Category Archives: research

Researchers develop app to detect Twitter bots in any language

Thanks to fruitful collaboration between language scholars and machine learning specialists, a new application that can detect Twitter bots independent of the language used was developed by researchers at the University of Eastern Finland and Linnaeus University in Sweden. In recent years, big data from various social media applications have turned the web into a user-generated repository of information in ever-increasing number of areas. Because of the relatively easy access to tweets and their metadata, … More

The post Researchers develop app to detect Twitter bots in any language appeared first on Help Net Security.

Researchers devise RAMBleed attack to grab secret data from memory

Researchers have demonstrated a new variation of the Rowhammer attack: dubbed RAMBleed, it may allow attackers to read data stored inside the computer’s physical memory. “While the end-to-end attack we demonstrated read out OpenSSH 7.9’s RSA key, RAMBleed can potentially read any data stored in memory. In practice, what can be read depends on the victim program’s memory access patterns,” they explained. About Rowhammer and RAMBleed Rowhammer is an exploitable issue in some computer chips … More

The post Researchers devise RAMBleed attack to grab secret data from memory appeared first on Help Net Security.

First framework to score the agility of cyber attackers and defenders

To help train government and industry organizations on how to prevent cyberattacks, as part of a research project for the U.S. Army, scientists at The University of Texas at San Antonio, developed the first framework to score the agility of cyber attackers and defenders. “The DOD and U.S. Army recognize that the cyber domain is as important a battlefront as ground, air and sea,” said Dr. Purush Iyer, division chief, network sciences at Army Research … More

The post First framework to score the agility of cyber attackers and defenders appeared first on Help Net Security.

Hackproofing smart meters and boosting smart grid security

Smart electricity meters are useful because they allow energy utilities to efficiently track energy use and allocate energy production. But because they’re connected to a grid, they can also serve as back doors for malicious hackers. Cybersecurity researcher Karthik Pattabiraman, an associate professor of electrical and computer engineering at UBC, recently developed an automated program aimed at improving the security of these devices and boosting security in the smart grid. “Our program uses two detection … More

The post Hackproofing smart meters and boosting smart grid security appeared first on Help Net Security.

New user keystroke impersonation attack uses AI to evade detection

A sophisticated attack, called Malboard, in which a compromised USB keyboard automatically generates and sends malicious keystrokes that mimic the attacked user’s behavioral characteristics, was developed by Ben-Gurion University of the Negev (BGU) cybersecurity researchers. Using artificial intelligence Keystrokes generated maliciously do not typically match human typing and can easily be detected. Using artificial intelligence, however, the Malboard attack autonomously generates commands in the user’s style, injects the keystrokes as malicious software into the keyboard … More

The post New user keystroke impersonation attack uses AI to evade detection appeared first on Help Net Security.

Two-thirds of iOS apps don’t use App Transport Security

Most iOS apps don’t take advantage of App Transport Security​ (ATS), a networking security feature offered by Apple that ensures encrypted connections between apps and the servers they communicate with. The main reason, it seems, might be interrupted ad delivery. What is App Transport Security? “On Apple platforms, a networking security feature called App Transport Security (ATS) is available to apps and app extensions, and is enabled by default. It improves privacy and data integrity … More

The post Two-thirds of iOS apps don’t use App Transport Security appeared first on Help Net Security.

Hack The Sea: Bridging the gap between hackers and the maritime sector

There’s a not a lot of researchers probing the security of computer systems underpinning the maritime industry. The limitations that keep that number low are obvious: both the specialized knowledge and equipment is difficult to come by. And, as Ken Munro of UK-based Pen Test Partners told us a year ago, not many people move from shipping into pentesting (and into information security in general). But things are looking up for those who are interested: … More

The post Hack The Sea: Bridging the gap between hackers and the maritime sector appeared first on Help Net Security.

Researchers fight ransomware attacks by leveraging properties of flash-based storage

Ransomware continues to pose a serious threat to organizations of all sizes. In a new paper, “Project Almanac: A Time-Traveling Solid State Drive,” University of Illinois students Chance Coats and Xiaohao Wang and Assistant Professor Jian Huang from the Coordinated Science Laboratory look at how they can use the commodity storage devices already in a computer, to save the files without having to pay the ransom. Recovering data encrypted by a variety of ransomware families … More

The post Researchers fight ransomware attacks by leveraging properties of flash-based storage appeared first on Help Net Security.

Researchers spot manipulated photos and video using AI-driven imaging system

To thwart sophisticated methods of altering photos and video, researchers at the NYU Tandon School of Engineering have demonstrated an experimental technique to authenticate images throughout the entire pipeline, from acquisition to delivery, using artificial intelligence (AI). In tests, this prototype imaging pipeline increased the chances of detecting manipulation from approximately 45 percent to over 90 percent without sacrificing image quality. Determining whether a photo or video is authentic is becoming increasingly problematic. Sophisticated techniques … More

The post Researchers spot manipulated photos and video using AI-driven imaging system appeared first on Help Net Security.

How mainstream media coverage affects vulnerability management

For better or for worse, mainstream media is increasingly covering particularly dangerous, widespread or otherwise notable security vulnerabilities. The growing coverage has made more people aware of the risks and of the need to keep their various devices (software) up-to-date and, with the increased digitization of our everyday lives, I would say that’s a definitive plus. But among those people are also partners and regulators, and executives and boards of directors who may demand their … More

The post How mainstream media coverage affects vulnerability management appeared first on Help Net Security.

TrustArc Partnering with IAPP to Benchmark Privacy Tech Adoption

As privacy tech continues to proliferate and embed itself in day-to-day privacy functions in the enterprise, the IAPP, together with TrustArc, seeks feedback to better understand how privacy pros are adopting the privacy tech tools outlined in our Privacy Tech Vendor Report. This year’s survey builds on a similar one we did last year looking at how privacy tools are acquired and deployed. Now, with obligations that both the EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are imposing on organizations, are we seeing a move toward greater tech adoption? The survey should only take about … Continue reading TrustArc Partnering with IAPP to Benchmark Privacy Tech Adoption

The post TrustArc Partnering with IAPP to Benchmark Privacy Tech Adoption appeared first on TrustArc Blog.

Firewalls and the Need for Speed

I was looking for resources on campus network design and found these slides (pdf) from a 2011 Network Startup Resource Center presentation. These two caught my attention:



This bothered me, so I Tweeted about it.

This started some discussion, and prompted me to see what NSRC suggests for architecture these days. You can find the latest, from April 2018, here. Here is the bottom line for their suggested architecture:






What do you think of this architecture?

My Tweet has attracted some attention from the high speed network researcher community, some of whom assume I must be a junior security apprentice who equates "firewall" with "security." Long-time blog readers will laugh at that, like I did. So what was my problem with the original recommendation, and what problems do I have (if any) with the 2018 version?

First, let's be clear that I have always differentiated between visibility and control. A firewall is a poor visibility tool, but it is a control tool. It controls inbound or outbound activity according to its ability to perform in-line traffic inspection. This inline inspection comes at a cost, which is the major concern of those responding to my Tweet.

Notice how the presentation author thinks about firewalls. In the slides above, from the 2018 version, he says "firewalls don't protect users from getting viruses" because "clicked links while browsing" and "email attachments" are "both encrypted and firewalls won't help." Therefore, "since firewalls don't really protect users from viruses, let's focus on protecting critical server assets," because "some campuses can't develop the political backing to remove firewalls for the majority of the campus."

The author is arguing that firewalls are an inbound control mechanism, and they are ill-suited for the most prevalent threat vectors for users, in his opinion: "viruses," delivered via email attachment, or "clicked links."

Mail administrators can protect users from many malicious attachments. Desktop anti-virus can protect users from many malicious downloads delivered via "clicked links." If that is your worldview, of course firewalls are not important.

His argument for firewalls protecting servers is, implicitly, that servers may offer services that should not be exposed to the Internet. Rather than disabling those services, or limiting access via identity or local address restrictions, he says a firewall can provide that inbound control.

These arguments completely miss the point that firewalls are, in my opinion, more effective as an outbound control mechanism. For example, a firewall helps restrict adversary access to his victims when they reach outbound to establish post-exploitation command and control. This relies on the firewall identifying the attempted C2 as being malicious. To the extent intruders encrypt their C2 (and sites fail to inspect it) or use covert mechanisms (e.g., C2 over Twitter), firewalls will be less effective.

The previous argument assumes admins rely on the firewall to identify and block malicious outbound activity. Admins might alternatively identify the activity themselves, and direct the firewall to block outbound activity from designated compromised assets or to designated adversary infrastructure.

As some Twitter responders said, it's possible to do some or all of this without using a stateful firewall. I'm aware of the cool tricks one can play with routing to control traffic. Ken Meyers and I wrote about some of these approaches in 2005 in my book Extrusion Detection. See chapter 5, "Layer 3 Network Access Control."

Implementing these non-firewall-based security choices requries a high degree of diligence, which requires visibility. I did not see this emphasized in the NSRC presentation. For example:


These are fine goals, but I don't equate "manageability" with visibility or security. I don't think "problems and viruses" captures the magnitude of the threat to research networks.

The core of the reaction to my original Tweet is that I don't appreciate the need for speed in research networks. I understand that. However, I can't understand the requirement for "full bandwidth, un-filtered access to the Internet." That is a recipe for disaster.

On the other hand, if you define partner specific networks, and allow essentially site-to-site connectivity with exquisite network security monitoring methods and operations, then I do not have a problem with eliminating firewalls from the architecture. I do have a problem with unrestricted access to adversary infrastructure.

I understand that security doesn't exist to serve itself. Security exists to enable an organizational mission. Security must be a partner in network architecture design. It would be better to emphasize enhance monitoring for the networks discussed above, and think carefully about enabling speed without restrictions. The NSRC resources on the science DMZ merit consideration in this case.