viaForensics » Hackers steal $6.7 million in bank cyber heist

Hackers steal $6.7 million in bank cyber heist

lhaas — Thu, 19 Jan 2012 15:00:45 +0000

We’ve been preaching for years that organizations needs to take a more proactive approach to their security. Services, such as our liveForensics, add additional layers of security to protect against such breaches.

Unfortunately, the Postbank’s fraud detection system hasn’t performed as it should, and the crime was discovered only after everyone returned to work after the holiday break. Apparently, it should not come as a surprise – according to a banking security expert, “the Postbank network and security systems are shocking and in desperate need of an overhaul.”

The post office and the police have confirmed that the breach happened and that the National Intelligence Agency (NIA) is involved in the investigation. The bank has issued a statement saying that none of its customers’ bank accounts were affected by the heist.

The investigation will hopefully reveal whether the backdoor into the compromised computer was installed by the employee unwittingly or whether the employee was recruited by the gang to allow them access.

via Hackers steal $6.7 million in bank cyber heist.

Mobile security exploits double in 2011, IBM says – channelbuzz.ca

lhaas — Tue, 25 Oct 2011 14:59:35 +0000

What sets viaForensics apart from other security organizations? Our proactive forensic approach, that’s what.

Andrew Hoog would certainly agree with the need for including forensics in daily operational activities. The CIO for Chicago-based viaForensics says his firm provides a unique way for companies to safeguard against mobile app threats and other nefarious cyber-attacks.

In a nutshell, viaForensics is a digital forensics and security firm. It has developed a mobile app security service and it provides a continuous forensic monitoring solution.

“More of our emphasis has been applying forensics proactively to complex security problems. Forensics is a key component to the mobile app security work that we do among other techniques,” he said. “We apply forensics also to more traditional security problems like monitoring and protecting key assets.”

Hoog explained that’s the defining difference between what viaForensics offers versus other security vendors. To its credit, the young firm has been working with a number of Canadian government and law enforcement agencies of late.

“In the past, forensics was a reactive thing that people brought in for certain instances. But if you bring it in in real-time, or proactively, it’s a significant game-changer,” he continued. “What we bring that’s different is a combination of traditional (security) techniques and our forensics layer. We’re on the cutting edge of forensics . . . the other guys may use their traditional techniques or they may buy some software but they’re always going to be a year behind the cybercriminals.”

via Mobile security exploits double in 2011, IBM says.

The Software Industry IS the Problem

lhaas — Fri, 30 Sep 2011 15:30:00 +0000

We have to do something that actually works, as opposed to accepting a security circus in the form of virus or malware scanners and other mathematically proven insufficient and inefficient efforts. We are approaching the point where people and organizations are falling back to pen and paper for keeping important secrets, because they no longer trust their computers to keep them safe.

via The Software Industry IS the Problem

In his article, Poul-Henning Kamp points out that software is not held to the same product liability standards as anything else created in America — and this needs to end. However, he argues that product liability needs to be introduced slowly, rather than imposed all at once. Kamp puts forth his proposal for software liability law.

Cyber warfare defended through forensics – examiner.com

lhaas — Wed, 28 Sep 2011 15:58:56 +0000

Andrew Hoog says old first aid answers to cyber warfare need to be replaced with agressive, pro-active forensics.

In this brief article, Andrew stresses the need for proactive security, something that viaForensics has been working on for several years. We have taken our expertise in computer forensics and applied that to security. Our liveForensics tool allows you to monitor your critical data and ensure that this data is not compromised — even unintentionally.

Hoog says that when forensics are applied pro-actively and aggressively to the cyber security issue it will become a game changer. “This is a powerful ally in the cyber security war,” says Hoog, “it really is a dramatically new way to look at it, and the success that we’ve had in the number of rollouts on this technology have been very, very impressive.”

via Cyber warfare defended through forensics

Hear Andrew speak more about applying forensics to mobile and digital security in his interview on the Promise of Tomorrow with Colonel Mason on the ScienceNews Radio Network.

Review – viaExtract

lhaas — Tue, 13 Sep 2011 15:25:33 +0000

Many thanks to Christopher Vance for is glowing review of viaExtract on the Cellular.Sherlock blog. We’re blushing. As for the minor criticisms — we’re working on it!

The use of the tool is extremely simple and straightforward. Simply pop the device’s MicroSD card and replace it with your own. At this point the tool will place the needed files on the memory card and get to extracting. Like most tools, you’ll need to have USB debugging enabled for this to work. Once the app has grabbed your files, you’ll be given a nice environment to filter out and search for your data.

The tool was extremely quick in extracting the data. I can’t even begin to explain how quick. One one device I tested I blinked and it was done.

I also noticed that this tool worked to acquire data from handsets I couldn’t get with other tools. One notorious is the phone/tablet behemoth known as the Dell Streak Mini 5. This tab-phone (phone-let?) was even running a custom ROM and viaExtract had no problem grabbing the data.

via Review – viaExtract

Find out more about viaExtract here.

Recent security breach points to problems with 3rd party vendors

lhaas — Mon, 12 Sep 2011 17:24:32 +0000

A medical privacy breach led to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes, the hospital has confirmed. The information stayed online for nearly a year.

via Patient Data Posted Online in Major Breach of Privacy

What is most notable about the most recent high profile security breach is that it was caused by a 3rd party vendor. While companies may be doing much to secure their data within their own organizations, there is very little being done to protect this data when in use or in possession of an outside vendor. viaForensics has developed tools to deal with this problem. Read our case study describing how liveForensics kept a financial organization’s data secure while working with a 3rd party vendor.

viaForensics on CompTIA cybersecurity panel

lhaas — Wed, 31 Aug 2011 16:12:05 +0000

viaForensics’ Andrew Hoog participated in a panel discussion: Cybersecurity in the Age of Mobility. Listen to the experts discuss new threats and vulnerabilities for cybersecurity created by mobility and how to promote technological innovation while also providing reasonable protections for management, storage, and transmission of business and consumer data.

Mobile forensics training sessions offered by viaForensics

lhaas — Mon, 22 Aug 2011 20:30:53 +0000

FOR IMMEDIATE RELEASE

Contact:
Andrew Hoog
Chief Investigative Officer
viaForensics
Phone: +1 312-878-1100
http://viaforensics.com/contact-us

Mobile forensics training sessions offered by viaForensics

viaForensics will hold five mobile forensics training sessions in Mississauga, Ontario, this October.

Chicago, August 22, 2011 – viaForensics will hold five mobile forensics training sessions covering Linux use in forensics, iPhone forensics, Android forensics, advanced mobile forensics, and advanced file carving. The sessions will be held at the Peel Police Department in Mississauga, Ontario, October 3-7, 2011. Each training session is an independent one-day workshop. Attendees can register for one day or several trainings.

Registration information is available on the viaForensics website. This workshop is limited to law enforcement personnel.

The October 3 session, Introduction to Linux Forensics, outlines useful forensic utilities used in the Linux environment. This course provides a foundation for the following days’ courses, providing an overview of Linux in mobile forensics. The October 4, 5, and 6 sessions cover iPhone forensics, Android forensics, and advanced mobile forensics respectively. All three discuss the intricacies of extracting and analyzing data from the different platforms. The final Advanced File Carving session on October 7 teaches investigators how to effectively use header information to carve deleted data from partially fragmented or deleted database files.

More detailed course descriptions and registration information is provided on the viaForensics website under the Education heading. http://viaforensics.com/education/calendar/

About viaForensics

viaForensics is an innovative digital forensics and security firm providing services to corporations, law firms and law enforcement/government agencies. Areas of focus include computer and mobile forensics, mobile app security, enterprise security, information security and penetration testing, and forensics training. As the leading experts on Android and iPhone forensics, viaForensics has developed a suite of unique products and services to serve the mobile and enterprise security needs of organizations.

###

Two books available on mobile forensics — get your copy now!

lhaas — Fri, 05 Aug 2011 14:41:41 +0000

Andrew Hoog and Katie Strzempka of viaForensics, who have both authored books on mobile forensics — one on iPhone forensics, the other on Android forensics — are in a friendly competition to see which book sells more. Give one of them your vote by ordering a book!

Android Forensics: Investigation, Analysis and Mobile Security for Google Android

(Note the 5 Star reviews!)

iPhone and iOS Forensics: Investigation, Analysis and Mobile Security for Apple iPhone, iPad and iOS Devices

IBM speeds storage with flash: 10B files in 43 minutes

lhaas — Thu, 28 Jul 2011 16:21:44 +0000

With an eye toward helping tomorrow’s data-deluged organizations, IBM researchers have created a super-fast storage system capable of scanning in 10 billion files in 43 minutes.

This system handily bested their previous system, demonstrated at Supercomputing 2007, which scanned 1 billion files in three hours.

Key to the increased performance was the use of speedy flash memory to store the metadata that the storage system uses to locate requested information. Traditionally, metadata repositories reside on disk, access to which slows operations.

“If we have that data on very fast storage, then we can do those operations much more quickly,” said Bruce Hillsberg, director of storage systems at IBM Research Almaden, where the cluster was built. “Being able to use solid-state storage for metadata operations really allows us to do some of these management tasks more quickly than we could ever do if it was all on disk.”

IBM foresees that its customers will be grappling with a lot more information in the years to come.

via IBM speeds storage with flash: 10B files in 43 minutes