Posted by   Martijn Grooten on   Feb 19, 2016

[Original Post: https://www.virusbulletin.com/blog/2016/02/virus-bulletin-published-first-corporate-web-filter-test-report/]

Virus Bulletin publishes first web filter test report

Virus Bulletin has been testing security products for more than 18 years, and in recent years, we have had many requests from product developers asking us to test their web security products. After all, whether malicious software is downloaded directly from websites or through sneaky drive-by downloads, the web remains an important infection vector.

In response to those requests we have built a new test suite to add to our existing VB100 and VBSpam tests.

The new test, called VBWeb, measures products’ ability to block malware spreading through HTTP. The test’s current focus is (corporate) gateway solutions that run on the network as an implicit or explicit proxy. We are looking to extend the test in the future to on-desktop and in-browser solutions.

Given how quickly web-based threats change, and given how many of them actively attempt to frustrate researchers (something we have also frequently run into), building a web security product is not a trivial task, and submitting such a product to a public test isn’t something vendors do without serious consideration.

In this test, while there were several participants, the developers of Fortinet‘s FortiGuard appliance were alone in agreeing for their product to be tested publicly. Their confidence in the product proved to be well founded: it blocked all but a few out of hundreds of malicious downloads, as well as a significant number of live exploit-kits.

Indeed, with an 83% catch rate –  well over the 70% threshold required for VBWeb certification – FortiGuard is a clear and deserved winner of the very first VBWeb award.

You can read the full report here in HTML format, or download it here as a PDF. The report describes the testing methodology in full detail.

From now on, VBWeb will be run every second month. Product developers who are interested in submitting a product for the test (publicly or privately) can contact Virus Bulletin‘s Editor Martijn Grooten at martijn.grooten@virusbtn.com.

VBSpam report has good news for users of email security solutions

Of course, HTTP isn’t the only infection vector systems administrators have to be worried about. But in the case of email, there is good news: all 16 participating full solutions achieved certification in the latest VBSpam test, which saw record catch rates. Ten products even achieved a VBSpam+ award, after blocking more than 99.5% of spam while also avoiding false positives.

You can read the full report here in HTML format, or download it here as a PDF.

IBM researchers, Tayfun Gokmen and Yurii Vlasov, unveiled a paper in which they invented the concept for a new chip called a Resistive Processing Unit (RPU) that can accelerate Deep Neural Networks training by up to 30,000x compared to conventional CPUs.

A Deep Neural Network (DNN) is an artificial neural network with multiple hidden layers that can be trained in an unsupervised or supervised way, resulting in machine learning (or artificial intelligence) that can “learn” on its own.

This is similar to what Google’s AlphaGo AI has been using to learn playing Go. AlphaGo used a combination of a search-tree algorithm and two deep neural networks with multiple layers of millions of neuron-like connections. One, called the “policy network,” would calculate which move has the highest chance of helping the AI win the game, and another one, called the “value network,” would estimate how far it needs to predict the outcome of a move before it has a high enough chance to win in a localized battle.

Many machine learning researchers have begun focusing on deep neural networks because of their promising potential. However, even Google’s AlphaGo still needed thousands of chips to achieve its level of intelligence. IBM researchers are now working to power that level of intelligence with a single chip, which means thousands of them put together could lead to even more breakthroughs in AI capabilities in the future.

“A system consisted of a cluster of RPU accelerators will be able to tackle Big Data problems with trillions of parameters that is impossible to address today like, for example, natural speech recognition and translation between all world languages, real-time analytics on large streams of business and scientific data, integration and analysis of multimodal sensory data flows from massive number of IoT (Internet of Things) sensors,” noted the researchers in their paper.

The authors talked about how in the past couple of decades, machine learning has benefited from the adoption of GPUs, FPGAs, and even ASICs that aim to accelerate it. However, they believe further acceleration is possible by utilizing the locality and parallelism of the algorithms. To do this, the team has borrowed concepts from next-generation non-volatile memory (NVM) technologies such as phase change memory (PCM) and resistive random access memory (RRAM).

The acceleration for Deep Neural Networks that is achieved from this type of memory alone reportedly ranges from 27x to 2,140x. However, the researchers believe the acceleration could be further increased if some of the constraints in how NVM cells are designed were removed. If they could design a new chip based on non-volatile memory, but with their own specifications, the researchers believe the acceleration could be improved by 30,000x.

“We propose and analyze a concept of Resistive Processing Unit (RPU) devices that can simultaneously store and process weights and are potentially scalable to billions of nodes with foundry CMOS technologies. Our estimates indicate that acceleration factors close to 30,000 are achievable on a single chip with realistic power and area constraints,” said the researchers.

As this sort of chip is only in the research phase, and because regular non-volatile memory hasn’t reached the mainstream market yet, it’s probably going to be a few years before we begin to see something like it on the market. However, the research seems promising, and it may raise the attention of companies such as Google, which wants to accelerate its AI research as much as possible. IBM itself is also interested in solving Big Data challenges in healthcare and other domains so the company’s own businesses should benefit from this research in the future.

Source: Toms hardware

http://www.tomshardware.com/news/ibm-chip-30000x-ai-speedup,31484.html

Though SMS may have been claimed dead many time, it is still very much alive, and quite popular among mobile phishers. At VB2015, Adaptive Mobile researcher Cathal Mc Daid presented a paper various mobile phishing campaigns targeting North American banks.

VB2015 paper: Mobile Banking Fraud via SMS in North America: Who’s Doing it and How

While SMS has been declared dead many times, the service remains frequently used – and abused.

In a paper presented at VB2015 in Prague, Adaptive Mobile researcher Cathal Mc Daid looked at fraudulent SMS campaigns, in particular those targeting banking users in North America.

He showed how these campaigns tend to target specific banks and specific regions, especially those on the East Coast, and also looked at how, similar to what we have long seen in email spam, the messages keep changing in subtle ways, to stay one step ahead of detection.

You can read his paper “Mobile Banking Fraud via SMS in North America: Who’s Doing it and How” here in HTML format or hereas a PDF, and find the video on our YouTube channel, or embedded below.

Are you interested in presenting your research at the upcoming Virus Bulletin conference (VB2016), in Denver 5-7 October 2016? Thecall for papers is now open.

Posted by   Martijn Grooten on   Mar 2, 2016

https://www.virusbulletin.com/blog/2016/march-2016/vb2015-paper-mobile-banking-fraud-sms-north-america-whos-doing-it-and-how/

Troy Hunt, a security researcher uncovered a vulnerability in the NissanConnect app, which can allow attackers to connect to a car if they know their car’s ID number. After that, they can hijack the car’s air conditioning and heating systems. The fault lies in the complete lack of authentication for the application that enhances the car’s dashboard with Internet-connected features.

The vehicle identification number (VIN), which is written on each Nissan Leaf’s windshield, can be copied by anyone that passes by that car. However, the VIN is composed of characters that refer to the brand, make of car, and the country where it was manufactured. Only the last five digits vary between different Leaf cars in the same region, so someone could just build a script to attack all of the Nissan Leafs in a given region.

“There’s nothing to stop someone from scripting a process that goes through every 100,000 possible cars and tries and turn the air conditioning on in every one,” said Troy Hunt. “They would then get a response that would confirm which vehicles exist.”

The security expert also noted that attackers don’t even need to use the NissanConnect app, because they can deliver the attack through a web browser by spoofing the app. The Australia-based researcher tested this on a Nissan owned by his friend Scott Helme, who lives in the U.K.

“As I was talking to Troy on Skype, he pasted the web address into his browser and then maybe 10 seconds later I heard an internal beep in the car,” said Helme. “The heated seat then turned on, the heated steering wheel turned on. And I could hear the fans spin up and the air-conditioning unit turn on.”

Hunt said that the test didn’t work when the car was in motion, but it did show the owner’s registered username, which could help reveal their identity. Times and distances of recent journeys were also revealed.

When Helme unregistered the app, Hunt’s attack no longer worked. This is why Hunt suggested that this vulnerability could be easily fixed if the company disables the ConnectNissan service.

The researcher said that although this isn’t a life-threatening attack, it could be used in ways that could put the cars’ owners in danger. For instance, if the attackers hijack the car this way, they could see over the course of a week where the driver goes to work, and then they could drain the car’s battery to make it so the driver can’t get back home.

Hunt alerted Nissan about the flaw a month ago, but so far he hasn’t gotten a proper response about it, so he decided to make it public to force the company to fix the issue. He said he has already seen some Canadian Leaf owners share information about this vulnerability online, so the issue is already out there, whether he would’ve kept it a secret or not.

This is why sometimes security researchers, who discover vulnerabilities in some products, can’t wait for the companies to provide a fix if it takes longer than a few months and it looks like they are dragging their feet. Usually, it’s not just one person that finds that vulnerability, but many others, who exploit it for their own purposes; therefore allowing the company to drag the process of fixing the issue doesn’t mean that others aren’t taking advantage of that vulnerability during that time.

This case also shows that although most car manufacturers are rapidly trying to build connected cars, electric vehicles that are almost completely controlled by software, and even self-driving cars, where the danger of software insecurity is even bigger, they aren’t taking security all that seriously.

Software security in these modern cars should be treated at least as seriously, if not more so (because software security is so hard), as any other safety mechanism in a car. A software feature that could slightly increase the owner’s convenience in using such a modern car could be turned into something that’s used to crash that car. That’s why car manufacturers need to think very carefully about each new software feature that they add to their cars, and it always needs to be written in a context of high security.

Source: Toms Hardware

http://www.tomshardware.com/news/nissan-leaf-hacked-web-link,31275.html

Kingston’s $4.25 million acquisition of the IronKey assets from Imation was a rare occurrence, as the fairly conservative company is not known for merger and acquisition activity. Kingston tends to favor internal development of new technology and products, and the company has met with resounding success in its efforts thus far. However, Kingston decided to procure the USB technology and assets when the IronKey portion of the Imation portfolio became available, but sold the IronKey external HDD business. This choice makes sense, as Kingston is a company built upon its core flash competency.  

Kingston offered its own FIPS 140-2 Level 3 (the highest level) encrypted USB products for 12 years, but its encrypted USB products appealed more to the general client market and tended to be pricey. Kingston did not attain the traction that the IronKey brand gained with lucrative business and government customers. Kingston will integrate the full breadth of IronKey products into its portfolio, and the company will offer all of the existing and future IronKey products under “Kingston IronKey” branding.

Kingston bucks the long-held, and mostly accurate, industry predictions that indicate fab-less SSD vendors will fall to the wayside. It is incredibly hard to compete with firms that produce their own NAND, but according to the Trendfocus CQ2015 Total SSD Market report, Kingston still holds a commanding presence in the global SSD market. Surprisingly, its 10.1% share of the total global SSD market outweighs several of its fab-enabled competitors, such as Intel, Micron, Toshiba, SK Hynix and SanDisk.

Kingston innovates by staying on the cutting edge of NAND technology – it procures NAND wafers and processes and packages the raw NAND into packages, thus ensuring cost efficiency that allows it to compete with the fabs. NAND fabs are beholden to their own NAND, but Kingston has the flexibility of procuring NAND from a number of sources. This helps ensure that it has access to the best performance and price for each successive NAND generation.

Imation built its IronKey products on an older hardware platform. In the encryption market, reliability and security typically outweigh performance and cost considerations. In fact, Imation did not actually produce its own products; it sub-contracted that aspect of its business out to third parties. Kingston’s extensive experience and technology will allow it to upgrade the current IronKey products to new and more cost–effective controllers and NAND. This will allow Kingston to offer the IronKey products at lower prices, which should help foster wider adoption in diversified market segments beyond the core Imation business and government contracts.

The majority of Kingston’s purchase centers on the IronKey IP. Imation had no dedicated production facilities due to its third-party production model. Kingston will continue to use the third-party manufacturing for a short time as it spins up its own facilities. The manufacturing transition will obviously be a top priority, as it will lower cost and allow Kingston more control of the supply chain.

The hardest part of any M&A activity always centers on the successful melding of the different cultures inside each respective company, but Imation had laid off a number of IronKey staff in December of 2015, and it did not keep any full time employees. This unfortunate fact should help Kingston integrate the two companies quickly.

DataLocker procured the IronKey management service assets, which is an integral portion of the IronKey product portfolio. Kingston and DataLocker had an extensive working relationship in the past, and Kingston signed a three-year contract with the company to provide the software piece of the puzzle. This move makes sense, as Kingston wishes to focus on its own core capabilities, thus leaving the software piece to the software company. Kingston also divested the IronKey HDD assets to DataLocker.

There was a thirty-day transition period signed into the Kingston/IronKey contract that has already expired. Kingston is now shipping the full breadth of IronKey products under its own branding. Kingston will maintain its encrypted DataTraveler products for customers who do not require the extra brick wall of FIPS 140-2 level encryption.

Melding the Imation IronKey technology portfolio with Kingston’s deep NAND experience, design expertise and manufacturing prowess should be a win for the consumer. Imation had a reputation for high-priced products, which Kingston’s scale should help remedy.

Kingston plans to extend its full global sales and support mechanism to all existing IronKey customers, and the promise of newer and more cost-effective solutions will bolster the long-term prospects for Kingston’s security-conscious USB products.

Source: Toms IT Pro

http://www.tomsitpro.com/articles/kingston-ironkey-imation-usb-encryption,1-3182.html