Friday, July 27, 2012

Net Neutrality and The Master Switch

I have been on the fence about “net neutrality”, but after reading Timothy Wu’s book on the information industries, The Master Switch: The Rise and Fall of Information Empires (Borzoi Books). I am firmly in support of net neutrality. This is a great background read on the economics behind these industries. Wu cogently explains the long-held concept of a “common carrier”, and how allowing Internet Service Providers to discriminate against certain customers, the opposite of net neutrality, can only lead to the stifling of innovation. He covers the growth of the telephone industry, radio, movies, television, and the Internet.
The book provides a history of the development of those industries and the economic and political forces that lead to the establishment of large centralized firms, such as AT&T, NBC, CBS, and Paramount Picture, in each of those markets. These consolidations ended up slowly progress in those industries, with the prime example being AT&T and how it stopped answering machines, fax machines, and other innovations that could have come decades before they were finally introduced. Wu provides very strong arguments as to how any efforts to stop net neutrality would inevitably lead to unknown, but clearly bad, results.

Sunday, July 1, 2012

Spear-Phishing

On June 28, 2012, The US-CERT (United States Computer Emergency Readiness Team) released the ICS-CERT Advisory "ICS-CERT Incident Summary Report." The report provides a summary of their incident response activities from 2009 - 2011.
The most common attack vector for was spear-phishing emails with malicious links or attachments. This accounted for 7 out of 17 incidents. They surmised that "Sophisticated threat actors were present in 11 of the 17 incidents, including the actors utilizing spear-phishing tactics to compromise networks."


Brian Krebs analyzed email threat data from the University of Alabama at Birmingham and across the sample set the anti-virus solutions on the market were not very effective, with an average detection rate of 24.7 percent and median detection rate of 19 percent.

One cannot survive on anti-virus solutions alone, which tend to rely on signatures and heuristic analysis of the payloads. We recommend a defense in depth strategy here that relies on analyzing the behavior of the PCs as well, so that once an attack has passed through the AV solution, there is another barrier to detect anomalies. Invincea provides an isolated environment to handle links and PDF attachments. An internal IDS/IPS system could identify unusual behavior.  Please reach out to me if you would like more information on our recommendations.