SSL broken, again, in POODLE attack

Peter Bright provided a fantastic writeup on the recent POODLE aka”Padding Oracle On Downgraded Legacy Encryption” attack that could be as he states “the final nail in SSLv3’s coffin”. You can find the original post HERE via the arstechnica.com website. 

Poodle SSL broken, again, in POODLE attack

From the researchers that brought you BEAST and CRIME comes another attack against Secure Sockets Layer (SSL), one of the protocols that’s used to secure Internet traffic from eavesdroppers both government and criminal.

Calling the new attack POODLE—that’s “Padding Oracle On Downgraded Legacy Encryption”—the attack allows a man-in-the-middle, such as a malicious Wi-Fi hotspot or a compromised ISP, to extract data from secure HTTP connections. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

The Fappening: A Wake-Up Call for Cloud Users

Sarah Williams wrote a great article on my buddies blog about a recent breach in cloud security storage that exposed naked photographs of famous actors. The original post can be found at drchaos’s website HERE

The Fappening The Fappening: A Wake Up Call for Cloud Users

The Cloud storage option is fast becoming one of the most popular and effective methods of storing essential data that you definitely can’t afford to lose. From small to medium-sized business, cloud storage has helped owners save time and money in their businesses when it comes to IT.

But exactly how safe is the cloud? Though most reliable cloud service providers have cutting edge security, many IT experts say the cloud system is not entirely safe. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

NSS Labs releases a new set of security reports for Web Application Firewalls

NssLabs NSS Labs releases a new set of security reports for Web Application FirewallsNSS Labs just released a new set of reports covering Web Application Firewalls. Those reports can be found at NSS labs website HERE. There is a cost for these reports however it is worth the investment if you are looking to purchase a new firewall. Also, Palo Alto tested poorly and due to the back and forth between both companies, NSS labs is offering the Palo Alto report for freeContinue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Shellshock / Bash bug – 22 year internet vulnerability could be the biggest yet

My buddy Aamir Lakhani posted about the recent Shellshock / Bash bug based on his research. Its a fantastic post and original is located HERE.

Security researcher, Stephane Schazelas found a major vulnerability that allows attackers to execute and run code in bash shell.

A shell is found on most UNIX, Linux, and Mac operating systems. Users interact it with it through the terminal program. It is the place to input and run commands for the operating system, as well as accept basic programming for the system. In other words, it is the command line. It is used for management, administrative, and productivity purposes.

Bash is the shell, or command language interpreter, for the GNU operating system. The name is an acronym for the ‘Bourne-Again SHell’, a pun on Stephen Bourne, the author of the direct ancestor of the current Unix shell sh, which appeared in the Seventh Edition Bell Labs Research version of Unix.

Bash installed from netcraft Shellshock / Bash bug – 22 year internet vulnerability could be the biggest yet Continue reading

VN:F [1.9.22_1171]
Rating: 3.5/5 (2 votes cast)

TorrentLocker Unlocked … For Now

ransom1 TorrentLocker Unlocked ... For NowThere has been a lot of publicity on Ransomware campaigns compromising various targets (I posted on CryptoLocker HERE and Ransomware spreading in the wild HERE). For those that don’t know what Ransomware is, its malware that encrypts your data and holds it ransom for a fee to unlock it. The cost to get your data back can be anything from hundreds to thousands of dollars. Plus you don’t know what else is being done once you get your data back aka other forms of breaches happening on your system as well as what they do with the stolen data. I have had customers have their entire datacenter compromised and unfortunately had to pay the fees. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Payment Card Industry PCI Security Best Practices

PCI 1 Payment Card Industry PCI Security Best PracticesMany industries rely on revenue generated by sales and if credit is used, Payment Card Industry (PCI) compliance is mandated. This includes all industries that process, store or transmit credit card information. Like any compliancy standard, this is the minimal level of real security and should not be considered the goal to protect sensitive data. All compliance mandates that matter must go through various review and audit processes that take time and cause the results to be dated compared to the speed of new attacks you should expect against your network. This means meeting mandates such as PCI should just be part of your overall security strategy. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

How Internet Forensics Changed Criminal Investigations

The people from Cyber Crimebusters developed a Infographic about how Internet forensics has changed criminal investigations. The original can be found HERE.

The interesting points to me are how social media and mobile devices are becoming a common source for investigations. I find it humorous when people post pictures of themselves doing crazy things on social media sources and shocked when that comes back to haunt them later such as in job interviews. I’ve provided examples of how I used people’s data on Facebook (previous job roles, friend’s current location, etc) to pretend I’m a friend from years ago using a fake Facebook ID to obtain data during an authorized penetration testing (more on that HERE). Its critical to know what you have public about yourself and question anybody that seems fishy. Trust me, its better to ask for proof of identity when you don’t know who you are speaking with rather than assume the wrong person is a trusted friend.  Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (2 votes cast)

Splunk Cisco Security App – Expanding Cisco Security With Centralized Reporting and Multi-Vendor Alerting

There are many SIEM solutions available however I was extremely impressed with recent innovations from Splunk regarding a free Application that can be used to centralize security data from multiple cisco solutions. By definition, a security information and event monitoring system aka SIEM is typically just that; either a good information sorting tool or solution that helps identify and react to events.

One of Splunk’s key market differentiators is their extensive application library developed by customers and Splunk engineering. These applications turn the traditional SIEM into a business enabler to meet specific use cases. Splunk has developed cisco applications in the past however recently face-lifted the cisco Security Application to include Cisco access control (ISE), email security (ESA), web security (WSA), Cisco firewalls, and even SourceFire (both network and only SIEM as of today to support malware aka AMP). This application can link findings with other vendor data such as taking ISE context (IE Joey’s windows 7 laptop on port 1/0/14) and matching it to any captured log by Splunk (For example a McAfee IPS event). This provides a true centralized view of data across a network.

Splunk1 Splunk Cisco Security App – Expanding Cisco Security With Centralized Reporting and Multi Vendor Alerting Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (5 votes cast)

Heartbleed bug infographic

The people at IDF Marketing created a infographic covering the recently announced Hearthbleed bug. You can find more on IDF Marketing HERE. Check out this overview including a list of popular sites with heartbleed vulnerability status.  Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)