Oct to Nov 2010 - Teletimes

More documents

Recommendations

Info

Andy Greenberg Digital Arms Dealer NSS Labs has a plan to secure the Internet: Build a Nasdaq for hackers Rick Moy doesn’t like to watch an unfair fight. As he sees it, malicious hackers can break into corporate and government networks using a single software vulnerability, while the good guys must painstakingly check and patch every one of thousands of potentially hackable holes in their systems. Security auditors often use mock attacks, known as penetration tests, to find those weak points. But testing every flaw in a target’s network would require writing thousands of “exploits”--the programs used to hack into vulnerable systems. The intruder, meanwhile, need write only one. So Moy, the 42-year-old president of NSS Labs, wants to let the laws of supply and demand even the odds. In October his research firm plans to launch an online platform that will allow researchers and penetration testers to buy and sell hacking exploits on an open marketplace known as Exploit Hub. Security researchers will be able to upload hacking techniques, name their price and sell work that until now has been profitable only through the cybercriminal black market. And security auditors will be able to download those hacks en masse to perform tests that suss out vulnerabilities in every cranny in their network. “This is like the iPhone App Store for exploits,” says Moy. “This is how we can leverage the work of all these disparate researchers and also let them get paid for it.” The tricky part: keeping Exploit Hub from becoming a convenient resource for breaking into the systems it’s meant to protect. Moy says NSS will carefully screen customers to sell only to known companies and agencies, and will use encryption keys to make sure it’s not selling to impostors. Just as important, the platform will host exploits only for known vulnerabilities, not so-called zero day exploits--new attacks for which software companies haven’t yet issued fixes. Moy’s goal, after all, is to help companies find fixable flaws, not demonstrate a blitz they’re powerless to defend against. “Zero days aren’t a controversy that we need,” he says. NSS won’t be the first to try selling an array of digital weapons to penetration testers. But the largest collections currently available from Core Security Technologies, Immunity and an open source project known as Metasploit include exploits for less than 10% of the 14,000 security Rick Moy: Old-fashioned market forces to unstack the odds flaws publicly revealed in information technology systems over the last five years. Moy thinks that a charge-whatyou-want market model will motivate benevolent hackers to create a full-fledged hacking arsenal and--if companies buy those exploits in volume- -give researchers a significant new revenue stream. NSS will keep 30% of the sales and, in return, do the research necessary to guarantee buyers that the brokered code will work, while assuring sellers that they’re not offering hacking tools to cybercriminals or foreign governments. That’s a deal that works for Mario Ceballos, an exploit writer and penetration tester for Northrop Grumman ( NOC - news - people )’s security team. “If they do it right this gives guys in my position a venue to put our stuff out there and make some money,” he says. Security flaws that already have available patches may not seem like a serious problem. But the labyrinthine nature of it setups and companies’ lax attitudes toward security mean old flaws often go unfixed. A study by security firm Qualys last year found that for some common software like Adobe ( ADBE - news - people ) Flash and Oracle’s Java, half of users still hadn’t implemented patches three months after they were released. That’s often because software updates require costly downtime to install and can create unpredictable errors. Even skeptics of Moy’s plan, like Marcus Ranum, chief technology officer at Tenable Security, agree that more comprehensive penetration tests may be the only way to show companies how badly they need to revamp their security. “I’ve seen it managers say that they don’t believe in attacks until you demonstrate them,” he says. “In general I don’t really approve of the idea of selling exploits. But it makes sense in the context of the entire industry’s stupidity.” 15Oct - 14Nov 2010 www.teletimesinternational.com 59
Adam Osman Newline Technologies wins mobile messaging Innovation Award for new service based on message master® xsp from Derdacka New service to revolutionise property marketing in Botswana Derdack (www.derdack. com), provider of enterprise notification software and mobile messaging platforms today announced it’s customer Newline Technologies has won a prestigious industry award for a new real estate mobile messaging service built on message master® xsp, Derdack’s platform software for SMS and MMS messaging. The Innovation Award 2010 was presented to Newline Technologies at ITEX 2010, the biggest ICT event in Botswana. Newline Technologies is an independent Wireless Application Service Provider based and operating in the Botswana market but with a vision to penetrate regional and international valueadded-services markets. The mobile market in Botswana is experiencing rapid growth with nearly 60% of the population owning and using a mobile phone and this penetration The UAE National Computer Emergency Response Team (aeCERT) one of the UAE Telecommunications Regulatory Authority (TRA) initiatives established to facilitate the detection, prevention and response of cyber incidents in the UAE, presented at the Telecom Fraud Prevention & Revenue Assurance Summit 2010 held in Dubai on Sept 20, 2010. The IQPC, however, gathers global and regional fraud and revenue assurance experts from regional and international leading operators; bearing far outstrips internet use for example. SIM card penetration is estimated at 107%, by factoring in dual SIM ownership (according to a study by Analyst Analysys Mason). Newline has capitalised on this by creating a unique application or service branded ‘Real-One’, which allows estate agents to more effectively market properties. Agents can enter details of their properties into an online portal with each property allocated a unique reference number to be used in general marketing and advertising such as on ‘for sale’ boards, in adverts, etc. Prospective buyers can send this reference to a dedicated shortcode and receive by return SMS additional details of the property such as price, a detailed description, whether it is still available, etc. This service can be used for any type of property for sale, rent or even in new developments. in mind that the Middle East’s communications network becomes increasingly diversified and network security continues to be a concern, operators and ultimately customers are increasingly vulnerable to fraudulent activity. The objectives of TRA participation is to enhance the performance of the ICT sector in the UAE by safeguarding competition, providing fair access to the domestic infrastructure, and ensuring the optimal use of natural resources through the implementation of best It is completely unique to the African market and a live demonstration of the service which uses all three main mobile operator networks, was provided at the recent ITEX 2010 exhibition, where it received the Innovation Award for 2010 within the ICT sector. Ditirwa C. Mphoeng, Founder and Managing Director of Newline Technologies said, “The real estate market relies on fast and accurate communication of information and we realised that there was an opportunity to use the mobile channel to provide a more effective marketing service. The reaction that we have received from estate agents has been incredibly enthusiastic as they can see the benefits in terms of making it easier for prospective buyers to receive additional information that is fully up to date. message master® xsp proved invaluable in the design and TRA Participates in practice in every area. In this regard, H.E. Mohamed Al Ghanim, Director General of the TRA, stated: “We are pleased to participate in the Matthes Derdack, MD - Derdack build process and we are anticipating a rapid take up once it has been launched.” Matthes Derdack, Managing Director of Derdack concluded, “We designed message master® xsp to enable companies to easily build and roll out new mobile messaging products and services. I am delighted to congratulate Newline on receiving this award for innovation. It validates the business case for companies looking for a convenient and cost effective platform to take advantage of the high level of mobile usage in African nations.” T Telecom Fraud Prevention & Revenue Assurance Summit 2010 Telecom Fraud Prevention & Revenue Assurance Summit as we look forward to develop education and awareness strategies to combat fraud in the region.” In his turn, Eng. Ahmad Hassan, the Monitoring & Response Team Leader, stated: “This summit is covers various types of telecommunication fraud in fixed and mobile telecom networks, analyzing the techniques used to detect and locate perpetrators of electronic crimes in telecom and IP networks.” T 60 www.teletimesinternational.com 15Oct - 14Nov 2010
Page 1 and 2: www.teletimesinternational.com
Page 3 and 4: In this issue Interview 11 “The t
Page 5 and 6: Latest on VOIP and the need of new
Page 7 and 8: the region, for internet, voice, mo
Page 9 and 10: Teletimes Special Report The intern
Page 11 and 12: Transworld is not as visible to the
Page 13 and 14: Telecommunication Convergence Secur
Page 15 and 16: Telecommunications Sector continues
Page 17 and 18: Dr. Homoud M. Alkussayer is the vic
Page 19 and 20: STC is now improving its presence i
Page 21 and 22: Sandro Dionisi Gearing up for effec
Page 23 and 24: CTO and BroadGroup announce emergin
Page 25 and 26: Grace under Fire! Its more than jus
Page 27 and 28: Etisalat Recognised five times at t
Page 29 and 30: Alcatel-Lucent and Blue Coat form g
Page 31 and 32: AMS-IX, One of the World’s Larges
Page 33 and 34: VimpelCom combines VimpelCom Ltd. (
Page 35 and 36: Asus launches Leading Garmin - ASUS
Page 37 and 38: As the project involves efforts fro
Page 39 and 40: Internet Governance Forum annual me
Page 41 and 42: and offered him $1 million of angel
Page 43 and 44: NetSol Technologies regains full NA
Page 45 and 46: Syed Salman Ahmed Vodacom South Afr
Page 47 and 48: Ivan Ho PCCW Solutions’ innovativ
Page 49: Synchronica receives first certific
Page 53 and 54: Thousands of online banking custome

Oct to Nov 2010 - Teletimes

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?