Tag Archives: security

Next-Generation Malware: Changing The Game In Security’s Operations Center

Posted on by

In a nutshell, the process of malware analysis and defense has evolved from a “set it and forget it” task into a skills-intensive, do-it-yourself research project. And that shift is having a profound effect on the staffing and day-to-day activities of the enterprise security department.

via Next-Generation Malware: Changing The Game In Security’s Operations Center – Dark Reading.

In the meantime, however, the best strategy for stopping next-generation malware is not to rely too heavily on any one technology, Manky advises. A combination of signature-based tools, behavior-based tools, traditional perimeter defenses, and next-generation application defenses can create such a muddle of problems for attackers that can discourage them — and send them looking for easier pickings elsewhere, he says.

Lone packet cripples telco networks

Posted on by

Telcos the world over were running networks tantamount to “technology sandwiches” where layers of legacy kit had created such high complexity that operators were unaware of glaring holes which Langlois regularly revealed in penetration tests.

via Lone packet cripples telco networks – Networks – SC Magazine Australia – Secure Business Intelligence.

“We accessed [an operator’s] systems through their x25 network which they never knew was running because the network vendor never disclosed it — it was just underlying technology.”

Disable NetBIOS in W2K/XP/2003

Posted on by

NetBIOS is an ancient session-level interface and transport protocol developed by IBM to network together PCs. It is a broadcast-based, non-routable and insecure protocol, and it scales poorly mostly because it was designed with a flat namespace. Since the late 1980s Microsoft has adopted NetBIOS for their LAN Manager product, and from there it found its way into early versions of Windows and all the way into Windows NT.

via Disable NetBIOS in W2K/XP/2003.

Works with Windows 7 and got rid of all NBNS traffic for me on a per interface basis.  I have netbios disabled on the wireless interface  because wireless should be considered insecure and this NetBios traffic likes to broadcast to everyone your position which IMHO is not good.  Run silent, run deep.

WhatsApp threatens legal action against API developers

Posted on by

However, the popular texting alternative WhatsApp still has a major security problem. Attackers can compromise other users’ accounts with relative ease, and send and receive messages from another user’s account. In this respect nothing has changed – heise Security was able to successfully repeat its test this morning (Tuesday).

via WhatsApp threatens legal action against API developers – The H Security: News and Features.

WhatsApp Inc. has, however, been in touch with the developers behind the GitHub project WhatsAPI, an open source implementation of the WhatsApp protocol written in PHP and Python. The company has threatened to take legal action against the developers if they do not take the project offline. heise Security has been told by one of the developers that they have decided to acquiesce to this request and to cease working on the API.

phpMyAdmin Back Door

Posted on by

On September 25th, SourceForge became aware of a corrupted copy of phpMyAdmin being served from the ‘cdnetworks-kr-1′ mirror in Korea. This mirror was immediately removed from rotation.

The mirror provider has confirmed the attack vector has been identified and is limited to their mirror; with exploit having occurred on or around September 22nd.

via phpMyAdmin Back Door | SourceForge Community Blog.

This corrupted copy of phpMyAdmin included a backdoor which permitted execution of arbitrary commands by the web server user. The notice from phpMyAdmin may be seen at:
http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php

Inside a ‘Reveton’ Ransomware Operation

Posted on by

In an alert published last week, the FBI said that The Internet Crime Complaint Center — a partnership between the FBI and the National White Collar Crime Center — was “getting inundated with complaints” from consumers targeted or victimized by the scam, which uses drive-by downloads to hijack host machines. The downloaded malware displays a threatening message (see image to the right) and blocks the user from doing anything else unless he pays the fine or finds a way to remove the program

via Inside a ‘Reveton’ Ransomware Operation — Krebs on Security.

Canadian hacker dupes Walmart to win Def Con prize

Posted on by

In short, he got all sorts of information that could be used in a hacker attack. How? A bit of research and an ability to spin a few lies over the phone.

As security systems get increasingly difficult to crack, hackers are turning toward a new source of information: people.

via  Canadian hacker dupes Walmart to win Def Con prize

Hackers have always utilized people or social engineering.

Chris Hadnagy, who organizes the Def Con contest, said social engineering is a “hardly discussed, trained or defended against” threat.

“Social engineering is the easiest and most widely used way to infiltrate companies,” Hadnagy said.

Motorola Solutions deal to bolster safety of NSA tech

Posted on by

Toronto-based Fixmo, which raised $23 million from Kleiner Perkins Caufield & Byers in November, worked with the NSA to develop the technology behind its Sentinel and SafeZone software. The programs allow companies and government agencies to control how data are shared on employee smartphones and tablets and strengthen protection against harmful software.

via Motorola Solutions deal to bolster safety of NSA tech – chicagotribune.com.

The Tribune’s headline is misleading.  It should be s/safety/security/g    Also…

Motorola Solutions plans to introduce more Android tablets later this year, Chief Executive Officer Greg Brown said last month.

Hackers reveal critical vulnerabilities in Huawei routers at Defcon

Posted on by

The vulnerabilities — a session hijack, a heap overflow and a stack overflow — were found in the firmware of Huawei AR18 and AR29 series routers and could be exploited to take control of the devices over the Internet, said Felix Lindner, the head of security firm Recurity Labs and one of the two researchers who found the flaws.

via Hackers reveal critical vulnerabilities in Huawei routers at Defcon – Computerworld.

According to the Huawei website, the AR series routers are used by enterprises and AR18 in particular is marketed as product intended for small and home offices.

Tatu Ylonen, father of SSH, says security is ‘getting worse’

Posted on by

I think it’s getting worse. Consumer privacy is disappearing totally. And SSL [Secure Sockets Layer] is being questioned and the problem isn’t the protocol itself but the key infrastructure. There have been several incidents where someone has stolen from the certificate authorities.

via http://www.networkworld.com/news/2012/072512-blackhat-ylonen-261134.html.