menardconnect.com

Tech, Games, Blogging and Other Random Thoughts

Month: March 2014

TrendLabs Security Intelligence Blog: RSA Conference 2014: The Way Forward

Posted on March 18, 2014  in Technology

I recently attended an information security conference in San Francisco, CA, USA (hence some lull moments with the posting frequency for this blog late last month and early March). I was able to collect some insights and posted them in TrendLabs Security Intelligence Blog. TrendLabs posted it yesterday and so I am reposting it here at menardconnect.com:

RSA Conference 2014: The Way Forward

I attended the RSA 2014 Conference in San Francisco, which has held about two weeks ago. This year the conference offered new insights to today’s threat landscape, which will help us all plan for and protect users in 2014 and beyond.

Largest Security Conference of 2014

The attendance numbers for RSA are always impressive: this year had more than 25,000 attendees, 400+ sponsors and exhibitors, with more than 550 speakers. Such was the number of vendors that two large Exposition Halls – one each in the Moscone Center’s North and South buildings were used for vendor exhibits. The various sessions – including most of the technical track talks I attended – were in the Moscone West hall.

Earlier my colleague JM Hipolito shared her own thoughts about RSA; here is what I found most interesting there.

Opening Keynote: Finding a Path Forward in an Increasingly Conflicted Digital World

The Executive Chairman of RSA, Art Coviello, delivered the opening keynote. He gave his first public comment on the RSA and NSA controversy, as well as the need to separate the NSA’s offensive and defensive functions. But what I will remember most on his keynote is his call to governments and the security industry as a whole to adopt four guiding principles to help maintain a safer Internet for everyone:

  1. Renounce the use of cyberweapons, and the use of the Internet for waging war
  2. Cooperate internationally, in the investigation, apprehension and prosecution of cyber criminals
  3. Ensure that economic activity on the Internet can proceed unfettered and that intellectual property rights are respected
  4. Respect and ensure the privacy of all individuals

He also reiterated the need for the security industry and governments to work hand in hand to create a safer digital world that will benefit this and the generations to come. All of the guiding principles are all equally important, but I would like to highlight the first and second ones as being the most important.

The topic of cyberwar and cyberweapons is very sensitive, but I found the correlation between cyberweaponry and nuclear weapons compelling. I totally agree with Coviello’s statement that “we must have the same abhorrence to cyberwar as we do nuclear and chemical war.”

As for cooperation in prosecuting cybercrime, this is a topic where Trend Micro’s positions are well-known. We’ve frequently spoken about the need for researchers and law enforcement agencies to work together to prosecute the actual “threat actors”, as we believe that this is the most effective way to catch cybercriminals. These partnerships allow researchers and police to combine their strengths and ensure that Our efforts have netted effective results, most recently being the arrest of the creator of SpyEye.

Bitcoin Is Here: How to Become a Successful Bitcoin Thief

Uri Rivner of Biocatch and Etay Maor of Trusteer co-presented the one technical session at RSA dedicated to Bitcoins. They discussed the basics of cryptocurrency and how one can use it. They also discussed the usual use cases of Bitcoin: from creating a wallet and having your very own address, to filling the wallet with Bitcoins using an online Bitcoin exchange.

The highlight of the session for me was the a live demonstration of a hack using a SpyEye variant. In the demo, they performed a man-in-the-browser (MiTB) attack and stole the user’s Bitcoin from his wallet.

They also discussed the top cybercriminal activities that Bitcoin has been tied to. These include phishing attempts to steal Bitcoin-related website credentials, deploying RATs (Remote Access Trojans) to have direct access to desktop wallets, up to using botnets to mine Bitcoins (even though this is no longer particularly attractive).

They also explained why cybercriminals are interested in cryptocurrencies like Bitcoin. Because the cybercriminals believe that cryptocurrencies offers anonymity, they think that these will help in laundering money made from illegal activites. In addition, advanced services available in the cybecrime underground (like Bitcoin fogging services) may enable threat actors to further increase their anonymity tenfold.

In summary, the presenters said that Bitcoin is a new exciting frontier and encouraged everyone in the room to try and delve into it so that they understand its potential. They warned about the increasing phishing and malware attacks related to cryptocurrencies. They also pointed out that online Bitcoin exchanges and online wallets are low hanging fruit that may be a big opportunity for the cybercriminals. (The troubles of many online exchanges recently, including erstwhile leader Mt. Gox, have only reinforced this last point.)

The talk mirrored many of the points we have discussed. In December, we had discussed the possibility of Bitcoin’s then-record prices causing thefts of Bitcoin wallets. We had also earlier discussed how users can help secure their cryptocurrency. Overall, we share their sentiments: Bitcoin is the object of much potential, but is the subject of multiple threats as well.

Original Post from: RSA Conference 2014: The Way Forward

 

Definitely I will do a follow up post/s with my other insights on RSA, the keynotes and on Bitcoin. But not yet sure if it will be for menardconnect.com or my other tech blog.

Like my previous posts on RSA, I would like to convey my thanks to Jonathan and JM for their assistance with the article.

And of course some shout-out to my RSA 2014 buddies (Jamz, Malen, JM and Ian) for their ideas and thoughts that kept me sane in RSA. Another special shout-out to other pinoy AV dudes I’ve met in SF.

Lastly some disclosure:
I work at Trend Micro. The views expressed in this blog post are mine and mine alone and do not necessarily represent my employer’s positions, strategies or opinions.
To know more about me (work and other stuff), kindly visit my about page.
To know more about my blogs full disclosure policy, kindly visit my disclosure page

Until next post…

, , ,

[Top]

Month: March 2014

Free McDonald’s McMuffins for National Breakfast Day on March 17 2014

Posted on March 11, 2014  in Personal Experiences

McDonald’s will be giving away free McDonald’s McMuffins next week, Monday, March 17,2014.

Yes you read it right: FREE McMuffins next Monday March 17,2014 starting at 6AM.

I visited McDonalds in Rockwell Business Center yesterday and took this pic:

20140310_163108

Thank you for awesome mornings! Have a FREE McMuffin!
17 March 2014
6AM-9AM

Checking McDonald’s Philippines Official Website, I confirmed this is a real deal!!!

Just like last year, McDo will be celebrating the biggest breakfast event ever next week, the “National Breakfast Day” all over the Philippines. Free 315,000++ McMuffins! Wow!!!

mcdo-free-mcmuffin-march-17-2014

 

Image Credits: mcdonalds.com.ph

Full text from Mcdonald’s Philippines website below:

On its second year, McDonald’s will be celebrating the biggest breakfast activation by serving more than 315,000 McMuffin sandwiches to customers all over the country. On March 17, 2014, starting at 6:00 AM, all participating McDonald’s breakfast stores nationwide are joining the celebration to say “thank you” to its customers who start their day at McDonald’s. Each participating McDonald’s breakfast store will be giving away free McMuffins to the first 1,000 customers at a first-come-first-serve basis – that’s over 315,000 hot and fresh McMuffins to be given away nationwide via Dine-In, Take-Out, and Drive-Thru.

For complete list of participating stores, click here.

Terms and Conditions

Free 1,000 McMuffin Coupons

  • Coupons valid between 6:00am to 9:00am on the same day only.
  • Only one (1) coupon will be given per customer.
  • Coupon is not for sale.
  • Once customer has surrendered the coupon at the counter, his/her hand will be stamped by the crew to validate that the McMuffin has been received and may not be given another coupon.
  • Only one (1) McMuffin can be claimed per coupon.
  • Only one (1) coupon can be redeemed in a single transaction.
  • No coupon, no free McMuffin.
  • Coupon cannot be converted to cash and/or other McDonald’s products. McDonald’s reserves the right to refuse redemption if coupon was found to be tampered with.
  • Only original McDonald’s issued coupons will be accepted.
  • Free product may vary from illustration.

Per DTI-NCR permit no. 1185, Series of 2014

Still don’t believe me? Then go to Mcdonald’s PH website (Cut & Paste text below to your browser)

https://mcdonalds.com.ph/content/page/national_breakfast_day

So save the date: March 17, 2014 for Free McDonald’s McMuffins for National Breakfast Day!

Hooray for today!!!

Kitakits sa Mcdo!!!

,

[Top]

Month: March 2014

Bangko Sentral ng Pilipinas Advisory on Bitcoin and Other Virtual Currencies

Posted on March 10, 2014  in Technology

And so the Bangko Sentral ng Pilipinas (BSP), the Central Bank of the Philippines already issued an advisory on bitcoin and other cryptocurrencies.

Bitcoin.svg

 

Image Credit: Wikimedia Commons

I believe it’s a good and timely move. But reflecting back, there is really nothing new with this announcement (ok maybe for me and other crypto coins dudes and dudettes out there). But I will reserve my other personal commentaries for a future post.

For now here is the full text of the BSP’s advisory posted at the Bangko Sentral ng Pilipinas official website (http://www.bsp.gov.ph/) last week:

Warning Advisory on Virtual Currencies

03.06.2014

It has come to the attention of the Bangko Sentral ng Pilipinas (BSP) that virtual currencies like Bitcoin are now being exchanged in the Philippines. The public is hereby warned that such exchanges are not regulated by the BSP or by any regulatory authority in the country at this time. Thus, there are no existing regulations which would specifically protect consumers from financial losses if an organization that exchanges or holds virtual currencies fails or goes out of business. Moreover, there is no assurance that the value Bitcoin or any virtual currency would be stable. In fact, its value can be highly volatile.
The BSP will be closely monitoring developments on these virtual currencies particularly on their possible use for money laundering and other illegal purposes, and will adopt appropriate measures as needed.

In the meantime, the public is enjoined to familiarize themselves with some basic information on the subject. Further understanding can be gained through personal researches on the internet and other forms of media.

What you need to know about virtual currencies

A virtual currency is a form of unregulated digital money, meaning it is not issued or guaranteed by a central bank. It allows purchase of both virtual goods (such as in online gaming environments and social network) and real goods and services (such as in retailers, restaurants and other establishments). Unlike electronic money, which is backed by cash for 100% of its stored value, virtual currencies are not backed by any commodity like cash, gold or silver. Rather, they are merely valued subjectively according to one’s ability to exchange them for goods.

Things to think about before buying, holding or trading virtual currencies

  1. You can lose your money through a virtual currency exchange – Exchange platforms are unregulated. If a virtual currency exchange loses or fails, there is no legal protection that covers you for losses arising from any funds you may hold on the said exchange. At present, there have already been a number of cases where virtual currency exchange platforms have gone out of business or have failed.
  2. Virtual currencies in your digital wallet can get stolen – When buying virtual currencies, the same are stored in a “digital wallet,” on a computer, laptop, PC tablet or smart phone. This digital wallet makes use of public and private keys or passwords that allow you to secure your wallet. Still, there have been a number of reported cases whereby consumers lost large amount of virtual currencies from their wallets through hacking. Further, since virtual currencies do not have central organizations that hold and re-issue keys or passwords, losing the key or password to your digital wallet would mean losing your virtual currency forever.
  3. You are not protected when using virtual currencies for payment –Payments made through virtual currencies like Bitcoin are immediate, direct and non-reversible. Further, since the use of virtual currencies is not regulated, there are no existing regulations to protect you in case of unauthorized or incorrect debits made from your digital wallet.
  4. The value of your virtual currencies cannot be guaranteed and can change quickly – The value of virtual currencies has shown several sharp increases for the past year, and several sharp decreases as well. If you buy a virtual currency today, it is quite possible for its value to drop sharply and permanently the next day.
  5. Virtual currencies may be used for money laundering and other illicit activities – Virtual currencies provide consumers with high degree of anonymity and therefore may be used for money laundering and other illicit activities. This illegal use can affect you, as law enforcement agencies may decide to close exchange platforms and prevent you from accessing funds that the platform may be holding for you.

Full text can be found here . Special thanks to Lee Chipongian (@leechipongian) for the link.

I will write more about bitcoin (and maybe other cryptocoins) here at menardconnect.com soon so this will be a good starting post on this topic.

In the mean time, if you want to read more about bitcoins and malware, kindly visit TrendLabs Security Intelligence Blog.

[Top]