Thursday, January 29, 2009
IEC Web Site Compromised
Websense Security Labs™ ThreatSeeker™ Network has discovered that a subdomain of the International Electrotechnical Commission (IEC) Web site has been compromised. The IEC is an international standards organization that prepares and publishes International Standards for all electrical, electronic, and related technologies. Member countries include Japan, Australia, U.S.A., central European countries, and numerous others. Read more...
Taps vs Span Ports
Tao of Security provided a great discussion regarding taps or SPAN ports.
- Taps free SPAN ports for tactical, on-demand monitoring, especially intra-switch monitoring. Many switches have only two ports capable of SPAN, and some offer only one. If you commit a SPAN port for permanent monitoring duties, and you need to reassign it for some sort of troubleshooting on a VLAN or other aspect of the traffic, you have to deny traffic to your sensor while the SPAN port is doing other work. Keep your SPAN ports free so you can do intra-switch monitoring when you need it.
- Taps provide strategic, persistent monitoring. Installing a tap means you commit to a permanent method of access to network traffic. Once the tap is installed you don't need to worry about how you are going to access network traffic again. Taps should really be part of any network deployment, especially at key points in the network.
- Selected taps do not permit injected traffic onto the monitored link. Depending on the tap you deploy, you will find that it will not be physically capable of transmitting traffic from the sensor to the monitored link. This is not true of SPAN ports. Yes, you can configure SPAN ports to not transmit traffic, and that is the norm. However, from my consulting days I can remember one location where I was told to deploy a sensor on a box with one NIC. Yes, one NIC. That meant the same NIC used for remote SSH access also connected to a switch SPAN port. Yes, I felt dirty.
- What taps see is not influenced by configuration (as is the case with SPAN ports); i.e., what you see is really what is passing on the link. This is key, yet underestimated. If you own the sensor connected to a SPAN port, but not the switch, you are at the mercy of the switch owner. If the switch owner mistakenly or intentionally configures the SPAN port to not show all the traffic it should, you may or may not discover the misconfiguration. I have seen this happen countless times. With a network tap, there's no hiding the traffic passing on the monitored link. Many shops have been surprised by what is traversing a link when the finally take a direct look at the traffic.
- Taps do not place traffic on a switch data plane, like a SPAN port does. This point is debatable. Depending on switch architecture, SPAN ports may or may not affect the switch's ability to pass traffic. By that I mean a SPAN port may not receive all traffic when the switch is loaded, because forwarding may take precedence over SPANning.
The Veterans Affairs Department has agreed to pay $20 million
The Veterans Affairs Department has agreed to pay $20 million to settle a lawsuit filed by veterans over the risk of potential identity theft when a VA laptop PC that contained their sensitive information was stolen in 2006. The laptop contained files with personally identifiable information on millions of veterans, such as names, birth dates and Social Security numbers. Read more...
Wednesday, January 28, 2009
How-to Install Snort on Ubuntu 8.10
Haven't tested this as of yet. I'll make a post as soon as a got it configured.
http://baronne.mouton.co.uk/snort-on-ubuntu-server-810-intrepid-ibex/
http://baronne.mouton.co.uk/snort-on-ubuntu-server-810-intrepid-ibex/
Tuesday, January 27, 2009
Serious security alert for Monster.com and USAJobs.gov users, Sophos reports
Job websites struck by hackers once again, putting identities at risk
IT security and control firm Sophos is advising all users of careers website Monster.com and USAJobs.gov, the official job site of the US Federal Government, to change their passwords following news that both sites have been the victim of a serious hacking attack which has compromised both and usernames and passwords.
Furthermore, as research has discovered that 41 percent of people use the same password for every website they access, many Monster and USAJobs users are likely to be at risk of their accounts on other websites are at risk of being hacked. Read more...
Obama smartphone conforms to military standards
Contrary to some media reports, Obama won’t simply be trading in one BlackBerry — the ubiquitous e-mail and smartphone device made by Research In Motion (RIM) — for a more secure version. Rather, he’ll be switching altogether to a maximum-security smart phone — most likely the Sectéra Edge made by General Dynamics C4 Systems Group.
The Sectera Edge is actually a re-purposed Palm Treo 750 that has been reconfigured to send and receive wireless classified e-mail messages and attachments, as well as access Web sites on the government’s Secure IP Router Network (SIPRnet). It features a single-touch button that permits authorized users to toggle between SIPRnet and government’s non-secure network, NIPRnet. And it would allow the president to have secure voice conversations. Read more...
My personal opinion. I think L-3 guardian is much better.
http://www.l-3com.com/cs-east/ia/smeped/ie_ia_smeped.shtml
The Sectera Edge is actually a re-purposed Palm Treo 750 that has been reconfigured to send and receive wireless classified e-mail messages and attachments, as well as access Web sites on the government’s Secure IP Router Network (SIPRnet). It features a single-touch button that permits authorized users to toggle between SIPRnet and government’s non-secure network, NIPRnet. And it would allow the president to have secure voice conversations. Read more...
My personal opinion. I think L-3 guardian is much better.
http://www.l-3com.com/cs-east/ia/smeped/ie_ia_smeped.shtml
Sunday, January 25, 2009
Hoax that claims Apple CEO Steve Jobs has had a heart attack
"A widely-circulated URL which points to an image that purports to be a wired.com story about Steve Jobs health is a hack job," Wired.com said. "We won't provide the URL here but the Twitterverse quickly surmised that the item was not correct." It appears to have first been reported by Mashable.
Someone created a legitimate-looking Web page using Wired's public upload image viewer, which generates a page containing an image under a Wired logo banner, Wired.com said. The hole has been patched, the news site added. Read more...
Friday, January 23, 2009
Trojan Attack Masquerades as E-ticket notice
Jan 22, 2009 | 05:19 PM
By Tim WilsonDarkReading
Security researchers have spotted a new attack designed to fool users into thinking that airline tickets have been purchased with their credit cards.
The attack, which was first spotted as an email from Northwest Airlines, and subsequently as a message from United Airlines, is a realistic-looking "receipt" that contains an attachment bearing the name Your_ETicket.zip or eTicket.zip, according to researchers at security vendor Sophos. Read more...
Wednesday, January 21, 2009
To disclose or not to
Security researchers should stop publishing vulnerabilities in the traditional way because cyber-criminals are using the code to generate zero-day exploits at record speeds, says a recent report. Read more...
Cheap cracks
Modern cryptological attacks can crack mobile phone calls, as well as debit and credit card systems, in seconds. The trick is to find a practical compromise between computing time and memory space with the help of precomputed tables. Probably no algorithm is immune to such an approach, but special techniques can thwart such attacks. Read more...
ARIZONA MAN INDICTED FOR SELLING COUNTERFEIT SOFTWARE ON EBAY
PHOENIX- A federal grand jury returned a 7-count indictment on Wednesday, January 13, 2009, against Kurt Kunselman, 44, of Waddell, Ariz., for violations of wire fraud, criminal copyright infringement and destruction of records with intent to obstruct a federal investigation. Kunselman was issued a summons and is set to appear before U.S. Magistrate Judge Lawrence O. Anderson at 10:45 a.m. on January 28, 2009. Read more...
Friday, January 16, 2009
Preemptive Blocklist and More Downadup Numbers
Updated Downadup from F-Secure.
The number of Downadup infections are skyrocketing based on our calculations. From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That's just amazing. Read more...
The number of Downadup infections are skyrocketing based on our calculations. From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That's just amazing. Read more...
Wednesday, January 14, 2009
RealVNC 4.1.2 'vncviewer.exe' RFB Protocol Remote Code Execution Vulnerability
RealVNC Viewer is prone to a remote code-execution vulnerability because it fails to adequately handle certain encoding types.
An attacker can exploit this issue to execute arbitrary code in the context of the vulnerable process. Failed exploit attempts are likely to result in denial-of-service conditions.
This issue may be related to the vulnerability discussed in BID 30499 (RealVNC 4.1.2 'vncviewer.exe' Remote Denial of Service Vulnerability).
RealVNC 4.1.2 is vulnerable; earlier versions may also be affected.
Read more...
An attacker can exploit this issue to execute arbitrary code in the context of the vulnerable process. Failed exploit attempts are likely to result in denial-of-service conditions.
This issue may be related to the vulnerability discussed in BID 30499 (RealVNC 4.1.2 'vncviewer.exe' Remote Denial of Service Vulnerability).
RealVNC 4.1.2 is vulnerable; earlier versions may also be affected.
Read more...
Tuesday, January 13, 2009
Serious security vulnerability in Safari web browser reported
An open source software engineer with a history of uncovering flaws in Mac OS X, claims to have uncovered a security vulnerability in Apple’s web browser Safari, affecting both Windows and Apple Mac users. Read more...
Monday, January 12, 2009
Mysterious credit card charge may have hit millions of users
Several Internet complaint boards are filled with comments from credit card customers from coast to coast who have noticed a mysterious charge for about 25 cents on their statements. Read more...
CheckFree warns 5 million customers after hack
January 6, 2009 (IDG News Service) CheckFree Corp. and some of the banks that use its electronic bill payment service are notifying more than 5 million customers that criminals took control of several of the company's Internet domains and redirected customer traffic to a malicious Web site hosted in the Ukraine. Read more...
Friday, January 9, 2009
F-Secure Warns about a new Worm
Downadup uses several different methods to spread. These include using the recently patched vulnerability in Windows Server Service, guessing network passwords and infecting USB sticks. As an end result, once the malware gains access to the inside of a corporate network, it can be unusually hard to eradicate fully.
Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures.
more technical details
Typical problems generated by the worm include locking network users out of their accounts. This happens because the worm tries to guess (or brute-force) network passwords, tripping the automatic lock-out of a user who has too many password failures.
more technical details
Thursday, January 8, 2009
Friendster Users Beware!!!
A lot of Friendster users have been complaining about receiving lots of invitations to view a fake video from their contacts (who presumably would not usually send malicious content to their friends). Read more....
Wednesday, January 7, 2009
Subscribe to:
Posts (Atom)
