Category Archives: Uncategorized

06/23/11

Hello world! -June 23 2011 15:54 US Cyber Labs Blog was created

Log Date: 0001-June 23 2011 @15:54 US Cyber Labs Blog was created

Keywords: These are the keywords that people are using to find uscyberlabs.

Log Date: 0002-Oct. 6 20:35 Keywordslast (24hr)

anonymous irc hive – ssl hack to be released – –anonymous – the Über-secret handbook – pure.tehack.co.uk – china is beefing up its cyber-war capabilities – cyberpatriot cheats — inmotion tiger -in-motion — pwc certicate diginotar - - information security warfare diagrammatic version of organization — pwc certificate diginotar– how can i protect my site been hack by h311c0d3– low orbit ion cannon homepage– defense industry/supply chain case of foreign hostile espionage– insider threat research– major security attacks in 2011 – hacked by tiger mate– http://thehackernews.com/2011/09/man-in-middle-remote-attack-on-diebold.html– does huawei fund terroism– huawei timeling– david penny huawei– h3c backdoor – low orbit ion cannon page– hybrid threats chinese hacker groups– huawei cisco router market– japan cyber warfare– buy american cyber– how china could hack the usa cyber securities– buy-american cyber– technological family tree– casualties of cyber attacks– (“united states” or us or american) and (university or college) and “intellectual property” and (espionage or theft)

Log Date: 0003-Hit Counter

 uscyberlabs.com Oct. 6 20:35 Today Last 24 hours Last 7 days Last 30 days Total
Hits 676 1397 6156 18055 23499
Pages views 344 727 3425 9088 12156
Unique visitors 196 361 1261 3243 4641
Unique visitors (1h interval) 272 576 2669 7797 11085
Unique visitors (30 min interval) 294 620 2905 8393 11860
Hits per unique visitor 3.45 3.87 4.88 5.57 5.06
Pages per unique visitor 1.76 2.01 2.72 2.8 2.62

 

Log Date: 0004-Oct 1. Keywords - last (24hr) 20:03

wordpress comments on iso standard 2700 -_- cyber team cyberwar how it works-_-packetix vpn-_-pps.dns-_-nuclear powerstation-_-inmotion tigermate hack-_-uscyberlabs tiger mate-_-inmotionhosting.com password backdoor-_-china wary of indian missile threat china or india or missile-_-”cyber blue team”-_-latest application ddos attack-_-how chinese cyber team works-_-hackerz cyber-_-us,china,russia latest weapon naval,cyber missile-_-”dmitri alperovitch” left mcafee-_-hacked by tiger mate-_-pla cyber security squad-_-details of tiger-m@te attack-_-us cyber team-_-tiger-m@te identity-_-who is tiger-m@te-_-insider threat cyber

 

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
01/21/11

CERN The Path from Information Security Risk Assessment to Compliance

The Path from Information Security Risk Assessment to Compliance

Key Message: Information security risk assessment, performed in concert with operational risk management, can contribute to compliance as an outcome.

Executive Summary

Information security risk assessment is a key practice for identifying and prioritizing security risks to critical information assets and key business processes. Determining which security controls mitigate key risks, for both business and compliance purposes, can only be determined through a continuous risk management process. Conducting security risk assessment in concert with operational risk assessment ensures that security risk identification and mitigation are determined based on impact to the business.

In this podcast, Bill Wilson, manager of CERT’s Survivable Enterprise Management team, provides guidelines on how business leaders can use risk assessment as an effective tool for achieving compliance.

PART 1: ASSESSING SECURITY RISK IN A BUSINESS CONTEXT

Why Is Risk Assessment Relevant and Important for Information Security?

Risk assessment allows us to put information security issues in a business context, better understanding the impact to the business in the event of a security breach.

This allows leaders to better answer the “So what?” test, not in technology or security incident terms, but in terms of lost productivity, lost revenue, and potential business interruption – in other words, operational risk.

Leaders can then analyze and prioritize security risks in the context of all other operational risks, using business language and measures of effectiveness.

How Can Risk Assessment Be Used to Prioritize Compliance Requirements?

Current risk-based regulations and standards that call for security controls include:

  • FISMA (Federal Information Security Management Act) for federal and civilian agencies
  • ISO 27001 (in concert with ISO 17799, now ISO 27002)
  • HIPAA (Health Insurance Portability and Accounting Act)
  • ITIL (Information Technology Infrastructure Library)
  • COBIT (Control Objectives for Information and related Technology)
  • COSO (Committee of Sponsoring Organizations of the Treadway Commission)

All of these have many controls and requirements. How does an organization select which ones are most applicable and most important? And which ones can be justifiably eliminated from consideration?

Risk assessment provides an approach for ranking and stacking which security controls to implement, in a business context. It is generally accepted during a compliance review as a defensible basis for control selection and elimination.

An organization can state “We’ve covered our priority risks. Our budget limitations prevent us from implementing some controls. But because we’ve gone through a complete risk assessment process and have captured the results in a defensible form, that’s okay.” What then remains is for a business leader to manage and track any residual risks.

This approach provides a strong basis for making security investment decisions.

PART 2: ZEROING IN ON A RISK ASSESSMENT METHOD

Examples of Common and Widely Accepted Methods for Assessing Information Security Risk

  • NIST SP 800-30 Risk Management Guide for Information Technology Systems
  • BSI 7799-3 (soon to become ISO 27003)
  • CRAMM (CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Method Management) – a qualitative risk analysis and management tool originally developed by the UK government
  • MEHARI (Méthode Harmonisée d’Analyse de Risques Informatiques)
  • FRAP (Facilitated Risk Analysis Process)
  • OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation)

Selecting a Useful Method

Consider available case studies, experience reports, and comparisons.

Find one that is most compatible with your organization’s operational risk management process, risk criteria, language for assessing risk, and how risk data is typically analyzed and presented.

Make sure to integrate security risk tradeoffs with other organizational risks.

Key Elements of an Effective Security Risk Assessment Approach

Choose a method that recognizes its placement in the risk management and security management life cycles.

  • As a diagnostic, to generate information for decision making and control selection

Follow through – make sure control implementation is managed and tracked over time.

Ensure that risk assessments are part of a continuous risk management process/cycle, and conducted periodically or as events warrant.

Treat security risk assessment as part of operational risk assessment and management.

Recognize that most methods in use today are qualitative but progress is being made in determining quantitative losses and impacts.

Focus more on impact and loss, and less on threat and vulnerability which are constantly shifting and changing. At the core of any risk-based approach is “What’s important, and why do I care?”

PART 3: BUILDING A RISK-BASED COMPLIANCE PROGRAM

The Steps

Select an approach, using the guidelines we’ve covered.

Determine the scope of the assessment (typically a business unit or a selected set of business processes). It is important to bound the information assets and systems of interest, keeping this manageable.

Focus on the most critical assets first.

Select a multi-disciplinary team, including members outside of IT to represent the business/mission perspective and characterize the business impacts.

Perform preliminary analysis and present this to senior decision makers for action.

Make sure there is a well-defined connection to existing operational risk management activities, be it a risk committee or perhaps through internal audit.

Fund and implement risk mitigation controls.

Provide oversight and monitoring to ensure that controls are implemented correctly and are truly reducing risk.

Understand the relationship between risk assessment and compliance: It’s not “I’m doing risk assessment to comply with regulation X” but “I’m doing risk assessment because its effective practice.” Properly performed risk assessment will often result in compliance as an outcome or byproduct.

Challenges to Anticipate and Address

  • Lack of patience – risk assessment takes time to collect information, interact with stakeholders, and conduct analysis.
  • Rushing to solution mode – this will often happen as problems that need immediate attention are discovered along the way. This can cause the team and the organization to lose sight of the larger goal.
  • Insufficient time spent on characterizing true impact – work with your business continuity and disaster recovery staff.
  • The absence of well-defined risk evaluation criteria
  • Failure to involve business line personnel, including the owners of critical information assets and key business processes

http://www.cert.org/podcast/notes/20071113wilson-notes.html

Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit
11/19/10

Cisco Intelligent Contact Manager Setup Manager agent.exe Arbitrary Code Execution Vulnerability

Vulnerability AlerPatches and software updates are not available.
Threat Type: Unintended Weakness: Arbitrary Code Execution
IntelliShield ID: 21726
Version: 1
First Published: November 03, 2010 11:57 AM EDT
Last Published: November 03, 2010 11:57 AM EDT
Vector: Network
Authentication: None
Exploit: Functional
Port: 40078
CVE: CVE-2010-3040

Description

Cisco Intelligent Contact Manager versions prior to 7.0 contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.

The vulnerability is due to improper boundary checking on user-supplied input. An unauthenticated, remote attacker could exploit the vulnerability by sending malicious requests to the targeted system. If successful, the attacker could execute arbitrary code.

Cisco has confirmed this vulnerability in software release notes; however, software updates are not available.

Warning Indicators

Cisco Intelligent Contact Manager versions prior to 7.0 are vulnerable.

IntelliShield Analysis

To exploit the vulnerability, an attacker must be able to send malicious requests to a targeted system. Because the vulnerable application process accepts input on a TCP port that is typically blocked by external requests, the attacker may require access to internal networks to accomplish an exploit.

The vulnerability does not exist in Cisco Intelligent Contact Manager 7.0 because the vulnerable executable, agent.exe, was removed in that release.

Vendor Announcements

The code execution flaw is documented in Cisco bug IDs CSCti45698, CSCti45715, CSCti45726, and CSCti46164.

The vulnerabilities were discovered and reported to Cisco by a researcher working with TippingPoint’s Zero Day Initiative.

Impact

An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on the targeted system with elevated privileges, possibly resulting in a complete system compromise.

Technical Information

The vulnerability is due to improper boundary checking on user-supplied input that is processed by the agent.exe service. The service accepts input via TCP port 40078. The service fails to properly check the length of input before use in memory operations. The processing of overly large parameters could trigger a stack-based buffer overflow condition.

An unauthenticated, remote attacker could exploit the vulnerability by sending a malicious request to the targeted application. When processed, the request could trigger a stack overflow that corrupts memory. The attacker could take advantage of the memory corruption to execute arbitrary code with the SYSTEM level privileges of the agent.exe process.

Safeguards

Administrators are advised to apply software updates as they become available.

Administrators may consider removing the agent.exe executable from affected systems.

Administrators are advised to filter requests received via TCP port 40078.

Administrators are advised to monitor critical systems.

Patches/Software


Share on TwitterShare on TumblrSubmit to StumbleUponSave on DeliciousDigg ThisSubmit to reddit