Partners,
If you haven't heard already, you'll be interested to know that release of Enterprise Vault 10.0.4 is now generally available. You can read the official blog post at the following location:
Enterprise Vault 10.0.4 is now Generally Available
This weekend one of my favorite bands won free concert tickets on Twitter. They tweeted about the message they received from another Twitter user.
Figure 1. Sarcastic tweet about free concert tickets
This type of scam looked familiar from a security standpoint. Upon further investigation, we at Symantec Security Response confirmed these suspicions.
Figure 2. Spam account replies to specific tweet
I wrote a blog about free stuff on social networks and how it was not free about a year ago. These fake accounts were offering free devices and free gift cards to users tweeting specific keywords. In this case, the band wrote about their albums of the year (AOTY) picks, which mentioned Kanye West in the tweet. His name was used as a keyword that a random fake account was monitoring, which led to a reply offering free concert tickets. If a Twitter user tweets the name of an artist (e.g., Kanye, J. Cole, Jay-Z, Beyoncé), they are likely to receive one of these tweets.
106 & Park is a music video countdown show that airs weekdays on BET (Black Entertainment Television). The show has an official Twitter account that has over 5 million followers and over 13,000 tweets. The fake Twitter accounts are using the official logo and background image to try to convince users that they are legitimate. However, these fake Twitter accounts typically have no followers and only a couple of tweets, making it obvious that this is a scam.
Figure 3. Official 106 & Park Twitter account
Figure 4. Fake 106 & Park Twitter account
One thing to note here is that unlike before, these scam accounts are not providing a direct link to users in their reply. Instead, they are asking users to visit their profile page in order to click on a link in their profile bio.
Users that click on this link will be directed to a page that contains more BET branding, featuring images of some of today’s most well-known artists.
Figure 5. Free ticket scam landing page
Clicking on the “CLAIM MY VIP TICKETS” button on a computer leads users to a page that requests personal information from the user. However, it does not appear that this information is captured by the scammers. Rather, this is for cosmetic purposes, to make it appear as though this free ticket offer is legitimate.
Figure 6. V.I.P. Giveaway page requests personal information
If users visit the same page from a mobile phone, they are asked to install one out of a choice of several applications instead. This is one way to make money from a scam like this, through affiliate programs, and scammers have just recently started using these mobile affiliate programs. One of the most recent examples targeted users of Twitter's video sharing service, Vine.
Figure 7. Mobile affiliate program for app installation
Figure 8. Fake page offering free tickets to One Direction and Justin Bieber concerts
Similar scam tweets
In recent months, fans tweeting about pop stars One Direction, Justin Bieber, and Rihanna or their respective tours received the same type of scam tweets. In these cases, the landing pages for the scams asked them to fill out surveys, another common method scammers use to monetize these campaigns.
Figure 9. Fake page offering free tickets to Rihanna’s Diamonds tour
Right now, there are hundreds of fake accounts on Twitter spreading these types of scams. The most prominent one is the concert ticket scam. However, we are also seeing this exact type of scam with other lures, including:
If you’re a Twitter user and you receive a message claiming that you’re the winner of one of these prizes, you should immediately question it, be wary about clicking on any links, and report these fake accounts to Twitter.
When it comes to being a modern fan, if you’re offered free concert tickets, be very skeptical. Check the official social media accounts for the brands or artists to verify and if you’re still not sure, recognize that it is likely a scam.
Register Here: https://symantecevents.verite.com/29471/156513
Be sure to sign up for the next Enterprise Vault webcast on Why upgrade to Enterprise Vault 10. Alex Brown, Senior Product Manager, will be presenting
You will learn how we deliver better performance with our new 64-bit index, how to extend comprehensive archiving to SharePoint and UNIX file content, how Enterprise Vault Data Classification Services helps you archive only meaningful information, and more. You’ll leave knowing the benefits of upgrading.
Malicious quick response (QR) codes are not a new idea. Some readers might remember last year when it was found that a popular Android smartphone could be wiped by a malicious USSD code embedded within a QR code. QR codes have been in use for many years now, but when scanning them with a mobile phone the user can never tell where they will end up.
To protect against automated redirection to malicious sites with QR codes, Symantec created the Norton Snap application which scans any URL before the user is redirected to the destination address. Currently, we get a few thousand URL lookup requests each day from our users. During the last month, only 0.03 percent of those URLs were malicious. That is not a huge risk, but we have already seen cases where QR codes for snack vending machines were replaced, so that the paid for snacks get released at a different location.
Figure. Google Glass and QR codes
Don’t look now
Google Glass is one of the hottest pieces of technologies out at the moment and we’ve got our hands on a number of them for research purposes in our labs. As far as the relationship between Glass and QR code goes, it provides an easy way to configure the device; after all it would be quite difficult to input text using your eyes. Our colleagues at Lookout analyzed how Google Glass can be manipulated using malicious QR codes. Wearable devices by their nature can open up new attack vectors because the user interacts with them differently. Lookout have stated when taking a photo of a QR code, Glass will silently connect to a potentially malicious WiFi access point. This gives the word photobombing a whole new meaning. Glass doesn't support all general QR codes, but does use them for reconfiguring the device's preferred WiFi access point.
Once the Google Glass device connects to the access point of an attacker, the attacker can sniff all the traffic or even redirects users of the device to a malicious website. Fortunately, Google is aware of this issue and have already fixed it—so you don’t have to keep looking away from QR codes while taking pictures.
QR code is not the only way to PWN a device…
So, while Glass’ ability to get QR photobombed was interesting, there are far easier ways to get a mobile device connected to a rogue WiFi access point. Many people have WiFi enabled all the time on their smartphones. This means the device constantly probes the surroundings to see if there is a known access point to connect to. Similar behavior is expected in new wearable devices to make it easier for them to interact with. There is software available that will impersonate any network that a device searches for, and this software is quite easy to use. You can even buy a small device called WiFi Pineapple that will do all the work for you. For example, when your smartphone remembers your home network with the SSID name “myPrivateWiFi”, the attacker will simply answer the probe request and pretend to be that specific network. From that point on classic man-in-the-middle (MITM) attacks, like session hijacking or sniffing, can be performed. It is actually easier to get a wearable device like Google Glass or a smartphone to connect to a rogue access point in this way since accidental recognition of a QR code is not required. So even with Google's patch against QR photobombing, Glass remains vulnerable to WiFi hijacking.
Unfortunately the WiFi hijacking issue is not trivial to solve. Users want a smooth user experience that works without the hassle of pairing the devices each time they use a WiFi hotspot. Remembering the MAC addresses of the access points together with the SSID could help in some instances, but that is not feasible in the context of roaming and MAC addresses that can be easily spoofed as well.
The more practicable solution to WiFi hijacking is to treat every network as hostile and ensure that all the applications use encrypted communications like SSL or to tunnel through a VPN. That way you don’t have to worry about where you are or what you are looking at, but instead can relax and enjoy the sunshine.
ランサムウェアはマルウェアの一種ですが、最近、シマンテックのノートンの公式ロゴを使って、あたかもシマンテックの認定を受けているかのように思い込ませるランサムウェアが出現したと報道されています。これは、マルウェアの作成者がユーザーを欺こうとしてソーシャルエンジニアリングでよく使う手口で、セキュリティ企業のロゴがランサムウェアに悪用されるのも初めてのことではありません。
シマンテックは、このランサムウェアを Trojan.Ransomlock.Qとして検出し、IPS 保護定義「System Infected: Trojan.Ransomlock.Q」でもそのネットワーク活動が検出されます。
図 1. ドイツ語ユーザーに表示される Trojan.Ransomlock.Q(ノートンのロゴに注目。画像提供: Heise Online)
今までと同様、万一ランサムウェアに感染してしまった場合でも、けっして身代金は支払わないでください。かわりに、シマンテックが提供している駆除手順に従うか、削除手順を示したこちらのビデオ(英語)を参照してください。
ランサムウェアの機能と手口は、ここ数年ほとんど変化していません。亜種ごとに新しいデザインは無数に登場していますが、デザイン上の習慣は一定しており、通例は公式の機関や正規のセキュリティ企業に偽装して信憑性を獲得しようとしています。
Trojan.Ransomlock.Q(別名 Urausy)の場合、作成者はこれまでどおり非常に活動的で、標的とする国に応じた政治情勢の変化に合わせて頻繁にデザインを更新します。きわめて巧妙で、最新のニュースにもいち早く対応しています。理由は不明ですが、アイルランド語のバージョンではノートンのロゴが使われていません。
図 2.アイルランド語ユーザーに表示される Trojan.Ransomlock.Q
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。
QR(クイックレスポンス)コードの悪用そのものは、目新しい発想ではありません。昨年、QR コードに埋め込まれた悪質な USSD コードによって、Android スマートフォンの人気機種でデータが消去される恐れがあると判明したケースを覚えている方もいらっしゃるでしょう。QR コードは何年も前から使われていますが、モバイル端末で読み取った場合、そのデータがどうなるのかユーザーにはまったくわかりません。
シマンテックは、QR コードによる悪質なサイトへの自動リダイレクトを防ぐために、ノートン スナップというアプリケーションを作成しました。リンク先アドレスにリダイレクトされる前に、その URL がスキャンされます。すでに、ユーザーから毎日数千件の URL ルックアップ要求が届いています。先月は、総数のうち悪質な URL が占める比率は 0.03% にすぎなかったため、まだ大きなリスクとは見なされていません。しかし、スナック自動販売機の QR コードが乗っ取られ、スナックの料金が別の場所に支払われてしまうというケースがすでに発生しています。
図. Google Glass と QR コード
見てはいけない
Google Glass は現在特に注目を集めているテクノロジのひとつであり、シマンテックの研究室でも調査目的で多くの Google Glass 端末を手に入れました。Google Glass と QR コードの関係について言えば、QR コードを使って設定は簡単になります。何といっても目を使ってテキストを入力するというのはかなり難しいでしょう。セキュリティ企業の Lookout社が、悪質な QR コードを使って Google Glass を操作できる方法を分析しました。ウェアラブルデバイスは、ユーザーとのインターフェースがこれまでと異なるという性質上、新しい攻撃経路になる可能性があります。Lookout 社によると、QR コードを撮影すると、Google Glass は悪質な恐れのある Wi-Fi アクセスポイントに知らないうちに接続する可能性があります。こうなると、フォトボム(photo-bombing。撮影者の意図に反した被写体が映り込むことを指す俗語)という言葉がまったく新しい意味を持ってきます。Google Glass は一般的な QR コードをすべてサポートしているわけではなく、デバイスの優先 Wi-Fi アクセスポイントの再設定に利用しています。
Google Glass が悪質なアクセスポイントに接続すると、攻撃者はトラフィックをすべて盗聴し、場合によってはユーザーを悪質な Web サイトにリダイレクトします。幸い、Google 社もこの問題を認識しており、すでに修正済みなので、Google Glass で写真を撮るとき、いちいち QR コードを避ける必要はなくなりました。
デバイスを制御する方法は QR コードに限らない……
Google Glass が QR コードによってフォトボムを受ける可能性には注意が必要ですが、モバイルデバイスを悪質な Wi-Fi アクセスポイントに接続させるには、もっと簡単な方法もあります。今では、ほとんどの人がスマートフォンの Wi-Fi 機能を常時オンにしています (Google Glass もです)。つまり、デバイスは接続できる既知のアクセスポイントがないかどうか、周囲の環境を常に調べているわけです。新たに登場したウェアラブルデバイスもインターネット接続を簡単にするために同じように動作すると予測されますが、デバイスが検索するネットワークを簡単な方法で偽装できるソフトウェアも出回っています。WiFi Pineappleという小型デバイスを買えば、必要な操作をすべて自動的に実行してくれます。たとえば、自分のスマートフォンが「myPrivateWiFi」という SSID 名の自宅の Wi-fi ネットワークに常に接続する設定になっているとします。このスマートフォンを持っていった近所のコーヒーショップに、攻撃者が悪質な WiFi Pineapple を取り付けていれば、攻撃者が仕掛けた WiFi Pineapple はスマートフォンが myPrivateWiFi を検索したときに、単にプローブ要求に応えるだけで myPrivateWiFi ネットワークになりすますことができ、その時点から、セッション乗っ取りや盗聴といった典型的な中間者(MITM)攻撃が実行可能になります。この種の攻撃は QR コードを認識しないデバイスでも実行できます。したがって、Google 社が QR フォトボムに対するパッチを公開しても、Wi-Fi 乗っ取りに対する Google Glass の脆弱性は依然として残ることになります。
残念ながら、Google Glass の Wi-Fi 乗っ取りは、すぐに解決できるほど小さな問題ではありません。Wi-Fi ホットスポットを使うたびにデバイスをペアリングするという手間をかけず、すぐに使えるスムーズなユーザーエクスペリエンスが望まれているからです。よく使うアクセスポイントの MAC アドレスと SSID の併用が有効な場合もありますが、ローミングが関係してくると実用的ではなくなりますし、MAC アドレスも WiFi Pineapple で簡単に詐称できてしまいます。
それより現実的な Wi-Fi 乗っ取りの解決策は、ネットワークはどこでも危険なものという前提に立って、すべてのアプリケーションで SSL などの暗号化通信、または VPN 経由のトンネルを使うことです。こうすれば、現在地についても、接続先についても気にする必要はなくなり、安心して日光浴を楽しむことができます。
* QR コードは (株)デンソーウェーブの登録商標です。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。
We live in a time when disruption to critical IT systems can have devastating effects on the day-to-day operation of business. Whether these service interruptions come in the form of security threats, configuration errors, power outages, natural disasters, or technology upgrades, Business Continuity needs to go beyond simply protecting data or meeting Service Level Agreements (SLAs). Continuity must be maintained while embracing virtualization, cloud and other new technologies.
Tune in to the next installment of our Google+ Hangout Virtual Vision series for a more in-depth discussion from our Symantec experts, Paul Belk and Arun Balakrishnan, to learn about best practices and technologies for protecting your data wherever it resides and keeping applications highly available. You can also join in the conversation by using the hashtag #SYMChangout.
Mark your calendars:
Title: Google+ Hangout On Air: The New Era of Business Continuity
Date: Wednesday, July 31, 2013
Time: Starts at 9:30 am PT
Length: 1 Hour
Where: Google+ Hangout: http://bit.ly/13q1GFd
We live in a time when disruption to critical IT systems can have devastating effects on the day-to-day operation of business. Whether these service interruptions come in the form of security threats, configuration errors, power outages, natural disasters, or technology upgrades, Business Continuity needs to go beyond simply protecting data or meeting Service Level Agreements (SLAs). Continuity must be maintained while embracing virtualization, cloud and other new technologies.
Tune in to the next installment of our Google+ Hangout Virtual Vision series for a more in-depth discussion from our Symantec experts, Paul Belk and Arun Balakrishnan, to learn about best practices and technologies for protecting your data wherever it resides and keeping applications highly available. You can also join in the conversation by using the hashtag #SYMChangout.
Mark your calendars:
Title: Google+ Hangout On Air: The New Era of Business Continuity
Date: Wednesday, July 31, 2013
Time: Starts at 9:30 am PT
Length: 1 Hour
Where: Google+ Hangout: http://bit.ly/13q1GFd
You might remember an experience where you tried to right-click on a web page but got a pop-up message saying that the “right-click functionality has been disabled”. Sometimes you may be trying to copy an image or view the source of a web page but when the right-click is disabled, these things would seem impossible. Bank websites and other sites that require a secure transaction such as a payment gateway are the ones to impose this kind of limited functionality on their pages. In this post, I will show you the ways by which you can easily bypass right-click block feature on any website.
In order to block the right-click activity, most websites make use of JavaScript which is one of the popular scripting languages used to enhance functionality, improve user experience and provide rich interactive features. In addition to this, it can also be used to strengthen the website’s security by adding some of the simple security features such as disabling right-click, protecting images, hiding or masking parts of a web page and so on.
How JavaScript Works?
Before you proceed to the next part which tells you how to disable the JavaScript functionality and bypass any of the restrictions imposed by it, it would be worthwhile for you to take up a minute to understand how JavaScript works.
JavaScript is a client side scripting language (in most cases), which means when loaded it runs from your own web browser. Most modern browsers including IE, Firefox, Chrome and others support JavaScript so that they can interpret the code and carry out actions that are defined in the script. In other words, it is your browser which is acting upon the instruction of JavaScript to carry out the defined actions such as blocking the right-click activity. So, disabling the JavaScript support on your browser can be a simple solution to bypass all the restrictions imposed by the website.
How to Disable the JavaScript?
Here is a step-by-step procedure to disable JavaScript on different browsers:
For Internet Explorer:
If you are using IE, just follow the steps below:
From the menu bar, go to Tools -> Internet Options.
In the “Internet Options” window, switch to Security tab and click on the button Custom level…
IE Security Settings
From the Security Settings, look for the option Active scripting and select the Disable radio button as shown above and click on “OK”.
You may even select the Prompt radio button, so that each time a page is loaded, you will have the option to either enable or disable the scripting.
For Google Chrome:
If you are using Chrome, you can disable the JavaScript by following the steps below:
Click on the Chrome “menu” button (on the top right corner) and select Tools.
From the “Settings” page, click on Show advanced settings…
Now under Privacy, click on the button Content settings…
Chrome Content Settings
Under the JavaScript, select the radio button which says “Do not allow any site to run JavaScript” and click on “Done”.
For Mozilla Firefox:
Steps to disable JavaScript on Firefox:
From the menu bar, click on Tools -> Options.
From the Options window, switch to Content tab, uncheck the option which says “Enable JavaScript” and click on “OK”.
Firefox Content Options
How to Bypass the Right Click Block?
In order to bypass the right-click block or any other restriction imposed by JavaScript, all you need to do is just disable it in the browser and refresh the same page, so that it now reloads without JavaScript functionality. You are now free to right-click on the page, view its source or even copy any of the images that you may want to. Don’t forget to re-enable the JavaScript once again when your job is over. Otherwise lack of JavaScript support may result in unusual rendering of web pages.
I'm a big fan of 'known issues' type of pages, and just having a single page to go to in order to check whether there are any post-release issues, hotfixes, updates and so on. It's a must-have for software products I think. So, here is the one for the recently released Enterprise Vault 10.0.4:
http://www.symantec.com/docs/TECH200691
先日、私の好きなバンドが、Twitter でコンサートの無料チケットに当選しました。これは、他の Twitter ユーザーから受け取ったメッセージについてのツイートでした。
図 1.コンサートの無料チケットについて皮肉るツイート
これはセキュリティ上の観点から言えば定番の詐欺のようであり、シマンテックセキュリティレスポンスでさらに調べたところ、その疑惑が裏付けられました。
図 2.スパムアカウントが特定のツイートに返信
ソーシャルネットワーク上で謳われる無料提供と、それが無料ではない実態については、1 年以上前にブログでお伝えしました。こうした偽のアカウントは、特定のキーワードをツイートしたユーザーに対して、デバイスやギフトカードを無料で進呈すると称していました。今回のケースでは、このバンドがアルバムオブザイヤー(AOTY)の選定についてツイートし、その中でカニエ・ウェストの名前を出しました。この「カニエ・ウェスト」という名前が、ランダムな偽アカウントによって監視されているキーワードとして使われていたために、無料チケット進呈というツイートが返信されたのです。Twitter でアーチストの名前(カニエ・ウェスト、J コール、ジェイ・Z、ビヨンセなど)をツイートすると、こうした詐欺ツイートを受け取る可能性があります。
106 & Park は、BET(ブラックエンターテインメントテレビジョン)で平日に放送されているミュージックビデオのカウントダウン番組です。この番組は公式の Twitter アカウントを持っており、フォロワー数は 500 万人以上、ツイート数は 13,000 を超えています。偽の Twitter アカウントは、公式のロゴと背景画像を使って正規アカウントに偽装していますが、通常、こうした偽 Twitter アカウントにはフォロワーがおらず、ツイート数もわずかなため、詐欺であることは一目瞭然です。
図 3. 106 & Park の公式 Twitter アカウント
図 4. 106 & Park の偽 Twitter アカウント
これまでとは違って注意が必要なのは、今回の詐欺アカウントが返信の中に直接はリンクを指定していないことです。代わりに、プロフィールページにアクセスして、プロフィール中のリンクをクリックするよう求めています。
このリンクをクリックすると、BET ブランドについて詳しく書かれたページにリダイレクトされ、最近の有名アーチストの画像が表示されます。
図 5.無料チケット詐欺のランディングページ
[CLAIM MY VIP TICKETS(VIP チケットを受け取る)]ボタンをクリックすると、ユーザーの個人情報を要求するページにリダイレクトされます。ところが、この情報を詐欺師が受け取っている様子はなく、どちらかというと、この無料チケットプレゼントを正規のものらしく見せる体裁だけが目的のようです。
図 6. VIP 向けプレゼントページで個人情報が要求される
同じページにモバイルデバイスからアクセスした場合には、いくつかのアプリの中から 1 つをインストールするように指示されます。これは、この手の詐欺でアフィリエイトプログラムを通じて金銭を稼ごうとする手法のひとつで、詐欺師は、最近になってこうしたモバイル向けアフィリエイトプログラムを使い始めています。ごく最近では、Twitter の動画共有サービスである Vine のユーザーが狙われた例もあります。
図 7.アプリのインストールを求めるモバイル向けアフィリエイトプログラム
図 8.ワンダイレクションとジャスティン・ビーバーのコンサートの無料チケット進呈を謳う偽ページ
類似の詐欺ツイート
この数カ月間に、ワンダイレクションやジャスティン・ビーバー、リアーナなどの人気スターや、そのコンサートツアーについてツイートしたファンたちも、同様の詐欺ツイートを受け取っています。これらのケースでは、詐欺のランディングページでアンケートの記入を求められます。これも詐欺師が詐欺行為で収益を上げるための常套手段です。
図 9.リアーナの「ダイアモンド・ツアー」の無料チケット進呈を謳う偽ページ
現時点で、このようなタイプの詐欺を拡散している偽の Twitter アカウントは数百あります。最も顕著なのがコンサートチケット詐欺ですが、以下のように、他の餌を使って、これとまったく同様の詐欺も確認されています。
Twitter を使っていて、このように賞品が当選したと称するツイートを受け取った場合は、まず怪しいと疑うべきです。リンクはクリックしないように注意し、Twitter 社に偽アカウントを報告してください。
デジタル時代のファンである以上、コンサートの無料チケットを餌にされた場合には、特に疑ってかかる必要があります。ブランドやアーチストのソーシャルメディア公式アカウントを調べても疑惑が解消されないとしたら、それは詐欺と思って間違いありません。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。
An SSL certificate is a certificate that shows that the website is using Secure Sockets Layering for its connections. This means that the information that is transmitted through the site has been protected through the use of an appropriate encryption and decryption system. The SSL securing of a site creates a dual system of keys that are used to encrypt data and decrypt it later. On the website, any information that the site visitor enters into the portal, is encrypted using a public key. Therefore, when it is transmitted, it is transmitted as an encrypted piece of data that other people cannot get access to. Additionally, should they manage to get hold of this data; it will be meaningless as they will be unable to translate it into useful information. The second key is a private key that is held by the website owner. The website owner uses this to decrypt the encrypted data that the visitors of the website have transmitted. This translates it back into information that they can use.
SSL certificates authenticate the identity of the owner of the website. This makes the visitor to the site sure of the interaction that is taking place. It allows him/her to provide any confidential or private information that the website requests safely. It keeps online interaction safe and secure. Here is what this can do for your online business.
First, by securing the website using an SSL certificate, you will be able to create an e-commerce portal to perform online transactions. Most online payment processing service providers will not allow you to setup a portal for online transactions until you secure your website using SSL. Once this is done, you can enter into the lucrative fray of online commerce and start seeing substantial returns for your business. Ecommerce is a extremely lucrative venture as this is where the market has shifted. This is due to an increase in the computing technology that consumers have access to, combined with better internet network. Most consumers nowadays do a large portion of their buying online.
Second, the visitors on your website respond better to your online business as they are sure of security and safety of their private and confidential information. If they trust your website, this builds credibility for your business and allows consumers to engage you for your products and services. Every business today must have an online presence in the form of a website and social media. The key to success is turning the website into a platform that you can use to generate conversions.
Third, by securing your website you secure the data that are generated on it. The modern online business arena is designed to be data-centric. The focus has shifted to the generation of useful data that can be used to gain insight into market trends and consumer behavior patterns. The best way of doing this is creating a portal that the consumer trusts enough to allow it to capture their information.
SSL Certificate has become a mandatory qualification for businesses to engage in financial transactions or exchange of sensitive information with their customers.
Managed PKI Service Release 8.9 continues to improve the administrator and end user experience through various ease of use and productivity enhancements. Also in this release is support for new environments, platforms, and the availability of new integration guides.
Ease of Use Enhancements
Certificates to Meet Your Evolving Needs
Updated Platform Support
New Integration Guides
The following integration guides have been added to PKI Manager and are available for download through the Resources section. Integration guides allow you to configure relying party applications to consume Managed PKI Certificates.
Ease the Migration to Manage PKI 8.x
New Organizational Adobe and Secure Gateway certificates
Delete profiles and automatically revoke certificates
Videos are hot these days. People are posting home-made videos of everything from their cats to romantic rants or new songs. Some clever companies are starting to use customer video feedback for social outreach as well, hooking into this new viral craze. Sports fans like me have seen the competitions for the best customer-made commercial on TV, and looked up our favorites on YouTube.
However, with all these videos being created, it creates a new vector for virii or other malware to be downloaded when people view the clips. It's clear that videos and testimonials are important to the future of marketing and social media, so what remains is a clear need to create, upload, and share videos more securely.
Buzztala, one of Symantec's partners, has created a Social Video Platform to work with businesses that want to let customers upload videos, testimonials, and other social networking content. Buzztala is running SSL on their hosting platform, and adds the Norton Secured Seal to help customers and businesses feel more secure in how they exchange and save information.
Last week Symantec and Buzztala hosted a Webinar titled, “Building Trust with Your Customers Through Social and Mobile Content.” The new social media: It's all about building ROI, and trust helps make conversions. Symantec’s own Jeff Barto was one of the presenters. I encourage you to give a listen, and learn something new about the video social outreach. A full replay is available here.
We all know that mobile phones have been the focus of cybercriminals for a while now. But Trojanized mobile applications are only one attack scenario. Some problems lie even deeper in your phone. Karsten Nohl, a German researcher who has done a lot of work with GSM networks and mobile phones in the past, has found a critical vulnerability connected to mobile phones.
The target of the attack is the SIM card (Subscriber Identification Module) which is present in all mobile phones. This smart card is responsible for the unique identification number known as the IMSI (International Mobile Subscriber Identity) and also for handling the encryption when communicating with the telephone network. Nohl discovered that many SIM cards, instead of using AES or at least 3DES, still use the DES encryption standard which is known to be weak and easily breakable with today’s hardware.
Figure 1. SIM cards
An attacker can send a cleverly crafted silent binary SMS update message over-the-air (OTA) to the mobile phone, even without knowing the private signing key. The device will reject the unsigned message, but it will also answer with an error code signed with the 56-bit DES private key. This allows the attacker to crack the private key through a brute-force attack. During tests, Nohl was able to break the key in a few minutes using rainbow tables.
Once the key is known, an attacker can go ahead and sign malicious software updates, which are essentially mini Java applets, and send them through OTA updates to the mobile phone. Since the signature matches, the applets will run on the device. Such malicious applets can silently send premium text messages which will generate profit for the attacker or reveal the geo-location of the device.
This alone would be bad enough, but unfortunately some SIM card providers have additional vulnerabilities in their Java implementation, which results in malicious Java applets being able to break out of the sandbox. Hence the applet can read out information from other applets or even extract the master key which is used to derive the encryption keys for voice and data communication. With more and more functions, like mobile payment systems, now relying on the SIM card it makes this vulnerability all the more worrying as it has the potential for a lot of abuse.
Nohl estimates that millions of devices worldwide are susceptible to this attack. Telecommunication providers have been informed and some have already started to filter such OTA messages from the network. Users can check with their provider to see if their SIM card is vulnerable to this attack and, if necessary, upgrade to a newer card which is not vulnerable. Security Research Labs will reveal more details about the vulnerability during upcoming security conferences from which we will be reporting live.
For the last few months, Symantec has been observing pharmacy related spam attacks where spammers are using the legitimate Google Translate service to avoid anti spam filters.
Most of the samples received were sent from hijacked email addresses from popular free mail services.
The majority of the messages’ subject lines were promoting either online pharmacies or well-known tablets such as Viagra, Cialis and others. Furthermore, in an effort to make the spam immune to filters, several observed subject lines contained randomized non-English characters or words inserted at the beginning or end of the subject line.
Figure 1. Sample subject lines
The body of the spam message contains a Google Translate link as well as promotional text explaining the advantages of ordering medicines from online websites, there’s even a discount code included for the reader.
Figure 2. Sample spam message
The mechanism of the redirection is quite complex. After clicking the link, Google Translate is meant to get a second address embedded in the link, which then redirects to a pharmacy website.
In our sample the final destination was the following pharmacy site:
It is worth noting that previously spammers mostly used freewebs or URL shortening services in the second part of the link (redirection link), but recently they’ve taken advantage of country IDN top-level domains, especially Cyrillic .рф domains. In redirection links, Cyrillic domains are represented in Punycode.
The following is an example of a link as it presented in a spam mail:
Output from win-1251 decoding:
With Punycode decoding:
Symantec is successfully blocking the majority of variations of Google Translate redirection spam and is closely monitoring for any other inappropriate use of Google Translate services in spam email. This exploit is used in spam campaigns and has not, as yet, been observed being used in the distribution of malware.
Goal
we wanted to change the paths of the vxdmp disks without reboot and outage to the existing vxfs filesystems on Solaris 10
Result
Not possible.
Reason
as long as the path is in a disk which is imported,
cfgadm -al -o show_SCSI_LUN|grep failing
shows the disks as failing not unusable
even though the disk is offline in format and "vxdisk path" shows the path as disabled.
What I think about this
why can't there be a command to allow us to remove the path completely in vxdmp? the issue would have been easily resolved. I can't see why this function is not provided.
Welcome to the first entry in my new blog, designed to provide the industry analyst community covering Symantec with occasional updates on our company. I’ll try to make these communiqués quick, informative and a little less dry than an Asahi Beer ( a personal favorite, right up there with Tiger Beer from Singapore). But I digress. Today I’m sharing a recent Forbes article written about Symantec’s Chief Operating Officer, Stephen Gilllett, at the heart of much change at Symantec. There’s also an update on soon-to-come product roadmap updates and our upcoming earnings call. For those of you who saw this update via email, excuse the redundancy, but I do appreciate the loyal following. Please let me know what you’d like to hear from us. Cheers.
Forbes Article on Symantec COO - Although Symantec CEO Steve Bennett is the name most associated with the changes taking place as part of Symantec 4.0, Chief Operating Officer Stephen Gillett, with responsibilities for marketing, IT communications, eBusiness, Sales and Marketing Operations and Renewals, is driving a lot of the internal changes at the company. As a former Starbucks CIO, Stephen has a special affinity for the customer at Symantec and in fact moderated the customer panel we hosted at our analyst conference this last April. Stephen is featured in a recent interview that appeared in Forbes magazine.
Product Roadmap Discussions– The Symantec product organization has created a series of product roadmaps aligned to the customer-oriented product “peaks” identified as part of Symantec 4.0 – User Productivity and Protection, Information Security and Information Management. My team and I will be reaching out to share relevant roadmaps with you in a series of meetings over the next several months, as we provide more detail on the Symantec 4.0 journey.
Upcoming Earnings Call - Symantec will webcast its quarterly earnings conference call on Tuesday, July 30, 2013, at 5 p.m. ET / 2 p.m. PT to discuss the results of its fiscal first quarter 2014, ended June 28, 2013. You can listen to the conference call over the Internet through Symantec's Investor Relations website at http://www.symantec.com/invest. To listen to the live call, please go to the website at least 15 minutes early to register, download and install any necessary audio software. For those who cannot listen to the live broadcast, a replay will be available on the website shortly after the call.
Forbes Article is below.
Stephen Gillett's Rise From CIO Of Starbucks To COO Of Symantec
By Peter High, Contributor
Stephen Gillett first became a chief information officer in his early 30s. He rose to become a CIO-plus at Starbucks, holding the CIO role in addition to being the executive vice president of Digital Ventures. After a brief stint as president of Digital, Global Marketing & Strategy at Best Buy, he took on his current role as chief operating officer of Symantec. Still in his mid-30s, Gillett embodies the characteristics of that rare but growing number of executives who have risen beyond CIO. Not so typical to the group, however, he was an offensive guard on the University of Oregon football team. During his time as an undergrad, he started a business that provided technology support and consulting. The ambition and drive that were apparent during his time as an undergraduate have served him well, and provided some insight into the meteoric rise through the corporate world that would follow.
Peter High: Stephen, you are an example of two trends I have been covering of late. You were a CIO-plus at Starbucks, and your positions at Best Buy and now at Symantec are beyond the CIO role. I want to go back to the earlier part of your career. At what point in your career did you decide you wanted to be a CIO, and why?
Stephen Gillett: My first job in IT was the equivalent of the Geek Squad at Best Buy in the 1990s. From there, I had a range of IT positions from working in the help desk to network operator to applications development to engineering to Director of Information Technology. This experience was key for me because I got to know most of the traditional functions of an IT operation. I exposed myself to these diverse areas out of technical curiosity and progressed naturally to the CIO role.
PH: You also went back to get an MBA, as many people profiled in the Beyond CIO series have. Why did you elect to do so?
SG: I was the VP of IT at CNET at the time, and the CIO involved me in a lot of non-traditional assignments. I spearheaded organizational design initiatives. I worked on a variety of HR issues and opportunities. I did not have a formal skillset in these areas. As they say, the more I learned, the more I realized I needed to learn.
I wanted to be able to speak with the CFO, and I realized I did not have a foundation in business language. I needed to understand cash flows. I learned early on that you don’t go to speak with the CFO using technical jargon; you use terms he or she understands best, and those are financial terms. I decided to go to school as close by as possible, at San Francisco State, and got my MBA at night. It was a lot of work going to school while working, but it provided me an invaluable toolset to leverage.
PH: When you joined Starbucks, the role technology played was very different from what it would play when you left. How did this evolution toward developing a digital business model occur?
SG: I joined soon after Howard Schultz made his return to the CEO role at Starbucks, and I was part of the new management team that he installed. It was an exciting time in that Howard gave us a lot of leeway to reinvent the roles we were taking on and to develop some really creative ideas. I was 31 years old at the time and reported directly to him. It was admittedly a bit intimidating. I knew nothing about retail.
The first thing I did was to go to the Starbucks near my house, and ask the general manager if I could work some shifts to get to know the business at the grass roots level. I advise that every CIO do the equivalent to this when they take on a role in a new industry especially. As I learned more about the process of making each coffee, and how customers ordered, I also looked out into the store and saw people working, having meetings, using a variety of devices. Starbucks was becoming the third gathering place besides the home and the office. Rather quickly, it occurred to me that there was a lot of untapped potential to better leverage the internet in some really creative ways. Howard offered the permission to be curious and creative, and the rest took over.
Digital Ventures was an outgrowth of that. I wanted to develop a part of our business that would be focused on new ways to creatively leverage technology, whether it was digital payments, online experience, entertainment, music, mobile. I presented this idea to the CFO. I presented the opportunity in financial terms, and the function was born.
Digital really evolved in some interesting ways. It was part business unit and part innovative thought partner. Digital started to play a role where at the edge it was like an amoeba. We were answering questions like
PH: How did you develop the Digital team?
SG: As has been a theme throughout my career, I hired to my weaknesses. I looked for complementary skills to my own. I hired an entrepreneur who was a former CEO of a business. His name is Adam Brotman, and he is still the Chief Digital Officer of Starbucks. We learned a lot from each other during the course of that journey. In fact, he wrote an article entitled, “What I Learned as a CEO Working for a CIO.” The team was relatively small, but we accomplished a lot with relatively few people.
PH: How did you elect to make the move to become Executive Vice President and President of Best Buy Digital, Global Marketing, and Strategy?
SG: Even as the head of Digital Ventures at IT, I viewed our small group as the moon and the coffee business as the Earth. Nothing that I did was going to change the coffee acquisition strategy as we work with coffee farmers in Guatemala, for example. My role at Best Buy was at the heart of the transformation that that organization was undertaking. Digital business was very much where that organization needed to go. This was an opportunity to play a key role in re-imagining the brand, and it was the convergence of so many of my passions: technology, new markets, IT, gaming, and entertainment. Best Buy continues its transformation, and though I regret that I am not there to see them through to the end of that journey, I have confidence that they will get there.
PH: This brings us to your latest stop as chief operating officer of Symantec. You are nearly half a year into your new role. What have you drawn from your prior experiences into this one?
SG: The COO role is a new one at Symantec. I view this as the logical next step in my career journey. This is not so different from the role that I played at Best Buy, frankly. I find myself in a fast moving, rapidly changing industry, with a company that has long been a leader in this space, but that needs to continue to look to the future with new ideas.
My past experience as CIO was a critical foundation to the additional responsibilities that I have taken on as COO. A CIO is positioned to be a major networker in the company, and although I learned about business disciplines in getting an MBA, I also learned how each of the functions represented in my coursework appears through a CIO’s lens because I had to help bring to life the strategies that each of those functions set for themselves. This knowledge has served me well now in the COO role, which has a much broader purview.
PH: Can you tell us a bit about your plans for the future at Symantec?
SG: Our CEO, Steve Bennett, is in the process of truly re-imagining our company, and what we are going to become as we continue our evolution. Our leadership team has developed a strategy called Symantec 4.0, and I am tasked with leading many initiatives associated with the strategy.
Frankly, I also am well positioned for my new role as a former customer of Symantec both personally and on the commercial side. I draw a lot from my experience as an IT executive who had information security responsibility, and I know as a former customer where I was delighted by Symantec’s offering, and where I saw opportunities for improvement. That has informed my ideas on how I can continue to push the organization forward.
PH: What do you draw from your past experience as a CIO in your current role as a boss to one?
SG: Once you have a CIO ring, whenever you are with CIOs, the grip of the handshake is a bit firmer. I think my relationship with our CIO Marty Hodgett is closer than usual. I know what it is like to have that job and the responsibilities associated with them. I think I can sense when he needs an advocate, when he needs advice, and when to pull back to let him formulate his plans.
PH: What advice would you offer to others who wish to follow in your footsteps?
SG: First and foremost, seek to get more deeply involved in the business that you are in. If I had to distill it down into one word, you have to be curious as an IT professional.
Second, all too often, as IT professionals, we are the first voice saying that something can’t be done. We need to reverse that, and be increasingly comfortable in taking steps over the barrier, so to speak.
Third, it is also important to note that everything in the business is now converging with technology. The more you can understand how that convergence is happening, and the more you can steward that change into your organization, then the more you’ll be sought after as that strategic partner.
Fourth, invest in your work life balance: none of these activities should come at the cost of not having a 360, end to end view of your whole career. Time with friends and family is as important as times at work. Getting that out of balance is a path toward unhappiness.
Earlier this month, we discussed the discovery of the Master Key vulnerability that allows attackers to inject malicious code into legitimate Android applications without invalidating the digital signature. We expected the vulnerability to be leveraged quickly due to ease of exploitation, and it has.
Norton Mobile Insight—our system for harvesting and automatically analyzing Android applications from hundreds of marketplaces—has discovered the first examples of the exploit being used in the wild. Symantec detects these applications as Android.Skullkey.
We found two applications infected by a malicious actor. They are legitimate applications distributed on Android marketplaces in China to help find and make doctor appointments.
Figure 1. Screenshots of the two infected applications
An attacker has taken both of these applications and added code to allow them to remotely control devices, steal sensitive data such as IMEI and phone numbers, send premium SMS messages, and disable a few Chinese mobile security software applications by using root commands, if available.
Figure 2. Snippet of injected code
Using the vulnerability, the attacker has modified the original Android application by adding an additional classes.dex file (the file which contains the Android application code) and also adding an additional Android manifest file (the file which specifies permissions).
Figure 3. Files contained in the Android application package
We expect attackers to continue to leverage this vulnerability to infect unsuspecting user devices. Symantec recommends users only download applications from reputable Android application marketplaces. Norton Mobile Security will also protect you from these and other threats and Norton Halt can also advise if your phone is susceptible to this vulnerability.
