Category Archives: Software

From Mainframes to Connected Cars: How Software drives the Automotive Industry

Automakers must pay as much attention to the integrity and security of the software running modern vehicles as they pay to areas such as metallurgy, impact protection, seat belts, and materials science argues Gary Mcgraw, the Vice President of Security Technology at the firm Synopsis. Software is a relatively new human artifact that grows more...

Read the whole entry... »

Related Stories

Episode 108: DEF CON’s Car Hacking Village and is the Open Source Model Failing on Security

In this week’s podcast (#108), sponsored by CA Veracode: hacker summer camp wrapped up on Sunday, as the 26th annual DEF CON conference concluded at Caesar’s Palace in Las Vegas. Hacks of connected and smart vehicles were a big theme again this year. We sat down with the organizers of DEF CON’s Car Hacking Village to see what was news at...

Read the whole entry... »

Related Stories

How to master your passwords on all your devices

Although tech companies have long been predicting the death of the password, it seems as if we’re stuck with that as our main way of securing sites and software for

The post How to master your passwords on all your devices appeared first on The Cyber Security Place.

Moving beyond passwords: The new era of authentication

Businesses are questioning the centrality of passwords as a test of identity. With cyber-attacks on the rise at an alarming rate, simple password-based security measures are no longer fit for

The post Moving beyond passwords: The new era of authentication appeared first on The Cyber Security Place.

Bethesda Blocks Resale of a Secondhand Game

theshowmecanuck writes: Bethesda just pulled a cease and desist on an Amazon Marketplace sale of one of their games. This, despite the fact that the resale of used games is legal in the USA. Bethesda is saying that because it isn't being offered with a warranty, it is not protected through the First Sale Doctrine. UPDATE: The game in question was sealed and unopened, technically not "used," but being sold secondhand. In a letter sent to the seller by Bethesda's legal firm, they made the argument that the sale was not "by an authorized reseller," and was therefore "unlawful." Bethesda also took issue with the seller's use of the word "new" in selling the unwrapped game, claiming that this constituted "false advertising." Bethesda offered the following statement: "Bethesda does not and will not block the sale of pre-owned games. The issue in this case is that the seller offered a pre-owned game as 'new' on the Amazon Marketplace. We do not allow non-authorized resellers to represent what they sell as 'new' because we can't verify that the game hasn't been opened and repackaged. This is how we help protect buyers from fraud and ensure our customers always receive authentic new product, with all enclosed materials and warranty intact. In this case, if the game had been listed as 'Pre-Owned,' this would not have been an issue."

Read more of this story at Slashdot.

Tesla’s Chief Vehicle Engineer Returns To Apple

Doug Field, the former VP of Mac hardware who left Apple to become Tesla's chief vehicle engineer, has returned to Cupertino. Field is reportedly working on the company's secretive "Project Titan" self-driving car program. The Verge reports: Field ran Tesla's vehicle production and engineering, but CEO Elon Musk took over responsibility for production this year after the company failed to meet its initial first-quarter goal for the Model 3. Field then took a leave of absence in May, and subsequently left the company altogether in June. Project Titan has reportedly been scaled back considerably from its initial scope, with hundreds of people leaving the division as Apple is said to focus on seeking carmaker partners for its self-driving software. [Daring Fireball's John Gruber] speculates that Field's return to Titan suggests Apple could still have an interest in producing vehicles itself, while cautioning that employees do move between the two companies regularly.

Read more of this story at Slashdot.

Social Mapper: A free tool for automated discovery of targets’ social media accounts

Trustwave has released Social Mapper, an open source tool that automates the process of discovering individuals’ social media accounts. How Social Mapper works The tool takes advantage of facial recognition technology and searches for targets’ accounts on LinkedIn, Facebook, Twitter, Google+, Instagram, VKontakte, Weibo and Douban. It accepts input in several forms: an organisation’s name, searching via LinkedIn; a CSV file with names and URLs to images online; or a folder full of images named … More

The post Social Mapper: A free tool for automated discovery of targets’ social media accounts appeared first on Help Net Security.

Over 20 Flaws Discovered in Popular Healthcare Software

Multiple vulnerabilities in a popular healthcare software provider’s products may have put at risk the data of over 90 million patients. OpenEMR develops open source electronic health record (EHR) and

The post Over 20 Flaws Discovered in Popular Healthcare Software appeared first on The Cyber Security Place.

The Dawn of a New Digital Era for Healthcare Organizations

Earlier this year, the UK Secretary of State for Health and Social Care Jeremy Hunt signed off on the first official guidance specifically designed to help the UK’s National Health Service make

The post The Dawn of a New Digital Era for Healthcare Organizations appeared first on The Cyber Security Place.

Keep Your Website Secure In 8-Simple Steps

By Julia Sowells Senior Information Security Specialist at Hacker Combat, Now and then the best techniques to handle any work are the easiest one. You realize that you have to protect

The post Keep Your Website Secure In 8-Simple Steps appeared first on The Cyber Security Place.

Cramming Software With Thousands of Fake Bugs Could Make It More Secure, Researchers Say

It sounds like a joke, but the idea actually makes sense: More bugs, not less, could theoretically make a system safer. From a report: Carefully scatter non-exploitable decoy bugs in software, and attackers will waste time and resources on trying to exploit them. The hope is that attackers will get bored, overwhelmed, or run out of time and patience before finding an actual vulnerability. Computer science researchers at NYU suggested this strategy in a study published August 2, and call these fake-vulnerabilities "chaff bugs." Brendan Dolan-Gavitt, assistant professor at NYU Tandon and one of the researcher on this study, told me in an email that they've been working on techniques to automatically put bugs into programs for the past few years as a way to test and evaluate different bug-finding systems. Once they had a way to fill a program with bugs, they started to wonder what else they could do with it. "I also have a lot of friends who write exploits for a living, so I know how much work there is in between finding a bug and coming up with a reliable exploit -- and it occurred to me that this was something we might be able to take advantage of," he said. "People who can write exploits are rare, and their time is expensive, so if you can figure out how to waste it you can potentially have a great deterrent effect." Brendan has previously suggested that adding bugs to experimental software code could help with ultimately winding up with programs that have fewer vulnerabilities.

Read more of this story at Slashdot.

Thunderbird v60.0 Email Client Released

Thunderbird version 60, featuring a number of new features and changes, is now available as a direct download from, the email client vendor said. The changelog: When writing a message, a delete button now allows the removal of a recipient. This delete button is displayed when hovering the To/Cc/Bcc selector. Many improvements to attachments handling during compose: Attachments can now be reordered using a dialog, keyboard shortcuts, or drag and drop. The "Attach" button moved to the right to be above the attachment pane. The access key of the attachment pane (e.g. Alt+M, may vary depending on localization, Ctrl+M on Mac) now also works to show or hide the pane. The attachment pane can also be shown initially when composing a new message. Right-click on the header to enable this option. Hiding a non-empty attachment pane will now show a placeholder paperclip to indicate the presence of attachments and avoid sending them accidentally. "Edit Template" command. This also solves various problems when saving as template (duplicates created, message ID lost). "New Message from Template" command. Allow changing the Spellcheck Language from status bar. Light and Dark themes. WebExtension themes are now enabled in Thunderbird. A default startup directory in the address book window can now be configured. Individual feed update interval. Read the full-change log here.

Read more of this story at Slashdot.

SaaS Data Protection Trends in the Tech Industry

As we enter into the third quarter of 2018, the Spanning data security, product and engineering teams took stock of how the year is shaping up for organizations in terms

The post SaaS Data Protection Trends in the Tech Industry appeared first on The Cyber Security Place.

How to Address Email Encryption and Data Security

With Facebook hearings, and privacy changes across the board, data privacy and security has been at the top of everybody’s mind in recent months. In exchange for the convenience of

The post How to Address Email Encryption and Data Security appeared first on The Cyber Security Place.

Cyber security vulnerabilities: What’s causing them and what can be done?

Cyber vulnerabilities and attacks can occur for a variety of reasons.According to a recent study, based on the results of attendees at Black Hat USA 2018, infosec professionals cited cyber security

The post Cyber security vulnerabilities: What’s causing them and what can be done? appeared first on The Cyber Security Place.

Wells Fargo Says Hundreds of Customers Lost Homes After Computer Glitch

Hundreds of people had their homes foreclosed on after software used by Wells Fargo incorrectly denied them mortgage modifications. From a report: The embattled bank revealed the issue in a regulatory filing this week and said it has set aside $8 million to compensate customers affected by the glitch. [...] Wells Fargo said the computer error affected "certain accounts" that were undergoing the foreclosure process between April 2010 and October 2015, when the issue was corrected. About 625 customers were incorrectly denied a loan modification or were not offered one even though they were qualified, according to the filing. In about 400 cases, the customers were ultimately foreclosed upon.

Read more of this story at Slashdot.

Software Can Model How a Wildfire Will Spread

The rapid flames that roached densely populated areas in Mati, a seaside resort near Athens on July 23, could have been avoided. Gavriil Xanthopoulos, a wildfire expert at Greece's Ministry of Rural Development and Food, believes the unfortunate incident could have been averted if proper use had been made in advance of fire-simulation software [Editor's note: the link may be paywalled]. From a report: Fed with data on the area's vegetation, building materials, paved surfaces, paths to the sea and weather patterns, such software would have suggested, he says, those places where trees and brush should have been removed, roads widened and evacuation paths built -- not to mention how zoning laws could have been better devised in the face of fire risk. Greece, Dr Xanthopoulos laments, has been slow to adopt such software. Others are not so dilatory. America's Forest Service, for instance, uses a model developed by Esri, a geographic-information firm in Redlands, California, to assess fire risk. This model feeds on data on the distribution and types of trees, bushes and other vegetable ground cover, and on construction materials used in an area. These data are collected mainly by satellites and aircraft, but rangers and crews of firefighters contribute detail from the ground. According to Chris Ferner, a wildland-fire technology specialist at Esri, even entering the diameters of tree trunks and the sites of clogged culverts (which alter patterns of water flow) is grist to the software's accuracy. Once a piece of fire-forecasting software such as Esri's knows how much inflammable stuff there is on the land, it can bring in data on rainfall, snowfall, sunshine, temperature and the like, to work out how this might change in the future, as well as how much moisture the vegetation holds. It can also take into account past fires and the lie of the land.

Read more of this story at Slashdot.

Phishing Attack Strikes UnityPoint Health

Iowa’s UnityPoint Health reported that it was the victim of a phishing attack, saying the attack put the sensitive information of 1.4 million patients at risk, according to local news media KCCI. The public

The post Phishing Attack Strikes UnityPoint Health appeared first on The Cyber Security Place.

Spam still the most common cyber crime technique, according to recent research

According to a recent study by cyber security firms F-Secure and MWR InfoSecurity, spam remains the first choice for malware implementation. Spam remains popular among cyber criminals 40 years after

The post Spam still the most common cyber crime technique, according to recent research appeared first on The Cyber Security Place.

Secure Access as a Business Accelerator: a Conversation with Pulse Secure

In this Security Ledger Conversations Video, we speak with Sudhakar Ramakrishna, the CEO of the firm Pulse Secure on that company’s journey from Juniper Networks’ remote access business unit to a thriving, independent company selling secure access technology to firms with on premises, cloud and mobile deployments. Technology has...

Read the whole entry... »

Related Stories

How to Balance Security with Digital Transformation

As the cybersecurity industry expands, the number of security solutions available has exploded so that a recent study revealed that IT security professionals are struggling to keep up with the technologies that

The post How to Balance Security with Digital Transformation appeared first on The Cyber Security Place.

The Next iPad Pros Will Shrink and Lose Their Headphone Jacks, Says Report

According to supply chain blog Macotakara, the new iPad Pro models that will be introduced later this year will be slimmer, feature Face ID, and have no headphone jacks. 9to5Mac reports the details: First off, the report offers additional details on the 2018 iPad Pro dimensions. The 10.5-inch model is said to come in at 247.5mm (H) x 178.7mm (W) x 6mm (T), compared to the current dimensions of 250.6mm x 174.1mm x 6.1 mm. Meanwhile, the 12.9-inch iPad Pro is said to stack up at 280mm (H) x 215mm (W) x 6.4mm (T), which compares to the current-generation model at 305.7 x 220.6 x 6.9 mm. With these dimensions, it seems that Apple is focused more on reducing the overall footprint of the 12.9-inch model, fitting the same size display into a considerably smaller body. The report goes on to explain that Apple is likely to ditch the headphone jack with this year's iPad Pro models, a move the company first made with the iPhone 7. While Apple includes a Lightning to 3.5mm headphone adapter to ease the blow for iPhone users, it will not do the same for iPad Pro users, according to today's report. Today's report corroborates that this year's iPad Pro models will feature Face ID, but it notes that there is no support for landscape Face ID as earlier reports had indicated. This presents an interesting problem for the iPad Pro, which is used commonly in landscape mode with accessories such as the Smart Keyboard. Macotakara notes, however, that Apple is moving the Smart Connector on this year's models to "the lower rear side -- close to the Lightning connector." What exactly this means is unclear, but the report explains that "the next iPad Pro Smart Keyboard may be changed to vertical position specifications." This is seemingly implying that the iPad Pro would dock vertically into the Smart Keyboard, but how that would work is vague at the moment.

Read more of this story at Slashdot.

How to Find Trustworthy Tools and Software for Your Business

By Carolina

Running a business requires a great deal of time, knowledge and expertise. If you want to take it to new heights, it’s imperative that you look for ways to save time by streamlining your processes. If not, you may find that a significant amount of time is being used carrying out mundane tasks and focusing […]

This is a post from Read the original post: How to Find Trustworthy Tools and Software for Your Business

DevSecOps Sees Slow Adoption but Wider Incident Handling

More than three-quarters of DevOps professionals do not practice “DevSecOps”, or are still in the process of implementation. According to the DevOps Pulse 2018 survey by, its survey of 1044 DevOps engineers,

The post DevSecOps Sees Slow Adoption but Wider Incident Handling appeared first on The Cyber Security Place.

New Crime-Predicting Algorithm Borrows From Apollo Space Mission Tech

Researchers from Georgia Tech and the UK's University of Surrey have developed a new predictive policing algorithm that aims to better manage police resources and gain an upper hand in the war on crime. It reportedly uses technology that's been previously used in weather forecasting and the Apollo space missions. Digital Trends reports: The new algorithm built on previous work carried out by researchers from the University of California and police forces in both the U.S. and U.K. Their 2015 research showed how a predictive policing algorithm could accurately predict between 1.4 and 2.2 times more urban crime than specialist crime analysts. By making recommendations about where to patrol, the algorithm led to a 7.4 percent reduction in crime. However, while effective, this approach has also been criticized due to concerns about possible racial profiling and the underreporting of crime. The new algorithm has so far been demonstrated on a data set of more than 1,000 violent gang crimes in Los Angeles carried out between 1999 and 2002. Early conclusions suggest that the upgraded predictive tool could prove superior for coping with the constantly fluctuating world of real-time crime prediction. The researchers published their paper in the journal Computational Statistics & Data Analysis.

Read more of this story at Slashdot.

Report: Cybercriminals target difficult-to-secure ERP systems with new attacks

Cybercriminals are targeting enterprise resource planning (ERP) apps–some of the oldest and most difficult-to-secure business software systems–with new attacks in an effort to exploit vulnerabilities and gain access to valuable, sensitive enterprise data, according to a new report. In the report released this week by Digital Shadows...

Read the whole entry... »

Related Stories

How Blockchain Ecosystems Can Be a Threat to Cybersecurity

The first impression of many people about blockchain technology is that it will actually enhance cybersecurity. The reason for this point of view is because of the structure of blockchain

The post How Blockchain Ecosystems Can Be a Threat to Cybersecurity appeared first on The Cyber Security Place.

Cryptomining Replaces Ransomware as Most Popular Cybercrime Malware

Skybox® Security, a global leader in cybersecurity management, announced today the release of its mid-year update to the Vulnerability and Threat Trends Report which analyzes vulnerabilities, exploits and threats in play. The report,

The post Cryptomining Replaces Ransomware as Most Popular Cybercrime Malware appeared first on The Cyber Security Place.

Phishing in the Deep End: The Growing Threat of Attacks Beyond Email

Phishing has long posed a threat to businesses thanks to attackers who convince users to open harmful email attachments and executable links. As a result, companies have strengthened malware blocking

The post Phishing in the Deep End: The Growing Threat of Attacks Beyond Email appeared first on The Cyber Security Place.

It Started with a Phish

It is no secret that humans are the weakest link in any security program, but the extent of the problem can be underestimated. In the most recent Verizon Data Breaches Investigations

The post It Started with a Phish appeared first on The Cyber Security Place.

Talking To The Board About Information Security

CIO at Okta, a leader in providing cloud-based solutions for secure access to critical business systems.Briefing a board of directors on the status of your company’s information security program is a

The post Talking To The Board About Information Security appeared first on The Cyber Security Place.

Blockchain: Only As Good As Its Data

Blockchain has without a doubt created a lot of discussion as the next big thing, especially in supply chain. Before blockchain can become the next tech blockbuster, there are several

The post Blockchain: Only As Good As Its Data appeared first on The Cyber Security Place.

Cryptocurrency Mining Malware Hits Over 1 Million Computers in China

By Julia Sowells Senior Information Security Specialist at Hacker Combat, Over one million computers in China have been infected by cryptocurrency mining malware resulting in hackers earning over $2 million in

The post Cryptocurrency Mining Malware Hits Over 1 Million Computers in China appeared first on The Cyber Security Place.

Taken by Ransomware? Certain Skills Required

Skull and crossbones adorning a pair of Alexander McQueen boots, um yes, please. Skull and crossbones flashing across my PC, uh no, thanks. While the former speaks of swashbuckling ready-to-wear,

The post Taken by Ransomware? Certain Skills Required appeared first on The Cyber Security Place.

Are security professionals moving fast enough?

Anthony O’Mara, from Malwarebytes, explains to Information Age why security professionals need to move much faster to beat cyber criminals. With the increase in threats the cybersecurity industry faces, alongside

The post Are security professionals moving fast enough? appeared first on The Cyber Security Place.

Eight Weak Links that Make Cryptocurrency Exchanges Vulnerable

Cryptocurrency is all the rage right now. There are currently over 1,600 different cryptocurrencies in circulation with a combined value approaching $350 billion.The top three cryptocurrencies alone—Bitcoin, Ethereum, and Ripple—are worth more

The post Eight Weak Links that Make Cryptocurrency Exchanges Vulnerable appeared first on The Cyber Security Place.

Chrome users get Site Isolation by default to ward off Spectre attacks

Site Isolation, the optional security feature added to Chrome 63 late last year to serve as protection against Spectre information disclosure attacks, has been enabled by default for all desktop Chrome users who upgraded to Chrome 67. How Site Isolation mitigates risk of Spectre attacks “In January, Google Project Zero disclosed a set of speculative execution side-channel attacks that became publicly known as Spectre and Meltdown. An additional variant of Spectre was disclosed in May. … More

The post Chrome users get Site Isolation by default to ward off Spectre attacks appeared first on Help Net Security.

Gargoyle: Innovative solution for preventing insider attacks

A group of researchers from UNSW Sydney, Macquarie University, and Purdue University has released a paper on a new and very promising network-based solution for preventing insider attacks. Dubbed Gargoyle, the solution: Evaluates the trustworthiness of an access request context through a set of Network Context Attributes (NCAs) that are extracted from the network traffic Leverages the capabilities of Software-Defined Network (SDN) for both policy enforcement and implementation Takes advantage of the network controller for … More

The post Gargoyle: Innovative solution for preventing insider attacks appeared first on Help Net Security.

Five Steps to Security Automation

Two weeks ago, Volvo, the Swedish automaker, announced plans for a Level 4 self-driving car by 2021. In the progression of automation levels for cars, as outlined by the National Highway Traffic

The post Five Steps to Security Automation appeared first on The Cyber Security Place.

Digital transformation – why your whole approach to security has to change

Darron Gibbard, Managing Director EMEA North of Qualys, explains to Information Age why organisations must overhaul their approach to security in order to achieve success in digital transformation. By making security

The post Digital transformation – why your whole approach to security has to change appeared first on The Cyber Security Place.

What is the Tor Browser? How it works and how it can help you protect your identity online

Move over “dark web,” the Tor Browser will keep you safe from snoops. The Tor Browser is a web broswer that anonymizes your web traffic using the Tor network, making it

The post What is the Tor Browser? How it works and how it can help you protect your identity online appeared first on The Cyber Security Place.

File-Based Malware: Considering A Different And Specific Security Approach

The cybersecurity solutions landscape has evolved from simple but effective signature-based scanning solutions to sandboxing—the isolating layer of security between your system and malware—and, most recently, to sophisticated detection methods.

The post File-Based Malware: Considering A Different And Specific Security Approach appeared first on The Cyber Security Place.

Opinion: With Internet of Things, Devices become Insider Threat

Connected devices aren’t just fodder for botnets. They increasingly act as malicious “insiders” capable of spying on their surroundings and providing valuable intelligence on homes and offices, argues Yotam Gutman of the firm Securithings in this industry perspective.  Connected devices present unique challenges to enterprises...

Read the whole entry... »

Related Stories

Modern OSs for embedded systems

At Kaspersky Lab we analyze the technologies available on cybersecurity market and this time we decided to look at what OS developers are offering for embedded systems (or, in other words, the internet of things). Our primary interest is how and to what degree these OSs can solve cybersecurity-related issues.

We’d like to point out that this review reflects the author’s subjective opinion, and for the purposes of this analysis we developed our own classification of OSs.

Moreover, throughout this research we have compared other operating systems with KasperskyOS to see what we can learn from them and how we can improve KasperskyOS. The results of this comparison will also be presented in this article.

We analyzed a total of several dozen operating systems, from the most widespread to some niche players. The vast majority of the operating systems we looked at primarily handle practical functional tasks. Information security features, if they are included in the design, are merely extensions to the existing functionality in the form of plugins, components implementing encryption algorithms or add-in architecture. These measures can help improve the overall information security posture of a solution, but cannot guarantee protection from all modern threat models. If cybersecurity issues are not addressed in the initial design, it inevitably leads to compromises later when protection mechanisms are added.

Operating systems can be classified according to numerous criteria. Our approach was to treat operating systems from an architecture standpoint, so we classified them into four large classes according to their kernel types.

  • monolithic systems,
  • operating systems with monolithic kernels,
  • microkernel-based operating systems,
  • hybrid systems.

Monolithic systems

This is the most widespread type of operating system architecture for embedded devices. Most of the operating systems we analyzed are monolithic environments designed to work in microcontrollers where all processes (both user and system) run in a single address space without restrictions.

From an information security standpoint, this architecture is only suitable for very simple tasks – as the functionality becomes more complex, the risk of vulnerabilities becomes too great. Whenever vulnerabilities occur in such systems, whether it’s in implementations of system services or in an auxiliary application, this leads to the entire solution being compromised.

Libraries containing sets of encryption algorithms are usually offered as extra security measures for such operating systems. However, these measures can hardly be described as sufficient, because they don’t envisage a comprehensive solution to many important issues, such as the generation and storage of keys and certificates, ensuring trusted downloads, secure updates, etc. Also, because these libraries are created specifically for the appropriate operating systems, they often don’t undergo verification and/or sufficient testing, so they themselves may contain vulnerabilities and therefore reduce (rather than improve) the overall security of the solutions they’re part of.

Other measures (such as stack protection, various types of additional checks etc.) may ensure protection against different types of failures and errors, but they are often useless at protecting against targeted attacks that exploit known vulnerabilities within the system.

Even if a microkernel architecture was formally applied in a solution like this, an acceptable level of protection is impossible to ensure unless user processes are isolated from system processes, since any user process could affect the operation of the microkernel. Examples of microkernel operating systems in which processes are not isolated properly include the popular RIOT OS, Zephyr, Unison RTOS, and even the commercial microcontroller kernel µ-velOSity provided by Green Hills, as well as Microsar OS, the basic operating system for automotive solutions provided by Vector.

Despite all the security shortcomings of monolithic systems, such compact operating systems are suitable for work in cheap microcontrollers. They can be used in simple and compact devices where the only task is to measure a single parameter, such as temperature, pressure, volume, etc. Devices like these must be simple, compact and cheap. In our view, monolithic systems are not the best option when faced with tasks that are more complex.

Monolithic kernel systems

Monolithic kernel systems are another type of operating system architecture. This is perhaps the most widespread and popular type of operating system architecture both for embedded systems and for general-purpose systems (i.e. servers, workstations and mobile devices.)

Unlike in purely monolithic solutions, user processes in monolithic kernel systems are isolated from the kernel and only have access to its functions via a limited number of system calls. This constitutes a serious advantage from the information security standpoint.

A large number of services run in the kernel context, such as protocol implementations, file systems, device drivers, etc. Examples of monolithic kernel operating systems include those based on the Linux kernel (and its derivatives), as well as Windows, FreeBSD, RTEMS, etc.

The operating system’s kernel services still leave a large attack surface, while the code base operating in the kernel context cannot be considered as trusted. Therefore, don’t expect the kernel services to be free from vulnerabilities (in fact, vulnerabilities are regularly detected).

The compromise of any kernel service inevitably leads to the entire system being compromised, no matter what tools are employed to protect it.

The second problem is especially relevant for embedded systems. It is the need to restart the device when kernel models are updated. Indeed, restarting is not always required, however any case when a restart is not required is the exception rather than the rule.

The main advantage of monolithic kernel architecture is its better performance as compared to microkernel operating systems. This is due to the smaller number of context switches.

Different Linux distributions

Operating systems based on the Linux kernel are very user-friendly: they are available in source code, offer excellent hardware support and have a large amount of application and system software. All this makes these operating systems extremely attractive for developers of embedded systems.

Note: Linux only serves as the kernel of an operating system. Full-fledged operating systems are Linux-based distributions.

It’s worth noting that Linux was developed as a kernel for a multi-user operating system and contains a set of built-in security mechanisms, but from a modern-day perspective it has a number of information security issues, both in terms of architecture and implementation.

Conventional wisdom suggests that a properly configured Linux-based solution is sufficiently secure. However, the actual configuration process is quite complicated and most security restrictions can be bypassed. Besides, there are also difficulties with Linux that are related to the implementation of secure boot mechanisms, updating operating system components, and a multitude of other problems.

A large number of Linux-based branches and distributions have been developed that aim to improve security. Extensions have also been developed to tackle information security issues, including AppArmour, GRSecurity, PAX, SELinux, etc. These extensions help improve the security posture, though they cannot guarantee sufficient security, because the code base of the Linux kernel is quite large, and there’s no way of making the kernel’s computing base trusted. This problem appears to be insurmountable. According to, 453 vulnerabilities were detected in Linux kernels in 2017. That number includes 159 vulnerabilities that allow execution of arbitrary code in the kernel context. Exploitation of a vulnerability in the Linux kernel makes it possible to circumvent any protection mechanisms, even the most sophisticated and carefully configured.


Android 8.0 Oreo is the latest version of the Android operating system for mobile devices and, according to the developers, contains a multitude of new information security mechanisms. The key security features in this operating system are aimed at mitigating the consequences of exploiting vulnerabilities and reducing the attack surface, as well as the use of the principle of least privilege. There have also been changes to the API design and to the architecture. Some of the innovations are described below:

  • Smart protection of app authorization.
  • Advanced verification during updates of applications and the operating system to prevent common types of attacks, including rollback.
  • In-built support of HSM (hardware security module).
  • Application sandboxing with support for seccomp filters (secure computing restricts apps’ ability to make system calls) and the WebView component is isolated.
  • Support for a set of encryption profiles (different profiles use different sets of keys).
  • In-built support for two-factor authentication using physical keys.
  • Complicating paths to apps. An app can no longer be found at its static location. Instead, it is installed each time to a new location, and a special call to the system must be made to gain access to the app.
  • Discontinued support of outdated and vulnerable protocols and algorithms, such as SSL v3.0.

These are all necessary and useful measures that substantially complicate post exploitation of vulnerabilities and the ability to gain root privileges.

However, it shouldn’t be forgotten that the Linux kernel is inside Android with all the drawbacks inherent to it. An analysis of the monthly security bulletins shows that new vulnerabilities are being discovered in Android all the time, and a significant portion of them enable execution of arbitrary code.

Microkernel operating systems

One possible solution to the above problems is the use of microkernel architecture.

A microkernel provides only the elementary functions of process management and a minimum set of hardware abstractions. Most of the work is done with the help of dedicated user processes that don’t run in the kernel’s address space. This helps to substantially reduce the attack surface of the kernel services, while the kernel of the operating system can be rigorously verified (thanks to the small code base) using, among other things, formal verification methods. To learn more about verification and how it is different from validation, check out Ekaterina Rudina’s article devoted to this topic.

The most meaningful results from an information security standpoint have been shown for microkernel architectures, for example, the Separation Kernel approach and the use of MILS architecture.

Different types of microkernels and microkernel operating systems are widely available on the market. Some examples from this category are QNX, INTEGRITY RTOS, Genode, the L4 kernel and its derivatives.

We would like to dwell a little bit on the microkernel L4. It’s the result of an evolutionary process in the microkernel approach to the development of operating systems. Today, L4 is effectively the de facto standard in the development of microkernel operating systems.

L4 microkernel family

The L4 kernel was initially developed to demonstrate the feasibility of creating a microkernel that is suitable for use in real-life, general-purpose operating systems. This attempt can be considered rather successful: there now exists a whole family of research and commercial projects that make use of the L4 derivatives. The kernels of this family have been ported on a large number of hardware platforms. It should be noted that solutions based on L4 support operation in hard real-time mode.

Among the microkernel implementations currently supported the following can be highlighted:

  • seL4 – the first microkernel to be formally verified. It is still undergoing active development.
  • Codezero – a commercial version of the K4 kernel. The source code of the kernel is available under GPLv3 license, while the source of the additional modules and libraries is closed and distributed under commercial licenses.
  • OC – a version developed by TU Dresden and distributed under GPLv2 license; commercial support is available.

For the listed operating systems, there are different virtualization solutions available. There are also other virtualization solutions based on the L4 microkernel that are worth mentioning – they are OKL4, NOVA and the PikeOS operating system.

The microkernels of the L4 family are also used in the following operating systems:

  • Genode
  • TUD:OS – an operating system developed by TU Dresden on the basis of L4Re, which is an L4-based framework for constructing solutions.
  • CAamkES – a framework based on the L4 microkernel that was developed by Trustworthy Systems Research Group @Data61.
  • L4Linux – a porting of the Linux operating system based on the L4-family kernel. In this implementation of L4, Linux plays the role of a user mode service operating simultaneously with other L4 applications (including real-time components). Linux kernel versions up to 4.14 and hardware platforms x86 and ARM are supported.

From a security point of view, the seL4 kernel is the most important member of the L4 family.

The microkernel seL4 implements an object-capability model. Formal verification has been conducted for it, meaning the operating system’s properties can be guaranteed within specified concepts and assumptions; this improves the overall protection status of the solution. However, if the input assumptions are incorrect, problems can arise. For instance, a substantial drawback of the formal model during seL4 verification is that it rules out simultaneous execution of several processes (a single-processor system with blocked interruptions is envisaged).

The object-capability model provides detailed control over system behavior, but by no means all security properties can be described with its help. There are numerous other security models whose properties are impossible to express based on the object-capability model. For example, security properties may depend on system status, take time relationships into account, etc. To describe such properties, extra mechanisms need to be added to the solution, and in that case the advantages of seL4 are lost.

KasperskyOS makes use of many of the ideas used in seL4. However, it also allows for a description of any security properties by using Kaspersky Security System (KSS), part of the KasperskyOS architecture.

Hybrid operating systems

A hybrid kernel exhibits a combination of properties typical of monolithic and microkernel architectures; a hybrid kernel-based operating system architecture is essentially a modified microkernel that allows operating system modules to be executed in the kernel space to expedite operation.

Operating systems with hybrid kernels have emerged as a result of attempts to use the advantages of microkernel architecture while retaining as much of the well-tested monolithic kernel code as possible. In operating systems of this class, however, the problem of information security remains unsolved, because the attack surface remains large.

The ‘secure by design’ requirement

Many of the older operating systems were initially developed with no regard for information security. When security features are introduced, functional mechanisms cease to operate as they did before, and compatibility issues arise. For this reason, and a host of others, it’s impossible to completely revisit the architectures of these systems, and there can be no security guarantees – it’s only possible to talk of enhancing some security-related properties. There are many examples of such solutions, including QNX, Linux, and FreeBSD.

Only those operating systems that took information security requirements into consideration during development can ensure proper implementation of security mechanisms without impacting their functional capabilities. The use of a secure-by-design approach is a key requirement for the final solution to be certified to Common Criteria standard, starting with EAL4. Examples of secure-by-design operating systems are seL4, INTEGRITY RTOS, MUEN RTOS, KasperskyOS and several others.


From the very start, KasperskyOS was created to meet the most rigid information security requirements. It was based on advanced practices and approaches to creating secure systems, in line with the requirements of all essential security standards. In light of this, KasperskyOS can be considered a truly secure operating system from its inception.

KasperskyOS uses microkernel architecture in which the microkernel system tools divide the system into security domains, or ‘entities’ in KasperskyOS terms. All communications between security domains (inter-process communications, IPC) are performed using the microkernel – and controlled by it. No communications are allowed to bypass the microkernel.

All communications are typed: the interface of the entities is described in IDL (Interface Definition Language), and only this interface can be used for IPCs. This is where KasperskyOS differs significantly from most other operating systems.

The KasperskyOS microkernel operates in conjunction with Kaspersky Security System (KSS), which is a subsystem that calculates security verdicts. For each IPC, the KasperskyOS microkernel requests a verdict from KSS, which it uses as a basis for permitting or blocking that particular IPC. For verdict calculation, it is not only the fact and type of communication that is taken into account but also the system’s topology, the context in which the communication takes place, as well as the assigned policy described within the framework of a set of formal security models.

KSS supports a large number of formal security models, for example, Domain Type Enforcement, Object Capability, Role-Based Access, diverse temporal logic dialects, etc. New models can be added when required.

This provides the developer with a flexible tool to describe security policies with as high a level of detail as required. We are not aware of any other solution that provides this degree of detail.

Security policies are defined in a high-level language, which greatly simplifies the verification of the solution in accordance with stipulated requirements. This also makes it possible to run formal verification of the described properties[1].

If we consider systems with limited functional capabilities that perform a limited set of functions, theoretically it’s possible to provide the specified security properties and guarantee there are no vulnerabilities in the software code.

As a solution grows progressively more complex, the addition of different protocols, algorithms, functions, etc. makes it impossible to guarantee there are no vulnerabilities in it. Special measures must be taken to ensure these vulnerabilities cannot be exploited or that their exploitation does not lead to undesirable consequences. These protection measures should include isolation of processes, restricted access to resources, attack detection systems and countermeasures, etc. In that case, the security properties must be guaranteed by the system’s trusted components, i.e., by the OS kernel, security features, subsystems providing specific types of protection, such as cryptographic protection, etc.

At the same time, the relevant security policies need to be defined in an increasingly detailed way, and there comes a point when the capabilities of policy refinement reach a limit. For example, capability-based policies can allow or deny access to a certain resource, though there is no ability to define a situation in which such access would be contingent on something. In such cases, the required security properties are considered functional requirements, and are implemented in the solution’s code along with its other features. This leads to a progressive growth in the volume of the code base that needs to be controlled, and ensuring its verifiability becomes an increasingly challenging task. Consequently, the solution again becomes insecure.

With the help of KasperskyOS and KSS, it’s possible to provide as detailed a description of security properties as desired, and through decomposition of the solution it’s possible to select a limited set of individual modules containing the minimum required functions that require verification. These modules can be viewed as standalone and isolated – their verification then becomes easy.

The code base of KSS responsible for implementing the solution’s security policies can be generated, is formally verifiable[2] and, in this sense, it is trusted. This solves the problem of uncontrolled growth of the code base to which requirements of trust are imposed.

Since security properties are defined regardless of the functional logic, the developer can construct a security system for their solutions without taking into account the details of how specific components are implemented.

The described capabilities of KasperskyOS make it possible to follow a natural course of developing secure solutions that includes the following steps:

  1. Threat analysis and threat modeling.
  2. Development of a set of formal security policies to counter the threats described in step 1.
  3. Decomposition of the solution into security domains, and definition of IPC interfaces in line with the data obtained at step 2.
  4. Implementation of the solution in line with the data obtained at step 3, and configuration of security policies aligned with the results obtained at step 2.

The ability to follow the described process of development is an important methodological advantage over other operating systems. This ensures a key advantage of KasperskyOS: complex systems can be built to meet specific information security characteristics.

KasperskyOS supports virtualization with the help of the Kaspersky Secure Hypervisor (KSH) application. Its key feature is that it can work together with KSS to implement security policies related to the control of virtual machine access to the hypervisor’s internal resources. KSH is a lightweight solution. This makes it possible to verify its code base and means it can be viewed as being part of a trusted platform. The hypervisor can apply KSS verdicts to its internal processes even in situations where cross-domain interaction does not take place.

This capability does not exist in any other virtualization solutions; it is only possible to set rules to define how a specific virtual machine interacts with other isolated components of the system.


Now, in the internet-of-things era, cybersecurity issues surrounding connected devices are becoming increasingly critical. In our opinion, it is the security of the operating system that defines the overall level of cybersecurity of an entire embedded system. Unfortunately, issues of information security are still not given sufficient consideration during the development of operating systems. For nearly half of the operating systems we have considered, information security aspects are either not addressed whatsoever, or the functions associated with information security are implemented at a level that is unsatisfactory.

We hope that this review will, firstly, encourage the developers of operating systems for embedded systems to devote more attention to issues of cybersecurity, and, secondly, help developers choose an operating system for their projects. After all, it’s important for all of us that the internet of things doesn’t grow into an internet of threats.

[1] No formal verification of KSS has been performed as of yet; however, the approach employed allows for it.
[2] At this time, the requirement of formal verifiability is not met; however, there are vigorous efforts being made towards this end.

Five Reasons I Want China Running Its Own Software

Periodically I read about efforts by China, or Russia, or North Korea, or other countries to replace American software with indigenous or semi-indigenous alternatives. I then reply via Twitter that I love the idea, with a short reason why. This post will list the top five reasons why I want China and other likely targets of American foreign intelligence collection to run their own software.

1. Many (most?) non-US software companies write lousy code. The US is by no means perfect, but our developers and processes generally appear to be superior to foreign indigenous efforts. Cisco vs Huawei is a good example. Cisco has plenty of problems, but it has processes in place to manage them, plus secure code development practices. Lousy indigenous code means it is easier for American intelligence agencies to penetrate foreign targets. (An example of a foreign country that excels in writing code is Israel, but thankfully it is not the same sort of priority target like China, Russia, or North Korea.)

2. Many (most?) non-US enterprises are 5-10 years behind US security practices. Even if a foreign target runs decent native code, the IT processes maintaining that code are lagging compared to American counterparts. Again, the US has not solved this problem by any stretch of the imagination. However, relatively speaking, American inventory management, patch management, and security operations have the edge over foreign intelligence targets. Because non-US enterprises running indigenous code will not necessarily be able to benefit from American expertise (as they might if they were running American code), these deficiencies will make them easier targets for foreign exploitation.

3. Foreign targets running foreign code is win-win for American intel and enterprises. The current vulnerability equities process (VEP) puts American intelligence agencies in a quandary. The IC develops a zero-day exploit for a vulnerability, say for use against Cisco routers. American and Chinese organizations use Cisco routers. Should the IC sit on the vulnerability in order to maintain access to foreign targets, or should it release the vulnerability to Cisco to enable patching and thereby protect American and foreign systems?

This dilemma disappears in a world where foreign targets run indigenous software. If the IC identifies a vulnerability in Cisco software, and the majority of its targets run non-Cisco software, then the IC is more likely (or should be pushed to be more likely) to assist with patching the vulnerable software. Meanwhile, the IC continues to exploit Huawei or other products at its leisure.

4. Writing and running indigenous code is the fastest way to improve. When foreign countries essentially outsource their IT to vendors, they become program managers. They lose or never develop any ability to write and run quality software. Writing and running your own code will enroll foreign organizations in the security school of hard knocks. American intel will have a field day for 3-5 years against these targets, as they flail around in a perpetual state of compromise. However, if they devote the proper native resources and attention, they will learn from their mistakes. They will write and run better software. Now, this means they will become harder targets for American intel, but American intel will retain the advantage of point 3.

5. Trustworthy indigenous code will promote international stability. Countries like China feel especially vulnerable to American exploitation. They have every reason to be scared. They run code written by other organizations. They don't patch it or manage it well. Their security operations stink. The American intel community could initiate a complete moratorium on hacking China, and the Chinese would still be ravaged by other countries or criminal hackers, all the while likely blaming American intel. They would not be able to assess the situation. This makes for a very unstable situation.

Therefore, countries like China and others are going down the indigenous software path. They understand that software, not oil as Daniel Yergen once wrote, is now the "commanding heights" of the economy. Pursuing this course will subject these countries to many years of pain. However, in the end I believe it will yield a more stable situation. These countries should begin to perceive that they are less vulnerable. They will experience their own vulnerability equity process. They will be more aware and less paranoid.

In this respect, indigenous software is a win for global politics. The losers, of course, are global software companies. Foreign countries will continue to make short-term deals to suck intellectual property and expertise from American software companies, before discarding them on the side of Al Gore's information highway.

One final point -- a way foreign companies could jump-start their indigenous efforts would be to leverage open source software. I doubt they would necessarily honor licenses which require sharing improvements with the open source community. However, open source would give foreign organizations the visibility they need and access to expertise that they lack. Microsoft's shared source and similar programs were a step in this direction, but I suggest foreign organizations adopt open source instead.

Now, widespread open source adoption by foreign intelligence targets would erode the advantages for American intel that I explained in point 3. I'm betting that foreign leaders are likely similar to Americans in that they tend to not trust open source, and prefer to roll their own and hold vendors accountable. Therefore I'm not that worried, from an American intel perspective, about point 3 being vastly eroded by widespread foreign open source adoption.

TeePublic is running a sale until midnight ET Thursday! Get a TaoSecurity Milnet T-shirt for yourself and a friend!

IQ Retail Guards Against New Age Threats with Panda Security


“Stories of cyber-attacks hit the news almost daily – data breaches, DDos attacks, email hacks and phishing attacks – reminders of the dangers of the internet” says Jeremy Matthews Regional Manager of Panda Security Africa. “Yet somehow all of these attacks still seem foreign– as though it would never happen to you, however the reality is, South African businesses are affected by these threats” continues Matthews.

IQ Retail MD, Chris Steyn knows this all too well and has seen first-hand the dramatic rise of new age threats such as Ransomware. Software company IQ Retail, provides expertise in complete financial and business administration solutions, focusing on the development of business systems for the accounting and retail management environment. Since its inception in 1986, IQ Retail has grown to become one of the premium providers of innovative business solutions.

“Few businesses realise the seriousness of these threats and the damage they can have on a business’’, says Steyn. “ The problem we have found is twofold; firstly, businesses do not have adequate security software protecting their network, and secondly, they do not have effective backups in place”, continues Steyn.

He recognises that these advanced threats stem from a situation in which hackers no longer need to be tech savvy, with access to ready-made Malware toolkits available on the dark web. New malware variants are created daily and many security vendors are unable to keep up. As a result, businesses are being attacked more often and Cybercrime has become more profitable and easier to implement than ever before.

Speaking to Panda Security about his experience working with many South African businesses Steyn says, “We have noticed two week spikes in attacks that most often occur on the weekend when there are few people in the office. This puts businesses in a tough position that often leads to payment of the ransom or worse, a loss of company data”

Taking note of the shifting dynamic, IQ Retail developed a multi-layered approach, implementing security solutions at every level of their infrastructure, as well as ensuring backups are in place and procedures are being followed. Despite their efforts, Ransomware was still able to penetrate their network.

Advanced Protection

In order to prevent further breaches, Steyn and his team did extensive research into solutions offered by various vendors. They discovered that conventional AV solutions are unable to prevent zero-day Ransomware and other advanced threats from entering the network.
Steyn turned to Panda to implement a final effort to mitigate the threat of Ransomware. “Through our research, we realised that Panda’s Adaptive Defense 360 software is the only solution that could give us comprehensive protection. AD360 allows us to proactively manage the security on our network and track possible risk situations” says Steyn.

The Solution

Steyn explains that the current environment requires new generation protection solutions such as Adaptive Defense 360 that provide an Endpoint Detection and Response (EDR) service to accurately classify all running programs on your network. This means that only legitimate programs are able to run.

Panda’s EDR technology model is based on three phases: Continuous monitoring of applications on a company’s computers and servers. Automatic analysis and correlation using machine learning on Panda’s Big Data platform in the cloud. Finally, Endpoint hardening and enforcement – blocking all suspicious or dangerous processes, with notifications to alert network administrators.

AD 360 combines EDR with full conventional Endpoint Protection (EPP) to deliver comprehensive protection.
For more information on how to protect your business from the advanced threats we see today, contact Panda Security.

The post IQ Retail Guards Against New Age Threats with Panda Security appeared first on