j-j.co.za
Sharing thoughts and ideas on business, security and photographyFollowup on Blackberry Data Useage in South Africa #in
Posted on August 13, 2010Following up on my post around Blackberry data useage found here.
It has now been a week of monitoring my data useage on my Blackberry Bold 9000. Details around my typical useage can be found in the original post so I won’t repeat those here. Needless to say, I am probably a fairly atypical user and certainly on the higher end of useage.
As mentioned last time, I installed David from the Blackberry Appstore so I could monitor my data useage. In the week that has passed my average has been around just over 10 megabytes of data a day. So this would average out to just over 300-320 megabytes for the month.
Blackberry screen capture of data useage for a week
A quick peek on MTN and Vodacom’s websites to see how much it would cost for 300 Meg per month. Vodacom has a data useage calculator tool here. I entered 300 Meg and this is the very helpful response I got back :
Helpful vodacom
So back to the 3 easy steps to see if I could get a different answer. Tried a few other options, same result. Vodacom clearly doesn’t want me to buy 300Meg a month. I browsed around the site but still couldn’t find the price. How hard is it to tell your customers what options there are and how much they would be ? I did find the Blackberry BIS service price which was R59 a month (prepaid). (No link sorry, their website seems to produce session specific links so had to remove it). Try www.vodacom.co.za and let me know if you find the data prices quicker than I did.
MTN was a little easier. I quickly found their data options and an “Extended Data 350″ option which gave the required data amount for R209 a month. That though i then discovered was a complete contract not a bolt on to an existing contract. They have a 300Meg option for the grand price of R149 a month. Not too bad and not too hard to find.
So with some very poor maths and mixing and matching between service providers, it would seem that if I was paying for my data useage on the optimum data contract would cost me R149 a month rather than the Blackberry cost of R59 a month, an additional monthly cost of R90.
Is it any wonder then that people, and particularly teens are going for the Blackberry option? They generally like to use Facebook, Mxit, and are increasingly discovering the joys of a service guaranteed messenger in Blackberry messenger.
I fully expect Blackberry to continue to grow from strength to strength, and really hope that the other providers come out with some kind of competitive option. Increasingly other phones are coming bundled with a small data package, but, 30 Meg of data on an Android device (Bundle with SE X10 Mini) really doesn’t cut it, and can easily be used in an hour at the park.
In summary then, people often ask how good a deal is the Blackberry with unlimited data? Extremely good value for money is the short answer.
Process control / automation control systems /SCADA Security rootkit (Stuxnet) #in
Posted on August 10, 2010Having done a fair amount of work in the area of process control systems, and the design/implementation of control frameworks and minimum standards for these environments in the last few years, I am always interested in reading up on issues and threats being identified in this area.
My experiences have always been that the clients we have dealt with are relatively immature in their dealing with these environments (from an information security point of view) and have been reluctant to acknowledge the threats and take the necessary steps to protect themselves. They are reluctant to even carry out the basics such as patch management and installation of anti-virus, often pressured by the solution vendors not to.
I noticed a short while back that there was some noise of a new “virus” that targeted WinCC, at the time I read about it briefly and was interested to see that it targeted one specific environment and appeared from the comments to have been designed to attack one specific environment.
Details that are emerging now seem to indicate something altogether different. This virus not only targets on specific environment, but is also a security rootkit. It targets Siemens Step7 and WinCC. Step7 is used to program the Programmable Logic Controllers (PLCs) of the Simatic S7 family.
In an updated blog post found here, Symantec explain in a bit more detail the seriousness of what Stuxnet is and what it does :
“Stuxnet has the ability to take advantage of the programming software to also upload its own code to the PLC in an industrial control system that is typically monitored by SCADA systems. In addition, Stuxnet then hides these code blocks, so when a programmer using an infected machine tries to view all of the code blocks on a PLC, they will not see the code injected by Stuxnet. Thus, Stuxnet isn’t just a rootkit that hides itself on Windows, but is the first publicly known rootkit that is able to hide injected code located on a PLC.
In particular, Stuxnet hooks the programming software, which means that when someone uses the software to view code blocks on the PLC, the injected blocks are nowhere to be found. This is done by hooking enumeration, read, and write functions so that you can’t accidentally overwrite the hidden blocks as well.
Stuxnet contains 70 encrypted code blocks that appear to replace some “foundation routines” that take care of simple yet very common tasks, such as comparing file times and others that are custom code and data blocks. Before some of these blocks are uploaded to the PLC, they are customized depending on the PLC.”
Two infographics have been shown in various places (Source : app Symantec), that show the distribution of the worm globally. This is not a localised phenomena that affects just one place in the world.
stuxnet global distribution
Iran, Indonesia and India are the areas most widely hit.
Stuxnet distribution graph
This virus is not just some theoretical proof of concept. In reading through some of the forums I came across this post, which could just as easily have originated from a South African organisation as a foreign one :
“Hi, currently I am in Iran, xxxx commisioning of our project for steel making plant.
We have this virus everywhere here, on WinCC server, clients and so on.
This virus was probably transfered from some USB stick from customer.
In this time I downloading Simatic patch and antivirus software from links above.
I am sure, that I have had this virus minimal one month ago in my project backups too.
So tomorow I try remove this virus and i will inform you. ”
From this it is clear that the environment they are in at least follows the basics of keeping the process control network separate from the organisations administration network and the Internet. This virus is smart, smart enough to know the target environment and run across multiple attack vectors. At very least, this virus is infecting USB memory sticks to get itself across to the process control environment. It is then infecting windows computers through open shares (and other vectors) and then attaching itself to the .DLLs on the WinCC machines and injecting itself into the S7 PLC’s, then modifying code on the PLCs to prevent it’s detection. This is serious stuff and introduces a few degrees more complexity than has been seen before in a worm targeting these sensitive devices.
If that wasn’t bad enough, once this virus has acquired targets, it is then reporting information back to it’s Command and Control centre, and also appears to have the ability to receive remote commands and execute them, as well as download further software from the command centre.
If you run a process control environment / SCADA / PLC’s then you should be concerned. IT security threat to the environment is no longer a theoretical or remote one. It is real, and you could be attacked, if you have not already been. It is important that you have the right governance and processes in place to provide you with both technical and procedural protection against attacks.
Has anyone heard of any infections here in South Africa?
Justin
Further reading:
Stuxnet introduces the first known rootkit for industrial control systems
http://www.symantec.com/connect/blogs/stuxnet-introduces-first-known-rootkit-scada-devices
Findings from the field : Stuxnet and Siemens
http://findingsfromthefield.com/?p=480
The Stuxnet worm and options for remediation : Download PDF from Industrial Defender here or get it from http://www.industrialdefender.com
Blackberry Data useage numbers in SA using DAVID #in
Posted on August 08, 2010I have been curious about Blackberry data useage for a while. The Blackberry contracts (BIS/BES) are around R65/month and include unlimited data for on-device browsing, email, IM, etc. I do a fair amount of browsing on my Blackberry (rather than my Nokia) largely because of the data. I have a small (30 Meg) data bundle on the Nokia and I regularly go over the limit. Not difficult to do given that some web pages (even on the mobile device) take a few hundred K, making it every easy to use a Meg or two reading just a few sites.
The other factor is that Blackberry is said to use a fair degree of compression through the use of their own data proxies and their own services. So how much value for money do I really get out of the Blackberry service?
I looked around for a tool to monitor the useage, and came across a few, but only one seemed as though it would be up to the task, so I downloaded “David” from the blackberry appstore. It is a 60 day trial version, but is more than adequate for monitoring a few days useage.
After 2 days, here is how it’s looking :
Two days useage +- 18 Meg (and after the 1st day it was around 9 Meg).
That includes Twitter, Facebook, Linked In, downloading some apps, browsing the net, BB Messenger etc. I am really impressed with the relatively low data useage given my patterns of useage. Anyhow, some very quick sums and it would be around 270 megabytes of data per month. For the price paid for the BIS/BES useage, that is really good value for money.
I’m probably an outlier on useage, though perhaps not in the top 2% of users. Still, for anybody looking to make decent useage of their mobile device and not to have to worry about crazy high bills, the Blackberry with “uncapped” data useage is a really good deal. BB Messenger also works a good deal better than MXit, they way its integrated into the device and has message delivery and read statuses. No more messages lost in the ether.
I’m interested in hearing about other people’s useage patterns and their thoughts on the Blackberry data bundle and value for money.
Feedback on ISACA KZN chapter meeting control frameworks presentation
Posted on August 07, 2010On Thursday evening (5th August) I presented at the ISACA KZN Chapter meeting. As Chapter coordinator I have the privilege of finding speakers and venues, and from time to time an arranged speaker has other commitments and so is unable to make the presentation. I always try and keep a “backup” presentation of my own and this time around it was my (our) “Tale of two cities – or control frameworks” presentation that was first presented at the IT Web security summit earlier in the year. This time I did the presentation without the assistance of my colleague from Jhb, David Volschenk, as he had other work commitments which prevented him traveling to Durban for the day.
It IT Web we had 45m for the presentation and Q&A so where fairly time constrained and did not have much time at all for discussion or questions. At the Chapter meeting we had much more time to go through the presentation at a leisurely place, have discussion around certain aspects and make it a much more interaction (and fun) session.
There were about 20 people present, representing the consulting firms (EY, PKF, Deloitte), public sector and private sector.
Off the top of my head (I was presenting rather than taking notes 
the main areas of discussion were around :
- Getting executive buy in for the project
- Getting adequate funding
- Instilling change in an organisation where the maturity level is low and the corporate culture is such that the environment is generally poorly controlled
- What the drivers are for the implementation of a control framework, and particularly King 3 and how it is changing perspectives (creating the fire)
- The implications of King 3, and how they will drive change from the top (rather then it being left to middle management to drive failed projects)
- The apparent lack of understanding of King 3 on the part of directors, and how negative statements having to be made in the Annual Financials with respect to King 3 compliance could affect their reputations and those of the organisations they represent (or what happens if they “lie” and put in statements of compliance when they aren’t compliant). Company directors really do need to start taking notice of this.
- The implementation of control frameworks is a long term process, not a quick fix. Deciding 6 months ahead of the King 3 implementation deadline that the organisation needs to be compliant may be an impossible task
In “off the record” discussions after the presentation a number of consultants wanted to know if the failed company (Company B) was actually Company XYZ or Company ABC. The answer each time was know, it wasn’t that company, Company B was a combination of failed projects. That said, the names of companies mentioned by the other parties in each case also were not one of the companies involved in the combined “Company B”. It seems there are a lot of failed control framework and security framework implementations out there.
I really enjoyed the presentation and the discussions that went with it. Thanks to all who attended for your attendance and participation. If you are interested in having further discussions around this, or have me meet with your directors to discuss further, please contact me. j-j (at) worldonline (dot) co (dot) za or on Twitter.
Thanks to Ernst & Young for hosting the chapter meeting.
See you next time at PKF.
Justin
You can find a copy of the presentation in the original article or directly here. More on King 3 here. And get a copy of the King 3 report from the IOD website.
Microsoft’s largest security patch release (ever?) #in
Posted on August 06, 2010Microsoft are set to release their biggest set of patches ever next week Tuesday. According to the Microsoft Security Response Center, Microsoft will issue fourteen Security Bulletins addressing thirty four vulnerabilities, and that excludes the out of band patch release done earlier this week for the LNK vulnerability. The list of affected operating systems includes all supported versions of Windows, as well as various versions of MS Office (for Mac and Windows) and Silverlight. They will also be updating Windows Update, Windows Server Update Services and Microsoft Update.
Microsoft will host a webcast after the patches are released. See the details here.
Find the full content of Microsoft’s bulletin advance notice here.
Network security podcast covers Cisco 2010 Midyear Security Report #in
Posted on August 04, 2010I was listening to the Network Security podcast this morning (Blackhat mini-cast) and they had an interview with Mary Landesman, a Senior Cisco security researcher, who discussed the Cisco 2010 Mid-year security report that is now available. Download here. Direct link to PDF.
Quoting the intro from the report :
The Cisco 2010 Midyear Security Report examines the major forces of change reshaping the global security landscape. These changes demand that organizations rethink their approaches to enterprise security. Current shifts — from the virtualization of operations to collaboration and social networking — provide new opportunities for criminals to infiltrate networks and steal high-value business data.
The Cisco 2010 Midyear Security Report includes:
- Results and analysis from two new Cisco studies — one focused on employee collaboration and the other on the concerns of IT decision-makers worldwide
- International trends in cyber-security and their potential impact on business
- Insight into how hackers penetrate “soft spots” in enterprise security to steal sensitive data and sell it to the highest bidder
- An update on global spam trends since late 2009 and spam volume predictions for 2010
- Guidance from Cisco security experts to help businesses improve their enterprise security by 2011
Read the Cisco 2010 Midyear Security Report, and find the best strategies to help you meet current security demands for your organization.
During the podcast it was also mentioned that Cisco put out weekly and monthly reports. I hadn’t seen these reports before and have just whipped through some quickly and it’s quite interesting, definitely something I will come back to and have a look at on a weekly basis. To quote the site blurb “The weekly Cyber Risk Reports provide strategic intelligence that highlight current security activity. The reports address seven major risk management categories: vulnerability, physical, legal, trust, identity, human, and geopolitical.”
You can find the weekly reports and supporting podcasts here.
ZaCon call for papers closes 20th August 2010 (17 days folks)
Posted on August 03, 2010Just a reminder that the free (low cost) security conference ZaCon is being held on Saturday 9th October 2010 at the University of Joburg.
The call for papers went out some time ago and closes on the 20th August. If you are interested in attending, diarise, if you have something to share then write up that abstract and send it through.
Sophos mid-year 2010 Security Threat Report
Posted on August 03, 2010IT security company Sophos has released its mid-year 2010 Security Threat Report. The report provides some insight into Cybercrime as well as other IT security trends and developments for the first half of 2010.
The report provide a short history and background into the cybercrime economy, then covers some noticeable arrests and sentences over the last 12 months, making for interesting reading. Of particular interest is the particularly “tolerant” attitude of those survyed to government cyber-crime activities.
Some thoughts around social media as an attack vector are also explored, as well as some insights into the threats to the major mobile platforms (iPhone, Blackberry, Android).
The report also provides details on the top malware/spyware hosting countries for January to June 2010.
What people say
Close block