Software Security market growth

With numerous security risks against everything from Apple’s iPhone to Windows 7. Combined with more increasingly sophisticated attacks such as the recent banking incidents has left the Software Security market in a strong position. Industry analysts Garner have concluded that the industry as a whole is to see a rise by 11.3% this year.

Interestingly, their analysis which primarily focused on the Enterprise Software market has indicated that sales of Software As A Service for example maintaining the anti virus system on their behalf is the strongest growth area. Enterprise is looking to unload the burden of security to specialist firms, whom are happy to pull in the cash for doing so.

They recon that the best approach to enterprise security in terms of sales is to offer complete all in one suites that do  everything as sub modules. This could open up an interesting sector of re branding products in a white label allowing Independent Software Vendors the ability to compete with the backing of major players in the game.

Despite this however an alarming number of security experts in enterprise firms believe that their organization does not have sufficient resources to Handel a major security attack.

It is likely the next major growth in the security firm will be mobile phone security given the number of security risks associated with the major phones released this year.



Graphics card may be hacking you

HackerResearch has been conducted which shows that the processing capacity of graphics cards has been eradicating the strength of passwords. The architectural design of modern graphics cards as a parallel processing unit has given advantages to the graphics card for brute force attacks on passwords.

In 2000, the fastest supercomputer of the time reached a processing capacity of 7 teraflops a second. Comparitvely, graphics cards are  now able to put in 2 Teraflops into a standard desktop PC.

Researchers at Georgia Tech point out that:

  • Password Length exponentially increases the possible passwords for each character.
  • Two Token Authentication reduces risk to almost no risk.

Two token authentication makes attacks almost impossible as it uses a second key which is physically used to authenticate the user, such as RSA SecureID which generates a code that is changing every minute usually which is only displayed on the key. This must be entered to verify the user.

Brute force has been around for a long time, but in the past it has not been very successful against a long password due to processor capabilities being low inside PCs. However nowadays with many PCs having two or more processor cores, and graphics cores multiplying also, the average PC processing capability is much higher. Attackers may not even need to go to the effort of a brute-force attack. In 2007 an attack on MySpace revealed many passwords and the study of those showed some disturbing passwords, with ‘password1’ being the most common.

The Interweb
RSA SecureID


Espionage at heart of Palm Pre

Experts at MWR Labs seem to have uncovered a highly disturbing bug in the Palm Pre. Indeed it literally is a bug. Or has the potential to be a bug in the sense of a listening device.

Security risks in the Android operating system apparently make it possible to use the phone to listen into conversations anywhere in the world. The flaw works in the way of opening a backdoor for intruders to install malicious software by simply sending a well formed and equally malicious message to the phone.

The MWR Labs people seem to believe this is just the start of a huge range of security issues in relation to mobile phones. Which, given the number of security related posts I’ve made recently, I can entirely believe this to be truthful.



Google leads Apple in Phone Sector

With the many problems that exist with iPhone even if they may not be entirely unique, is it any wonder then that people are considering alternatives to the expensive shiny toy produced by apple?

Google’s Android operating system based phones are according to sources the operating system is far more customizable than the OS installed by apple. This is really useful for developers and nosey people alike!

The guys over at Cisco have apparently seen a benefit from it too, as they have announced the Business tablet based on Android.

With the jail break threat on the iphone many have perhaps been worried by the security aspect of using the iphone.



Germany bans iPhone and Blackberry

The German government should be praised for taking the unusual step to secure its network. In contrast with the UK where government facilities seem to be losing confidential data left right and center.

In essence the Germans have placed a ban on government use of the two major smart phone types the iPhone and Blackberry. The blackberry technology routes data  for research purposes and logs it in different data centers. This should be a raise of concern for anyone in a responsibility for network security role.

The Inquirer

News Technology

TV License fee lost us £240K

In the latest security blunder, this time at the hands of the BBC, Laptops and Mobiles worth the value of £240,000 have went missing. Security firm Absolute Software made a freedom of information request and discovered the shocking numbers.

In two years, the bcc have managed to lose:

  1. 146 Laptops, £219,000
  2. 65 Mobile Phones, £12,913
  3. 17 Blackberries, £9,106

These are very shocking numbers especially at the price paid out per laptop why do the bcc need such high end laptops anyway?

Only a few of these items were recovered brining the overall loss down by £23,450, but it yet again iterates that the weakest point in the security infrastructure is the people. Stop leaving laptops of confidential information in the car!

So in effect the BBC has thrown away 1,656 TV Licenses. This must stop, there are campaigns aimed at stopping this devious license fee.

The Guardian
Anti TV License Campaign
BBC News


Laptop Repairer Sent to Jail

ComputersSky News have been conducting an undercover investigation into a computer repair company it seems. They modified a laptop to record all activities by the engineer and have a webcam record his activities. The result was very disturbing.

Having completed the original repair to the memory, it was discovered that he took some time out to browse through the files on the laptop. Doing so he found copies of photos, Login Details for Facebook, eBay and even her online bank details. Granted, those probably should not have been on there from a security point of view anyway.

To further implicate himself, the repair engineer known as Grzegorz Zachodni then attempted to access said bank details 6 times unsuccessfully. Quite possibly to his surprise, he found himself arrested and charged with attempted fraud to which he received a 9 month prison sentence.

It once again highlights the importance of security of laptops and other portable devices. When you get your password in, memorize it and destroy the original notification instead of saving it in a clear text form on your laptop which is liable to fall into the hands of the enemy.


Internet Technology

United States looking for internet censorship

I recently criticized the UK Government over the IE6 browser not being upgraded and general security breaches of astronomical scales. Now it is the turn of the United States to be criticized, again.

“ should be shut down by any means necessary.”

US Government Conservative Representative

Of course, I am not surprised that a conservative wants to shut down the Internet site by any means necessary lets face it the US Conservatives are trigger happy maniacs ready to shoot anything that doesn’t agree with them. Lets face it, some of the documents released on that site about the Afghanistan war have apparently left many Americans thinking the war was a mistake. US policy is to hide up the facts rather than simply admit they were wrong and try to leave the war as quickly as possible.

However, its time for them to wake up and smell the modern world. The Internet is here, and it is not the domain of the United States Government no matter how much they want to control it.

“The military is telling the troops they cannot even view what is publicly available, even though the WikiLeaks documents are on hundreds of websites.”

There are other nations that insist on censorship such as Afghanistan and China. It seems that the United States is keeping in good company with its friends such as them.

The Demand

The US Department of Defense has demanded that Wikileaks remove, delete and return all documents that they have classified. This being the property of the United States Government. Given that the main server that is being used is hosted in Sweden, Not USA they are likely to face a tough time of bringing it down lawfully.

I completely understand that the information may indeed be classified and should not have been leaked in the first place but that is the lesson that Governments need to learn. The weakest link in the government is the Government. Remove the Government and there wont be any more leaks of Government documents! Beef up security, stop using ancient software, ensure your staff are trained and vetted.

Washington Times

Internet Technology

Paid to find security bugs?

Security for most companies these days is paramount. There are many steps one can take to ensure that a system is secure, from switching it of at one extreme to hiring consultants to analyse every minute line of code to look for problems. Balancing money with time however leads to most companies taking somewhere in between.

Google Chrome

google chrome The guys at google have released details of an increase in their awards. The project initially started in the region of $500 which has now increased its bounty  to $3,133.70. It beats the Firefox security bounty.

How do I get it?

In order to achieve this pay out, you must discover a serious security related flaw in the Google Chrome Web Browser and submit it through the proper channels.

Read more or Download


Firefox LogoThe Mozilla team have been doing this for longer their security reward program started in 2004. Unlike chrome, they outright disallow bugs in third party applications whereas google will consider (which in all likelihood I’d wager means would not pay out).

How Do I get it?

Like in the case of google it is necessary to have submitted a sufficiently critical bug which they define as being critical and high. Also you must not be involved in the bug in anyway that is worked on the firefox core as a developer.

The two projects are very much alike and are likely to help improve the general quality of both projects – people interested in earning a few thousand will likely dig up the browser and start trying to find one of those illusive bugs. Consequently they will submit bug reports and these will hopefully be fixed along the way.

So with around $3K for critical bugs between each browser it would make for a nice summer bonus for someone. Good luck hunting.

Download Google Chrome
Download Firefox
Chromium Security Award
The Registrar

The Registrar

Internet Technology

Rootkit breaches network security in India, Are you effected?

In my role at work I recently had the opportunity to discuss with a expert in security aspects of the PCI-Data Security Standard in the context of storing credit card information. This covers amongst many other things, whom has access to the data. Our client has a team in India doing work for his site as well.

This means that when he comes round to getting pci-dss compliant he will have to factor in them into his equation.  Now I’m seeing that there’s been a pretty major security breach across India. This is one of the many factors one should consider when outsourcing work to beyond national borders.

The breach is in the form of a rootkit hijacking against certificates for drivers by Realtek whom quite commonly develop Ethernet cards for many manufacturers. Therefore there is a significant risk that your outsource partner could be effected.