07. November 2010 · Comments Off on HP And The Scary Corporate Fifth Column Concept – Hacked Off – Dark Reading · Categories: blog · Tags: , , , ,

HP And The Scary Corporate Fifth Column Concept – Hacked Off – Dark Reading.

Rob Enderle discusses employees leaking proprietary information to competitors. Rob focuses on Oracle’s efforts against HP, speculating that Larry Ellison’s hiring of Mark Hurd is part of a plan to acquire HP.

During a battle–competitive, political, or otherwise–detailed information about the other side’s strategy, weaknesses, and tactics can result in huge benefits for the firm that acquires it. In security, it is our job to plug leaks–which are difficult to find–to identify the potential for them. On the short list would be executives or employees who were passed over for critical promotions, complained about abuse, were identified as surplus but still working, or who were known to be disgruntled and aggressively looking for outside work.

Employees like this should be considered a security risk. Care should be taken to control the information they have access to, specifically looking for indications that information coming into their possession isn’t being passed outside the company.

06. November 2010 · Comments Off on Microsoft responds to Firesheep cookie-jacking tool – The H Security: News and Features · Categories: blog · Tags: , , , ,

Microsoft responds to Firesheep cookie-jacking tool – The H Security: News and Features.

It’s hard to believe that Firesheep is only two weeks old. In response to Firesheep,  Microsoft said it will convert its Hotmail / Windows Live email service to SSL. Google did this for Gmail some time ago, well before Firesheep.

Facebook says it will also address the issue in the coming months.

So there is no doubt that more and more web traffic will be SSL encrypted and hidden from corporate control. I wrote about this last week, Easy fix for Firesheep creates a problem for enterprises.

06. November 2010 · Comments Off on Buyer Beware on SSL Certificates – fudsec.com · Categories: blog · Tags:

Buyer Beware on SSL Certificates – fudsec.com.

If you are purchasing SSL Certificates, and you are not sure what level certificate you need, you ought to read this.

06. November 2010 · Comments Off on (ISC)2 Blog: Do you know Shodan? · Categories: blog · Tags: ,

(ISC)2 Blog: Do you know Shodan?.

So here’s the basic: SHODAN (Sentient Hyper-Optimized Data Access Network) is a search engine, but instead of indexing web page content,  it indexes banners information. It indexes data on HTTP, SSH, FTP, TELNET and SNMP services for almost the whole Internet. You can find it at http://www.shodanhq.com.

In other words it’s a massive port scanner to help you find vulnerable network devices. Why waste time doing your own scanning, when all you have to do is query Shodan.

06. November 2010 · Comments Off on Boffins devise early-warning bot spotter • The Register · Categories: blog · Tags: , , , ,

Boffins devise early-warning bot spotter • The Register.

Researchers at Texas A&M have written a paper proposing a method for Detecting Algorithmically Generated Malicious Domain Names. It focuses on detecting domain fluxing, a technique used by botnets such as Conficker.

The method uses techniques from signal detection theory and statistical learning to detect domain names generated from a variety of algorithms, including those based on pseudo-random strings, dictionary-based words, and words that are pronounceable but not in any dictionary. It has a 100-percent detection rate with no false positives when 500 domains are generated per top-level domain. When 50 domains are mapped to the same TLD, the 100-percent detection rate remains, but false positives jump to 15 percent.

05. November 2010 · Comments Off on HTML5 Tricks Hijack Browsers To Crack Passwords, Spew Spam – Andy Greenberg – The Firewall – Forbes · Categories: blog · Tags: , ,

HTML5 Tricks Hijack Browsers To Crack Passwords, Spew Spam – Andy Greenberg – The Firewall – Forbes.

As usual, new technology spawns new threats. HTML5 will be no different.

HTML5 allows a website to run javascript processes that request data from another site, and to launch invisible scripts “in the background” on a user’s machine for long periods of time, says Kuppan. “With HTML4, after twenty seconds the browser would freeze,” he says.

And this:

Once the hacker has control of a user’s browser, it can be used to do all the same sorts of unpleasant things that botnets of malware-hijacked computers generally do: By repeatedly requesting data from another site–Kuppan says javascript can make around 10,000 requests a minute–it can overwhelm a target’s server and knock it offline. Or by creating and filling the sort of entry field typically used on corporate websites for leaving feedback, it can send mass emails to a list of addresses.

And this:

To keep users on a page longer while his scripts run, Kuppan suggests a trick that involves a clever form of “clickjacking.” Using javascript, an invisible link can be inserted wherever a user clicks on a page to open another tab with the desired destination. Since most users leave unused tabs unattended, a script can run on the original tab, potentially for hours, without the user’s knowledge.

We will need a tool which gives users better visibility into what’s going on their workstations and the ability to either automatically take actions against anomalous behavior or give users options to take actions.