operating system

New Linux Distro Promoted as Anonymous-OS

A new Ubuntu Linux distribution is being marketed as “Anonymous-OS” and comes pre-loaded with tools for hacking and protecting anonymity online. However, it is unclear whether the new operating system was created by the anarchic hacking group, or even has its endorsement.

Popular Sports Site Goal.com Serves Malware

Goal.com, a popular football (aka “soccer” for all us Yanks) news site was hacked and found serving malware via drive-by-downloads between April 27 and 28, according to a post by Web security firm Armorize.

Opinion: Google’s DroidDream Patch Pushes The Envelope

Google announced plans yesterday to fortify the Android Market in response to the appearance of the DroidDream Trojan, but do the company’s plans cross the line from innovative to intrusive? In a blog post, Kaspersky Labs researcher Timothy Armstrong warns that the search giant’s plans to repair Droid phones without user consent may not pass the sniff test. 

The next decade will see Microsoft lose its grip as the most-used and most attacked platform, as a new generation of hackers and cybercriminals diversify, launching attacks on a growing population of mobile devices and computers that run operating systems other than Windows, according to Kaspersky Lab’s 2020 cybercrime outlook.

The size and volume of spam botnets are down over the last
year, and much of this can be attributed to the effectiveness of IP-based blacklists. However,
this defense method is no panacea as scammers have found new methods like reputation
hijacking to circumvent these roadblocks, and bots continue to extend their
reach by piggybacking on existing worms and viruses.

Our digital affluence is making us insecure, writes Dan Geer, the CISO
at In-Q-Tel. Like addled consumers trying to choose from among 20
different types of toothpaste in the supermarket aisle, IT is paralyzed
by an overabundance of security products, unable to decide which
products are worth the investment, which to keep, and which to remove.by Dan Geer, CISO, In-Q-TelIn his book “The Paradox of Choice,” the academic psychologist Barry Schwartz famously argued that having more choice does not necessarily make individuals (or societies) happier.  This is counter-intuitive.Does not “affluence,” by any definition, boil down to “more choice?”And does not more choice mean more freedom?  More freedom more welfare?  At the limit, the answer is “No,” and for two main reasons:For one, there’s paralysis.  As choices increase, the effort required to choose increases and the ability to reach decisions — to choose– actually declines.  For another, there’s regret.  The more choices we have, the easier it becomes to regret the choices we make when they turn out to be less than perfect, as they almost certainly will.  In other words, the more choices there are, the more any dissatisfaction must be your fault; you could have chosen differently, after all.How does this all relate to cybersecurity?The effect of our digital “affluence” contributes directly to digital insecurity.  The general purpose computer offers far too many choices in the sense of far too many interfaces, far too many configuration parameters, far too many libraries, far too many conveniences, far too much extensibility.  When, in the name of security, we “lock down” an operating system, we do so precisely so as to counter that surfeit of choice, by removing functions not in use, by reducing the choice set of what might be running.  The reason that the Web browser is the principal entry point for malware is the number of choices that a browser offers up to whomever is at the other end.Evolving technologies like HTML5 promise to make this significantly worse.(http://threatpost.com/en_us/blogs/security-concern-html5-gains-traction-091610)The peculiar physics of digital assets — if I steal your data you still have it, to take an example — mean that data owners (andauditors) can only seek infallible protection for digital assets, but when you expect perfection it is impossible to have a pleasant surprise.  At the same time, our digital “affluence” provides us with an overabundance of security products (with knobs and dials to adjust) promising to help us achieve the perfect protection that we seek.  Any one of them may indeed be narrow enough to perfectly solve some particular flaw; that’s not the point.It is said that complexity is the chief enemy of security, and Bruce Schneier deserves credit for beating that drum so well.  Modern operating systems and computer networks are chock-a-block with bloat but they also bristle with invasive security programs vying to pre-empt all comers, including each other.  The resulting complexity of those interactions does not scale with the n^2 of Metcalfe’s Law (the number of potential 2-way interactions), but the 2^n of Reed’s Law (the number of potential multi-way interactions).  This is the heart of complexity’s enmity against security: security’s task list is all multi-way interactions, all the time.  We make it worse by adding too many security products that are mere symptomatic relief for the problem du jour.Skeptical?  Show me one CISO who can deinstall — and write-off — a fully deployed enterprise security product because the marginal utility it contributes is not worth the complexity cost it engenders.Show me the full operational cost accounting for your AV + IDS + IPS + HIPS + firewall + DLP + etc., and prove to me that the net effect is even just non-negative.We can’t prove security products work, but we can prove that complexity matters, and that we are ourselves contributing to complexity by deploying too many security products.  Like addled consumers facing 225 choices of toothpaste, we’re paralyzed.  Every time we buy a new security product, we regret that the others we already have didn’t do the job and the paralyzing choice of whether this new product makes it possible for us to remove one or more of the old ones.  Show me the CIO who will trade up, not add on, and I’ll show you an unsung hero.Let me be clear, by “limiting choice” I mean minimizing the number of security states our systems can assume; I do not mean limiting sysadmin choice by failing to document the stuff that really matters– an approach that Apple appears to have mastered.  And I write “limiting choice” with the utmost sadness, well aware that those of us who want and can manage a general purpose computer are not relevant in an Internet of Things, a new world order in which a dwindling number of us are prepared to revert to paper on a bad day but yet have the ability to tinker all the way down to the iron.Look around.  IP enabled “stuff” — appliances, phones, cars, TVs– are already muscling out the general purpose computer.  It is a fait accompli.  You had better hope that what is embedded in your home automation system, your refrigerator, or your little piece of the electrical grid offers much less choice than your PC.It is our duty as security people to make things better.  As of now, we’re making them worse.In his book “The Paradox of Choice,” the academic psychologist Barry Schwartz famously argued that having more choice does not necessarily make individuals (or societies) happier. This is counter-intuitive. Does not “affluence,” by any definition, boil down to “more choice?” And does not more choice mean more freedom?  More freedom more welfare? At the limit, the answer is “No,” and for two main reasons:

Editor’s Note: The storm of news coverage about the release of confidential diplomatic memos by whistleblower site Wikileaks may have passed, but the story is far from over. In the meantime, organizations are left to draw their own conclusions about the lessons of the Wikileaks scandal and, then, try to apply them to their businesses. In this opinion piece for Threatpost, Ted Julian, a Principal Analyst at Yankee Group, says there are four important lessons that organizations can learn from the sensational publication of classified documents and carry into the New Year.  

Microsoft Windows 7 is on its way tomorrow, and it is bringing with it a set of security features Microsoft hopes will appeal to enterprises.The Windows 7 security story has three main chapters that have received a fair amount of attention – DirectAccess, BitLocker To Go and AppLocker. With these, capabilities like Branchcache and enhancements to features like user account control (UAC), officials at Microsoft feel they are pushing out their most secure operating system yet. Read the full story [eWEEK/Brian Prince]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.