R&K Cyber Solutions has licensed Hyperion, a cyber security technology from the Department of Energy’s Oak Ridge National Laboratory (ORNL), which can detect malware by looking inside an executable program to determine the software’s behavior without using its source code or running the program. The Hyperion technology, which has been under development for a decade, offers more comprehensive scanning capabilities than existing cyber security methods.
Computer programs are mathematical artifacts, subject to mathematical analysis. The Hyperion system is based on function extraction (FX) algorithms, first developed by IBM and Carnegie Mellon University and then refined using the high performance computing facility at ORNL, program structuring, behavior computation, and stepwise computation.
Uncovering Malicious Content Before Execution
Hyperion developer Stacy Prowell of ORNL’s Cyber Warfare Research team said:
These behaviors can be automatically checked for known malicious operations as well as domain-specific problems. This technology helps detect vulnerabilities and can uncover malicious content before it has a chance to execute. This approach is better than signature detection, which only searches for patterns of bytes. It’s easy for somebody to hide that – they can break it up and scatter it about the program so it won’t match any signature.
ORNL developed the Hyperion system to compute the behavior of software as a means to gain understanding of software functionality and security properties. Computation of functionality is critical to revealing security attributes, which are, in fact, specialized functional behaviors of software. ORNL collaborated with MITRE Corporation on a demonstration project to compute the behavior of legacy IBM Assembly code for a federal agency. The ultimate goal is to understand functionality and security vulnerabilities for code modernization. The paper “Computing legacy software behavior to understand functionality and security properties: an IBM/370 demonstration” reports on the first phase, to define functional semantics for IBM instructions and conduct behavior computation experiments.
An open access presentation by Rick Linger of ORNL Cyber Security and Information Intelligence Research Group, titled “The Hyperion System: Computing Software Behavior with Function Extraction Technology,” provides in-depth information about the Hyperion system. The presentation includes examples of behavior computation for computer viruses and embedded systems. The last slide states the long-term vision of the project: Computed behavior available for all common software and behavior computation available for one-off software.
Hyperion further strengthens the cyber security of critical energy infrastructure by providing evidence of the secure functioning of energy delivery control system devices without requiring disclosure of the source code. This advances the vision of resilient energy delivery systems designed, installed, operated and maintained to survive a cyber incident while sustaining critical functions, as articulated in the Department of Energy’s Road map to Achieve Energy Delivery Systems Cybersecurity.
R&K Cyber Solutions specializes in information assurance services and certified security processes for the federal government and selected commercial customers. They expect to make the Hyperion technology available in January. CEO Joseph Carter said:
Software behavior computation is an emerging science and technology that will have a profound effect on malware analysis and software assurance. Computed behavior based on deep functional semantics is a much-needed cyber security approach that has not been previously available. Unlike current methods, behavior computation does not look at surface structure. Rather, it looks at deeper behavioral patterns.
Images from ORNL and Shutterstock.
This Tool Lets you Scan the Dark Web for your (Stolen) Personal Data
A recently revealed a dark web scanning service was launched in the UK. The service is called OwlDetect and is available for £3,5 a month. It allows users to scan the dark web in search for their own leaked information. This includes email addresses, credit card information and bank details.
The service reportedly uses online programs and a team of trained experts to scan hundreds of thousands of dark web websites in order to look for their customers’ data. If any personal data is found, the company helps its users act in order to keep themselves safe. It was launched in an attempt to remove reliance on big companies, as users usually only know they were hacked after these companies make it public.
In a few cases, however, the information is revealed a long time after users are hacked. Earlier this year, Yahoo confirmed that, at least 500 million user accounts were compromised by what they believed to be a “state-sponsored actor”. The breach reportedly occurred in 2014, so it took users two years to know they were hacked.
Chairman of the National Cyber Management Centre, and member of OwlDetect’s advisory team, Professor Richard Benham said:
Today the risk of having your personal information compromised is greater than ever. From messaging apps to online shopping and dating websites, we trust a huge number of companies with our details, and there are endless opportunities for those details to fall into the wrong hands.
Crawling the Deep Web
The deep web is, as we all know, beyond the reach of regular search engines. That may be about to change in the future, as more and more tools keep on claiming to be able to crawl it in search for specific information.
According to their website, this new service has a database of stolen data. This database was created over the past 10 years, presumably with the help of their software and team. A real deep web search engine does exist, however.
A few days ago, Hacked.com reported how the Department of Defense’s deep web search engine was to be enhanced by a recent acquisition. This search engine, named Memex, is reportedly able to crawl 90 to 95% of the deep web, presenting its search results in sophisticated infographics.
Image from Shutterstock.
Facebook Looking into “Disrupting Economics” of Fake News Sites
In a Facebook post Friday night, founder of the popular social network Mark Zuckerberg took time to outline the steps the company will take to tackle its “fake news” problem, which has been a hot topic in the wake of the election. One way the social media behemoth plans on doing that is by making sure fake news sites can’t profit.
Mr. Zuckerberg calls it “disrupting fake news economics.”
“A lot of misinformation is driven by financially motivated spam,” he posted. “We’re looking into disrupting the economics with ads policies like the one we announced earlier this week, and better ad farm detection.”
Mr. Zuckerberg underscored that Facebook takes “misinformation serious” and reinforced the company’s goal “to connect people with the stories they find most meaningful.”
The social media tycoon admits “We’ve been working on this problem for a long time.” There’s more work to be done, he says.
“Historically, we have relied on our community to help us understand what is fake and what is not,” he wrote in the long post. “…The problems here are complex, both technically and philosophically. We believe in giving people a voice, which means erring on the side of letting people share what they want whenever possible. We need to be careful not to discourage sharing of opinions or mistakenly restricting accurate content. We do not want to be arbiters of truth ourselves, but instead rely on our community and trusted third parties.”
Mr. Zuckerberg claims the percentage of misinformation is small, then outlines what Facebook will do, including stronger detection, easy reporting by users, third party verification via fact checking organization, warnings for stories flagged as false by other users, and raising bar for articles which appear in related articles suggestions.
“Some of these ideas will work well, and some will not,” he admits. “But I want you to know that we have always taken this seriously, we understand how important the issue is for our community and we are committed to getting this right.”
Image from Shutterstock.
LastPass Password Manager Goes Free Cross-Platform
LastPass, arguably the most widely used password manager around is passing on some welcome news to its users. Starting Wednesday, LastPass users will be able to sync their passwords across multiple devices and platforms, for free.
The cross-platform sync for users’ credentials, previously a perk enjoyed by paying members, will now be enabled for all users and members on the free tier can start using the feature immediately across on multiple devices beyond their desktops or laptops.
Launched in 2008, LastPass has come a long way in becoming a ubiquitous name in password management. Joe Siegrist, founder and general manager of LastPass who made the announcement , sees the move enabling good password habits into becoming the norm. Using a password manager that works everywhere across devices and platforms, he notes, will help users with a strong foundation for securing their identities.
LastPass protects users’ credentials (usernames and passwords) and other data in a vault that’s secured by a master password. The data is encrypted with AES-256 bit encryption with Sha-256 salted hashes, which enables encryption and decryption to take place offline.
The announcement makes for a significant move for LastPass, the second in as many years. In August 2015, LastPass announced that it would enable users to manage their passwords, for free, on any one device. The popular choice was, of course, between desktops or smartphones. Now, users will merely have to put up with ads to use LastPass on their mobile devices once they’re out and about, away from their desktops or laptops.
Just under a year ago, LastPass was acquired by remote-access management provider LogMeIn, in a deal worth $110 million. This year, LastPass was proven to be vulnerable through a phishing attack. Since the revelation, the company has revamped and strengthened its security framework, before eventually launching its own two-factor authentication app, comparable to the likes of Google Authenticator and Authy.
Image from LastPass.
- Technical Analysis: Litecoin Continues Surge as Bi...
- Trade Recommendation: Stellar
- Asian Market Update – Tuesday: Litecoin price skyr...
- Bitcoin Plunges $2,000 on Eve of Futures Contract
- Monero Forges Ahead as Prices Cross $290
- Welcome to the Party
- Ethereum Flirts With Record Highs as Buterin Compa...
- Is Bitcoin Stealing Gold’s Luster? December 12, 2017
- Asian Market Update – Tuesday: Litecoin price skyrockets despite creator’s warning; Asian stocks down December 12, 2017
- Is Bitcoin Driving Gold Prices Lower? December 12, 2017
- Monero Forges Ahead as Prices Cross $290 December 12, 2017
- Ethereum Flirts With Record Highs as Buterin Compares Crypto Surge to Salvator Mundi Auction December 12, 2017
- Altcoin Investing Strategy as Futures Hit the Market December 12, 2017
- Companies are Lining Up to Launch Bitcoin ETF, According to SEC December 12, 2017
- Technical Analysis: Litecoin Continues Surge as Bitcoin Tests Highs December 11, 2017
- Trade Recommendation: Ride ETN and EW on Breakout December 11, 2017
- Trade Recommendation: Buy BBY, ZNH, CLX, and USCR December 11, 2017
A part of CCN
Analysis1 week ago
Long-Term Cryptocurrency Analysis: A Major Top Could Be In
Altcoins1 week ago
IOTA Doing Big Things as Microsoft Partnership Announced
Analysis2 days ago
Long-Term Cryptocurrency Analysis: Look Out Below?
Recommendations4 days ago
Trade Recommendation: Litecoin
Cryptocurrencies1 week ago
Trade Recommendation: Neo
Analysis1 week ago
$100 Litecoin Looks Poised for Greater Upside
Cryptocurrencies1 week ago
Trade Recommendation: Zcash
Cryptocurrencies3 days ago
Trade Recommendation: Stellar