Week in Review

Posted by on October 11th, 2011.    Category: Blog

 

First and foremost, Steve Jobs, an inspiring figure who has changed the world, we have you in our thoughts and prayers.  RIP.

This week the Repulican party in the United States has recommended that companies take stronger incentatives for online defense and protection.

“Senate Democratic Leader Harry Reid’s office is overseeing the drafting of a comprehensive cybersecurity bill aimed at combating breaches and theft from company and government computer networks. But progress has been slow.”

Read more: http://reut.rs/qUwgZ

As previously mentioned, it is Cyber Security Awareness month, and who better than Facebook to cover it on Facebook Live.

The event held in Ypsilanti, Michigan will be available on Facbeook Live for FB’s official live video streaming channel.

Viewers will be able to post questions for speakers during the event, set for Friday, October 7th from 8:15-11:30 a.m. ET.

Read more: http://bit.ly/r0HkUR

What won’t hackers do? Well, in Serbia over the week, they managed to fake that prominent writer Dobrica Cosic had been awarded 2011 Nobel Prize for Literature.

The e-mail message was purportedly sent by the Serbian Academy of Arts and Sciences. But the Academy denied the statement came from its e-mail address and said it had no knowledge of the message.

“The hackers on the fake Nobel site pasted Cosic’s picture over Italian poet and Nobel laureate for literature Dario Fo with quotes from Cosic’s novel Divisions.”

The message confused media, as Cosic wasn’t an official candidate for this year’s literature prize, which the Nobel committee announced on Thursday it had awarded to Sweden’s most famous living poet, Tomas Transtroemer.

Read more: http://bit.ly/rlZ179 


TAGS:

FN: Snake Oil or Strong Medicine

Posted by on October 3rd, 2011.    Category: Blog

So we thought we would go ahead and address certain somewhat casual but non-the-less disturbing comments about our company head on. Specifically, FN and its products have been referred to as gasp…Snake Oil on several occasions, which we actually have gotten a pretty good chuckle out of, given FN’s strong ethical hacking results to date and the anemic ability of existing solutions to do the same. Obvious facts aside, we thought it might be helpful to frame the discussion a little, to add a little objectivity to the discourse, so penned a blog post in mid-September and polled some of the leading thought leaders in online security for their views. You can see the original post here (create link to http://www.federatednetworks.com/fn-snake-oil-or-strong-medicine/#more-513).

The results ar in and eight respondents chose to respond directly to the poll and teir views are:

  1. 62% say FN is the real deal ie strong medicine, not snake oil
  2. 25% are undecided
  3. 13% think FN is Snake Oil boo…hiss..actaully not. We welcome the opportunity to convince people we are the real thing and once we launch our product that should be a heck of allot easier…

Furher, in speaking more deeply to a number respondents one clear (and fair)message came thru – real the FN product (pun intended).

So what do you think – cast your vote and leave your comments, good, bad or otherwise – trust us, we have thick skins…

Also, what can we do to convince you that we are the real deal, other than releasing our product, which I can assure you we are working 24/7…

Thanks in advance for your thoughts.

TAGS:

FN: Snake Oil or Strong Medicine

Posted by on September 23rd, 2011.    Category: Pro Security

So what do people think of FN, our ideas and our yet to be seen product… Well that is exactly the topic of today’s blog post. To be kind I would say that views on FN seem are mixed with a bearish bias, ranging from mildly positive to the strongly negative, including dare I even say this out loud… that gasp, FN is nothing more than “Snake Oil”. For those of you not fully versed in the use of the term Snake Oil, Wikipedia http://en.wikipedia.org/wiki/Snake_oil provides a concise summary of the term, as follows:

“Snake oil is a traditional Chinese medicine made from the Chinese Water Snake (Enhydris Chinensis), which is used to treat joint pain. However, the most common usage of the phrase is as a derogatory term for quack medicine. The expression is also applied metaphorically to any product with exaggerated marketing but questionable and/or unverifiable quality or benefit”. Read more

TAGS:

Yet Another SSL Hack Hilites Achilles Heel Weaknesses of “Standards”

Posted by on September 23rd, 2011.    Category: Blog

 We have been strongly opining on the conceptual weaknesses of the SSL protocol for some time, for example here: http://bit.ly/nERJ9Y in this article of ours as well as referencing some excellent thoughts of other, like here: http://bit.ly/g52J3D.

Of course we also felt strongly enough that the SSL has so many faults that FN developed its own protocol, ASL specifically to address all of SSL’s shortcoming, including from our perspective the much more serious threat of phishing.

But enough background, lets get back to today’s topic at hand which was “the plaintext-recovery attack that exploits a vulnerability in TLS that has long been regarded as mainly a theoretical weakness”, as quoted directly from Dan Goodin and theregister.co.uk which in IMHO has done an outstanding job of covering SSL’s legion of issues (not to mention most cyber-security topics) and has done so again as related to this latest hack/potential hack, click here for details: http://bit.ly/qFyk2W. (Note that this hack is currently not been verified, but the individuals involved have a strong pedigree and as such we believe it will be confirmed to be valid, post the planned presentation)

Specifically there are 3 interesting things of note about this exploit:

  1. It has been conceptually known as a weakness for quite some time and also as noted, this exploit does not work against TLS 1.1 or 1.2, both of which have been around for years (and of course doesn’t work against FN’s ASL protocol either…)
  1. Despite the long history of conceptual weaknesses having a remarkable aptitude for showing up as real threats, the work of Thai Duong and Juliano Rizzo is still impressive (despite the fact that the hack requires a client side component and god knows that once you have client side access to a users machine, there are many more simpler (and powerful) ways to steal data…)
  1. The real story here is the exposure of two “open source” and “standards” as altruistically naive as linchpin pillars of effective cyber- security. More specifically, standards, like laws or regulation are only as good as their explicit or implicit enforcement and as the pretty well complete lack of adoption of a “standard” that was updated twice to fix/patch vulnerabilities, it’s a pretty sobering reminder that lightweight implementation still remains an important consideration for security products. Said another way, the prospective benefits of upgrading to a newer version of a protocol were pretty well universally deemed less important than the negative impacts to user experience that its adoption might entail. As such, the decentralized adoption requirements and de facto unilateral decision by any party to implement “recommended changes to any standard, no matte how necessary have proven to be more that just a conceptual issue, as this hack clearly outlines.

And so, another day another nail in the SSL coffin (gratuitous chiding on our part) but at some point people will probably start to figure out or care, that someone has in

TAGS:

We’re not in Kansas anymore…

Posted by on August 2nd, 2011.    Category: Blog

7.5 of the 20 million Facebook users are minors.

I am so glad I didn’t have Facebook when I was growing up. Life was already complicated with an extra few inches in height and hormones, let alone the problems Facebook could have caused. Facebook and social media platforms spark a whole new kind of bullying: Bullying 2.0.

The wrong picture, in the wrong hands can get to the whole senior class in a matter of minutes.  Your latest breakup, you could have found out about through a random person’s profile status instead of a good old fashioned note slipped in your locker.

Beside bullying, Facebook and other elements of social media can present dangers for teenagers who often don’t think years ahead when making a decision.

“With so much information, content and opinions being so easily shareable, therein lies the importance of your child’s understanding of their potential audience AND their understanding of how what they say and do online is easily seen by so many.” Zdnet

It is easy to wreck that online reputation, and much more difficult to erase from online history.В  Make sure your child is acutely aware of what he or she posts on their Facebook walls, photos and status updates.

Identity theft, child predators, marketers, pop up ads, and viruses can easily make their way into a child’s computer via social media.. so how can one protect themselves? How do you ensure your child’s safety?В  Just like they sneak out the neighbours party, or drink your beer while you are at the cottage. JUST saying NO and building unrealistic restrictions won’t work.

So, how do you keep your child safe, especially, when you don’t even know how to log onto Facebook? Ouch. Bet they didn’t teach that in keyboarding class. Don’t worry though, FN is here to help.

 

TAGS:

Featured Posts

Tags

What We're Reading

Archive

Connect secure to all things digital, with uncompromising security, privacy and trust.

Copyright 2012. Federated Networks. All rights reserved.

This feature will be available Spring/Summer 2012.

For more information please Contact Us.