Sorry Gary, could not resist the subject line. I came across this excellent US based blog by Gary Marshall out of Seattle Washington and thought I would share it.
Gary enjoys working with creative people, including entrepreneurs, small business owners, people who create new technology, and artists. He brings over 25 years of experience in business and technology law and litigation, including computer law, Internet law, and art law together in one practice.
On his blog, Gary offers some excellent advice, as well as additional links for entrepreneurs and small business owners to peruse, putting out some excellent thinking and discussion fodder. As the father figure of a couple of entrepreneurs, I hope they take the time to read Gary’s suggestions and advice, and sit down with their business partners to ensure that they have covered all of the bases.
Like Gary says, the time to deal with the real thorny issues, the ones that you would rather not touch or that could have a serious impact on how you do business are the ones that you REALLY need to tackle while you are good friends and business partners. Not after things have deteriorated and bad feelings have slipped into the equation.
SANS has posted its excellent summary of Microsoft November patches. The Office patch covers 5 vulnerabilities, and has exploit code available. Get on this one ASAP. All of the patches carry an exploitability index of 1, so they are all expected to get some real play in the hacker community…
US officials said they had no clue what could have created a mysterious plume that streaked across the sky off the Southern California coast Monday night, but didn’t think there was any threat to the United States.
Yeah, I wouldn’t be too concerned. I’m sure it’s just some over exuberant kids out on a boat with a couple ICBM’s that they picked up on the cheap from Mexico. Give your head a shake! If you can’t account for a launch, you might want to look into why?
Wikipedia leads with the classic military definition, as APT has a history centered on clandestine infiltration of an enemy’s national, regional or local infrastructure, intelligence gathering, and espionage. They also attempt to describe the Information Security perspective, however the assumption of nation state involvement remains pivotal to the description. This is no longer completely accurate.
APT agents are not the massively distributed, noisy and clumsy malware agents that pervade the Internet. Most malware has been built to subvert as many systems in as short a time span as possible in order to maximize target acquisition and short-term profit. Successful APT attacks take the opposite approach, requiring that the attacker be patient, discrete, and make an effort to fly below the radar of the target organization. Since the resources expended and the time involved in researching, developing and distributing malware to such a minute audience are both costly and high value, the attacker will be expecting high value returns at some point in the exercise.
So, what makes APT malware any different than BotNet malware? They both grab data, they both try to get the data outside, and they both operate on financial and password information while attempting to remain installed and/or hidden. The devil is in the details. Break down the individual components of the term Advanced Persistent Threat: