Due to the success the Stuxnet cyber worm has registered in slowing down the Iranian nuclear program and many other industrial systems around the world, variations of this malware are expected in 2011.

According to eWeek, the Stuxnet worm might have damaged up to 1,000 Iranian centrifuges, after infecting more than 62,000 computer systems in Iran alone. The very efficient and complex Stuxnet cyber worm raises serious concerns that its variants will manage to affect other systems around the world - beyond the traditional information technology targets.

The mild manipulation of the centrifuge engine speeds, prompting the engines to operate just fast enough to break down is considered the genius of the Stuxnet. The manipulation was made possible by the use of USB thumb drives that have delivered code commands through a common yet subtle approach that transported the worm through the network.

The next step in the Stuxnet evolution the emergence of many new variants that can target more types of electronic operating systems – such as those governing national power grids, according to eWeek.

“We need to think above and beyond expected targets, which are not servers or routers,” Adam Bosnian, an executive vice president for information security company Cyber-Ark, told eWeek.

According to an August 2010 Symantec study on the impact of the Stuxnet worm, the malware code has hit 62,867 computers in Iran; 13,336 in Indonesia; 6,552 in India; 2,913 in the United States; 2,436 in Australia; 1,038 in the United Kingdom; 1,013 in Malaysia; and 993 in Pakistan.

“It’s amazing, really, the resources that went into this worm,” Liam O Murchu, manager of operations with Symantec’s security response team told Computer World in September. But the future applications of this bug – and the infinite offshoots Stuxnet will inspire – have begun to raise considerable concerns. “If my coffee maker is on the network, it can infect my computers,” Ed Cohen, vice-president of e-mail security at SonicWALL told eWeek.

We’ve previously explained how banning something altogether instead of ensuring a safe way to use that piece of technology is not really the smartest idea out there. And our theory seems to be confirmed by the Pentagon: they have recently replaced their strict ban against USB flash drives with a strict usage policy referring to both types of devices used and how they are employed.

The reasons to ban them were serious, as past incidents of misuse led to virus infections, as the Daily Tech reminds us, and the prohibition also covered almost anything you can connect through an USB port to their network, from such as cameras or portable hard drives or smart phones. Yet standing against some of the most common ways to transfer data couldn’t last for too long. The Pentagon is now ready to allow them back into their daily routine, but only if it’s their specific devices which come with their very own hardware and software malware removal kits.

The drives they are planning to allow are headed to Afganistan where they will be used in combat command centers and analysis centers. Let’s hope these ones won’t end up being sold in Afgani markets! Or end up in some library… Maybe they won’t, as these are the rules:

Only properly inventoried, government-procured and owned devices will be allowed for use in DoD’s information systems.”

“Personally-owned devices are prohibited on all DoD networks and computers.”

The new government-owned and approved drives cannot be used in personal or other non-government computers or networks without specific approval.

Thumb drives and other flash media are to be used “only as a last resort” for transferring information from computer to computer or from place to place. When other network resources are available, they should be used instead.

And if this isn’t enough, random staffers and devices will be audited periodically. Their policy sounds bullet proof, at least on paper

Stolen or lost hardware, from laptops to USB sticks and portable hard drives, were the most common cause of data breaches in 2007, outranking malicious software. These findings have been recently released by Symantec in its latest Internet Security Threat Report. As SecurityFocus shows, this is a significant conclusion, given that the number of unique variants of malicious software more than quadrupled in 2007.

the theft of computers and storage devices, not malicious code, accounted for the majority of lost data. In the latter half of the year, such physical theft accounted for 57 percent of data breaches, up from 46 percent in the first half of 2007, the report stated. While the government had only the second highest number of breaches — 20 percent of the total compared to 24 percent for the education sector — those breaches accounted for 60 percent of identity theft, the report stated.

Starting as cool give-aways, easily brandable and not taking too much space, USB sticks have developed into quite efficient means of carrying data to and from PCs. As numbers of mobile employees and freelancers numbers increase, fast and easy means of carrying information around gains more attention. And with that attention the threats of having proprietary information and private details lost and stolen increases.

As endpoint security evolves, so do protection forms, varying more and embedding the latest technology. So why would a USB stick need biometrics, if passwords and data encryption are already available? To answer that question, we first need to better define biometrics. The term covers the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. According to Wikipedia, there are two major categories used to divide biometric traits:

• physiological – related to the shape of the body. The oldest traits, that have been used for over 100 years, are fingerprints. Other examples are face recognition, hand geometry and iris recognition.
• behavioral – related to the behavior of a person. The first characteristic to be used and still very popular today is the signature. More modern approaches are the study of keystroke dynamics and of voice.

So, what is so special about biometrics-based authentication? It is believed to be impossible to reproduce or forge. Besides, you don’t have to worry about misplacing the encryption key or forgetting the 8 character password you cleverly invented.

That is of course an amazing idea to keep your data safe if you are not part of the group that believes stories in spy movies are true. We’ve all seen passwords of 6 alphanumeric characters broken in less than a minute, haven’t we? Or eyes being remade and fingerprints “printed” within seconds.