|“Lockpicking: BMW decoder tool” on Google Video|
The blog has been a bit quiet lately. I have been working on a new solution that was announced at the beginning of the month. The security concerns of telecoms and data carriers has changed a bit. The thing I used to hear was “I only want to know about the attacks on my customers, everything else we can ignore.” The attacks that when from one peer AS to another was of little concern. But the attitude is changing now that these carriers are depending of their core transport for more and more revenue streams. Mobile broadband to phones and laptops, VOIP, video, the emergence of WiMAX, and other new technologies are pushing the big carriers to rethink their security responsibility.
So a few months ago I was tapped to design what we dubbed as “Security in the Cloud”. We needed a way to detect, manage, and mitigate security threats in the core transport of telecoms and data carriers. What we did was talked with a few customers to figure out what was needed to step up to the challenge. What came out of that was a collaboration of existing Tivoli software and the technology from an IBM partner, Narus. Narus has some great detection technology for finding real threats within the massive amounts of data traversing the core backbone. Then IBM Tivoli Security Operations Manager (TSOM) takes the Narus alert data and correlates it with existing security detection technologies to get more out of the alert data from Narus. Then the correlated security events get passed to IBM Tivoli Netcool to be correlated and displayed along side performance and availability data. The integration and flexibility of this solution is due to the IBM BladeCenter HT servers that makes it easy to scale to meet the demands of the Telecoms. This combination of data allows carriers to detect and mitigate threats before they affect the performance of their network.
This solution was first introduced to the world at the ITU Telecom World in Hong Kong. As a result of the pre-event and onsite media activities, IBM media relations teams have delivered in excess of 100 articles online and in print to date, with more articles expected in Hong Kong and mainland China. The mainland China media alone have published 59 articles on our announcements at ITU to date. Our announcements were picked up by more than 150 different news sites globally. Here's just a few of the mentions of the solution:
Computer World Hong Kong – “ITU : Vendors roll out telco wares at ITU“
InfoWorld – “IBM aims security bundle, new blade at telecom space“
LighReading – “IBM Touts Telco Systems“
eWeek – “IBM and Narus Offer Telecom Security Package“
The development continues as we refine our offering to meet customer needs. It's been a fun project and happy to see it making sense for so many customers.
EDIT: Just found out that IBM is now a member of the WiMAX Forum.
searching for cracks for the pirated copies of Vista floating around.
A new download has started circulating around the crack boards
called “Windows Vista All Versions Activation 21.11.06”. It purports to
be an activation crack for any version of Vista.
However, the file is actually a trojan-carrier which will install Trojan-PSW.Win32.LdPinch.aze onto your PC.
BitTorrent users who posted reviews of the crack said that a number
of antivirus programs detected the malware, though Norton AntiVirus and
NOD32 did not.
I was just reading this article
by Kelly Jackson Higgins at Dark Reading about companies converging
NOCs and SOCs. While the article's topic was very interesting, one
quote hit me in particular:
But that doesn't mean the NOC and SOC will completely
merge. In fact, security analysts say you need a healthy separation
between some duties, especially where security policy implementation
and auditing is concerned.
While I agree with this premise of separation of duties of
network people and security people, it made me think along another
tangent (surprise, surprise). So many people are talking about
security and network convergence now. Security is moving more and more
into the edge (the edge is still there people!). UTM's and NAC are all
the rage. Non-security companies are snapping up small security
companies (EMC, Citrix, etc.) The stuff is coming together, and
security is the central focus of it all.
Read the full post by Michael R. Farnum. More and more people are moving to ITIL's idea of managing security. This means having your security team manage risk, write policy, and monitor compliance. The entire IT department is your security implementors. This requires education and tools for support, networking, and development to identify and mitigate security threat. I would like to mention, that I have been helping IT companies merge their SOC and NOC for about a year now using IBM Tivoli Security Operations Manager. It's really cool to see the rag-tag security team being integrated into the corporate fold.
Last month Security Fix reported that Chris Soghoian — the Indiana University doctoral student who created an online boarding pass generator to demonstrate security holes in the Transportation Security Administration's “no-fly” list — had been cleared of any wrongdoing by the FBI and the Justice Department.
Well, turns out the guy isn't out of the woods yet.
On Wednesday afternoon, Soghoian received a letter from the TSA
informing him that the agency is conducting its own investigation into
the allegation that he “attempted to circumvent an established civil
aviation security program established in the Transportation Security
Regulations.” If Soghoian is ultimately found to have attempted said
circumvention, the TSA said, he could be subjected to civil penalties
of up to $11,000 per violation. That could be a steep fine: Something
like 35,000 people viewed and possibly used the boarding pass generator
during the less than 72 hours that it was live on his site in November.
You can read a scanned copy of the TSA letter at Soghoian's site.
to my attention. I first ran across scanning for wireless video signals
a couple years ago when the X10 version came out. People were surprised
at just how many video signals were flying through the air.This little
project results in a unit that can scan a wide 2.3 to 2.7Ghz range. Of
course, if you're across the pond, you might want a european version.
Ooh, I found my next project! From Hack-a-Day.
Pirates have released another ingenious workaround to Vista's copy
protection: a hacked copy of Microsoft's yet-to-be-released volume
licencing activation server, running in VMware.
Volume Activation 2.0 is one of the more controversial features of
Vista: it means that every copy of Vista has to be activated, even the
Business/Enterprise volume licenced editions.
However, to make life easier for administrators, Microsoft worked in
a more convenient system of in-house for en masse activation of PCs
called KMS – Key Management Service.
The idea behind KMS is that you have a single PC running KMS which
can then handle activation for all your Vista clients, so that they
don’t have to connect back to Microsoft every single time.
The downside of KMS is that the activation is only good for 180
days, to discourage people bringing in their home systems, activating
them and wandering off again.
Bearing in mind that KMS wasn’t scheduled to be released until next
year, pirates have managed to get hold of KMS and produce a standalone,
fully-activated KMS server called “Windows Vista Local Activation
Server – MelindaGates”. Tongue-in-cheek of course…the first “cracked”
version of Vista was called Vista BillGates.
Read the full article on APC Magazine. A quick search shows it on several torrent sites already.