In Access Controls, Android Security, Biometrics on July 10, 2015 at 13:40
Since the introduction of Apple’s Touch ID, I’ve warned readers and clients about the complacency possible with fingerprint recognition on smartphones. At Black Hat USA next month, two different presentations demonstrate how to steal fingerprint images from a compromised Samsung Android phones.
In one instance, FireEye researchers Tao Wei and Yulong Zhang demonstrate how to steal fingerprint images from the phone. No finger stealing required…
At most, fingerprint recognition on smartphones is a convenience for accessing confidential information (in a public, confidential, critical classification scheme). It should never be used for critical data.
In Application Security, Computers and Internet, Content Filtering, Cyber-warfare, Cybercrime, Data Security, Detection Controls on July 10, 2015 at 12:44
As the number of government records stolen increases, we continue asking why so much data was stolen over the past year without detection. The answer seems to lie in an article by Michael Cooney. It seems the U.S. government has a detection tool called EINSTEIN, but it is only partially implemented across scattered government networks.
One of the weaknesses in the EINSTEIN implementation is the lack of any behavior analysis. For the most part, the government is only using signature-based detection. This is a huge controls vulnerability.
What will it take for our bureaucratic quagmire of a government to implement the right controls. Yes, all organizations are viable targets for attack. However, detecting the attacks (e.g., anomalous network/system behavior, unexpected movement of data, etc.) is paramount to a good defense. Looks like much of the U.S. government either doesn’t get it or doesn’t care.
In Access Controls, Application Security, Cyber-warfare, Cybercrime, Data Security on July 9, 2015 at 14:36
Hacking Team solutions aren’t the only ways government has to access encrypted information. Most large government agencies have their own tools that perform the same tasks: capturing encrypted data when it’s not encrypted. All data must be decrypted to be used or processes. That is when it is most vulnerable. So why the debate? Ii discuss this in a Toolbox.com blog entry posted today.