[IS&T Security-FYI] SFYI Newsletter, July 23, 2012
Monique Yeaton
myeaton at MIT.EDU
Mon Jul 23 17:14:27 EDT 2012
In this issue:
1. What Is Application Whitelisting?
2. Cyber Threats to US Taken Seriously
3. Flame Virus: Most Sophisticated Weapon Yet Unleashed
---------------------------------------------
1. What Is Application Whitelisting?
---------------------------------------------
Application whitelisting is a computer administration practice used to prevent unauthorized programs from running. The purpose is primarily to protect computers and networks from harmful applications that might contain viruses or other malware.
Whitelisted applications are granted by permission of the computer user or an administrator. Applications are automatically checked against the list and if found, allowed to run when they try to execute an action.
Some security experts believe that the technique of whitelisting is better than blacklisting, which is the technique that anti-virus (AV) applications use. They argue that blacklisting is too complex and difficult to manage.
Application whitelisting has been in the news more frequently recently because of the feature (called Gatekeeper) in Apple's new operating system Mountain Lion (OS X 10.8)<http://www.apple.com/osx/what-is/security.html> and because it has been brought up as the solution for addressing the security of large national infrastructure systems<http://www.infosecurity-magazine.com/view/26475/whitelisting-is-the-solut>.
--------------------------------------------------
2. Cyber Threats to US Taken Seriously
--------------------------------------------------
In the Wall Street Journal<http://online.wsj.com/article/SB10000872396390444330904577535492693044650.html?KEYWORDS=Obama+cybersecurity#printMode> last week President Obama explains why the nation needs new cyber legislation.
An except: "The American people deserve to know that companies running our critical infrastructure meet basic, commonsense cybersecurity standards, just as they already meet other security requirements. Nuclear power plants must have fences and defenses to thwart a terrorist attack. Water treatment plants must test their water regularly for contaminants. Airplanes must have secure cockpit doors. We all understand the need for these kinds of physical security measures. It would be the height of irresponsibility to leave a digital backdoor wide open to our cyber adversaries."
---------------------------------------------------------------------------
3. Flame Virus: Most Sophisticated Weapon Yet Unleashed
---------------------------------------------------------------------------
You may have heard about the latest big cyber threat going around. Dubbed "Flame," this malware can sniff network traffic, take screenshots, record audio conversations, intercept a keyboard, and more, according to Kaspersky Lab. It is currently targeting mostly countries in the Middle East, with Iran being the hardest hit.
While Flame shares characteristics with malware like Stuxnet and Duqu, Kaspersky concludes that they were probably developed by two separate groups. However, there are some links which could indicate that the creators of Flame had access to technology used in the Stuxnet project.
A researcher at Kaspersky, Alexander Gostev wrote: "Flame can easily be described as one of the most complex threats ever discovered. It's big and incredibly sophisticated. It pretty much redefines the notion of cyberwar and cyberespionage."
Read some more about Flame at PCWorld<http://www.pcworld.com/article/256508/the_flame_virus_your_faqs_answered.html> and at Wikipedia<http://en.wikipedia.org/wiki/Flame_(malware)>.
===================================================================================
Read all Security FYI Newsletter articles and submit comments online at http://securityfyi.wordpress.com/.
===================================================================================
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20120723/0ec5f83e/attachment.htm
More information about the ist-security-fyi
mailing list