May 27
2013
By William Anderson
Senior Researcher
Software Solutions Division
The
ubiquity of mobile devices provides new opportunities to warn people of
emergencies and imminent threats using location-aware technologies. The
Wireless Emergency Alerts (WEA) system, formerly known as the Commercial Mobile Alert Service (CMAS), is the newest addition to the Federal Emergency Management Agency (FEMA) Integrated Public Alert and Warning System (IPAWS),
which allows authorities to broadcast emergency alerts to cell phone
customers with WEA-enabled devices in an area affected by a disaster or a
major emergency. This blog posting describes how the Software Engineering Institute's (SEI) work on
architecture, integration, network security, and project management is
assisting in implementing the WEA system, so it can handle a large
number of alert originators and provide an effective nationwide wireless
emergency warning system.
Read more...
May 13
2013
By Will Dormann
Senior Member of the Technical Staff
CERT
Occasionally this blog will highlight different posts from the SEI blogosphere. Today’s post by Will Dormann, a senior member of the technical staff in the SEI’s CERT Program, is from the CERT/CC (Coordination Center) blog. This post explores Dormann’s investigation into the state of signed Java applet security.
Read more...
Feb 18
2013
By Austin Whisnant
Member of the Technical Staff
The CERT Network Situational Awareness Team
Knowing
what assets are on a network, particularly which assets are visible to
outsiders, is an important step in achieving network situational
awareness. This awareness is particularly important for large,
enterprise-class networks, such as those of telephone, mobile, and
internet providers. These providers find it hard to track hosts,
servers, data sets, and other vulnerable assets in the network.
Exposed vulnerable assets make a network a target of opportunity, or “low-hanging fruit” for attackers. According to the 2012 Data Breach Investigations Report,
of the 855 incidents of corporate data theft reported in 2012, 174
million records were compromised. Of that figure, 79 percent of victims
were targets of opportunity because they had an easily exploitable
weakness, according to the report. This blog post highlights recent
research in how a network administrator can use network flow data to
create a profile of externally-facing assets on mid- to large-sized
networks.
Read more...
Nov 12
2012
By David French
Senior Malware Researcher
CERT
In previous blog posts,
I have written about applying similarity measures to malicious code to
identify related files and reduce analysis expense. Another way to
observe similarity in malicious code is to leverage analyst insights by
identifying files that possess some property in common with a particular
file of interest. One way to do this is by using YARA,
an open-source project that helps researchers identify and classify
malware. YARA has gained enormous popularity in recent years as a way
for malware researchers and network defenders to communicate their
knowledge about malicious files, from identifiers for specific families
to signatures capturing common tools, techniques, and procedures (TTPs).
This blog post provides guidelines for using YARA effectively, focusing
on selection of objective criteria derived from malware, the type of
criteria most useful in identifying related malware (including strings,
resources, and functions), and guidelines for creating YARA signatures
using these criteria.
Read more...
Nov 5
2012
By David Keaton,
Senior Member of the Technical Staff
CERT Secure Coding Team
By analyzing vulnerability reports for the C, C++, Perl, and Java programming languages, the CERT Secure Coding Team
observed that a relatively small number of programming errors leads to
most vulnerabilities. Our research focuses on identifying insecure
coding practices and developing secure alternatives that software
programmers can use to reduce or eliminate vulnerabilities before
software is deployed. In a previous post, I described our work to identify vulnerabilities that informed the revision of the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) standard for the C programming language. The CERT Secure Coding Team has also been working on the CERT C Secure Coding Standard,
which contains a set of rules and guidelines to help developers code
securely. This posting describes our latest set of rules and
recommendations, which aims to help developers avoid undefined and/or
unexpected behavior in deployed code.
Read more...
Recent Comments