a close colleague, I’d be more jokey as I email them all the time. Maybe I’d sign off my emails to them in a certain way. That would all be easily replicated by machine learning and it’s not hard to envision an email mimicking my style with a malicious attachment,” Palmer explains.

“It’s come from me, it sounds like me, it talks about the things we usually talk about. I expect they’d open it,” he adds.

It isn’t just emails artificial intelligence could monitor and learn from; the increasingly public nature of many social media profiles and photo accounts, video streaming and even online shopping accounts could all be in the cross-hairs of malicious machine learning algorithms. And the more information that’s available to sift through, the easier it would be for an AI to learn about the behaviours and habits of the victim and exploit that in an effort to steal data, or even whole accounts.

“Imagine if it could predict our likely answers to security questions in order to reset passwords for us automatically to hijack accounts without having to steal the data from the source,” says Jonathan Sander, VP of product strategy at Lieberman Software, a security management firm. “Imagine if it could even text us and pretend to be our kid asking for the Netflix password because they forgot it.”

Much like the human criminal counterpart, an AI with all the right information about a target could ultimately trick them into clicking anything or sending out any data desired. Using AI to go through that information means more people could be targeted in a much shorter length of time.

More targets means more victims, putting more individuals — and the organisations they work for — at risk of having data stolen, which in turn puts more information into the public domain to be exploited.

While phishing for data is a simple but effective attack, it’s possible artificial intelligence could be used to keep criminals in the game of developing malware and ransomware one step ahead of those attempting to shut them down, by continually altering the malicious code to avoid detection or providing it with more effective means of attack.

Indeed, AI has already been used to exploit vulnerabilities, although the incident itself took place at a Defense Advanced Research Projects Agency (DARPA)-sponsored hacking and defence tournament, at the DEF CON security conference in Las Vegas in August this year.

The DARPA Cyber Grand Challenge was designed to accelerate the development of advanced, autonomous systems capable of detecting, evaluating, and patching software vulnerabilities before adversaries have a chance to exploit them. Seven teams competed in the competition, which was won by a computer system dubbed Mayhem, created by a team known as ForAllSecure who walked away with $2m for their efforts.

In addition to patching the existing security holes, the teams’ automated systems were actively encouraged to find weakness in the code of their opponents and exploit it before the holes were patched. While the aim of the event was to demonstrate how this strategy of taking the fight to opponents could benefit cybersecurity professionals, it’s not hard to see how malicious actors could use the same methods and exploit them for nefarious means.

“While this was a research tournament to help the ‘good guys’, the contest proved that machines can automatically find and exploit new vulnerabilities rather quickly. In other words, it illustrated one way malicious threat actors might leverage AI for an attack as well as how defenders can leverage it for defence,” says Corey Nachreiner, CTO of network security firm WatchGuard Technologies.

But while the likes of artificial intelligence and machine learning could prove useful to cybercriminals and hackers, they require a lot of investment and development time to build in the first place, at a time when people are still making themselves vulnerable to even the most basic forms of cybercrime.

Millions are regularly falling for basic phishing campaigns, and it only takes one click for a whole target organisation to be breached. So why would cybercriminal organisations bother to invest in advanced techniques when they’re already winning the fight?

“If I was an attacker, why would I develop a deep learning system like Google are building when I can send 10,000 emails and have one person click on them? It can be around any subject — Donald Trump, the SuperBowl, a coupon advert -a- people will click. People in security often hype sophistication, but there’s no reason for attackers to do that,” says Oren Falkowitz, CEO and co-founder of Area 1 Security.

Nonetheless, it’s still possible that like any legitimate organisation, hacking gangs will look to exploit machine learning and artificial intelligence tools to augment their operations, if not replace their manual tasks. “Hackers will always look for things to make their processes work smoother,” Falkowitz says.


Locky ransomware: How this malware menace evolved in just 12 months

Malware gets multiple updates as it tries to evade detection by security companies.

Researchers have catalogued the changes made to one of the most common pieces of ransomware over the course of this year, showing how sophisticated the development of such tools has become.

Ransomware has become one of the biggest menaces on the internet: one analysis puts the total cost of the file-encrypting malware at $1bn for the whole year. Cyber-criminals have found that encrypting someone’s files, usually by tricking them into clicking on a malicious attachment, and forcing them to pay a ransom to regain access can be extremely lucrative.

However, as law enforcement and security companies are increasingly targeting ransomware, the developers of the malware also have to adapt.

Researchers at security company Forcepoint have listed the changes to Locky, one of the most common pieces of crypto-ransomware.

Once hit by ransomware, users’ files are held to ransom until payment is made: Locky requires users to pay using the Bitcoin currency, which helps to hide the Locky affiliates’ identities from law enforcement. Typically the amount requested is between 0.5 to 1 Bitcoin, somewhere around $400 to $800.

Security company Check Point said Locky was the second most prevalent piece of malware worldwide in November, and there appear to be several different groups who use and distribute unique builds of Locky.

On February 15, the first samples of Locky were seen, but since then the malware has grown in functionality – for example it can now display its ransom request in 30 different languages from Finnish to Vietnamese.

By June, Locky had added anti-analysis tricks aimed at frustrating automated security tools and started using new file extensions.
In July it added support for offline encryption using embedded RSA keys, in case the malware is unable to communicate with its command and control structure. In early September, some Locky samples stopped using command and control altogether, instead relying solely on the offline encryption mode. Later in the month, one of the groups trying to spread Locky started to use a new trojan downloader, which had first been advertised on Russian underground forums at the beginning of September.

Carl Leonard, principal security analyst at Forcepoint, said Locky has been a growing menace in 2016, thanks to its constantly changing distribution techniques.

It’s unknown who is behind the malware, but researchers speculate that it could be one individual or a very small team, perhaps two or three people. Whoever is behind it, the developers update the software to evade security tools, he said.

“Locky is sophisticated in as far as the cryptography has been very well implemented. Most ransomware have flaws, however minor, in the way they implement the cryptography,” said Leonard.

“When we originally published their Domain Generation Algorithm (DGA) we saw them immediately stop distribution, modify their DGA to be more secure and less predictable, and then start up distribution again a few days later. They also frequently change their network traffic patterns, and implement anti-analysis features to evade security products,” he added.


Tick, tock, tick, tock: New malware is hitting your network every four seconds

A Check Point report suggests organisations’ security hasn’t kept pace to meet a ninefold rise in malicious software.

An exponential rise in malware means employees are at their highest-ever risk of accidentally installing malicious software onto an enterprise network — an event that happens every four seconds within the average company, a new report has warned.

Security researchers at Check Point analysed information on over 30,000 security incidents discovered by the company’s ThreatCloud prevention software at more than 1,000 companies across the globe.

They found that employees in industry, finance, government, and other sectors are very much taking a cavalier attitude to cybersecurity and downloading potentially harmful files to their company’s networks.

It’s unknown malware — malicious software which isn’t yet recognised by security systems — which is most likely to be downloaded by employees and according to Check Point, it happened every four seconds on average across the organisations analysed in the report. There were 971 unknown malware downloads per hour, representing nine times more downloads than the previous year, when the figure was 106 downloads per hour, the company said.

In many cases, it only takes a small modification to a malware’s code for it to become invisible to antivirus software programmes, allowing it to bypass defences and make its way onto corporate network where it could be used to conduct cyber espionage, steal data, or lockdown systems with ransomware.

If that wasn’t bad enough, researchers found that known malware — malicious software with a recognisable signature — is also being downloaded onto enterprise networks. If it’s known, then why isn’t it blocked? Because many organisations aren’t staying up to date with critical security patch management, thus enabling malicious actors to gain entry to their networks in circumstances that wouldn’t otherwise be possible if patching was properly done.

The rise of mobile devices is a significant factor in the increase in malware attacks. Each smartphone or tablet connected to the company Wi-Fi is yet another attack vector that malicious actors can potentially use in order to gain access to the network — and the enterprise is lagging behind when it comes to securing this space.

But while employees want to use their smartphones to access email and other services, the report points out “no one likes the idea of unilateral restrictions, nor the thought that they are being watched” — meaning that security is often a secondary consideration.

Nonetheless, organisations must take responsibility for protecting data because the report suggests that one in five employees will accidentally cause a data breach either through downloading malware or using malicious Wi-Fi hotspots designed with purpose of carrying out man-in-the-middle attacks to steal data.

But with such a wide variety of threats, there’s no one size fits all approach to securing the enterprise against malware and other cyberattacks.

“While no one technology or technique can hope to provide complete protection from all threat vectors, a well designed approach combining multiple methods of protection and detection can minimize successful attacks. With additional protections at the post infection stage, organizations can limit damage and lateral movement,” the report says.


Why machine learning is the latest weapon against cellular network fraud

Cellular networking carriers can use the latest analytics technologies to detect bad behavior.

Fraud is a big problem in the cellular networking market, and machine learning is one potential solution to the problem.

Fraudulent usage of cellular networks costs the industry an estimated $38 billion a year, according to the 2015 Global Fraud Loss Survey by the Communications Fraud Control Association (CFCA), an international organization that promotes revenue assurance, loss prevention, and fraud control in the industry.

The CFCA says fraudsters use methods including PBX hacking, subscription fraud, dealer fraud, service abuse, and account takeover to steal from service providers.

Current fraud detection approaches in the industry rely on static rules with pre-set volume or frequency thresholds, said Ole J. Mengshoel, associate research professor in the Department of Electrical and Computer Engineering and director of the Intelligent and High-Performing Systems Lab at Carnegie Mellon University.

“This means they can only detect fraud types that conform to known configurations,” said Mengshoel, who has authored a research paper on the topic. “Fraud specialists are constantly working to uncover new fraud types, but modern cyber attacks evolve faster than analysts can write rules to detect them.”

Adaptive artificial intelligence (AI) and machine learning can help address these weaknesses and reduce fraud in the cellular services market.

“Innovators like Facebook, Google, and LinkedIn have pioneered big data and machine learning approaches to protecting their subscribers and gaining insights,” Mengshoel said. “New machine learning approaches start from the position that the only way to detect anomalies in real time is to apply machine learning at massive scale.”

The combination of supervised and unsupervised machine learning makes it possible to analyze massive amounts of data and alert fraud analysts in seconds, Mengshoel said.
Products are already on the market that combine deep packet inspection of big data with supervised and unsupervised machine learning to perform network analytics for fraud, anomalous traffic, and other network behaviors in real time, Mengshoel said.

“Their real test will be which vendors are able to perform network analysis on the data plane as well as the voice network,” he said. “More and more traffic, and therefore more and more fraud, happens on the data plane.”

The research paper by Carnegie Mellon and Argyle Data, a provider of big data/machine learning analytics technologies for mobile providers, describes how real-time anomaly detection can be used for near-instant identification of fraud.

The report shows how current solutions cannot address issues on the data plane, and why in the future gaining visibility into the characteristics of data usage will be paramount. Because of the vast amount of data flowing across telecoms networks, big data analytics capabilities and the ability to analyze these using advanced machine learning are essential.

In their research, Mengshoel and coauthor David Staub, data scientist at Argyle Data, validate a supervised and unsupervised machine learning-based approach that automatically learns the difference between normal and anomalous call patterns based on usage data.

A solution to fraud can’t come soon enough. As the paper notes, fraudulent or unacceptable use of cellular networks is a growing threat for both network subscribers and operators, and fraud schemes are constantly evolving. In this environment, the report said, a sophisticated, adaptive approach for identification of criminal activity is needed.


This cheap and nasty ransomware will try to encrypt files across your network and removable drives

The Stampado ransomware has evolved worm-like techniques to spread.

One of the cheaper forms of ransomware that crooks can buy on the dark web has evolved worm-like capabilities which enable it to move across networks and external drives, and even to re-encrypt files which have already been encrypted by other ransomware.

The Stampado ransomware is available to buy on the dark web for just $39, and is described by the seller as ‘cheap and easy to manage ransomware’ and offers buyers a ‘full lifetime license’.

While it might be expected that cheap ransomware offers wannabe cybercriminals very little bang for their buck, cybersecurity researchers at Zscaler have analysed Stampado and have found it to contain self-propagating features which make it extremely effective — it can spread across multiple devices and drives connected to the infected system.

Typically infecting victims via a spam email or drive-by download, the malware installs itself in the %AppData% folder with the name scvhost.exe, in an effort to pass itself off as the genunie Windows executable process svchost.exe.

Once Stampado starts running, it’ll stealthily attempt to make copies of itself on the local network and on any removable devices attached to the infected machine. Stampado won’t even spare the victim if their system is already infected with other ransomware, instead re-encrypting encrypted files.

This means the victim has to pay a ransom twice over — once to each ransomware deliverer — in order to get their files back. Ransomware variants which Stampado can re-encrypt include Locky, Cerber, Cryptowall, and more.

Once Stampado has encrypted all the target files, it’ll only then display a ransom note, threatening users that if they don’t pay, all their files will be deleted after 96 hours. It also threatens to delete a random file every six hours in order to scare victims into paying up.

Unlike other forms of ransomware, it doesn’t demand a ransom in Bitcoin, but rather asks victims to contact an email address with the ‘ID’ that represents their infected system.

Zscaler cybersecurity researchers advise victims not to pay the ransom, stating that it’s possible to decrypt files infected by Stampado on their own.

Ransomware has surged this year, recently becoming one of the three most common malware threats. The total cost of damages related to these attacks is set to top $1 billion before the end of 2016.


This new Mac attack can secretly monitor your webcam, microphone

A new app aims to prevent malware from recording video calls.

In recent years we’ve seen malware that targets webcams and microphones in an effort to secretly record what a person says and does.

Even the NSA has developed code that remotely switches on a person’s webcam.

But things are different when it comes to Mac malware, because each Apple laptop has a hard-wired light indicator that tells the user when it’s in use. At least you know you’re being watched.

That could change with a new kind of webcam piggyback attack, according to research by Synack’s Patrick Wardle, which he will present Thursday at the Virus Bulletin conference.

After examining a number of malware samples, Wardle believes that attackers can easily take advantage of the light indicator in most modern Macs to mask the malware from secretly recording your phone calls and video chats.

The “attack” works like this. The malware quietly monitor the system for user-initiated video sessions — like FaceTime or Skype video calls — then piggybacks the webcam or microphone to covertly record the session. Because the light is already on, there’s no visible indications of this malicious activity, which lets the malware record both the audio and video without risk of detection.

After all, it’s the phone and video calls that hackers and nation states want to hear, not the regular ramblings of a person sitting at their desk throughout the day.

Wardle told me in an email that when a person legitimately uses their webcam or microphone, it’s typically for more sensitive things, such as a journalist talking to a source, or an important business meeting with an executive, or even a person’s private FaceTime conversation with their partner — all of which could be invaluable for surveillance.

Enter his new tool, Oversight, which aims to block rogue webcam connections that piggyback off legitimate video calling apps, and alerts you when your microphone is in use.

If malware tries to piggyback off a webcam session, the app will alert the user — allowing them to block it. Wardle said that the tool will log the process, allowing security experts or system administrators to take a closer look.

The good news is that Wardle said he’s not aware of any Mac malware that exists to do this, but he noted it isn’t difficult to implement.

“It’s just a few lines [of code], and it doesn’t require any special privileges,” he said. “Currently, Mac malware such as Eleanor could easily implement this capability with this code.”

Wardle has put the app up for free on his website.

Computer Associates tackles Web services management

Tool released for discovery, monitoring

In an effort to overcome complexities associated with Web services management, Computer Associates on Monday introduced Unicenter Web Services Distributed Management (WSDM) 1.0, a tool designed to automatically discover and monitor Web services.

During its annual CA World user conference in Las Vegas, the software giant also announced beefed-up products for its Web services portfolio that should help users overcome infrastructure hurdles and performance ramifications of Web services implementations.

For the monitoring of Web services within .Net environments and support of ASP .Net, CA introduced Unicenter Management for .Net Framework 3.0. The tool offers service-level reporting, health and performance reporting, and capacity utilization, said Dmitri Tcherevik, vice president and director of Web services at Islandia, N.Y.-based CA.

Meanwhile, Unicenter Management for WebSphere Release 3.5 and Unicenter Management for WebLogic 3.5 work within J2EE to discover deployed Web services and their interfaces.

Tcherevik said WSDM can analyze information about services, servers, and applications surrounding Web services to enable customers to either take corrective action or allow Unicenter’s automated “self-healing” capability to resolve the problem without human intervention.

Supporting both the J2EE and .Net environments, WSDM offers services controls that allow users to disable, enable, or redirect Web services. The product monitors service characteristics of Web services transactions. In effect, uses can use WSDM to automatically set alert thresholds and offer centralized management.

Following suit to many large-scale vendors who are taking a “wait-and-see” approach toward building Web services management tools and products, CA’s announcement on Monday served to stake out the software maker’s territory in the closely watched field, said Corey Ferengul, vice president at Stamford, Conn.-based Meta Group.

The Meta analyst said vendors such as Hewlett-Packard who are aggressively targeting standards in favor of a product-first approach such as CA may hold a greater advantage.

“Standards will be important because of [managing services and] things you don’t own, in from someone else’s enterprise,” said Ferengul. “The market hasn’t told us what they want yet or who they want to win. It’s going to take CA to turn around and buy into standards efforts” to be successful.

Ferengul lauded CA’s attention on the .Net infrastructure and environment with its round of announcements on Monday. However, he said CA will face challenges in the early Web services product world in regards to point-product initiatives as well as how to clearly illustrate the flow of joining Web services and infrastructure.

Lastly, CA announced the release of eTrust Directory 4.1. The product offers a UDDI implementation to support Web services, featuring the ability to store, replicate, and distribute vast amounts of Web services data.


System Requirements

Both OsMonitor Server and Client can work on Windows XP, Windows Server 2003/08/12/2016, Windows 7, Windows 8/8.1, Windows 10. Include 32 bit and 64 bit.

Customer Review

We are now using your monitoring software, OsMonitor. It is a great software, we are able to block non-business website, monitor activities of our users, website visited and even snap shots. Majority of our need is provided by your software.