Posts

Showing posts from 2014

POODLE has Morphed??????

Recently, new exploits for the  RC4 stream cipher suite have come to light. It is used in almost half of the internet's SSL/TLS implementations, that "https" stuff that you see in front of your url, and many well know companies, including internet giant Google, are still using the protocol. However, at this time, security professionals are saying that an attacker would have to cause hundreds of millions of TLS connections while executing a Man-in-the-Middle attack, in order to glean enough information about the traffic being encrypted to mount a feasible attack.

For the moment, researchers are saying that we are safe, but administrators should not wait too long before disabling the SSLv3 fallback vulnerability. Security experts believe that development of GCM, Galois/Counter Mode symmetric key cryptographic block cipher, will be accelerated to help phase out RC4 cipher.

The security research company Qualys has created a testing page that can be used to check domains for …

Somebody is Conversnitching

Wouldn't it be interesting if you could put a listening device in a lamp so that you could hear what your buddy down the hall was saying, or listen in on a conversation from the team that your competing against. Well now you can, with this fun little gadget known as the Conversnitch. It is a listening device that lives in a light bulb. Once it grabs some audio it puts the string into a format that can be posted to Twitter in real-time. Hilarious right? 
It is constructed from little more than a Raspberry Pi miniature computer, a microphone, an LED and a plastic flower pot. It screws into and draws power from any standard bulb socket. Then it uploads captured audio via the nearest open Wi-Fi network to Amazon’s Mechanical Turk crowdsourcing platform, which McDonald and House pay small fees to transcribe the audio and post lines of conversation to Conversnitch’s Twitter account. Take a look at the video above and let me know what you think. I thought it was pretty entertaining myself…

Bash Bug aka 'ShellShock' & the 'AfterShock'

Image
There is a critical vulnerability in the in the GNU Bourne Again Shell other wise known as Bash. The news was released on September 23, 2014, and has continued to evolve as the days go by in regards to severity of the ShellShock bug.

So ... What is ShellShock

Other than a cool looking cartoon character from the Marvel comic book series (see picture at right), ShellShock is a fundamental flaw in the Bourne Again Shell or Bash for short, which is used in many Linux, UNIX, and MacOS operating systems. The vulnerability allows attackers to execute specially crafted commands remotely through environmental variables when Bash is invoked. An environmental variables are a set of dynamic named values that can affect the way running processes will behave on a computer.

RedHat.com describes the bug as follows:
A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell c…

The Home Depot POS Breach

Image
THE FACTS

Home Depot has confirmed, on September 08, 2014, that a data breach has taken place in the majority of its US and Canadian store location. There is an estimated 2400+ stores that may have been affected by the breach, starting back in April of last year.

Brian Krebs from KrebsOnSecurity said that sources close to the investigation have determined that the Malware used in this breach was aided by a possible new variant of the bug used to infect Target and other point-of-sale (POS) devices last year. This information was release early last week along with a statement from Home Depot. Other sources suggest that some of the stores were infected with a POS Malware called BlackPOS, which is designed to copy credit and debit card numbers as soon as they are swiped at the card reader terminals. The security company Trend Micro says that his new variant has a few new capabilities including the ability to disguise itself inside of the anti-virus software running on the compromised syst…

Netflix in Linux Using Chrome

Image
Update 01.01.2015 - I have some awesome news! It is now unnecessary to use the "User Agent Extension" for Google Chrome in order to watch Netflix online. Simply remove the agent then relaunch the video that you want to watch and it should work!

The World Wide Web Consortium or W3C has made a push for protected media content to be streamed using HTML5 media playback through the Encrypted Media Extension specifications. Watching Netflix natively in Linux has been made possible in Beta versions of Google Chrome using an extension. You will no longer have to use a funky wine/silverlight work around any longer as long as you use the Beta version of Google Chrome!
By spoofing the user agent of an official supported EME platform (e.g., Windows 8.1) in Chrome for Linux we can get fuss-free totally native playback of movies and TV shows — for now, at least.It does take a bit of tweaking to get it up and running, but once you do, it plays much nicer than the wine configurations from ear…

Russian Cyber Gang "Steals" Passwords

Image
A source told the Guardian, on Tuesday, that a Russian cyber gang has stolen 1.5 billion unique passwords belonging to multiple email address. However, there does not seem to be enough information as to whether or not the reporting party is telling the truth. At least there hasn't been a big name security firms that have been allowed to verify this claim. A information security researcher from University College London told the Guardian,
It’s plausible that they have found this many credentials, but whether they actually have or not we would need to see more data ... We’ve been told independent experts have verified it, but we haven’t seen what they’ve verified and we don’t know who they are. The article goes on to say that this news, whether true or not, is just another nail in the theoretical coffin for the use of usernames and passwords as the mechanism of choice to secure Web pages. People are always getting the advice that says, "You need to make a secure password that i…

Pass Phrases are Easier

Image
---------------------------------------------------------------------------------------------------------------------

Criteria: 25,000 words to chose fromPick 4 words at randomThat's 25,000 words raised to the 4th power, which equals 390,625,000,000,000,000 possibilities for a pass phrase using only lowercase letters.This happens to be about the same strength as a 9-10 digit alpha numeric password that you would make up yourself.However, most people capitalize one or more of the words witch adds more possibilities. 50,000 raised to the 4th or a really BIG number, and it has the same strength as a 10-11 character password using letters and numbers. If mutations are allowed, (special characters or changing letters to numbers, etc.) this increases the number of possibilities to 2.5 million unique words, which is also another very very LARGE number.  The best part is ... 
You can actually remember the pass phrase without having to right it down!!!!!!!

Source: https://xato.net/passwords/a…

Primo-vigesimo-centillion

primo-vigesimo-centillion is equal to 10366 in America, or 10726 in France and Germany. Like most illion numbers, it is part of an extended system of names. It is part of a naming scheme first proposed by Professor Henkle in 1904 and subsequently popularized in 1968 in an article by Dmitri Borgmann. In Henkles scheme the latin ordinals represent their corresponding values, while the cardinals represent multipliers to be applied primarily to the milli- prefix.Professor Henkles system is notable for being the earliest known attempt to extend the zillion series to the millionth member. It may also have served as the impetus and blue print later systems, including the popular Conway & Guy naming scheme. Source: http://googology.wikia.com/wiki/Primo-vigesimo-centillion

Huge Data Breach in Montana!

Holy smokes, I just read a post from SC Magazine, that describe a pretty substantial data breach at the Montana Department of Public Health and Human Services (DPHHS) where DPHHS is notifying 1.3 million clients and employees of a year long data breach. The information stolen from clients include SSNs, phone numbers, birth dates, addresses and dates of service. Data belonging to employees and contractors includes SSNs, names, numbers and bank information.

And of course, they are claiming that, after investigation, that there is no knowledge of any inappropriate use of the information that was taken. I assume that they notified the individuals and offered them the generic "credit monitoring" free for a year. Hopefully this want happen in the future, but my fingers are crossed.

Source: http://www.scmagazine.com/montana-dphhs-notifies-13-million-clients-and-staffers-of-nearly-year-long-breach/article/357655/

Common DDoS Response Mistakes

I found and interesting article on darkreading.com, which discussed some of the common mistakes that organizations make when they are under a DDoS attack. The unfortunate thing about these types of attacks is that there is no real cure, and DDoS attacks are going to remain a pain our sides for some time to come. Below is a list of some of the common mistakes that organizations make when responding to a DDoS.

* Not having a plan to prevent DDoS attacks in the first place.

Security firms say that it is much more difficult to remediate a DDoS attack after it has started. It is much easier and more effective to put a shield in place that can prevent this type of crippling traffic from starting in the first place. Senior director of security strategy at SolarWinds, Gretchen Hellman, says, 
"Such a plan should include evaluation of current DDoS protections, defined roles and responsibilities between the network and security teams, and a clear process of communication both internally and …

AT&T Data Breach Warning

Image
AT&T has notified some of its customer base that their personal information (PII) may have been accessed between April 9 and April 21, 2014 by the employees of one of AT&T's contractors. Some of the information accessed includes: Social Security Numbers, birth dates, and other data. They believe that this information was accessed in a effort to create a passcode that would allow them to unlock AT&T based phones to be sold on secondary or "black" markets.

They claim that no financial information was stolen, and the employees of the company have been terminated. However, AT&T is urging their customers to change their account passwords as a precaution. One thing that some of you may find interesting is that ATT has not released the number of people affected by this breach. They are only saying that some customer accounts were affected. I do not know you, but this does not make me feel very safe, being that I am an ATT customer myself.

Security experts say th…

Mitigating BYOD Mistakes with Two-Factor Auth

Duo Security has come out with a rebuttal to The Wall Street Journal's Tech Blog article entitled "5 ways attackers exploit our bad BYOD habits" which listed 5 different ways that BYOD can introduce cyber security issues into an organization.
Open wifi networks can be set up by attackers in places such as coffee houses and other public areas and then invite others to join. The main risk to this threat is the  stealing of usernames and passwords. Duo Security says that the use of a modern, out-of-band 2-factor authentication solution prevents this from happening by using a separate channel to verify a user's identity.With 2-factor authentication, you can prevent a Man-in-the-Middle attack because the attacker is unable to intercept a push notification sent directly to your cell phone, which would keep you in control of your account. From there, you can change your password and take other precautions to insure that your account is protected. As many people have used the…

Helping to Reclaim Our Personal Digital Life

Image
Overview:

OPI is an information security appliance that you can use as your digital information safe. You can store and back up all information and it is encrypted! You can completely control who is able to access your information and you can control where that information is stored, primarily in your home. The super cool thing about this appliance is that it is running Ubuntu Linux! How cool is that!

The creaters want to offer an alternative to other cloud services such as Google drive or Dropbox for those of use that want to take back control of what is already ours, our data.

How It Works:

This is really awesome because you can back up all of your information while staying in complete control of where that information lives. Also, you can access that data anywhere and every where that there is an internet connects or I assume a data connection. The appliance sits at your home and is connected to your router, just as you would plug a computer or other networked appliance on your inte…

Internet Exploder & Malware Defense Tips

Internet Explorer Vulnerability  Microsoft is aware of limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. The vulnerability is a remote code execution vulnerability. The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an o…