A Fight for the future message: The following companies just betrayed billions of people.

The following companies just betrayed billions of people.

Apple, Microsoft, Adobe, Symantec, and a handful of other tech companies just began publicly lobbying Congress to pass the Cybersecurity Information Sharing Act (CISA), a bill that would give corporations total legal immunity when they share private user data with the government and with each other. Many of these companies have previously claimed to fight for their users’ privacy rights, but by supporting this bill they’ve made it clear that they’ve abandoned that position, and are willing to endanger their users’ security and civil rights in exchange for government handouts and protection.

Tell them why they’re on the wrong side of history.

Fight for the Future will deliver your email and send you campaign updates. Privacy

Thanks for taking action!

We’re up against some of the most powerful corporate lobbyists in the country, but that hasn’t stopped us before. If a critical mass of citizens speak out against CISA, our voices will be impossible to ignore.

We are boycotting Salesforce / Heroku. Click here to learn more.

What does it take for some of the biggest competitors in the tech industry to put their differences aside and sign a letter endorsing a hugely unpopular surveillance bill? Sweeping legal immunity. Worse, these companies know that their customers hate CISA, and so they’re jumping into the water together, hoping there’s safety in numbers. After all, you can’t blame Microsoft if Apple is doing the same thing, right?

What’s wrong with CISA?

If you’re not up to speed, CISA is a mass surveillance bill posing as a “cybersecurity” bill. Congress has been blindly scrambling to react to the OPM hacks, and their solution is a giveaway to the NSA and giant corporations:

• All privacy policies effectively null and void. Companies can share any private user data with the government, without a warrant, as long as the government says it is being used for a “cybersecurity” purpose.
• Data is shared with a wide array of government agencies, from the FBI and NSA, to the IRS and local law enforcement.
• In exchange, companies are given blanket immunity from civil and criminal laws, like fraud, money laundering, or illegal wiretapping (if a violation was committed or exposed in the process of sharing data).
• Companies that play along can get otherwise classified intelligence data from the government, including private information about their competitors.

To learn more about CISA, click here.

Dial 985-222-CISA to call Congress now.

Internet users demand meaningful cybersecurity legislation, not more mass surveillance. Millions have already spoken out, and there’s still time to send Congress a clear message. Please call your representatives, and share this page to spread the word!

team@fightforthefuture.org

Related articles

• The following companies just betrayed billions of people
• Microsoft Continues To Resist US Warrant For Irish Data

Is Sandboxing technology the answer?

Most of the security solutions in the market those days leverage sandboxing technologies to deal with Advanced Persistent Threats,  “0”days vulnerability, target attack and so on.

It would be interesting to analyze the good and the limits of this kind of technologies to be able to better choose our security solutions.

What is a Sandbox?

sandboxing means to create a “virtual”, “fake” image that can be targeted by malware attackers o unknown security problems.

Monitoring the change that happen to this decoy it is possible to understand if something strange is going on. The idea basically is that since the fake machine should perform just a serie of deterministic actions anything that goes out of the baseline is something that require further investigation.

So configuration changes to files or registry, unwanted external communications, different memory load everything can be used to understand if something is going weird.

The hardest part in creating a sandboxing system is that the target should look like a normal environment, while it has to be deeply monitored, far beyond the usual monitoring needs.

another hard point for sandboxing technology is that the decoy should be as close as possible to the used systems you want to protect, otherwise you could not be able to look at what is happening in the real environment.

Last, but not least, we should remember that some of malware and attack that are outside come against sandboxing technology using stealth or anti sandbox technology. While the first try to hide and be undetectable, the second try to understand if the target is a real or fake one, and in the second case stop any execution in order to not be detected.

Sandboxing techniques are effective and a powerful tools when dealing with security but should be implemented carefully.

we should take in account some considerations:

1) the less standard is your environment the less effective is the sandboxing approach. This is related not only to operating systems in the several version, patch level and so on, but also to all the software running on the platform.

If we think, as an example, to a microsoft environment we should be able to duplicate all the existing configuration: Windows version, service pack, Office version and patches, browsers and so on.

Now this seems easy but if we do not have a strict control we could be in need to create a great number of sandbox units in order to fit the various configuration. And I’m not considering hardware drivers….

2) a sandbox can be exploited

The sandbox itself can be exploited. Usually we are dealing with some sort of virtual image that is monitored by its drivers, this means that the sandbox itself is not immune to attacks. Target attacks or APT can have all the interests to leverage eventual vulnerability of the sandbox systems in order to be successful.

3) an evolving environment needs an evolving sandbox systems

as for the other security technologies the sandboxing is useless if not insert in a series of process that deal with the security, a process that has to take into account the evolution of the systems and user behaviours as well as of the external environment in terms of threats and technologies.

So are sandboxing technologies worth the effort? The answer is simply yes but in a clear security context. As for reputation technologies, sandboxing could not be, alone, the answer but sure is a powerful tool if used correctly. Beside marketing effort that sometimes present those technologies as the holy grall of security we should be aware that are just tools to be wisely used .

 

Related articles

• Sandboxie: Run Windows Applications in Sandboxes and Protect Yourself from Malware
• Innovating the Mobile Internet
• How to Install Hortonworks Sandbox on Windows 7 ?
• Wiktionary:Sandbox
• Critical Vulnerability Found in Cuckoo Sandbox
• FireEye founder: McAfee copied my design
• FireEye aims for a cultural shift around advanced security
• The Basics of Sandbox Maintenance
• Hackers exploit two more Windows zero-day bugs
• Malware attacks almost double in EMEA – FireEye report