Staff examined hundreds of apps for children and looked at disclosures and links on each app’s promotion page in the app store, on the app developer’s website, and within the app. According to the report, “most apps failed to provide any information about the data collected through the app, let alone the type of data collected, the purpose of the collection, and who would obtain access to the data. Even more troubling, the results showed that many of the apps shared certain information with third parties – such as device ID, geolocation, or phone number – without disclosing that fact to parents. Further, a number of apps contained interactive features – such as advertising, the ability to make in-app purchases, and links to social media – without disclosing these features to parents prior to download.”
Tag Archives: security
Researchers find crippling flaws in global GPS
A 45-second crafted GPS message could bring down up to 30 percent of the global GPS Continuously Operating Reference Stations (CORS), while other attacks could take down 20 percent of NTRIP networks, security boffins from Carnegie Mellon University and firm Coherent Navigation wrote in a paper. (pdf)
The GPS data level attacks caused more damage than previous spoofing attacks and were able to trigger a remote crash of high-end professional receivers.
How to detect reverse_https backdoors
According to Mandiant 83% of all backdoors used by APT attackers are outgoing sessions to TCP port 80 or 443. The reason for why APT, as well as other attackers, are using these two ports is primarily because most organizations allow outgoing connections on TCP 80 as well as 443. Many organizations try to counter this by using web-proxies, which can inspect the HTTP traffic and block any malicious behavior. But TCP 443 cannot be inspected in this way since SSL relies on end-to-end encryption.
via How to detect reverse_https backdoors – NETRESEC Blog.
Well, something that many people aren’t aware of is that the initial part of an SSL session isn’t encrypted. In fact, there are some pieces of relevant information being transmitted in clear text, especially the X.509 certificate that is sent from the SSL server.
New 25 GPU Monster Devours Passwords In Seconds
In a test, the researcher’s system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM NTLM (NT Lan Manager), for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference.
via Update: New 25 GPU Monster Devours Passwords In Seconds | The Security Ledger.
Better Defense Through Open-Source Intelligence
Reconnaissance, while commonly overlooked and discounted, is a key phase providing successful targeted attackers (and penetration testers) with information about the target, the target’s server and application technologies in use, employees, location, and much more. Often called OSINT, or open-source intelligence because it uses publicly available sources, the recon phase is anything that can help the attacker obtain his goal. Security pros can leverage the same tools and techniques as the attackers to identify unintentionally exposed devices on the Internet and users leaking sensitive information via social networking sites, and address those issues before they’re used during an actual attack.
via Tech Insight: Better Defense Through Open-Source Intelligence – Dark Reading.
There’s also the excellent Shodan computer search engine that contains service banners from Internet-accessible servers all over the world. Security pros can find all sorts of juicy information, like internal network and host names exposed through DNS, or unintentionally exposed services that Shodan has found without scanning or touching the target network.
SHODAN – Computer Search Engine
So what does SHODAN index then? Good question. The bulk of the data is taken from ‘banners’, which are meta-data the server sends back to the client. This can be information about the server software, what options the service supports, a welcome message or anything else that the client would like to know before interacting with the server.
via SHODAN – Computer Search Engine.
What ports does SHODAN index?
The majority of data is collected on web servers at the moment (port 80), but there is also some data from FTP (23), SSH (22) and Telnet (21) services. There are plans underway to expand the index for other services. Let me know if there are specific ports you would like to see included.
Persistent Threat Detection on a Budget
It’s staggering to me how few security teams have gotten wise to regularly interrogating the logs from their recursive DNS servers. In many ways DNS logging can be considered sprinkling flour on the floor to track the footsteps of the culprit who’s been raiding the family fridge. Each step leaves a visible impression of where and how the intruder navigated the kitchen, and their shoe size.
via Persistent Threat Detection on a Budget « Damballa.
To turn on logging in bind use:
# rndc querylog
This puts all DNS queries into /var/log/messages. Just grep for named and pipe that into some custom perl script or whatever to run against a blacklist.
# grep named /var/log/messages | run_my_blacklist_script.pl
CSIS: 20 Critical Security Controls
The automation of these Top 20 Controls will radically lower the cost of security while improving its effectiveness. The US State Department, under CISO John Streufert, has already demonstrated more than 94% reduction in “measured” security risk through the rigorous automation and measurement of the Top 20 Controls.
Lies We Tell Our CEOs About Database Security
What makes that so dangerous, of course, is that distorted views of security often lead to bad risk decisions. Because when senior executives of any public or private organizations don’t understand industry best practices or what really constitutes a sophisticated attack, they’ll probably fail to properly fund protection measures against securing sensitive databases.
via Lies We Tell Our CEOs About Database Security – Dark Reading.
“I think she’s right, an attack is inevitable; losing 3.8 million social security numbers is not,” Murray says. “That someone bad is going to keep trying to do something bad to you, yes, that’s absolutely inevitable. That they’re going to be very, very successful like they were here, not so much.”
What Penetration Testers Find Inside Your Network
Why is network segmentation so important? “Today, there is still more focus on the perimeter than on internal network segmentation. Network engineers don’t realize that one successful social engineering or client-side attack could mean ‘game over’ once the attacker has that foothold,” Sanders says. Segmentation based on asset importance and level of trust is one of the most effective ways to prevent many of the attacks advanced attackers — and even himself — perform once inside a target network, he says.
via Tech Insight: What Penetration Testers Find Inside Your Network – Dark Reading.