Your Peace of Mind is our Commitment

Contact Us English Recent Articles

2011 Review

First published: 31st December 2011

Allan Dyer

I don't think that 2011 can be characterised as "The Year Of..." anything in information security, there have been incremental changes in many areas, but nothing really outstanding. Perhaps the message is Stay Vigilant

Identification and Authentication

We are still searching for new methods of identification and authentication, probably because all our current methods have obvious weaknesses. I discussed some of the weak authentication used in Hong Kong in a November article.

January saw reports of Chinese research into gait identification from pressure pads, but it seems a long way from practical deployment.

In March, I discussed the advantages and disadvantages of SMS authentication. In the same month, ElcomSoft showed that Nikon's Image Authentication System, essentially linking a photo with the camera that took it, is broken.

The extent of problems with SMS authentication became clear with malware including the ZeuS variant Mitmo and the Symbian trojan Spitmo intercepting the authentication codes and sending them to attackers.

Social Engineering and User Education

The problems of users being tricked into doing things they shouldn't, of course, continue. Calls from fake "support technicians" were highlighted by David Harley in January. The major 11th March earthquake in Japan led to a variety of scams and hoaxes capitalising on the disaster.

The Hong Kong Police tried to address user-based problems by developing internet usage guidelines for their officers. The Council of Europe has a similar internet safety game aimed at children.

Malware

Microsoft announced the success it had in tackling malware families such as Taterf, Rimecud and Conficker, reducing infection rates by 82% on Windows Vista SP 2. Significantly, this was achieved by turning off Autorun. Remember, starting unidentified software without the user's knowledge is a bad idea.

Government

Botnets are important for criminals in monetising their crimes, but our response is usually limited to disinfecting the endpoints. In April, US authorities controversially took command of the Coreflood botnet when they obtained a court order allowing them to establish a substitute Command and Control system.

In a rather different controversial move, the Chinese Government admitted having a "cyber-army" in May. Whether it is purely defensive, or has offensive capabilities too, was left to speculation. The following month, Chinese military academics compared cyber war to nuclear war and called for a cyber non-proliferation treaty like the Nuclear Non-Proliferation Treaty. The feasibility of this, when, unlike nuclear weapons, anyone with a computer can develop a "cyber weapon", is doubtful. Video footage of apparent Chinese military attack software surfaced in July. The UK and the US both made aggressive announcements on cyber war.

DDoS

The suspension of the Hong Kong Stock Exchange on 10th August because of a DDoS attack highlighted the dangers of taking a too limited view of which systems are mission critical. The trading systems were not attacked, but the regulatory disclosure website, HKExnews became unavailable, thus creating a situation where some investors might be unaware of information that others knew, triggering the suspension. After the attack, alternative news channels were made available and publicised, allowing greater resilience in future. A Hong Kong businessman was arrested later the same month in connection with the attacks.

AVAR Conference

It was a personal privilege for me to welcome participants to the fourteenth Ant-Virus Asia Researchers Annual Conference, held in Hong Kong.