Thursday, 16 May 2013

1337day defaced by TurkGuvenligi

The famous exploit database/market 1337day.com has been defaced by a hackergroup called "TurkGuvenligi" .


The motive behind the hack was given in the deface page.


Quote
"we told you to ban this fake user >>>
http://www.1337day.com/author/5819
Is it so difficult or you are so stupid?"





The main site .com seems to be down right now, its showing a "Bandwidth Limit Exceeded" error.
The other .org and .net version's of the site are working as normal.

Suspected hacker likely to be charged over Thai PM website hack


An unknown hackers with "Unlimited Hack Team(UHT)" defacement signature recently attacked Thai PM website and posted insulting message about the Prime minister Yingluck Shinawatra.

Narongrit Suksarn, aka Window 98se, 29, from Nakhon Si Thammarat, suspected hacker who met the police last week insisted he didn't hack into the PM's site, nor post insulting messages on it. But he admitted he was one of the member of the Unlimited Hack Team.

The Police said they have gathered information and are confident Narongrit and other suspects from the hacking group will be charged.

Technology Crime Suppression Division (TCSD) commander Pol Maj Gen Pisit Paoin said they believed the Narongrit had hacked into PM site three days before the attack but he didn't change anything.

The police said the suspect will be charged with a violation of Section 5 of the 2007 Computer Act for allegedly sharing the stolen data with the team members, according to Bangkok post report.

It appears the UHT was established by a Cambodian group. The TCSD have requested Cambodian authorities to help in investigating the Cambodian hackers.

EC-Council hacked by Godzilla for creating cyber security awareness


Yes, it is Cyberspace, here no one can assure 100% Security but it doesn't mean that you can ignore the security holes.  Godzilla the hacker who breached the Pakistani Government websites few months ago has claimed to have identified multiple security flaws in EC-Council website(eccouncil.org).

EC Council is best known for its professional certifications for the IT security field, especially 'Certified Ethical Hacker(CEH)'.

The hacker claimed to have gained access to admin desk and accessed the course materials for CEHV8, CHFIV4, ECSS,ECSA_LPT4.

Talking to EHN, the hacker said "This could take a very deadly turn if played by the cyber terrorist.They are the same org who train DOD, CIA, NSA ,NASA etc."


"If a cyber terrorist infects this material with Trojans and malware the same content will be accessed by the defense people. And this is the easy way to enter into the network of defense. They should concentrate on security and in future should avoid such situation."

" Consider it as a security alarm for USA and Defence network, you will never know in cyber space who is knocking your door."

The hacker didn't mention the type of vulnerability that gave the access to these materials.  But it appears his motive is to create cyber security awareness.

IE Is Focus of Microsoft's May Patch Tuesday

Microsoft is out today with its May Patch Tuesday update, which includes 10 bulletins fixing 33 vulnerabilities across Microsoft products. Included among those fixes are two critical patches for two-month-old vulnerabilities in IE disclosed at Pwn2own, as well as a patch for a zero-day vulnerability just disclosed last week.
The MS13-038 bulletin details a critical zero-day flaw that was used in an attack against the U.S. Department of Labor. Microsoft first admitted the flaw on May 3 and has been scrambling ever since to get the issue fixed.
"Our engineers worked around the clock to prepare and test MS13-038, which will help keep customers safe by permanently addressing the Internet Explorer 8 issue," Dustin Childs, group manager, Response Communications, Microsoft Trustworthy Computing, said in a statement.
The flaw as detailed in Microsoft's bulletin is a use-after-free memory error.
"A remote code execution vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated," Microsoft warns. "The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer."

Multitude of IE Issues

In addition to the zero-day IE8 flaw, Microsoft patched 11 other issues with IE as part of the MS13-037 bulletin. Among those 11 issues are two items that were publicly demonstrated by VUPEN Security at the Pwn2own 2013 event in March. Microsoft credited VUPEN Security, working together with Pwn2own event organizer HP Zero Day Initiative, for helping to build defense-in-depth changes to fix the reported flaws.
The other nine vulnerabilities were all privately reported flaws and include additional use-after-free issues.
At least one security professional is putting a positive spin on Microsoft's quick zero-day turnaround, though others have a different view.
"The quick release of this patch, just 11 days from advisory to release, is an outstanding example of Microsoft’s responsiveness to the security community and their users," said Andrew Storms, director of security of operations at nCircle Tripwire.
Wolfgang Kandek, CTO of Qualys, noted that in his view the rapid zero-day fix is "great" though he wasn't really surprised by it. "They (Microsoft) have been working hard over the last year to get faster updating into Internet Explorer, given that it is the main attack vector," Kandek said. "They now release patches monthly."
Ross Barrett, senior manager of security engineering at Rapid7, agreed that the quick response is a good thing, noting that on one level this is Microsoft at their security best.
"They responded promptly to a publicly disclosed issue and got the fix out in the next scheduled wave of patches," Barrett said. "On another level, this issue, along with the fact that every single month we see another round of critical Internet Explorer patches, highlights what is wrong with Microsoft’s patching and support models."
Barrett argued that Google's Chrome browser and its automatic silent updating is a superior model for browser updates. With the Chrome model older versions aren't supported as users are rapidly updated to the latest release version.

Fireeye Lab: Targeted Attack Trend Alert

FireEye Labs has discovered a targeted attack towards Chinese political rights activists. The targets appear to be members of social groups that are involved in the political rights movement in China. The email turned up after the attention received in Beijing during the 12th National People’s Congress and the 12th National Committee of the Chinese People’s Political Consultative Conference, which is the election of a new core of leadership of the Chinese government, to determine the future of China’s five-year development plan [1].
The email contains a weaponized attachment that utilizes the Windows Office CVE-2012-0158 exploit to drop the benign payload components and decoy document. The Remote Access Tool (RAT) PlugX itself is known as a combination of benign files that build the malicious execution. The Microsoft file OInfoP11.exe also known as “Office Data Provider for WBEM” is a certified file found in the National Software Reference Library (NIST) and is a component from Microsoft Office 2003 suite. For integrity checking endpoint protection, this file would be deemed as a valid clean file. In Windows 7+ distributions, the svchost.exe will require user interaction by displaying a UAC prompt only if UAC is enabled. Although in Windows XP distributions, this attack does not require user interaction. The major problem is that this file is subject to DLL Sideloading. In previous cases, PlugX has been utilizing similar DLL Sideloading prone files such as a McAfee binary called mcvsmap.exe [2], Intel’s hkcmd.exe [3], and NVIDIA’s NvSmart.exe [4]. In this case, OInfoP11.exe loads a DLL file named OInfo11.ocx (payload loader posing as an ActiveX DLL) that decompresses and decrypts the malicious payload OInfo11.ISO. This technique can be used to evade endpoint security solution that relies on binary signing. Traditional anti-virus (AV) solutions will have a hard time to identify the encrypted and compressed payload. At the time of writing of this blog, there is only 1 out of 46 AV vendors can detect the OInfo11.ocx file.
The diagram in figure 1 shows the behavior and relationship of these files.
5132013image001Figure 1: Attack Diagram
Infiltration
In Figure 2, the targeted email advertises a suffrage movement seminar event. Figure 3 is the contents of the Google document form link that contains the same information as in the email. In figure 4, the decoy document contains the details of the particular seminar section mentioned in the Google document link.
5132013image003
Figure 2: Original Email
Below is the English translation of the email in figure 2.
Li Ping
5132013image005Figure 3: Google Form
Decoy Document
5132013image007Figure 4: Decoy Document
Below is the translation to the document shown above.
The seminar
Attack Analysis
The XLS file (1146fdd6b579ac7144ff575d4d4fa28d) utilizes the CVE-2012-1058 Windows Office exploit to drop the “ews.exe” payload and the decoy document shown in figure 4. This payload extracts the Microsoft file OINFOP11.exe, the benign DLL OInfo11.ocx and encoded and compressed shellcode sections from Oinfo11.ISO. OInfoP11.exe will load OInfo11.ocx as a DLL and once loaded will decompress using RTLDecompressBuffer and decrypt the Oinfo11.ISO to run in memory. The malicious execution is never dropped to the file-system and is therefore not seen by filesystem-based anti-virus detectors. Figure 5 shows the high level view of the relationship of the dropped files.
5132013BLOG2
Figure 5: Payload Relationship
Summary of Dropped Files
Name
Exploit Details
This malware uses CVE-2012-0158 to drop the payload from the section shown in Figure 6.
5132013_image012
Figure 6: Exploit Payload Section
Shellcode can be found in the first few bytes of this section. Figure 7 shows the disassembly of the code found at the 0x1de0b offset shown in figure 6.
5132013image014
Figure 7: Payload Shellcode
Campaign Characteristics
OInfoP11.exe is a valid Microsoft file and its certificate is shown in figure 8.
5132013_image016
Figure 8: Signature Usage
When the OInfop11.exe is called with the following arguments as C:\Documents and Settings\All Users\SxS\OINFOP11.EXE” 200 0, it will begin the loading of the file OInfo11.ocx.
5132013image019
Figure 10: Loader Entrypoint
The arrow shows the exact jump point where the entrypoint to where the shellcode begins for the decompression and decryption of the ISO file.
5132013_image021
Figure 11: Shellcode Example
This is an example of the memory space of the loaded benign DLL OInfo11.ocx. The functionality of OInfo11.ocx is essentially a loader in which this section decompresses and decrypts the malicious payload in memory.
5132013image023
Figure 12: Decryption of the ISO file
This is the decryption loop used through out the sample. In this instance, it is used to decrypt the ISO shellcode in memory.
5132013image025
Figure 13: DLL location in memory
This is an example of the complete malicious DLL address space in memory.
Entrenchment
Artifacts to watch for:Mutex
5132013image027
Injection
The DLL injects code into svchost using the VirtualAllocEx call then uses WriteProcessMemory to write into the memory space of svchost.exe. The thread is then resumed to run the injected code. This injection process is used for both svchost.exe and msiexec.exe. When svchost.exe spawns msiexec.exe it calls the CreateEnvironmentBlock and the CreateProcessesUser so that the svchost service can launch a user session.
Keylogging Activity
Creates a kellogging file in %ALLUSERS PROFILE%\SXS\ as NvSmart.hlp. Below is an example of the content of this file.
2013
Proxy Establishment
This sample can communicate using ICMP, UDP, HTTP and TCP. In this situation the sample is using the string Protocol:[ TCP], Host: [202.69.69.41:90], Proxy: [0::0::] to establish the proxy for the C&C communication.
5132013image029
Figure 14: Communication Options
Modes of Operation Overview The table below outlines some of the functionality that this variant uses. The options have not changed so therefore this table is used as a refresher. Figure 15 shows an example of how these functions are called by the sample.
Mode
5132013image031
Figure 15: Functionality Example
C&C Details and Communication
In figure 16, the sample is communicating to 202.69.69.41 over port 90. The C&C node is down in this case, but the communication is dynamic non-http communication. An example of the callback content is shown in figure 17. This sample will also try to communicate with other instances laterally in the same network. An example of this traffic and content can be seen in figure 18 and figure 19.
5132013image033
Figure 16: PCAP of C&C communication
5132013image035
Figure 17: Callback Traffic 
5132013image037
Figure 18: UDP Beacon
5132013image30
Figure 19: UDP packet content
Whois Information on the IP 202.69.69.41
inetnum: 202.69.68.0 – 202.69.71.255
netname: NEWTT-AS-AP
descr: Wharf T&T
Limited descr: 11/F, Telecom Tower,
descr: Wharf T&T Square, 123 Hoi Bun Road
descr: Kwun Tong, Kowloon country: HK
admin-c: EN62-AP
tech-c: BW128-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-HK-NEWTT
mnt-routes: MAINT-HK-NEWTT
mnt-irt: IRT-NEWTT-HK
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation’s account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20120725
source: APNIC
person: Eric Ng
nic-hdl: EN62-AP
remarks: please report spam or abuse to abuse@wharftt.com
e-mail: abuse@wharftt.com
e-mail: ericng@wharftt.com
address: 11/F Telecom Tower, Wharf T&T Square
address: 123 Hoi Bun Road, Kwun Tong,’
phone: +852-2112-2653 fax-no: +852-2112-7883
country: HK changed: ericng@wharftt.com 20070716
mnt-by: MAINT-NEW source: APNIC
person: Benson Wong
nic-hdl: BW128-AP
e-mail: abuse@wharftt.com
address: 5/F, Harbour City, Kowloon,
address: Hong Kong
phone: +852-21122651
fax-no: +852-21127883
country: HK
changed: bensonwong@wharftt.com 20070420
mnt-by: MAINT-HK-NEWTT
source: APNIC
I want to thank the FireEye Labs Team.

Facebook IPO Investor Scam Leads to Arrest of Three Men

Three men who claimed they had special access to Facebook Inc. (FB) shares before its initial public offering last year were charged with defrauding an investor of $6.7 million.
Eliyahu Weinstein, 37, Alex Schleider, 47, and Aaron Muschel, 63, were charged in a complaint unsealed today in federal court in Newark, New Jersey. They offered blocks of Facebook shares in three transactions to a New Zealand investor before the company’s IPO last May, even though they had no access to them, authorities said.
At the time, Weinstein was under indictment on charges that he ran a $200 million real-estate fraud, U.S. Attorney Paul Fishman said today in a statement. In January, Weinstein pleaded guilty to the Ponzi scheme in federal court in Trenton, New Jersey. Facebook, based in Menlo Park, California, is the world’s largest social networking service.
“The defendants took advantage of the buzz around the Facebook IPO to fleece unsuspecting investors,” Fishman said. “Shamelessly, Eliyahu Weinstein allegedly committed these crimes while under federal indictment for another investment scheme, even using stolen money to pay his legal fees.”
The investor lost $3 million on the Facebook deals, $2.83 million on a purported stake in a Miami apartment complex, and $675,000 in another scheme, according to a Federal Bureau of Investigation arrest complaint.

Court Appearances

Weinstein and Schleider, both of Lakewood, New Jersey, and Muschel, of Brooklyn, New York, appeared today in federal court in Newark.
They were charged with wire fraud conspiracy and face as many as 20 years in prison that count. Weinstein was charged with wire fraud conspiracy while on pretrial release, which carries a 30-year maximum penalty. He and Muschel also were charged with transacting in criminal proceeds and face as many as 10 years on that charge.
U.S. Magistrate Judge Madeline C. Arleo revoked Weinstein’s $10 million bail, saying he is accused of crimes while on pretrial release. He is scheduled to be sentenced next month. Prosecutors said he used some of the proceeds of the Facebook fraud to pay his legal fees.
His two lawyers in court, Henry Klingeman and Mark D. Harris, will withdraw “because they believe this is a legal conflict,” Assistant U.S. Attorney Gurbir Grewal told the judge. After the hearing, Klingeman and Harris declined to comment.

Two Released

Arleo released Schleider and Muschel on $1 million bonds. Schleider’s attorney Andrew Citron declined to comment. Muschel’s attorney James T. Moriarty said, “He’s a perfectly legitimate guy. How he’s involved in this is another story.”
He said “it was known in the community that Weinstein was under indictment.”
Weinstein pleaded guilty on Jan. 3 to a $200 million fraud that authorities said initially targeted fellow members of the Orthodox Jewish community. He spent the proceeds on luxury cars, jewelry and gambling trips, as well as his collection of Judaica, Fishman said at the time.
The FBI complaint refers to three unindicted co-conspirators, including a lawyer who lives in Lakewood and has offices in Seaside Heights, New Jersey, and Los Angeles. Another conspirator was a Lakewood resident, identified as C.R.E., who worked in Weinstein’s home as his personal assistant, according to the FBI.

Cybersecurity Starts in High School with Tomorrow’s Hires



Five dozen teenagers hunched over computers in a hotel conference room near Washington, decrypting codes, cleaning malware and fending off network intrusions to score points in the finals of a national cybersecurity contest.

Just hours later, the high-school students got a glimpse of the labor market’s appetite for their skills as sponsors such as network equipment maker Cisco Systems Inc. described career opportunities. Internships start as young as 16 at Northrop Grumman Corp., which reserves 20 spots for participants in the Air Force Association’s contest.
“We’re the largest provider of cybersecurity solutions to the federal government, so we know that we’ve got to help build that talent pipeline,” said Diane Miller, Northrop’s program director for the CyberPatriot contest, on the sidelines of the March event. “We just have a shortage of people applying” for the 700 positions currently open.
Security breaches experienced by institutions ranging from Facebook Inc. to the Federal Reserve are spurring spending on cybersecurity. President Barack Obama describes the threat as one of the nation’s most serious perils, while the Department of Defense has said the Chinese military has targeted government computers. With few specialists trained to respond to evolving attacks and most universities still adjusting to requirements, demand is overwhelming supply.
“I cannot hire enough cybersecurity professionals, I can’t find them, they’re not qualified,” said Ryan Walters, who founded mobile data security company TerraWi Inc. in 2009. The company, based in McLean, Virginia, employs 12 people and plans to expand to 20.

CyberPatriot Contest

Walters, who says he has 22 years of experience in the field, helped prepare 48 students from Marshall Academy in Falls Church, Virginia, who competed in the CyberPatriot contest this year. Twelve made it to the finals. He says he’s gotten calls from companies and government agencies to interview his protégés.
“I love the activity, it’s like a passion,” said Ramon Martinez-Diaz, a 16-year-old sophomore coached by Walters. “But it’s also great that there are so many job openings.”
Listings for cybersecurity positions rose 73 percent in the five years through 2012, 3.5 times faster than postings for computer jobs as a whole, according to Boston-based Burning Glass, a labor market analytics firm that collects data from more than 22,000 online jobs sites.

Offers Reposted

“You have to scratch your head and ask whether the supply could possibly keep up with that,” Burning Glass Chief Executive Officer Matt Sigelman said in a phone interview. Data show “employers literally just posting and reposting” their offers, he said.
There were 64,383 jobs related to cybersecurity listed for the twelve months through April, about 3 percent of all information technology positions, according to the company.
Rob Waaser found his skills in high demand. Just more than a month after graduating in December from Carnegie Mellon University in Pittsburgh with a master’s degree in information security technology and management, he started working at defense contractor Raytheon Co. Waaser chose to pursue a master’s because he said the industry is technical enough to justify the extra training.
“Cybersecurity is a good field these days to get into -- there are a lot of people out there looking for talent,” said the 24-year-old, who got offers from all six of the potential employers he interviewed with. “I really didn’t have a problem finding job openings.”

Preparing Specialists

To prepare the next generation of specialists, the federal government’s National Security Agency is working to strengthen college-level education through its National Centers of Academic Excellence in Cyber Operations program, which gives a designation to universities that meet curriculum and other criteria.
Companies and government agencies are finding many candidates exiting college programs inadequately prepared for high-skill jobs crucial to cybersecurity, said Frank Reeder, co-founder of the Center for Internet Security in East Greenbush, New York, and former senior official at the U.S. Office of Management and Budget responsible for information policy.
“In the cybersecurity world, it’s still a little bit of the Wild West,” he said. For today’s gap, part of the solution is to train existing workers, he said.
Alan Paller, whose Bethesda, Maryland-based company SANS Institute provides such instruction, said many job candidates lack the hundreds of hours of lab experience needed to develop the highly-specific skills required.

‘Fighter Pilots’

“We have a huge number of frequent flyers and a tiny number of fighter pilots,” Paller said. “In the next war, people will be the tanks and the planes. We’ve got to be ready.”
The threat of cyber attacks has for the first time become a greater concern than terrorism, James Clapper, the top U.S. intelligence official, told the House Intelligence Committee during an April hearing. A spate of recent disclosures by corporations about security breaches include social network Facebook, which said it was targeted in a “sophisticated attack” by hackers in January who installed malware on laptops used by company employees.
The Fed said in February that intruders breached a website used to stay in touch with banks during emergencies, though no critical operations were affected.
Companies and governments are boosting spending on cybersecurity. Obama’s 2014 budget recommends more than $13 billion for computer network security, about $1 billion more than current levels, including a 21 percent increase at the Pentagon.

Apple, Samsung Devices Seen Raising Pentagon’s Cyber Risk

The Pentagon risks exposing itself to hackers by opening its communications networks to Apple Inc. (AAPL) and Samsung Electronics Co. (005930) smartphones and tablets, according to cybersecurity officials.

The two companies want to crack a market long dominated by Waterloo, Ontario-based BlackBerry (BBRY), which provides about 470,000 of the U.S. military’s more than 600,000 mobile devices. While those numbers are a fraction of BlackBerry’s 76 million subscribers worldwide, the company has promoted the Defense Department’s security endorsement to commercial and government customers. 
The Pentagon’s plan would eventually give employees the flexibility of connecting devices such as Samsung Galaxy S4 smartphones and Apple iPads to unclassified networks. It also would create more vulnerabilities to cybersecurity breaches, said Pat McGarry, principal systems engineer at Ixia, a network security company based in Calabasas, California.

“It is a debacle, a disaster waiting to happen,” McGarry said in a phone interview. There is no technology that would make Apple and Samsung smartphones and tablets immune to new malicious software known as malware, he said.

The military on May 2 approved use of Suwon, South Korea-based Samsung’s devices running a secure version of Google Inc. (GOOG)’s Android operating system. At the same time, it cleared Pentagon offices to buy BlackBerry PlayBook tablets and new BlackBerry 10 smartphones.
Apple Approval

Apple, based in Cupertino, California, may win approval as early as this week to sell its iPhones and iPads to the Pentagon
Samsung, Apple and the newly approved BlackBerry devices “pose an acceptable risk for unclassified communications” when used with a mobile-device management system, said Mark Orndorff, a program executive officer at the Defense Information Systems Agency. Testing will continue to ensure the products are secure, he said.

The Defense Department won’t allow new smartphones and tablets to connect to its networks until a secure device-management system is in place, Orndorff said in an e-mail. It plans to award a contract to build and operate the system by the end of June, he said.

Samsung’s Android and Apple’s iOS operating systems have vulnerabilities that will remain even with a device-management system, McGarry said. They have different architectures than BlackBerry (BBRY) and offer more attack vectors for hackers, including the use of 3G, 4G, Wi-Fi and Bluetooth networks, he said.

BlackBerry “was architected from day one to allow for end-to-end secure communications,” McGarry said.
Google Android

Samsung “is aggressively pursuing the necessary features and security enhancements to meet the stringent requirements of doing business with the U.S. military,” Ashley Wimberly, a company spokeswoman, said in an e-mail.

The electronics company worked with the U.S. National Security Agency to create Knox, a secure version of Google (GOOG)’s Android operating system with multiple layers of software and hardware protection.

The system lets employers keep corporate and military applications and data in a secure place on a smartphone or tablet, and remotely erase them if necessary, according to Samsung.
BlackBerry Security

BlackBerry has more than 1 million U.S. government customers and the market has remained “remarkably stable,” Scott Totzke, senior vice president for BlackBerry security, said in an interview.

The company has long emphasized the security of its products.

“Privacy is built into everything we do, and we’ve been doing it longer and better than anyone in the industry,” Chief Operating Officer Kristian Tear said in a speech yesterday at a conference in Orlando, Florida. “Security has been baked into BlackBerry from the ground up.”

Apple declined to comment, deferring questions to the defense agency, said Trudy Miller, a company spokeswoman.

Giri Sreenivas, a vice president at Rapid7 LLC, a Boston-based cybersecurity company, said the process of updating Apple and Samsung mobile systems with security fixes may pose issues for the military.

Samsung and Apple push out security patches and depend on users to install the fixes, Sreenivas said in a phone interview. BlackBerry controls its own network to deliver security patches to devices, which are automatically installed, he said.
Security Patches

That difference is significant because it may be more difficult for the military to ensure that all its Samsung Knox and Apple devices are protected with the latest security fixes, Sreenivas said. Samsung and Apple users in the military who haven’t properly updated their devices would probably be blocked from accessing networks, he said.

There isn’t a good way to tell if the two companies’ devices have been compromised with malicious code, especially through downloaded applications, said Richard Bejtlich, chief security officer for Mandiant Corp., a computer security firm based in Alexandria, Virginia.

“There are certain countries you go to, you bring your phone up on the national network and they will push rogue code onto your system,” Bejtlich said in an interview. “The second problem you run into is how easy is it for a rogue party to introduce a malicious app onto your system.”
Lost Tablets

The Pentagon sought bids in November from vendors capable of securing as many as 300,000 mobile devices in the next several years.

The winner will enforce security policies on all mobile devices, ensuring only authorized users can tap into military networks. When smartphones or tablet computers are lost or compromised, the vendor must be capable of remotely wiping devices of data, according to the agency.

Companies such as Sunnyvale, California-based Good Technology and Fort Lauderdale, Florida-based Citrix Systems Inc. (CTXS) are on teams that have submitted bids.

Good Technology already has performed similar work with other agencies such as the Department of Homeland Security, said Jeff Ait, public-sector director for the company.
Pentagon Endorsement

While the Pentagon’s security endorsements are considered key milestones, they won’t lead to immediate boosts for Apple and Samsung devices.

“I expect it’s going to take at least another year or two before there is a true broad embrace of these kinds of platforms for the type of usage you’ve seen historically with BlackBerry devices,” said Sreenivas, the Rapid7 vice president.

The Defense Department’s security clearance is valuable because it may encourage other industries, such as health care and financial services, to switch to Apple or Samsung devices, said Carolina Milanesi, research vice president at Stamford, Connecticut-based Gartner Inc.

“Other organizations that might have been reluctant to open up their doors to these providers might change their views going forward,” she said in an e-mail.

Government wants to apply fines or prison time for misuse of public sector data



Cloud computing use is a major government IT strategy
The government's independent review into how the public sector can open up more data and make it available to citizens was published on Wednesday, calling for a national data strategy.
The review was announced in the Open Data white paper in June last year and was led by Stephen Shakespeare, chair of the Data Strategy Board for the Department for Business, Innovation and Skills (BIS).
According to Shakespeare, the launch of a national data strategy is a must if the government is to continue its open data agenda. Such a strategy would recognise that public sector information is derived and paid for by the citizen and would encourage the government to release data more quickly, simultaneously improving its quality and usability.
"This is Phase II of the digital revolution. The first phase was about communication, this phase is about using increased tech capacity to do new and exciting things with data," said Shakespeare.
"Britain has a competitive advantage in that we have centralised public services that collect vast amounts of data, the value of which remains largely untapped. If we play it right we can break free of the shackles of a low-growth economy and – rather than being seen as an obstacle – government can become a key driver in this transformative process."
The report by Shakespeare suggests that government departments need to be given more trust in an open data system before it can work. This can be achieved only if the national data strategy makes maximum use of data security technologies, and if higher penalties are given to people misusing public sector information, such as fines or even imprisonment in some cases.

"I believe that with this in place we can shore up trust in the system, and help alleviate some of the fear that has been holding us back," added Shakespeare.
The review has been carried out alongside an economic assessment into the worth of an open data government strategy to the UK. According to Deloitte, the value of unlocking public sector information to the UK economy is as high as £1.8bn.
In an interview with V3, Gavin Starks, chief executive of the Open Data Institute, described the Shakespeare review as a "good step forward but it could have been bolder".
Starks took the idea of the national data strategy further and argued that the government needs to create a national, legal mandate to ensure public sector departments publish data, as well as a legal right for citizens to have access to their data. "This is the time to be bold and ambitious in order to make data more accessible," said Starks.
The Open Data Institute was founded by Nigel Shadbolt and Sir Tim Berners-Lee, after they were appointed information advisors by the previous prime minister Gordon Brown, to help transform public access to government information. The Cabinet Office has since been spearheading the open data agenda with minister of state for the Cabinet Office, Francis Maude, recently calling for a shift in government mentality towards the principles of open data.

Bloomberg suffers breach after customer data surfaces online

Hacker's hands on keyboard
Bloomberg is scrambling to secure its finance service after a leaked transcript exposed customer information.
The Financial Times reported that a list, which has since been taken down, was publicly accessible and contained data such as customer names and financial transaction details. The leaked list was said to be part of a previous project to help gather financial data on transactions.
According to the FT report, prior to its removal the list had been indexed by Google and could have been accessed through a simple search query.
The breach is the second such gaffe to come from Bloomberg in recent days. Earlier this week the company was forced to apologise to users after it was discovered that similar details about customers and transactions had been left open to reporters in Bloomberg's news agency who had access to the company's terminal platform.
Following that disclosure, chief executive Daniel Doctoroff apologised to customers and said that the company would be changing its policies.
"To be clear, the limited customer relationship data previously available to our reporters never included access to our trading, portfolio, monitor, blotter or other related systems or our clients’ messages," the Bloomberg chief said in an open letter.
"Moreover, reporters could not see news stories that clients read, or the securities they viewed. Bloomberg has very strict data security policies in place, in addition to significant and rigorous training, processes and protocols."
Doctoroff later said that the company has contacted some 300 clients to apologise for the error and explain the company's new policies which limit journalist access to publicly available information and create a new compliance officer role

Box touts security chops with ISO 27001 compliance

Box Logo
Cloud storage and sharing firm Box has announced that its service is now ISO 27001 compliant.
The company said that its enterprise service now meets the security standard for data protection and has earned approval for information security management standards. The certification verifies that the service is now able to provide a high standard of security for customers using Box.
The company hopes that the certification, along with its compliance with other standards, will help to build customer confidence and bring further enterprise business.
"This certification demonstrates our commitment not only to the security and control of our customers’ data, but also our commitment to our global customer base," said Box enterprise group product marketing manager Grant Shirk.
"We started down this path last year and our compliance efforts are gaining steam – we received our SOC-1/SSAE16 Type II, SOC-2 Type II report and announced our support for HIPAA compliance in just the past quarter."
The lack of confidence in security and compliance has long been seen as a major hurdle in the uptake of enterprise cloud storage platforms.
Box, however, believes that by adding ISO 27001 and other security compliance credentials it can restore user confidence as well as press its business into new international markets.
"While this is an important certification for Box, it’s just one more step along our long-term roadmap and commitment to providing the highest level of transparency and assurance to our customers about the quality and security of our platform, top to bottom," Shirk explained.
"It's also a critical component of our ability to serve our international customers in Europe, the Middle East and Asia – where we’ve seen our customer growth more than double in the past year."