Windows 95 Virus-Boza Announced

It would appear that an Austrailian “hacker” may have created the first computer virus specifically targeted at Microsoft’s Windows 95 program, according to British researchers. The virus can corrupt executable programs, and potentially be spread to other computers. It is allegedly the first virus that is written specifically for Windows 95.

Although the virus doesn’t appear to be well-written, “Boza will go down in history,” according to the Associated Press (AP) and British anti-virus specialist Paul Ducklin. Analysts have named the virus “Boza” after a Bulgarian liquor “so powerful that just looking at it will give you a headache,” Ducklin said. Fortunately for Windows 95 users, the virus also does not appear particularly contagious, if proper precautions are taken. The problem is vested in a sharing of software programs, which is already illegal (and certainly unwise) in most countries. To infect someone else’s machine, they would have to be given an infected program, and they would have to run it. The program could then infect that host machine and begin to replicate.

 

Ducklin said Boza is not generally being distributed on networks or among users’ personal computers. So far, it appears to be circulating mainly among anti-virus researchers. Software has reportedly already been developed to destroy it. Computer analysts do not know who made the virus, although there may be a clue in one of the messages that Boza can display on computer screens: “VLAD Australia does it again with the world’s first Win95 virus.” VLAD is thought by counter-virus analysts to be a Bulgarian-based international group of virus writers, who have previously developed several insidious and destructive pieces of computer code.

 

Anti-virus investigators say that they are concerned that Microsoft released Windows 95 in August without any sort of anti-virus program that could detect and kill 32 bit viruses. Boza is allegedly written specifically to corrupt 32-bit programs, like Windows 95. According to other press reports, Microsoft already had to fight an unconfirmed, but widely distributed, report that at least one version of Windows 95 came with a virus already on the installation diskettes. ERRI again reminds computer users to practice “safe computing”; back-up frequently, don’t share copyrighted programs, and run a competent anti-virus program on a constant basis.

(c) EmergencyNet News Service, 1996, All applicable rights reserved.

Google chrome strange bug !!!

Google Chrome is asking to install Firefox in order to install Google toolbar inside Chrome !!!

Wired ? I tried installing google toolbar for Chrome. When I just pressed ” Agree and Install “, Chrome throws a message box that it needs Firefox 3.0 or better and if I click upgrade, it just takes me to the mozilla website.

Very strange … I was thinking, if some one could change local host file to point malicious mozilla site and ask users to install Google toolbar in Chrome … Phishing !!! …

moreover Chrome directly downloads the .exe file …

any one faced similar issue ?

regmon

regmon and filemon are the two important tools used in malware analysis.

any malware, when it first infects the Windoze box, it infects the registry. the reason behind this is to make sure that the malware runs every time windoze boots up and to disable other security settings of windoze / av’s.

regmon tool basically monitors any access to the registry. there are about 14 – 16 routines in the windoze kernel (also called virtual machine manager) which deals with all i/o operations on registry. the technique is like the old TSR and IVT hooking one, where regmon hooks into these chain and anything accessing these routines will pass through regmon as well.

during DOS days all viruses will try to hook themselves into interrupt vector table and put themselves in TSR mode. the same applies in windoze with some fancy names. regmon’s heart is the regvxd.vxd code. this inserts or hooks itself into those 16 routines. regvxd.vxd is a Virtual Device Driver.

so before loading the malware, take a snapshot of the registry using regmon. then load the malware into the sandbox or the VM system and run the regmon. regmon clearly shows what all the key / values got changed ..

more coming …

get regmon from here http://technet.microsoft.com/en-us/sysinternals/bb896652.aspx

from the oneha|f Lab
(oneh.wordpress.com)

Top 10 Most Famous Hackers of All Time

Get to know these notorious hackers, famous for wreaking havoc and driving technological innovation.

 

 

The portrayal of hackers in the media has ranged from the high-tech super-spy, as in Mission Impossible where Ethan Hunt repels from the ceiling to hack the CIA computer system and steal the “NOC list,” to the lonely anti-social teen who is simply looking for entertainment.

 

 

The reality, however, is that hackers are a very diverse bunch, a group simultaneously blamed with causing billions of dollars in damages as well as credited with the development of the World Wide Web and the founding of major tech companies. In this article, we test the theory that truth is better than fiction by introducing you to ten of the most famous hackers, both nefarious and heroic, to let you decide for yourself.

 

Black Hat Crackers

 

The Internet abounds with hackers, known as crackers or “black hats,” who work to exploit computer systems. They are the ones you’ve seen on the news being hauled away for cybercrimes. Some of them do it for fun and curiosity, while others are looking for personal gain. In this section we profile five of the most famous and interesting “black hat” hackers.

 

Jonathan James: James gained notoriety when he became the first juvenile to be sent to prison for hacking. He was sentenced at 16 years old. In an anonymous PBS interview, he professes, “I was just looking around, playing around. What was fun for me was a challenge to see what I could pull off.”

 

James’s major intrusions targeted high-profile organizations. He installed a backdoor into a Defense Threat Reduction Agency server. The DTRA is an agency of the Department of Defense charged with reducing the threat to the U.S. and its allies from nuclear, biological, chemical, conventional and special weapons. The backdoor he created enabled him to view sensitive emails and capture employee usernames and passwords.

 

James also cracked into NASA computers, stealing software worth approximately $1.7 million. According to the Department of Justice, “The software supported the International Space Station’s physical environment, including control of the temperature and humidity within the living space.” NASA was forced to shut down its computer systems, ultimately racking up a $41,000 cost. James explained that he downloaded the code to supplement his studies on C programming, but contended, “The code itself was crappy . . . certainly not worth $1.7 million like they claimed.”

 

Given the extent of his intrusions, if James, also known as “c0mrade,” had been an adult he likely would have served at least 10 years. Instead, he was banned from recreational computer use and was slated to serve a six-month sentence under house arrest with probation. However, he served six months in prison for violation of parole. Today, James asserts that he’s learned his lesson and might start a computer security company.

 

Adrian Lamo: Lamo’s claim to fame is his break-ins at major organizations like The New York Times and Microsoft. Dubbed the “homeless hacker,” he used Internet connections at Kinko’s, coffee shops and libraries to do his intrusions. In a profile article, “He Hacks by Day, Squats by Night,” Lamo reflects, “I have a laptop in Pittsburgh, a change of clothes in D.C. It kind of redefines the term multi-jurisdictional.”

 

Lamo’s intrusions consisted mainly of penetration testing, in which he found flaws in security, exploited them and then informed companies of their shortcomings. His hits include Yahoo!, Bank of America, Citigroup and Cingular. When white hat hackers are hired by companies to do penetration testing, it’s legal. What Lamo did is not.

 

When he broke into The New York Times’ intranet, things got serious. He added himself to a list of experts and viewed personal information on contributors, including Social Security numbers. Lamo also hacked into The Times’ LexisNexis account to research high-profile subject matter.

 

For his intrusion at The New York Times, Lamo was ordered to pay approximately $65,000 in restitution. He was also sentenced to six months of home confinement and two years of probation, which expired January 16, 2007. Lamo is currently working as an award-winning journalist and public speaker.

 

Kevin Mitnick: A self-proclaimed “hacker poster boy,” Mitnick went through a highly publicized pursuit by authorities. His mischief was hyped by the media but his actual offenses may be less notable than his notoriety suggests. The Department of Justice describes him as “the most wanted computer criminal in United States history.” His exploits were detailed in two movies: Freedom Downtime and Takedown.

 

Mitnick had a bit of hacking experience before committing the offenses that made him famous. He started out exploiting the Los Angeles bus punch card system to get free rides. Then, like Apple co-founder Steve Wozniak, dabbled in phone phreaking. Although there were numerous offenses, Mitnick was ultimately convicted for breaking into the Digital Equipment Corporation’s computer network and stealing software.

 

Mitnick’s mischief got serious when he went on a two and a half year “coast-to-coast hacking spree.” The CNN article, “Legendary computer hacker released from prison,” explains that “he hacked into computers, stole corporate secrets, scrambled phone networks and broke into the national defense warning system.” He then hacked into computer expert and fellow hacker Tsutomu Shimomura’s home computer, which led to his undoing.

 

Today, Mitnick has been able to move past his role as a black hat hacker and become a productive member of society. He served five years, about 8 months of it in solitary confinement, and is now a computer security consultant, author and speaker.

 

Kevin Poulsen: Also known as Dark Dante, Poulsen gained recognition for his hack of LA radio’s KIIS-FM phone lines, which earned him a brand new Porsche, among other items. Law enforcement dubbed him “the Hannibal Lecter of computer crime.”

 

Authorities began to pursue Poulsen after he hacked into a federal investigation database. During this pursuit, he further drew the ire of the FBI by hacking into federal computers for wiretap information.

 

His hacking specialty, however, revolved around telephones. Poulsen’s most famous hack, KIIS-FM, was accomplished by taking over all of the station’s phone lines. In a related feat, Poulsen also “reactivated old Yellow Page escort telephone numbers for an acquaintance who then ran a virtual escort agency.” Later, when his photo came up on the show Unsolved Mysteries, 1-800 phone lines for the program crashed. Ultimately, Poulsen was captured in a supermarket and served a sentence of five years.

 

Since serving time, Poulsen has worked as a journalist. He is now a senior editor for Wired News. His most prominent article details his work on identifying 744 sex offenders with MySpace profiles.

 

Robert Tappan Morris: Morris, son of former National Security Agency scientist Robert Morris, is known as the creator of the Morris Worm, the first computer worm to be unleashed on the Internet. As a result of this crime, he was the first person prosecuted under the 1986 Computer Fraud and Abuse Act.

 

Morris wrote the code for the worm while he was a student at Cornell. He asserts that he intended to use it to see how large the Internet was. The worm, however, replicated itself excessively, slowing computers down so that they were no longer usable. It is not possible to know exactly how many computers were affected, but experts estimate an impact of 6,000 machines. He was sentenced to three years’ probation, 400 hours of community service and a fined $10,500.

 

Morris is currently working as a tenured professor at the MIT Computer Science and Artificial Intelligence Laboratory. He principally researches computer network architectures including distributed hash tables such as Chord and wireless mesh networks such as Roofnet.

 

White Hat Hackers

 

Hackers that use their skills for good are classified as “white hat.” These white hats often work as certified “Ethical Hackers,” hired by companies to test the integrity of their systems. Others, operate without company permission by bending but not breaking laws and in the process have created some really cool stuff. In this section we profile five white hat hackers and the technologies they have developed.

 

Stephen Wozniak: “Woz” is famous for being the “other Steve” of Apple. Wozniak, along with current Apple CEO Steve Jobs, co-founded Apple Computer. He has been awarded with the National Medal of Technology as well as honorary doctorates from Kettering University and Nova Southeastern University. Additionally, Woz was inducted into the National Inventors Hall of Fame in September 2000.

 

Woz got his start in hacking making blue boxes, devices that bypass telephone-switching mechanisms to make free long-distance calls. After reading an article about phone phreaking in Esquire, Wozniak called up his buddy Jobs. The pair did research on frequencies, then built and sold blue boxes to their classmates in college. Wozniak even used a blue box to call the Pope while pretending to be Henry Kissinger.

 

Wozniak dropped out of college and came up with the computer that eventually made him famous. Jobs had the bright idea to sell the computer as a fully assembled PC board. The Steves sold Wozniak’s cherished scientific calculator and Jobs’ VW van for capital and got to work assembling prototypes in Jobs’ garage. Wozniak designed the hardware and most of the software. In the Letters section of Woz.org, he recalls doing “what Ed Roberts and Bill Gates and Paul Allen did and tons more, with no help.” Wozniak and Jobs sold the first 100 of the Apple I to a local dealer for $666.66 each.

 

Woz no longer works full time for Apple, focusing primarily on philanthropy instead. Most notable is his function as fairy godfather to the Los Gatos, Calif. School District. “Wozniak ‘adopted’ the Los Gatos School District, providing students and teachers with hands-on teaching and donations of state-of-the-art technology equipment.”

 

Tim Berners-Lee: Berners-Lee is famed as the inventor of the World Wide Web, the system that we use to access sites, documents and files on the Internet. He has received numerous recognitions, most notably the Millennium Technology Prize.

 

While a student at Oxford University, Berners-Lee was caught hacking access with a friend and subsequently banned from University computers. w3.org reports, “Whilst [at Oxford], he built his first computer with a soldering iron, TTL gates, an M6800 processor and an old television.” Technological innovation seems to have run in his genes, as Berners-Lee’s parents were mathematicians who worked on the Manchester Mark1, one of the earliest electronic computers.

 

While working with CERN, a European nuclear research organization, Berners-Lee created a hypertext prototype system that helped researchers share and update information easily. He later realized that hypertext could be joined with the Internet. Berners-Lee recounts how he put them together: “I just had to take the hypertext idea and connect it to the TCP and DNS ideas and – ta-da! – the World Wide Web.”

 

Since his creation of the World Wide Web, Berners-Lee founded the World Wide Web Consortium at MIT. The W3C describes itself as “an international consortium where Member organizations, a full-time staff and the public work together to develop Web standards.” Berners-Lee’s World Wide Web idea, as well as standards from the W3C, is distributed freely with no patent or royalties due.

 

Linus Torvalds: Torvalds fathered Linux, the very popular Unix-based operating system. He calls himself “an engineer,” and has said that his aspirations are simple, “I just want to have fun making the best damn operating system I can.”

 

Torvalds got his start in computers with a Commodore VIC-20, an 8-bit home computer. He then moved on to a Sinclair QL. Wikipedia reports that he modified the Sinclair “extensively, especially its operating system.” Specifically, Torvalds hacks included “an assembler and a text editor…as well as a few games.”

 

Torvalds created the Linux kernel in 1991, using the Minix operating system as inspiration. He started with a task switcher in Intel 80386 assembly and a terminal driver. After that, he put out a call for others to contribute code, which they did. Currently, only about 2 percent of the current Linux kernel is written by Torvalds himself. The success of this public invitation to contribute code for Linux is touted as one of the most prominent examples of free/open source software.

 

Currently, Torvalds serves as the Linux ringleader, coordinating the code that volunteer programmers contribute to the kernel. He has had an asteroid named after him and received honorary doctorates from Stockholm University and University of Helsinki. He was also featured in Time Magazine’s “60 Years of Heroes.”

 

Richard Stallman: Stallman’s fame derives from the GNU Project, which he founded to develop a free operating system. For this, he’s known as the father of free software. His “Serious Bio” asserts, “Non-free software keeps users divided and helpless, forbidden to share it and unable to change it. A free operating system is essential for people to be able to use computers in freedom.”

 

Stallman, who prefers to be called rms, got his start hacking at MIT. He worked as a “staff hacker” on the Emacs project and others. He was a critic of restricted computer access in the lab. When a password system was installed, Stallman broke it down, resetting passwords to null strings, then sent users messages informing them of the removal of the password system.

 

Stallman’s crusade for free software started with a printer. At the MIT lab, he and other hackers were allowed to modify code on printers so that they sent convenient alert messages. However, a new printer came along – one that they were not allowed to modify. It was located away from the lab and the absence of the alerts presented an inconvenience. It was at this point that he was “convinced…of the ethical need to require free software.”

 

With this inspiration, he began work on GNU. Stallman wrote an essay, “The GNU Project,” in which he recalls choosing to work on an operating system because it’s a foundation, “the crucial software to use a computer.” At this time, the GNU/Linux version of the operating system uses the Linux kernel started by Torvalds. GNU is distributed under “copyleft,” a method that employs copyright law to allow users to use, modify, copy and distribute the software.

 

Stallman’s life continues to revolve around the promotion of free software. He works against movements like Digital Rights Management (or as he prefers, Digital Restrictions Management) through organizations like Free Software Foundation and League for Programming Freedom. He has received extensive recognition for his work, including awards, fellowships and four honorary doctorates.

 

Tsutomu Shimomura: Shimomura reached fame in an unfortunate manner: he was hacked by Kevin Mitnick. Following this personal attack, he made it his cause to help the FBI capture him.

 

Shimomura’s work to catch Mitnick is commendable, but he is not without his own dark side. Author Bruce Sterling recalls: “He pulls out this AT&T cellphone, pulls it out of the shrinkwrap, finger-hacks it, and starts monitoring phone calls going up and down Capitol Hill while an FBI agent is standing at his shoulder, listening to him.”

 

Shimomura out-hacked Mitnick to bring him down. Shortly after finding out about the intrusion, he rallied a team and got to work finding Mitnick. Using Mitnick’s cell phone, they tracked him near Raleigh-Durham International Airport. The article, “SDSC Computer Experts Help FBI Capture Computer Terrorist” recounts how Shimomura pinpointed Mitnick’s location. Armed with a technician from the phone company, Shimomura “used a cellular frequency direction-finding antenna hooked up to a laptop to narrow the search to an apartment complex.” Mitnick was arrested shortly thereafter. Following the pursuit, Shimomura wrote a book about the incident with journalist John Markoff, which was later turned into a movie.

What is DNS? – Part II

 

DNS is nothing but a Domain Name System, which is responsible for giving out the IP addresses for the web names. For example, the IP address for yahoo.com is 206.190.60.37. It is almost difficult to remember these numbers, whenever you want to access yahoo.com. It is better we give this job to someone else, and we can ask that someone, whenever we want to know the IP for a name. And that someone is nothing but the DNS Server. And the process in which the name is getting translated into IP is called as “Address Resolution “.

 

 

How does Address Resolution happen? – By Theory

 

In theory, host name will have multiple names or segments.

 

hostname.domain.topleveldomin

 

 

For example let us take an example of the following address:

 

mail.yahoo.com

 

Here mail is nothing but a hostname, yahoo will be the domain and .com is the top level domain.

 

When a query is made to find out (resolve) the IP address for mail.yahoo.com, the software interprets this name from right to left and divides this name into multiple segments. This query will be recursive in order to get the final IP address. For example, in order to resolve the IP address for mail.yahoo.com, following will be the steps in theory:

1) The local systems will be configured with the addresses of root servers.

2) The root server will be queried to find out the name server of the top level domain (where is .com name server). In this case the top level domain (TLD) is .com. The reply will be the address of the name server for the .com TLD.

3) Now the TLD name server will be queried for yahoo.com (where is yahoo.com name server). The reply from the TLD name server will be the IP address of the name server of Yahoo.

4) As the final step, the Yahoo’s name server will be queried for mail.yahoo.com (where is mail.yahoo.com). The reply to this query will be the actual IP address of mail.yahoo.com.

the new DNS Bug! – Part I

1.  Introduction

 

The recent vulnerability in DNS (Domain Name System) discovered by Dan Kaminsky created a havoc in the information security field. With lots of speculations and questions revolving around this bug, in this article I will try to explain the attack vector and implications of this vulnerability. At the time of writing this, none apart from Kaminsky knows the actual details of this bug. In this document, I have tried to collect the information from various web sites, security researchers and tried putting all information in more understandable way. Though the information is not available to public, Kaminsky has planned to disclose the details bug during the Blackhat conference.

 

The nature of the bug is very alarming since it affects every DNS vendors. Since the whole internet runs on DNS, the impact could be huge when this can be exploited.

 

The way Kaminsky coordinated with all vendors for releasing massive patches is the first time in the history of developing a patch. Engineers from all major DNS vendors met in the Microsoft campus along with Kaminsky to work in patching the bug. The most interesting part of this bug is that, it is not possible to discover the details of the bug by reverse engineering the patch.

 

So let us try to explore about this bug based on the information available in the internet, as this is the current happening topic in the security domain.

The 25 Year Old BSD Bug

1983. The year of the IBM PC XT, the Apple Lisa, Pioneer 10 leaving the solar system, and Hooters opening up shop in Florida. It’s also the birthyear of a 25 year old BSD bug, squashed only a few days ago.

A few days ago, Marc Balmer, OpenBSD developer, received an email from an OpenBSD user. The email claimed that SAMBA would crash when serving files off an MS-DOS filesystem. Balmer got into contact with a few SAMBA developers who claimed that SAMBA uses a special workaround in order to function properly on BSD systems: the code for reading directories in all BSDs was flawed.

Understandably, Balmer’s first reaction was disbelief. “Of course my first reaction was to blame Samba,” he writes. Despite his initial reaction, he decided to dig deeper into this case, and he uncovered a bug that had been sitting in the code of all BSDs (including Mac OS X), including a lot of old releases. He confirmed the bug was already in 4.2BSD, released in August of 1983.

The bug itself? Well, I’m no programmer so the actual code is kind of gibberish to me, but I think I get the gist of the problem.

This code will not work as expected when seeking to the second entry of a block where the first has been deleted: seekdir() calls readdir() which happily skips the first entry (it has inode set to zero), and advance to the second entry. When the user now calls readdir() to read the directory entry to which he just seekdir()ed, he does not get the second entry but the third.

Marshall Kirk McKusick, the original developer of the *dir() library, commented on the issue in a personal conversation with Balmer:

As the original author of the *dir() library, you probably fixed one of my bugs . Prior to the *dir() commands, programs just opened, read, and interpreted directories directly. I had to update a shocking 22 programs (a large percentage of the programs available on UNIX at the time) to replace their direct interpretation of directories with the *dir() library calls.

This little bug’s fix was actually fairly trivial (as is common with these sorts of long-standing bugs): “The fix is surprisingly simple, not to say trivial: _readdir_unlocked() must not skip directory entries with inode set to zero when it is called from __seekdir().”

“Sorry that it took us almost twenty-five years to fix it,” Balmer adds, jokingly.

VXers slap copyright notices on malware

Malware authors have lifted a page from the legit software industry’s rule book and are slapping copyright notices on their Trojans.

One Russian-based outfit has claimed violations of its “licensing agreement” by its underworld customers will result in samples of the knock-off code being sent to anti-virus firms.

The sanction was spotted in the help files of a malware package called Zeus, detected by security firm Symantec as “Infostealer Banker-C”. Zeus is offered for sale on the digital underground, and its creators want to protect their revenue stream by making the creation of knock-offs less lucrative.

The copyright notice, a reflection of a lack of trust between virus creators and their customers, is designed to prevent the malware from being freely distributed after its initial purchase. There’s no restriction on the number of machines miscreants might use the original malware to infect.

Virus writers are essentially relying on security firms to help them get around the problem that miscreants who buy their code to steal online banking credentials have few scruples about ripping it off and selling it on.

In a blog posting, Symantec security researchers have posted screen shots illustrating the “licensing agreement” for Infostealer Banker-C.

The terms of this licensing agreement demands clients promise not to distribute the code to others, and pay a fee for any update to the product that doesn’t involve a bug fix. Reverse engineering of the malware code is also verboten.

“These are typical restrictions that could be applied to any software product, legitimate or not,” writes Symantec researcher Liam O’Murchu, adding that the most noteworthy section deals with sanctions for producing knock-off code (translation below).

In cases of violations of the agreement and being detected, the client loses any technical support. Moreover, the binary code of your bot will be immediately sent to antivirus companies.
Despite the warning copies of the malware were traded freely on the digital underground days after its release, Symantec reports. “It just goes to show you just can’t trust anyone in the underground these days,” O’Murchu notes

The Race to Zero

The Race to Zero contest is being held during Defcon 16 at the Riviera Hotel in Las Vegas, 8-10 August 2008.

The event involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines if the sample is a known threat. The first team or individual to pass their sample past all antivirus engines undetected wins that round. Each round increases in complexity as the contest progresses.

There are a number of key ideas we want to get across by running this event:

1. Reverse engineering and code analysis is fun.

2. Not all antivirus is equal, some products are far easier to circumvent than others. Poorly performing antivirus vendors should be called out.

3. The majority of the signature-based antivirus products can be easily circumvented with a minimal amount of effort.

4. The time taken to modify a piece of known malware to circumvent a good proportion of scanners is disproportionate to the costs of antivirus protection and the losses resulting from the trust placed in it.

5. Signature-based antivirus is dead, people need to look to heuristic, statistical and behaviour based techniques to identify emerging threats

6. Antivirus is just part of the larger picture, you need to look at controlling your endpoint devcies with patching, firewalling and sound security policies to remain virus free.

We are not creating new viruses and modified samples will not be released into the wild, contrary to the belief of some media organisations

Above all we want the contestants to have fun!

Encryption could make you more vulnerable, warn experts

The use of data encryption could make organizations vulnerable to new risks and threats, a panel of security experts warned Monday.

Many organizations are encrypting their stored data to relieve concerns over data theft or loss – for example, U.S. mandatory disclosure laws on data breaches do not apply to encrypted data.

However, experts from IBM Internet Security Systems, Juniper, nCipher and elsewhere said that data encryption also brings new risks, in particular via attacks – deliberate or accidental – on the key management infrastructure.

The change comes particularly with the shift from encrypting data in transit to encrypting stored data – often in response to regulatory demands – said Richard Moulds, nCipher’s product strategy EVP.

“Lot of organizations are new to encryption,” he added. “Their only exposure to it has been with SSL, but that’s just a session. When you shift to data at rest and encrypt your laptop, if you lose the key you trash your data – it’s a self-inflicted denial-of-service attack.

“Organizations experienced with encryption are standing back and saying this is potentially a nightmare. It is potentially bringing your business to a grinding halt.”

Encryption is also as big an interest for the bad guys as the good guys, warned Anton Grashion, European security strategist for Juniper. “As soon as you let the cat out of the bag, they’ll be using it too,” he said. “For example, it looks like a great opportunity to start attacking key infrastructures.”

“It’s a new class of DoS attack,” agreed Moulds. “If you can go in and revoke a key and then demand a ransom, it’s a fantastic way of attacking a business.”

Another risk is that over-zealous use of encryption will damage an organization’s ability to legitimately share and use critical business data, noted Joshua Corman, principal security strategist for IBM ISS.

“One fear I have is that we’re all going to hide all our information, but companies are information-driven, so we take tactical decision and stifle ability to collaborate,” he said.

“Sometimes, the result of implementing security technology is actually a net increase in risk,” added Richard Reiner, chief security and technology officer at Telus Security Solutions.