Home Tags Blue Coat

Tag: Blue Coat

In prepared remarks, Symantec CEO Greg Clark focused on corporate synergy following Symantec's $4.6 billion acquisition of Blue Coat last year.
Symantec made multiple acquisitions in 2016, including its $4.65 billion purchase of Blue Coat, and is now benefiting from those assets as it aims to grow in 2017.
TLS 1.3 takes down Chromebooks, PCs Updated  The availability of Transport Layer Security protocol version 1.3 was supposed to make network encryption faster and more secure.…
Guns, bullets, and malware samples—all now controlled under the Wassenaar Arrangement.Aurich Lawson reader comments 0 Share this story If you work involves exploiting vulnerabilities in software, congratulations—you're potentially an arms merchant in the eyes of many governments. Your knowledge about how to hack could be classified as a munition. A United States delegation yesterday failed to convince all of the members of the Wassenaar Arrangement—a 41-country compact that sets guidelines for restricting exports of conventional weapons and "dual use goods"—to modify rules that would place export restrictions on technologies and data related to computer system exploits.

And while the US government has so far declined to implement rules based on the existing convention, other countries may soon require export licenses from anyone who shares exploit data across borders—even in the form of security training. The changes governing "intrusion software" were adopted by the Wassenaar plenary in 2013, and they were set to be implemented by member countries last year.

Those changes were intended to prevent repressive regimes from gaining access to commercial malware—such as the code sold by the Italy-based Hacking Team to Sudan, and the surveillance tools from Blue Coat that were resold to Syria's Assad regime and used to catch dissident bloggers. But when the language of the new controls were passed to the Commerce Department by the State Department for implementation, the new language quickly caused consternation.
Security researchers and industry revolted at the proposed rules, calling them too broad in their definition of "intrusion software." Harley Geiger, the director of public policy at the security testing software firm Rapid7, explained: The US proposed an implementation rule [for the controls].

But it did so knowing there were problems.
So during the course of this year, they did not put forth an implementing rule because they said they did not want to put forth a rule until the problems were resolved. It soon became apparent there was no way to reconcile the concerns raised by security experts with the language of the control agreed upon by the Wassenaar members.
So the US moved to renegotiate the restrictions in March as the new round of negotiations began.

That renegotiation collapsed yesterday. Katie Moussouris, a member of the US Wassenaar delegation, CEO of Luta Security, and former chief policy officer at the bug bounty company HackerOne, said the problem lied in the language of the controls themselves.
She told Ars Technica: It's the words.

Finding precise enough language that translates well into 41 countries' domestic export laws is the challenge here.
It shouldn't surprise anyone that it will take longer than a few months of renegotiation to get consensus on the revised words. Moussouris noted that some of the changes the US wanted were approved, including "more precise 'command and control' terminology that is now in the Arrangement." The previous language could have been construed to include "more routine software," she said—including security software that is purely defensive.

The new language tightens the definition to specifically cover software that controls remote malware. Geiger agreed that there had been some beneficial changes to the Wassenaar Arrangement's language. "But those [changes] were minor," Geiger noted.

The key control language remains in place, and other countries have already begun implementing export controls based on it. Moussouris explained: There has already been a chilling effect on security researchers that we've observed over the past few years, since many are not sure how they are affected. Non-disclosure and decreasing participation among researchers based in Wassenaar countries in international exploitation competitions like Pwn2own has already been observed. As of yet, since the rules have not been implemented in the US, they've had no direct impact on US security firms.

But the rules have been a hindrance for companies with a presence in multiple countries, Geiger said. "US organizations would not have to get export licenses," he explained, "but if they're working with people in another country to receive, that person would be bound by a different set of rules.
If you're working with a partner in another country, it slows down the exchange of information." Geiger said that it could potentially affect companies trying to move data about exploits they were trying to defend against from operations in one country to another—potentially slowing their ability to respond to new threats. "The ongoing uncertainty among security practitioners and researchers will delay the passing between defenders many important exploitation techniques and malicious command and control software samples," Moussouris agreed. "The presence of these controls in their current form only serves to increase disadvantages of defenders by introducing uncertainty and potential delays in passing vital samples and analysis." Now it will be left to the incoming Trump administration to decide how, or if, to implement rules based on the existing agreement, or to return to the negotiating table to hammer out universally acceptable language that fixes the problems with the controls.

And in the meantime, security researchers and companies will have to lobby the governments that are going ahead with rules based on the control to give them more freedom to move information—or deal with the headaches of applying for export licenses.

This could apply to things like training courses for penetration testing and other skills that deal with exploits—companies are likely to run into restrictions about who they can allow to attend those classes, since passing the information to someone from out of the country could be considered the same as exporting a munition without a license. Moussouris is relatively confident that the US will return to the table to reform the restrictions. "It is impossible to predict the next administration's choices here," she said. "But if our new leadership listens to any of the tech giants who were sitting around the table at the recent tech summit, they would all unanimously support the ongoing renegotiation of the Wassenaar Arrangement, as did the bipartisan Congressional Cybersecurity Caucus co-chaired by Congressman Langevin.

This isn't just about clearing the operational path for security research or security tech companies; this is about all technological defense, and the need for Internet defenders to work together in real time across borders."
Symantec CEO looks to grow the capabilities of company's consumer and enterprise business units. Symantec announced on November 21 that it is acquiring identity protection vendor Lifelock, in a deal valued at $2.3 billion.

The deal is expected to close...
NTP.org ntpd prior to 4.2.8p9 contains multiple denial of service vulnerabilities.
Ben Hudsonreader comments 13 Share this story Symantec, one of the biggest consumer computer security firms in the world, is about to become even bigger with plans to buy LifeLock—an identity-theft protection service. The proposed $2.3 billion (£1.86 billion) deal has been okayed by the boards of directors of both companies, and is expected to close in the first quarter of 2017, pending regulatory approval. LifeLock's shareholders will receive $24 (£19.45) per share—a 16 percent premium to its closing price on Friday of $20.75. Symantec, which owns the Norton suite of cybersecurity software, claimed that the deal will make it the world's largest consumer-facing online protection outfit. "As we all know, consumer cybercrime has reached crisis levels. LifeLock is a leading provider of identity and fraud protection services, with over 4.4 million highly-satisfied members and growing. With the combination of Norton and LifeLock, we will be able to deliver comprehensive cyber defence for consumers,” said Symantec chief Greg Clark. The cybersecurity market is growing: it's currently worth around $10 billion (£8.1 billion), while Symantec estimates that the total addressable market in the US alone is 80 million people. Tempe, Arizona-headquartered LifeLock says it provides "proactive identity theft protection services for consumers and consumer risk management services for enterprises." Among other things, it apparently alerts users to unauthorised identity access by monitoring new account openings and credit applications, while it also trains police, government, merchants, and NGOs in identity protection techniques. Symantec is taking on $750 million (£608 million) in new debt to finance the purchase, which follows its acquisition in August of cloud security firm Blue Coat for $4.65 billion (£3.77 billion).

That deal saw Clark—who had been Blue Coat’s CEO—take the helm at Symantec.

The company's former boss, Michael Brown, was ousted earlier this year following disappointing financial results. This post originated on Ars Technica UK
Bid to mitigate damage in face of declining anti-virus sales Symantec has bought identity theft protection firm LifeLock for $2.3bn. The deal, announced Sunday, represents a brave bid by Symantec to shore up a consumer security business eroded by dwindling anti-virus sales. Selling Norton consumer security alongside identity protection and remediation services from LifeLock will enable sustainable "consumer segment revenue and profit growth", according to Symantec.

The security giant said it plans to finance the transaction with cash supplemented by $750m of new debt.

The deal – which is subject to LifeLock stockholder approval and US regulatory approval – is not expected to affect Symantec's FY17 results. Symantec's share price dropped marginally on the announcement of a deal that effectively involves it "doubling down" on the consumer security market.

Data breaches and the identity theft that sometimes results are a growing problem but whether the sometimes controversial LifeLock offers a comprehensive defence is far from convincing. LifeLock's identity theft protection system is designed to alert subscribers about fraudulent applications for loans, credit cards or other financial services. The $2.3bn price tag ($24 per share) offered from Symantec represents a 16 per cent premium on LifeLock's Friday closing share price of $20.75, itself a year-long high. LifeLock was also reportedly being pursued by private equity firms Permira, TPG, and Evergreen Coast Capital, as well as Symantec. Symantec sold data storage software firm Veritas to Carlyle Group for $7.4bn earlier this year.
Since then it has purchased Blue Coat for $4.65bn and now LifeLock for $2.3 billion in a bid to redefine itself as a pure play cybersecurity firm. The purchase price looks high even though LifeLock is profitable.

The company's net income for 3Q16 came out at $14.4m on sales of $170.3m. Last year LifeLock was obliged to pay $100 million to settle charges (PDF) of failing to maintain a comprehensive information security program and deceptive advertising.

The court order followed FTC enforcement action against LifeLock for alleged violations of an earlier 2010 order. ® Sponsored: Customer Identity and Access Management
MatrixSSL contains multiple vulnerabilities Original Release date: 11 Oct 2016 | Last revised: 12 Oct 2016 Overview MatrixSSL, version 3.8.5 and earlier, contains heap overflow, out-of-bounds read, and unallocated memory free operation vulnerabilities. Description CWE-122: Heap-based Buffer Overflow - CVE-2016-6890 The Subject Alt Name field of X.509 certificates is not properly parsed.

A specially crafted certificate may result in a heap-based buffer overflow and arbitrary code execution.CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer - CVE-2016-6891The ASN.1 Bit Field is not properly parsed.

A specially crafted certificate may lead to a denial of service condition due to an out of bounds read in memory.CWE-590: Free of Memory not on the Heap - CVE-2016-6892The x509FreeExtensions() function does not properly parse X.509 certificates.

A specially crafted certificate may cause a free operation on unallocated memory, resulting in a denial of service condition.The CVSS score below describes CVE-2016-6890.

For more information about these vulnerabilities, contact the vendor at support@matrixssl.com or refer to the vendor release notes and the researcher's blog. Impact By causing a server to parse a specially crafted X.509 certificate, a remote, unauthenticated attacker may be able to create a denial of service condition or execute arbitrary code in the context of the SSL stack. Solution Apply an updateThe vendor has released version 3.8.6 to address these issues.

Developers of embedded devices using MatrixSSL should provide firmware updates implementing the fix. Users in general should update to the latest release. Vendor Information (Learn More) Vendor Status Date Notified Date Updated MatrixSSL Affected 26 Aug 2016 11 Oct 2016 ACCESS Unknown 11 Oct 2016 11 Oct 2016 Alcatel-Lucent Unknown 11 Oct 2016 11 Oct 2016 Apple Unknown 11 Oct 2016 11 Oct 2016 Arch Linux Unknown 11 Oct 2016 11 Oct 2016 Arista Networks, Inc. Unknown 11 Oct 2016 11 Oct 2016 Aruba Networks Unknown 11 Oct 2016 11 Oct 2016 AT&T Unknown 11 Oct 2016 11 Oct 2016 Avaya, Inc. Unknown 11 Oct 2016 11 Oct 2016 Barracuda Networks Unknown 11 Oct 2016 11 Oct 2016 Belkin, Inc. Unknown 11 Oct 2016 11 Oct 2016 Blue Coat Systems Unknown 11 Oct 2016 11 Oct 2016 Brocade Communication Systems Unknown 11 Oct 2016 11 Oct 2016 CA Technologies Unknown 11 Oct 2016 11 Oct 2016 CentOS Unknown 11 Oct 2016 11 Oct 2016 If you are a vendor and your product is affected, let us know.View More »CVSS Metrics (Learn More) Group Score Vector Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C Temporal 7.8 E:POC/RL:OF/RC:C Environmental 5.9 CDP:ND/TD:M/CR:ND/IR:ND/AR:ND References Credit Thanks to Craig Young of Tripwire for reporting these vulnerabilities. This document was written by Joel Land. Other Information Feedback If you have feedback, comments, or additional information about this vulnerability, please send us email.
As Oracle extends its embrace of the cloud, it picks up much needed security capabilities. A key theme of Oracle's OpenWorld event this week is the cloud, which is why it should come as no surprise that the company is investing in cloud security. On Sept. 18, Oracle announced that it is acquiring privately held cloud access security broker (CASB) vendor Palerra.

Financial terms of the deal are not being publicly disclosed at this time.Palerra has raised $25 million in venture capital since the company was founded in 2013.

The most recent round of funding came in April 2015, when Palerra raised a $17 million Series B round of funding from investors August Capital, Norwest Venture Partners (NVP), Wing Venture Capital and Engineering Capital.Palerra's core product is Loric, a software-as-a-service (SaaS) offering that can integrate with an enterprise's on-premises security and directory systems. Loric is what is known as a CASB, which is a class of technology that aims to extend existing enterprise security policy and access control to cloud applications that an enterprise might be using.In a 2015 interview with eWEEK, Palerra CEO and founder Rohit Gupta explained that his company's platform also helps enterprises understand cloud security risks. "We offer a simple software-as-a-service platform, and we give clients the ability to model threats and discover breaches and issues in their cloud applications," Gupta said. In a letter to customers, Peter Barker, senior vice president of Identity Management and Security Products at Oracle, wrote that the acquisition of Palerra will help accelerate cloud adoption securely by providing comprehensive identity and security cloud services."The combination of Oracle Identity Cloud Service (IDaaS) and Palerra's CASB solution plan to deliver comprehensive protection for users, applications and APIs, data, and infrastructure to secure customer adoption of cloud," Barker stated.The CASB market has been an active one in the last year, with multiple acquisitions as large vendors aim to enhance their cloud security offerings. Microsoft is among the active participants in the CASB market, following its September 2015 acquisition of CASB vendor Adallom for $320 million.In November 2015, Blue Coat acquired CASB vendor Elastica, while Blue Coat itself was acquired by Symantec in a $4.65 billion deal announced in June 2016.

Also in June, Cisco acquired CASB vendor CloudLock for $293 million, further consolidating the marketplace."Modern enterprises expect to get better visibility, achieve rapid value, and deliver peace of mind to their end-users who access their cloud applications, while making it a seamless and secure user experience," Palerra's Gupta wrote in a blog post. "Palerra has been a pioneer in this new generation of CASB, with a focus on protecting both information and infrastructure in the Cloud."Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.
Would-be hackers that sought out tools to hack Facebook were in fact exploited themselves, new research from Blue Coat Elastica Cloud Threat Labs shows. For those who are looking to hack the Facebook accounts of others, there is a marketplace of Facebook Hacker tools that offer the promise of point-and-click ease.

According to a new report from Blue Coat Elastica Cloud Threat Labs (BCECTL), the promise made by many Facebook Hacker tools is false.Rather than providing access to the Facebook accounts of others, BCECTL found that most Facebook Hacker tools only exploit the users of the tools."The samples we have analyzed don't perform any real Facebook hacking as opposed to what is being claimed," Aditya Sood, director of Security and Elastica Cloud Threat Labs at Blue Coat Elastica, now part of Symantec, told eWEEK.BCECTL looked at multiple tools with various names, including Faceoff Facebook Hacker, Skull Facebook Hacker and Scorpion Facebook Hacker.

The various tools can require the user to input their own Facebook credentials in order to gain some form of access. Sood explained that the way the tools typically work is they will ask the user of the tool to provide the Facebook profile ID to be hacked.

After that, it displays some fake system-critical failure messages.

Following the failure message, the tool will ask the user to provide an activation code to hack into the profile. "When a user clicks the button to obtain an activation code, the browser is redirected back to some unauthorized domain such as http://faceoffactivationcode.com/ that could lead to advertising which might be malicious in nature," Sood said.The various Facebook Hacker tools are shared and promoted in various ways, including via an email phishing campaign.

The attack is targeted against individuals that are interested in getting the private information of other users' Facebook accounts, according to Sood."However, we discovered this attack by analyzing the files hosted on Google Drive as a part of in-house activities to gather more intelligence and feeding that back into the [Blue Coat] product," Sood said.Links to various Facebook Hacker tools were being actively distributed and shared on Google Drive.

BCECTL reported the malicious Google Drive URLs to Google's Safe Browsing report phish link: https://www.google.com/safebrowsing/report_phish/."It's hard to list the numbers, but we have discovered multiple instances [seven-plus] on Google Drive at the moment," Sood said. "We haven't checked on other cloud services or standard domains."The Elastica CloudSOC platform can detect anomalies in the compromised cloud service accounts that are used to host these kinds of tools for abusing the cloud service for unauthorized activities, Sood adding that Symantec/BlueCoat has the ability to dissect the network traffic to look into threats and associated anomalies.

Additionally, the Symantec/BlueCoat global threat intelligence network provides regular updates about the state of URLs, he said.The Facebook Hacker tools are distributed at minimal cost ($20 for two to three months) or free of charge, Sood said. He emphasized that the Facebook Hacker tools are not doing explicit Facebook hacking. Rather, they are stealing end-users' Facebook account credentials, which can be further used to conduct additional sets of attacks, such as drive-by downloading through malicious link sharing in target accounts, stealing private information, phishing and spamming through Facebook messages.Although the report looked at Facebook Hacker tools, there are also similar tools available for Twitter that work the same way."We have seen instances of several domains which claim to hack Twitter but end up in the same behavior," Sood said.Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter
VIDEO: Mike Fey, president and COO of Symantec, discusses how the security giant will differentiate against competitors and help secure users. Mike Fey has had a busy few years.

As of Aug. 1, Fey is the president and chief operating officer of Symantec, after having had the same role at Blue Coat, which was acquired by Symantec in a $4.65 billion deal. Prior to Blue Coat, Fey was the executive vice president and CTO for McAfee at Intel Security until November 2014.At the new Symantec, Fey is helping to align the Blue Coat teams and technology with those of Symantec in a bid to help customers stay secure and outpace industry competition.
In a video interview with eWEEK, Fey details what the combined company is now able to do, the challenges of cloud security and where security is headed.The combined Symantec and Blue Coat resources bring cloud, endpoint and network security assets together. "We move from having what we thought was the most comprehensive cloud platform to now almost being double the offering in the same space," he said.When looking at cloud security, Fey said that what's needed is a shift in thinking about how to protect the cloud generation overall. Rather than a device- or network-centric approach, the Symantec view is to have a user-focused model as part of an overall platform. "People try to shrink the cloud conversation to the area they are good at—that's not the answer," Fey said. "The answer is to focus on the user and following the user, not the device and not where it runs." Fey emphasized that focusing on the user is a shift from the traditional approach of looking at either devices or the network as the basis of security. He noted that if a single device is breached, it's important to understand that the user's credentials and access in other systems are also breached."When we think about protection, we can't just protect the device anymore. We have to protect the user," Fey said. "If a device gets breached we have to ask, What else about the user has also been breached?"Watch the full video interview with Mike Fey below: Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.