I’ve said this many times before … the Internet is full of bad things. Of those bad things, one of the most common threats is Phishing attacks. Wiki defines phishing as ”the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication”. The majority of successful phishing attacks clone popular social networking sources and provide hyperlinks with the hope a target will click the link without questioning the authenticity of the source.
I wrote a post about what to look for regarding fraud email and craiglist sales HERE and 2 example craiglist cons HERE. The concepts are generally the same regarding identifying phishing attackers however in some cases, the attack will be a clone of a real message or website, which makes it very difficult to detect. Best practices is THINK BEFORE YOU CLICK! Here are some examples why this is important. Continue reading →
Want to protect your privacy when using the Internet? Well unfortunately that is tough to do these days. Many agencies and governments are investing in network surveillance programs to monitor Internet traffic. Firewalls can offer application visibility packages capable of identifying device and browser type, where people are surfing the Internet and what applications are being accessed. Most websites include tracking cookies that gather data about users accessing their resources. Data obtained about you is used for various things you probably are not aware of and may not approve. This includes selling that data to large marking firms that eventually turns into SPAM and other unwanted contact. A more extreme example of unauthorized surveillance is covered by Jacob Appelbaum’s talk on the US governments Internet spy tools (found HERE). Its eye opening!
The Internet is not a safe place. Best practice is protecting users with a Web Security solution. The ideal solution should be able to identify the attackers meaning verifying the source of the threat along with various methods to look for attacks. Cisco accomplishes this through a combination of global correlation (IE verifying if the source is malicious based on things like location, time the source has ben active, reputation, content, etc.), malware scanning and traffic monitoring.
The flagship web security solution from cisco is the Web Security Appliance (WSA) coming from the 2007 Ironport acquisition. Other web security options are a cloud offering and next generation firewall addition to the ASA firewall known as CX. More on Cisco’s Web Security options can be found HERE. Continue reading →
Aamir Lakhani wrote a good post on email security. The original can be found HERE
Headline Emails Lead To Data Breach
Today we use email far more than we use writing letters to communicate with our friends and relatives. In business, the use of email is ubiquitous and seems to grow exponentially each year. But who’s reading these emails besides those who they were intended for? Is sending information this way secure? Before email, we either sent our correspondence by post in an envelope or byway of fax. Both relatively secure. In the case of postal services, the interception of letters is quite rare and almost impossible for faxes. Continue reading →
People use weak password practices to secure critical information. Weak password practices include using the same password for multiple systems regardless of the value of the asset, dictionary words, short phases and keeping the same passwords for extended periods of time. For example, it’s common to find a password on a non-critical asset such as a PlayStation 3 be the same as a person’s bank account login.
The more information an attack knows about your password profile, the more likely they will crack your password. For example, a policy of “6-10 characters with one upper case letter and special character” actually helps an attacker reduce the target space meaning passwords are weaker with the policy. If an hacker captures a password for another system and notices a formula such as ‘<dictionary word>’ followed by ‘<3 numbers>’, it helps the attacker prepare a dictionary attack (utilities such as Crunch makes this easy). Any password shorter than 10 characters is an easy target to brute force attack based on today’s system process power. Continue reading →
Lancope enables visibility for security and network performance. Security capabilities focus on identifying insider threats such as botnets, malware and data loss using non-signature network wide correlation of all traffic. Pretty much anything touching the physical or virtual network leaves a footprint known as NetFlow that is investigated for malicious intent and performance statics.
Lancope offers a virtual and physical appliance option for the StealthWatch technology making it easy to build a lab. This post will explain how to build a simple Lancope lab integrated with Cisco ISE 1.2 beta using an Apple Mac mini server hosting vSphere ESXI 5.1 with ASA 5505 firewall. Continue reading →
Last year Aamir Lakhani and Joseph Muniz developed a fake identity known as Emily Williams with the purpose of compromising a specific target using social media. We created Emily Williams based on research from Robin Sage, which showcased how a fake identity could obtain sensitive information from social media resources. We wondered if a similar approach could be used for targeted attacks and developed Emily Williams for that purpose. More information on developing Emily Williams via Part 1 of this project can be found HERE. Continue reading →
Disclaimer: This post has been modified to exclude specific subjects not approved for public viewing
Emily Williams and Robin Sage
Emily Williams and Robin Sage don’t exist in the real world. They are fake social network accounts designed to obtain sensitive information. Robin Sage was created in late 2009 to obtain information from intelligence on US military personnel. Her story was presented at the Black Hat hacker conference upsetting many people by exposing the type of sensitive data provided over social networks. Joey Muniz and Aamir Lakhani decided to go one-step further and ask the hard question: “what else can happen outside of data being leaked over social networks”. We decided to find out using EmilyWilliams. Continue reading →