Tuesday, 16 November 2010

Security Digest #14

Just a few brief updates to get through this month, here we go...

The Ultimate Stuxnet Update

It was designed, according to Wired's Kim Zetter, to very subtly and specifically sabotage - without noticeably breaking - the very high speed centrifuges used almost exclusively in Uranium enrichment. And even then, only at plants equipped with 33 or more frequency converter drives. Of a particular kind made by either Teheran's Fararo Paya, or Finland's Vacon. The specific attack pattern also depends upon the distribution, i.e. the relative abundancies, of Iranian and Finnish converters, with the majority deciding the type of attack.

Stuxnet infections began in January 2009. Six months later the Iranian facility at Nanatz suffered a serious incident, disclosed via Wikileaks. Around that time, one sixth of the country's almost five thousand operational centrifuges were inexplicably shut down.

Malware Defeated - Golden Age Arriving

Just kidding. Actually Imperva's annual report "Security Trends for 2011", just published, predicts an increase next year in state-sponsored attacks like the one described above, together with similar increases in Man-in-the-Browser (MitB) Attacks, mobile malware, and consolidation of the "hacking industry".

Also predicted are greater transparency in the security arena; increased emphasis on social network privacy and security (Facebook are you listening); cloud-based data security technologies; information security as a business process; and a convergence of both security and privacy regulation.

Full Imperva report (requires registration): https://www.imperva.com/lg/lgw.asp?pid=425

Security Strategy: From Requirements to Reality (book review)

Not my review this time, but security book writer and serial reviewer Ben Rothke appears very impressed by Bill Stackpole and Eric Oksendahl's "incredibly important and valuable new book", rating it 10/10, and labelling it "One of the best information security books of the last few years."

Vital statistics: the book comprises two main sections: Strategy (chapters 1-6), explaining a high-level overview of strategy, then going on to strategic planning; and Tactics (chapters 7-14), where specific objectives are achieved through procedures and sets of actions.

And here's the quote from Ben that I'm hoping will tease out of my employer a £50 budget for my own copy:

Those who are serious about information security will ensure this is on their reading list, and that of everyone in their organization tasked with information security.

Read Ben's full review on Slashdot: http://books.slashdot.org/story/10/11/15/1346223/Security-Strategy-From-Requirements-To-Reality

Authors: Bill Stackpole, Eric Oksendahl
Pages: 346
Publisher: Auerbach Publications (1 edition, 26 Oct 2010)
ISBN-10: 1439827338
ISBN-13: 978-1439827338

Liquor in the Front - Poker in the Back

Our combined Design / Development / Test departments will continue their headlong plunge towards full speakeasy status this month, with another lock-in featuring discussion of some or other randomly selected Jeff Bridges movie, accompanied by consumption of sundry White Russians. Entertainment is expected to be further enhanced by card games, as our Elevation of Privilege deck nears completion. Like a French Republican, our receptionist scurries as we speak to complete the guillotinings deemed necessary for the improvement of morale...

... and that's that for this, the penultimate digest of 2010.

No comments:

Post a Comment