Tag Archives: security

Five Indicators To Watch For On Your Networks

Posted on by

First, companies need to monitor the right logs, including data from firewalls, virtual private networking (VPN) appliances, Web proxies and DNS servers. Next, the security team must collect data on what “normal” looks like inside the company’s network. Third, analysts must identify the indicators of attacks in their log files. Finally, the security group must have a procedure for responding to incidents identified by log analysis.

via Five Indicators To Watch For On Your Networks — Dark Reading.

The Increasing Failure Of Malware Sandboxing

Posted on by

The sandboxing appliances popularly deployed today are performing well against your average”0-day” malware threat, but capabilities decline dramatically the more targeted an adversary becomes. As such, organizations are much better at stopping the generic non-targeted “Internet threats”, but becoming more vulnerable to marginally tuned malware. For example, any piece of malware that requires the user to perform an action at a specific time (before it acts maliciously) is sufficient to evade detection in most cases.

via The Increasing Failure Of Malware Sandboxing — Dark Reading.

“Bloodsucking leech” puts 100,000 servers at risk of potent attacks

Posted on by

The threat stems from baseboard management controllers that are embedded onto the motherboards of most servers. Widely known as BMCs, the microcontrollers allow administrators to monitor the physical status of large fleets of servers, including their temperatures, disk and memory performance, and fan speeds. But serious design flaws in the underlying intelligent platform management interface, or IPMI, make BMCs highly susceptible to hacks that can cascade throughout a network, according to a paper presented at this week’s Usenix Workshop on Offensive Technologies.

via “Bloodsucking leech” puts 100,000 servers at risk of potent attacks | Ars Technica.

Haunted A Complete Stranger’s House Via The Internet

Posted on by

Their systems had been made crawl-able by search engines – meaning they show up in search results — and due to Insteon not requiring user names and passwords by default in a now-discontinued product, I was able to click on the links, giving me the ability to turn these people’s homes into haunted houses, energy-consumption nightmares, or even robbery targets. Opening a garage door could make a house ripe for actual physical intrusion.

via When ‘Smart Homes’ Get Hacked: I Haunted A Complete Stranger’s House Via The Internet – Forbes.

How Much is Your Gmail Worth?

Posted on by

The brainchild of researchers at the University of Illinois at Chicago, Cloudsweeper’s account theft audit tool scans your inbox and presents a breakdown of how many accounts connected to that address an attacker could seize if he gained access to your Gmail. Cloudsweeper then tries to put an aggregate price tag on your inbox, a figure that’s computed by totaling the resale value of other account credentials that crooks can steal if they hijack your email.

via How Much is Your Gmail Worth? — Krebs on Security.

Beware Of HTML5 Development Risks

Posted on by

As a result, developers have to design with the dangers in mind and weigh that against the type and sensitivity of data stored in the client. At the moment, many development shops are not training their staffs to do that, says David Eads, founder of Mobile Strategy Partners, a mobile development firm that specializes in financial and insurance applications. In fact, he recently ran into a bank that used example HTML5 code for training developers that put data in permanent storage on the client system as opposed to temporary storage.

via Beware Of HTML5 Development Risks — Dark Reading.

Attacks on Package Managers

Posted on by

To provide an example of the sorts of attacks an attacker can launch on package managers, this page describes an example attack called a replay attack. Other attacks are described on a separate page.

via Attacks on Package Managers.

Here’s a piece of advice I always adhere to for any kind of upgrade.

Manually update your systems (and local mirror caches). Know when package updates become available and what the versions should be. Manually verify and install the updated packages (or add them to your local mirror cache that your systems update from) rather than relying on automated updates. We have observed mirrors many months out of date for some distributions, so you should check periodically that your mirror is being updated.

Dutch police may get right to hack in cyber crime fight

Posted on by

Under a new bill, investigators would be able to hack into computers, install spyware, read emails and destroy files.

They could also break into servers located abroad, if they were being used to block services.

via BBC News – Dutch police may get right to hack in cyber crime fight.

This is no threat to a properly secured system.  AV software is not a panacea for securing a system.

Pinging the Whole Internet Reveals Unsecured Backdoors That Could Tempt Hackers and Cyber Criminals

Posted on by

Moore’s census involved regularly sending simple, automated messages to each one of the 3.7 billion IP addresses assigned to devices connected to the Internet around the world (Google, in contrast, collects information offered publicly by websites). Many of the two terabytes (2,000 gigabytes) worth of replies Moore received from 310 million IPs indicated that they came from devices vulnerable to well-known flaws, or configured in a way that could to let anyone take control of them.

via Pinging the Whole Internet Reveals Unsecured Backdoors That Could Tempt Hackers and Cyber Criminals | MIT Technology Review.