SANS's Alan Paller discusses the threat of cyberterrorism on CNN
On the heels of the fake Tweet this past week regarding injury to President Obama, and the subsequent stock market decline estimated to have wiped out $130 billion in stock value, SANS's Alan Paller spoke with CNN's Christine Romans during a Your Money segment on Friday 26 APR. Watch this succinct and impactful interview as they discuss the danger hackers pose to our banks and our economy.
Keywords: CNN cyberterrorism
10 comment(s)
×
Diary Archives
Comments
Moriah
Apr 29th 2013
1 decade ago
Excellent discussion point you culled from the interview.
In my opinion, a dedicated virtual machine is even more optimal. That's precisely how I conduct sensitive work (not just financial). If you're comfortable with Linux or BSD-based operating systems, you have the advantage of a smaller malware target footprint but keep in mind that browser-born attacks know few bounds (Flash and Java). Regardless, a virtual machine, no matter the OS, allows you to work from a current, patched, ideally hardened snapshot, conduct your transaction(s), then revert to the snapshot when finished.
Russ McRee
Apr 29th 2013
1 decade ago
I have used vmware for this for many years, but I am currently switching over to qemu-kvm since I have had problems getting recent vmware versions to install under gentoo linux, which I prefer for its overall flexibility.
Moriah
Apr 29th 2013
1 decade ago
But more seriously, this strategy only guarantees that my access to my sensitive information is from a non-infected machine. How do I know that my bank or stock broker is not vulnerable from third-party attacks. I could still lose my money.
Steve
Apr 29th 2013
1 decade ago
Really? Twitter? What's next, using some kind of text message publishing as an official news source?
What happened was deserved since Twitter shouldn't be treated much different than Facebook.
JacCO
Apr 29th 2013
1 decade ago
Steve - agreed, it won't help if attackers target your bank directly. But (1) more people are victimized financially by user-targeted attacks, so this "only" actually decreases your risk by over 50%, and (2) this answers the question of what you personally can do - you can't force effective security on your bank...
df
Apr 29th 2013
1 decade ago
Regarding using a VM - great idea, but that means you cannot use the host OS for any surfing. It's actually not that hard to do - have a VM for each security context. Use shared storage from the host OS for things that need to pass back and forth (but agian, segregate what each VM can access). Have a VM for goof-off surfing. Have another for somewhat sensitive surfing. Finally, have one for your financials/highly sensitive information. RAM is cheap, storage is cheap. No reason not to do this. But again, don't use the Host OS for anything other than to update the Host OS and update the VM software.
But telling family to do this is complicated. Telling them to get a $300 laptop dedicated for financials is a lot easier.
Jason R
Apr 29th 2013
1 decade ago
JacCO
Apr 29th 2013
1 decade ago
Alan
Apr 30th 2013
1 decade ago
Example: I use a bank register program to keep track of my accounts but since I should wall this off I need to put it on a separate computer than my usual one. So I now need double the desk space or a KVM and the extra knowledge to set one up (or pay someone else to do it if I am not IT savvy). I now have to perform backups on both systems doubling my backup space requirements unless I am only backing up key files, which is a joke with many Windows programs which do not store data where they should but instead store it next to their own program code because Windows does not require their programs to behave better. You still have to patch both systems including A/V which now you have to purchase another license for. And good luck if you need to incorporate any of that bank account information say into a letter to snail mail say authorizing a new signer like your spouse on an account. No person in their right mind is ever going to follow this kind of advice outside of the security community.
Regular users need something far more practical to combat these challenges than taking us back 20 years in computer usability. Please listen to what you are suggesting for people that often don't know what a program vs a document is.
BGC
May 1st 2013
1 decade ago