Jump to content

Search the Community

Showing results for tags 'shutdown'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station


  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions


  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 9 results

  1. Salesforce’s Do.com today sent out an email announcing the service will be discontinued on January 31, 2014 and that it is no longer accepting new user registrations. The company is working on an export tool, expected to be available on November 15, to let users save all their projects before the axe drops. If you don’t use the export tool when it becomes available, your data will be lost forever. Do.com says all user data that remains on its servers will be deleted shortly after the final shutdown on January 31. That being said, if you want to see your data deleted before, Do.com isn’t giving such an option. All you can do is deactivate your account by visiting your Do Settings page. Monthly customers will stop being charged on November 1, 2013, while annual subscriptions will automatically receive a pro-rated refund for unused months, also effective November 1, 2013. Do.com naturally won’t be renewing subscriptions after that. If you’d like to cancel sooner, you can contact the company at [email protected] Salesforce acquired the social productivity company back in February 2011, when it was called Manymoon. At the time, Manymoon served over 50,000 companies. Here’s the full email sent out today: It’s Time to Say Goodbye Here at Do, our customers have been the driving force behind our mission to change the way people work together. While the last two years have been an incredible journey, we’ve made the tough decision to discontinue the Do service on January 31, 2014. Many of you rely on Do, and we know you’ll want another option for managing your projects. We’re working on an export tool, so you’ll be able to save your data and use it as you like. The tool will be ready by November 15th and we’ll update Do with instructions at that time. All of the details for what comes next are in our FAQ. Thank you for using Do. We’re here to answer any questions that you might have. Please don’t hesitate to reach out at [email protected] source: tnw
  2. The Full Disclosure security mailing list, which has been one of the main discussion forums for vulnerability and exploit information for 12 years, is shutting down because “‘one of our own’ would undermine the efforts of the last 12 years”, one of the creators said. John Cartwright, one of the creators of the Full Disclosure list, posted a message on the list saying that he was suspending the list immediately because someone in the security community had asked that a large number of messages be removed from the list’s archive for an unspecified reason. Cartwright did not name the person who made the request, but said he was unwilling to take a “virtual hatchet to the list archives on the whim of an individual”. When it began in 2002, Full Disclosure was an alternative to the Bugtraq list, which was moderated, something that annoyed some of the members. The new list was meant to be a more free-form discussion and it often included information on zero day vulnerabilities, along with exploit code, especially in the early days. Many software vendors were not too happy to have data on bugs in their products published on a mailing list, but in 2002, most of those vendors didn’t have established security response processes, bug-reporting guidelines or even email addresses to accept vulnerability advisories. Full Disclosure was a valuable source of information on vulnerabilities in all manner of software and hardware and many vendors over the years began posting their own advisories to the list. The list had more than its share of trolls and troublemakers and it got the occasional legal threat from vendors. But Cartwright said he never thought that the reason he’d have to shut Full Disclosure down would be the actions of a member of the list and not a vendor. “I never imagined that request might come from a researcher within the ’community’ itself (and I use that word loosely in modern times). But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I’m done,” Cartwright wrote in his message. “I’m not willing to fight this fight any longer. It’s getting harder to operate an open forum in today’s legal climate, let alone a security-related one. There is no honour amongst hackers any more. There is no real community. There is precious little skill. The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry.” Full Disclosure appeared on the scene at a time when many vendors were not paying a whole lot of attention to security and security researchers who found flaws in their products. Posting full details of a new bug for the world to see on the mailing list was one of the few methods researchers had to get vendors to pay attention and fix their software. Now, most major vendors have formal security response processes and deal directly with researchers on a regular basis, and some have lucrative bug bounty programs to reward them for their work. And, for researchers who would rather go another route, they can simply post a link on Twitter or write a blog post and get the word out more quickly than sending a message to a mailing list. “Most people I know unsubscribed from Full Disclosure a long time ago. The signal-to-noise ratio is very low, and these days vulnerability researchers have no need for traditional mailing lists to publish their findings. We have blogs and Twitter, not to mention hundreds of security conferences. I think many will be nostalgic about the early days of Full Disclosure, but closing the list will have no noticeable impact on the industry or our ability to share information,” said Chris Eng, VP of security research at Veracode. The end of Full Disclosure puts a period at the end of that chapter in the security industry. “I’m suspending service indefinitely. Thanks for playing,” Cartwright wrote. Source
  3. Google is delaying the shutdown of Chrome apps, but you probably weren’t using them anyway The company extended its shutdown timeline for Chrome apps Illustration by Alex Castro / The Verge Google is going to let you use Chrome apps for a little while longer, as the company on Monday announced an extension to its planned timeline to end support for the software (via 9to5Google). If you aren’t familiar with Chrome apps, they’re apps that you install in Chrome that work similarly to apps that you’d launch from your desktop — like this one for read-it-later app Pocket. But they aren’t widely adopted — Google said that “approximately 1 percent of users on Windows, Mac, and Linux actively use Chrome packaged apps” all the way back in August 2016 when it first announced plans to wind down support for the platform. In January, Google said Chrome apps would stop working on Windows, Mac, and Linux this year (technically, the company set a June 2020 deadline, but it doesn’t look like it actually followed through). Now, Google says Chrome apps will work on those platforms until June 2021. Organizations can extend support for Chrome apps on those platforms for an extra year, meaning they’ll work through June 2022. And if you’re a Chrome OS user, Google will now end support for Chrome apps in June 2022 instead of June of next year. But no matter what platform you’re on, Google says support for Chrome apps will end on all platforms by June 2022. Chrome extensions will still work, though — and in fact, making an extension is one of the options that Google recommends as an alternative for developers who now need to transition away from Chrome apps but still want to offer similar functionality within the Chrome browser. Google is delaying the shutdown of Chrome apps, but you probably weren’t using them anyway
  4. Beast IPTV, a popular pirate IPTV service that has faced numerous issues over the past few weeks, has shut down and will not be returning. In a pair of statements, one of which goes into more detail than the other, the service says it was "forced" to close its doors. Fingers are pointing to action by the Alliance of Creativity and Entertainment and what appears to be legal action in the United States and Canada. Over the past several weeks, users of pirate IPTV service Beast IPTV have been reporting numerous issues with their accounts. Some initial downtime coupled with an inability to make new payments, an obvious lack of customer support, then a complete disappearance of the service itself, all provided the tell-tale signs of a platform on the way out. The big question was why. As is common in IPTV circles when a service shows signs of stress, rumors had been circulating for some time that Beast was in trouble. While technical issues are always an option, when site staff go dark and information is hard to come by, theories of legal problems are never far away. It now appears that could be what Beast is facing. Two Shutdown Messages Provide Some Guidance Over the past couple of days, Beast appears to have published two announcements to its users but while both read along the same lines, one offers considerably more information than the other. “BEAST IPTV HAS BEEN FORCED TO SHUT DOWN,” the shorter variant reads. “We wanted to get this message out to let everyone know that the service is gone for good and will not be returning. If someone is telling you beast has moved or become another service this is untrue and we are advising you to take caution when dealing with these people. We cannot get into details as to why the service has been shut down.” It continues by explaining that Beast was “left with no choice but to CLOSE everyone’s account and TURN OFF all services to protect its data.” Second Announcement Indicates Legal Action The second message, which appears to have been issued first and was pasted by concerned users of the service on social media, offers considerably more information. Worryingly, it seems to confirm that legal action was responsible for the closure of the platform. “We wanted to get this message out before the court order to take over the Beast domains is completed and all forms of communication with its customers will cease,” it begins. “U.S. & Canadian Authorities served legal documents to Beast and its service providers from companies such as Disney, Netflix, Bell Media, Warner Bros, and other companies. The court order states all domains, servers, client data etc. will be seized. It further states that Beast IPTV and its providers must shut down its service immediately while the court orders go into effect.” Notable Similarities With Vader Shutdown in 2019 Even without the additional detail provided in the longer message, the manner in which Beast faded away and then ultimately shut down fits the pattern of behavior displayed by other services targeted by the entertainment companies mentioned above. Indeed, the demise of the Vader IPTV service in 2019 seems to provide an obviously similar template. That platform shut down following action by the Alliance For Creativity and Entertainment following a legal process in Canada. That matter ultimately ended in a $10m settlement but took months to be officially announced. Under the instruction of the court, it also required Vader to “cede administrative control” over its entire “piracy infrastructure”. If the details in the long statement from Beast are accurate, there appears to be a strong possibility that the Vader situation will be mirrored at Beast. Currently, the usual signs indicating domain seizures by ACE have not yet appeared, however. Warning to Users Regarding Chargebacks When customers pay for a service or product using a financial tool such as a credit card but don’t go on to receive what they paid for, it is possible to carry out a chargeback. If this process is successful, the customer can reclaim the money spent and have it credited back to their payment method. In both announcement variants, Beast advises former subscribers to avoid that. “Beast was left with no choice but to CLOSE everyone’s account and TURN OFF all services to protect its data. Please DO NOT CHARGE BACK because you will be at RISK of exposing your personal information to the authorities. Any account that is refunded or if a Chargeback occurs, it will trigger the payment processor to send info back to the domain which will be in the hands of the authorities,” one notice reads. The second provides a little more detail, advising it will “trigger the payment processor to send info back to the domain which will be in the hands of US and Canadian authorities.” Instead, Beast is urging former customers to contact them directly but whether many will is open to question. While there will be no shortage of people who would like a refund, keeping their distance from the obviously compromised service might be the preferred option for the more cautious. Source: TorrentFreak
  5. Nearly 13,000 FBI agents are working without pay during the government shutdown, and their advocates say that the resulting financial instability is a national security risk. The FBI Agents Association (FBIAA) wrote an open letter Jan. 10 urging policymakers to end the partial government shutdown, saying that missed debt payments could complicate agents' security clearance status and harm recruiting. The letter states that "financial security is a matter of national security." The bureau is funded under the Commerce, Justice and Science appropriation, and currently all FBI agents are working without pay. Overall, 87 percent of FBI employees are required to work during the shutdown. Like other exempt and essential workers, FBI agents are not being paid. Jan. 11 will mark the end of the first full two-week period in which most federal employees affected by the partial shutdown will miss their regular paycheck. Large debts have traditionally been a red flag for government employees going through background checks or applying for security clearances, because of the possibility that financial need could make those in debt vulnerable to compromise. Holding more than $7,000 in certain kinds of debt, such as credit card debt, would automatically trigger a separate background investigation of an individual by the government, according to comments made last year by William Evanina, director of the National Counterintelligence and Security Center. However, Evanina said the government was revisiting some of those guidelines, citing the increasing prevalence of debt in American life and a backlog of background investigations. "If you ask folks who do this for a living, they say, 'Well, we've never really rejected anybody's security clearance because of bad debt,'" Evanina said. "So why are we spending so much time on it?" Since then, the Office of the Director of National Intelligence confirmed to FCW in September 2018 that certain changes were made to the background investigations process following Evanina's comments but declined to offer more detail or specifics on any modifications. The FBIAA letter also argues that that the shutdown will hurt recruitment efforts at the bureau and push career officials to leave for more stable employment opportunities. "Special Agents are skilled professionals who have a variety of employment options in the private sector," the group writes. "The ongoing financial insecurity caused by the failure to fund the FBI could lead some FBI Agents to consider career options that provide more stability for their families." That statement tracks with broader concerns that some policymakers have expressed about the impact of the shutdown on government's efforts to recruit top IT and cybersecurity talent. Rep. Robin Kelly (D-Ill.) put out a statement Jan. 9 saying the government already "cannot compete on salary when it comes to recruiting [IT] talent" and relies on appeals to serve the public good to attract employees. Prolonged shutdowns greatly harm those efforts, she said. "How can we ever hope to recruit or maintain IT talent when hardworking government workers are told: 'sorry, you aren't getting paid, but you still need to come to work' or 'sorry, but no paycheck this week because of politics?'" said Kelly. "Large private sector companies never say this to their employees and these are our competitors when it comes to IT talent recruitment." Source
  6. WASHINGTON (Reuters) - A partial U.S. government shutdown over President Donald Trump’s demand for $5.7 billion to build a wall along the U.S.-Mexico border entered its 22nd day on Saturday, making it the longest shuttering of federal agencies in U.S. history, with no end in sight. PHOTO: A sign the reads "Federal employees all day happy hour" is displayed at a local bar as the partial U.S. government shutdown enters its third week in Washington, U.S., January 11, 2019. Trump, holed up in the White House with Congress adjourned for the weekend, warned of a much lengthier impasse and blamed the Democrats. “We will be out for a long time unless the Democrats come back from their ‘vacations’ and get back to work,” he tweeted. Democrats say Trump shut the government in a “temper tantrum” by refusing to sign bipartisan funding legislation last year that did not include money for his wall. The closure, which began on Dec. 22, broke a decades-old record by a 1995-1996 shutdown under former President Bill Clinton that lasted 21 days. Federal workers affected missed their first paychecks on Friday, heightening concerns about mounting financial pressures on employees, including air traffic controllers and airport security officials who continue to work without pay. Roughly 800,000 federal workers did not receive paychecks that would have gone out on Friday. Some have resorted to selling their possessions or posting appeals on online fundraising sites to help pay their bills. Miami International Airport said it will close one of its terminals early over the next several days due to a possible shortage of security screeners, who have been calling in sick at twice the normal rate. A union that represents thousands of air traffic controllers sued the Federal Aviation Administration on Friday, saying it had violated federal wage law by failing to pay workers. It is at least the third lawsuit filed by unions on behalf of unpaid workers. The head of the U.S. Secret Service, which is responsible for protecting Trump, has warned employees that financial stress can lead to depression and anxiety. “Keep an eye out for warning signs of trouble,” Director R.D. “Tex” Alles wrote in a memo seen by Reuters. The Transportation Security Administration, responsible for airport security screening, said its rate of unscheduled absences rose to 5.6 percent on Saturday from 3.3 percent a year ago but that security standards have not been compromised. The Federal Aviation Administration, which oversees air traffic controllers, said on Saturday it had seen no unusual rates of sick leave among its air traffic controllers and no disruptions to air traffic control operations. To support its workforce, TSA said it was processing pay for employees who worked on the first day of the shutdown and announced $500 bonuses for uniformed screening officers. Trump is considering a possible national emergency declaration that would end the shutdown and allow him to obtain his wall funding by circumventing Congress. But on Friday, he said he would not take such a step “right now”. “Democrats should come back to Washington and work to end the Shutdown, while at the same time ending the horrible humanitarian crisis at our Southern Border. I am in the White House waiting for you!” he tweeted. Trump also urged his 57.2 million Twitter followers to contact Democratic lawmakers and “Tell them to get it done!” Democrats, who call a wall an ineffective, outdated answer to a complex problem, have passed several bills in the House of Representatives to reopen the government without funding for Trump’s barrier. But the legislation has been ignored by the Republican-controlled Senate. Trump originally pledged Mexico would pay for the wall, which he says is needed to stem the flow of illegal immigrants and drugs. But Mexico has refused. U.S. government departments including the Treasury, Energy, Commerce and State departments, shut down when funding lapsed on Dec. 22. Funding for other portions of the government, including the Department of Defense and Congress, was approved, allowing them to continue regular operations. Trump has repeatedly described the situation at the Mexico border as a “humanitarian crisis” as speculation has increased this week that he would circumvent Congress to begin building his signature wall - a move that would be sure to draw a court challenge from Democrats who say the barrier would be barbaric and ineffective. Instead, the president urged lawmakers to provide him the $5.7 billion he is seeking for border security. A national emergency would allow Trump to divert money from other projects to pay for the wall, which was a central promise of his 2016 campaign. That, in turn, could prompt him to sign bills that restore funding to agencies that have been affected by the shutdown. Source
  7. Support for Windows Phone 8.1 ended back in July 2017, and while it doesn't receive updates anymore (and wasn't for a long time before that), Microsoft is still shutting down the rest of the things that made it tick. Now, the Redmond company has updated a support page to reflect that the Windows Phone Store will be shut down beginning on December 16. As of July of this year, app updates have no longer been distributed through the Store, but apparently you've still been able to download new apps. One app that you might want to think about downloading is Upgrade Advisor, which is what you'll need to get Windows 10 Mobile. However, even this app will no longer be available after December 16; after that, you have to use the OTC Updater and side-load the update. The Microsoft Store on Windows 10 Mobile still works, even though as the support document clearly states, the OS isn't supported anymore. The page also says that "in some cases", support for Windows 10 Mobile will end by the end of 2019; however, none of those cases apply here. That's talking about Windows 10 Mobile version 1709, for which support ends on December 10. Only phones that shipped with Windows 10 Mobile ever got that update. Devices that upgraded from Windows Phone 8.1 mostly could only go up to the Windows 10 Mobile Anniversary Update, or version 1607. The only ones that could go further than that were the Microsoft Lumia 640 and 640 XL, which could go up to version 1703. Anyway, if you're still on Windows Phone 8.1, Microsoft is recommending that you move to Windows 10 Mobile if you've got an eligible device. Still, it's probably time to move on to iOS or Android. Source: The Windows Phone Store will shut down on December 16 (via Neowin)
  8. Joker’s Stash, the largest carding site, is shutting down Joker’s Stash to shut down on February 15, 2021. Joker’s Stash, the largest carding marketplace online announced that it was shutting down its operations on February 15, 2021. Joker’s Stash, the largest carding marketplace online, announced that its operations will shut down on February 15, 2021. The administrator announced the decision via messages posted on various cybercrime forums. Image source FlashPoint Joker’s Stash is one of the most longevous carding websites, it was launched in October 2014 and is very popular in the cybercrime underground due to the freshness of its cards and their validity. The administrators always claimed the exclusivity of their offer that is based on “self-hacked bases.” In December, Joker’s Stash was shut down as a result of a coordinated operation conducted by the FBI and Interpol. At the time, the authorities only seized some of the servers used by the carding portal, but the Joker’s Stash site hosted on the ToR network was not affected by the operations conducted by the police. The sized sites were at jstash.bazar, jstash.lib, jstash.emc, and jstash.coin, which are all those accessible via blockchain DNS. Joker Stash admins said in a message published on a hacking forum that the law enforcement only seized the servers hosting the above domains, that were only used to redirecting visitors to the actual website. The seizure operated by law enforcement in December had an impact on the reputation of the portal, some users were also claiming that the quality of the services offered by Joker’s Stash was decreasing. “Throughout 2020, the typically active administrator JokerStash had several gaps in communications. JokerStash claimed that they were hospitalized due to a coronavirus infection. The decreasing number of large fresh bases also questioned their ability to source new card data.” reported FlashPoint. The news of the closure of the card shop represents a major hit to the carding activities in the underground market. The success of the recent operations might have pushed the administrators into an exit from their operations. Source: Joker’s Stash, the largest carding site, is shutting down
  9. Former execs and employees share some insights into the testing firm's shutdown. What does it mean for the future of security product testing? When NSS Labs CEO Jason Brvenik gathered employees on a conference call the afternoon of Thursday, Oct. 15, the news he delivered came as a complete shock: The security product testing firm would be going out of business that very day. No severance packages for employees, and the engineers who had recently been hired by NSS Labs were now suddenly out of a job. The only public announcement of the move was a short post on its website: "Due to Covid-related impacts, NSS Labs ceased operations on October 15th." Former employees who spoke to Dark Reading on the condition of anonymity say the sudden announcement came with few details, and several executives at the firm were also blindsided by the news. NSS Labs had been quietly acquired by private equity firm Consecutive Inc. in the fall of 2019 amid signs of financial struggle, layoffs, and restructuring. Efforts to reach Brvenik, several members of the NSS Labs executive team, and Consecutive's partners for this article were unsuccessful. Some former NSS Labs employees and executives paint a picture of a company that had struggled before the private equity deal but for the most part appeared to be on a path to regaining its footing this past year. Because NSS Labs execs had closely held the company's financial information, however, these sources note that they did not have direct knowledge of its financial posture. Vikram Phatak, former president and CEO of NSS Labs until 2018, when he stepped down after suffering a heart attack, says his understanding is that the company's closure was precipitated by some "internal strife" at Consecutive. "I don't know the details of it, but NSS Labs was a casualty of it," Phatak says. "If we weren't in the middle of a pandemic, the company would be strong enough to stay open, even without Consecutive" funding, he adds. NSS Labs founder Bob Walder, who sold the company to Phatak in 2007, says he doesn't believe the pandemic was the main cause of NSS Labs' demise. "That sudden shutdown is really weird," he says. Security product testing can be performed remotely, he points out, so the work-from-home shift in the pandemic should not have significantly impeded the company's operations. Walder says he first learned of the company's acquisition in 2019 by Consecutive in a shareholder letter. "As shareholders, we didn't find out until after the deal was done," he says, adding that his remaining $290,000 to $360,000 worth of shares were reduced to a paltry $4.03 after the acquisition. One former NSS Labs employee says Consecutive's investors pulled their funding of NSS Labs after some of their own funding dried up. "They imploded, so then we imploded," the employee says. In an interview earlier this year, Brvenik said the sale to Consecutive was a way to reorganize NSS Labs and refocus its resources. The previous, traditional venture-capital model wasn't a fit, he said, due to VC focus on product and growth. At the time of Consecutive's purchase of NSS Labs, the testing firm had been under pressure from investors to sell a cloud-based security platform called Cyber Advanced Warning System (CAWS) that monitored systems and security tools such as next-generation gateways and intrusion prevention systems against active threats, and checked security controls for organizations. But CAWS was a tough sell for enterprises and never really took off as an enterprise offering. Phatak says he takes responsibility for the fallout from the decision to bring in VCs to fund the continuous-testing product for enterprises. "We were getting feedback ... that to really build that product takes [a lot of] money," he recalls. "But that decision was a mistake. Having two businesses under one roof just didn't work: You have to either be a software or services business. Trying to be both wasn't the answer." He says the CAWS technology was strong, but it would have been better to have spun it off under a separate entity. While the VCs did their job, he says, the company's focus "went off track" during that period. Phatak says he was surprised about the abrupt shutdown of NSS Labs because the refocus on its roots of testing-as-a-service appeared to put the company "back on track." But not all former NSS Labs employees agree that the company was running a tight ship or testing service since the Consecutive deal. According to one former employee, vendors were getting disillusioned with the service because they felt it wasn't transparent enough and was unreliable, a complaint echoed both privately and publicly by some security vendors. With NSS Labs' major revenue coming mostly from vendors, this placed financial pressure on the company, the source says. Walder notes that while vendors had to pay for private tests of their products, the group tests that NSS Labs conducted were "on our dime," he says. Testers vs. Vendors Friction between security vendors and independent testing labs is nothing new. It's an uneasy relationship, mainly over control of the testing process and parameters. The underlying issue, of course, is that enterprises need objective information about how these products and services stand up to threats. And vendors want to ensure their products test well. But someone has to pay for testing, and that someone traditionally has been the vendors. NSS Labs over the past few years had an increasingly contentious relationship with several major security vendors. In May 2019, it settled a lawsuit with CrowdStrike over test results in the security firm's Falcon endpoint security product. In a confidential settlement, NSS Labs retracted the results in the disputed test, calling them inaccurate and noting that the test "was incomplete and the product was not properly configured with prevention capabilities enabled." The February 2017 advanced endpoint protection test report had graded Falcon poorly, and CrowdStrike in the lawsuit had argued that the testing was incomplete and conducted using illegally obtained Falcon software. In another high-profile case, NSS Labs in September 2018 filed an antitrust lawsuit against CrowdStrike, ESET, and Symantec as well as the Anti-Malware Testing Standards Organization (AMTSO), over AMTSO's vendor-backed testing protocol. In that suit, NSS Labs alleged it had "suffered antitrust injury" from AMTSO's standard and adoption by testing organizations. NSS Labs dropped that suit in December 2019. In a statement at the time, Brvenik said AMTSO had "made progress to be more fair and balanced in its structure, vendors have shown progress in working with testing organizations, and the market itself has had significant change and notable acquisition activity." Enter MITRE ATT&CK There's no silver bullet for security product testing, experts say. But MITRE's endpoint security testing service based on its ATT&CK matrix so far has many experts — and vendors — feeling hopeful that there is a way to conduct some tests in an open and fair way. MITRE publishes the product evaluations publicly online, so it's also free to enterprise organizations. Vendors voluntarily participate in the tests. "MITRE will dominate the testing efficacy space going forward. This will be beneficial to the cybersecurity industry," says Tom Kellermann, head of cybersecurity strategy for VMware Carbon Black. But MITRE's service, now under the auspices of MITRE Engenuity, isn't like other traditional endpoint testing, which mostly focuses on detecting malware. It pits products against known and documented attack methods and techniques used by a specific APT group — via its ATT&CK model. "We are trying provide a deeper understanding of how [security] products address attacks in our knowledge base," says Frank Duff, director of ATT&CK evaluations for MITRE. But "I don't think we are a one-stop shop" for product testing, he says, because there are other metrics MITRE doesn't test, such as performance degradation. So far, MITRE has conducted a few endpoint security products tests, including one against ATP3, aka Gothic Panda, one against APT29, and another against Carbanak, aka FIN7. Its next test round expands beyond endpoint security tools to industrial control systems, pitting them against the infamous Triton attack. Meanwhile, Phatak says he believes there is still a need for another NSS Labs-type company to offer testing services. "I think there's an opportunity," he says. "The key is [getting] the trust of enterprises. A business model needs to focus on serving their needs." However, that's not a model that fits well with a VC-backed business, he adds, given VC demands for growth. "The results for vendors have to be honest and fair, but if there's a focus on getting enterprises the information they need, someone will succeed" at this business, he says. "At the end of the day, it's probably not a venture-backed business." Source
  • Create New...