The Latest

A IT support technician formerly employed at Expedia offices in San Francisco was sentenced to 15 months in prison for securities fraud, plus three years supervised release.

Expedia insider trading

28-year-old San Francisco resident Jonathan Ly admitted that he used his position in tech support at Expedia to access emails of Expedia executives so that he could trade in Expedia stock and illegally profit from non-public information.

According to records filed in the case, between 2013 and 2015, Ly was employed by Bellevue based Expedia as a Senior IT Technician in the San Francisco office of subsidiary Hotwire.com.

In order to provide IT support, Ly had network privileges that allowed him to remotely access the electronic devices of Expedia executives. Using those privileges he accessed documents and emails containing non-public information on the devices of both the Chief Financial Officer and the Head of Investor Relations. Using the non-public information, he executed a series of well-timed trades in Expedia stock options.

Even after he left the company in 2015, Ly kept an Expedia laptop, and without the knowledge of the company, continued to access the electronic devices and email accounts of Expedia executives. He used his know-how to make it appear as though other Expedia employees were actually the ones accessing the devices.

Shortly after discovering the computer intrusions, Expedia reported the misconduct to the FBI and undertook its own forensic investigation. Because of the quick reporting, the FBI was able to trace the computer intrusion to Ly. As part of his plea agreement Ly will repay Expedia the $81,592 it spent investigating the computer intrusion.

“This was not a one-time lapse in judgement – this defendant used his technology skills to repeatedly invade the email accounts of Expedia executives so that he could enrich himself at the expense of others,” said US Attorney Annette Hayes. “Even after he moved on to a better paying position at a different technology firm he continued his crimes, all while trying to make it look like other employees were at fault. I commend Expedia for quickly contacting law enforcement and working with investigators to stop the computer intrusions and identify those responsible.”

Ly faces a separate Securities and Exchange Commission action requiring him to pay back $375,907 in illegal profits he made in the scheme.


from Help Net Security http://ift.tt/2q44fN8

Karma has long been a staple man-in-the-middle attack used in authorised wireless security assessments and unsanctioned ones, but as many modern operating systems now provide effective countermeasures, other approaches for tricking wireless clients into automatically associating with a rogue access point are wanted.

Lure10

Enter Lure10 – a new attack that, by taking advantage of Wi-Fi Sense, tricks wireless devices running Windows devices into doing exactly that.

What is Wi-Fi Sense?

Wi-Fi Sense, enabled by default on Windows 10 and Windows Phone 8.1, is a feature that automatically connects users to crowdsourced open wireless networks it knows about.

Based on information previously collected by devices that connected to one or another of these open networks, Microsoft evaluates whether they provide a good-quality connection and, if they do, adds it to the list of hotspots that will be suggested by Wi-Fi Sense.

Wi-Fi Sense will pick one when the user is in range, automatically accept its terms of use, and the user will seamlessly be connected to it.

The security of the feature was hotly debated when it was added to Windows 10, and was disabled for a time, but was ultimately restored.

The Lure10 technique

The success of the attack, which was presented by security engineer George Chatzisofroniou at this year’s Hack in the Box conference in Amsterdam, relies on:

  • The victim’s device being fooled into believing it is within the geographical area of a Wi-Fi Sense-tagged open wireless network
  • The attacker successfully disrupting the victim device’s existing Wi-Fi connection (by spoofing DEAUTH frames), and
  • The attacker successfully mimicking the Wi-Fi Sense network in question (broadcasting a network with the same ESSID – extended service set identifier – is enough to do that).

OPIS

That last prerequisite can be achieved by finding a Wi-Fi Sense network that exists in an area relatively close to the victim (e.g. in their home city), and collecting its ESSID (e.g. “AIRPORT_FREE”).

At the same time, through, the attacker also needs to collect the BSSIDs (the MAC addresses of the access points) of the other wireless networks in the same area, as this information is used by Windows Location Service to determine the location of a device.

By broadcasting beacon frames with these BSSIDs, the attacker fools WLS into thinking the device is in the area of the impersonated network (first prerequisite of the attack).

Once the attacker goes through the two steps, the fact that the rogue access point is sending out beacon frames with the ESSID of the Wi-Fi Sense network it mimics is enough for the victim device to connect to it automatically – IF the victim device has no shared WLANs in its Preferred Networks List and Available Networks List.

But even that last condition can be achieved (see Chatzisofroniou’s presentation slides for more details).

How to protect yourself?

The Lure10 attack technique has been added to the latest version of the open source Wifiphisher rogue Access Point tool, of which Chatzisofroniou is the lead developer.

The engineer says that Microsoft has been informed about this issue and has acknowledged its impact, but has not taken steps to mitigate it, as they consider it an “accepted risk.”

Users can protect themselves against this attack by simply disabling Wi-Fi Sense on their device.


from Help Net Security http://ift.tt/2oKHfBJ

Mid-tier companies are battling a black hole of time, security expertise, and budget to procure, implement, and manage a variety of security products, according to a study conducted by 451 Research.

security-as-a-service

82 percent of respondents indicated they spend 20 to 60 hours of in-house staff resources a week to do that. Despite the well-documented challenges associated with finding and retaining security professionals, the study revealed that nearly three-quarters of the respondents dedicate between 3-5 full-time employees to manage their security.

The financial burden

The financial hit to mid-tier businesses is an average of $178,000 annually just for network security, which represents 39 percent of an organization’s total IT security budget.

The financial burden will continue to increase, and signs point to network security as a significant business priority. Network security spending will grow nearly twice as fast as overall IT security spending over the next five years, projecting a compound annual growth rate (CAGR) of 8.9 percent, from $2.4 billion in 2016 to $3.5 billion in 2021. Forty percent of respondents project their spending on network security will increase between 10 to 20 percent in the next 12 months.

“The security challenge for mid-tier businesses is multi-dimensional. For these businesses, everything seems to be increasing—attack frequency, compliance requirements, complexity, costs, and the number of security products that need to be managed,” said Daniel Cummins, analyst at 451 Research. “Cloud-based security-as-a-service offers potentially significant advantages in terms of simplicity and access to security that may prove to be less complex and expensive than traditional approaches.”

Security-as-a-Service model winning over mid-market companies

The study heralded a potentially seismic shift in the channel ecosystem and how security is delivered to mid-tier businesses.

Nearly 40 percent of respondents indicated part-time employees, contractors, and Managed Security Service Providers (MSSPs) manage their security workload. However, 72 percent of respondents indicated a preference for security-as-a-service compared to MSSP (9 percent) or on-premise (19 percent) solutions for managing security.

Other key findings

  • The most desired cloud-based security capabilities were data loss prevention, network access control, and encryption, followed by threat management, application control, SSL decryption, and URL filtering.
  • The top cloud-based security use cases cited were threat management and branch office enablement and optimization, followed by multiprotocol label switching (MPLS) displacement, MSSP displacement, on-demand security, and securing SaaS applications.
  • More than 60 percent cited legacy IT as the greatest barrier to improving visibility and control within their networks, followed by lack of budget at 27 percent.


from Help Net Security http://ift.tt/2oKvYSb

Migration to Windows 10 is expected to be faster than previous OS adoption, according to a survey by Gartner. The survey showed that 85 percent of enterprises will have started Windows 10 deployments by the end of 2017.

Windows 10 migration

Between September and December of 2016, Gartner conducted a survey in six countries (the U.S., the U.K., France, China, India and Brazil) of 1,014 respondents who were involved in decisions for Windows 10 migration.

“Organizations recognize the need to move to Windows 10, and the total time to both evaluate and deploy Windows 10 has shortened from 23 months to 21 months between surveys that Gartner did during 2015 and 2016,” said Ranjit Atwal, research director at Gartner. “Large businesses are either already engaged in Windows 10 upgrades or have delayed upgrading until 2018. This likely reflects the transition of legacy applications to Windows 10 or replacing those legacy applications before Windows 10 migration takes place.”

Reasons driving Windows 10 migration

When asked what reasons are driving their migration to Windows 10, 49 percent of respondents said that security improvements were the main reason for the migration. The second most-often-named reason for Windows 10 deployment was cloud integration capabilities (38 percent). However, budgetary approval is not straightforward.

“Windows 10 is not perceived as an immediate business-critical project; it is not surprising that one in four respondents expect issues with budgeting,” said Mr. Atwal.

“Respondents’ device buying intentions have significantly increased as organizations saw third- and fourth-generation products optimized for Windows 10 with longer battery life, touchscreens and other Windows 10 features. The intention to purchase convertible notebooks increased as organizations shifted from the testing and pilot phases into the buying and deployment phases,” said Meike Escherich, principal research analyst at Gartner.


from Help Net Security http://ift.tt/2q3NsKe