“The nine most terrifying words in the English language are, ‘I'm from the government, and I'm here to help!’” goes the old joke. I’ll be the first to agree that most government agencies are not efficient or effective. But every now and then, old Uncle Sam can be a treasure trove of information about nearly any subject imaginable, including information security. And it’s free.Federal Trade Commission's Articles of Interest
Start here, on the Federal Trade Commission’s (FTC) Data Security page. Reading down the page, you’re almost certain to see links of interest. At the bottom of the page are several videos, and in the right margin you’ll find links to related articles from their blog. Such as:
Did you know that your photocopier is probably loaded with secrets, such as... read more >
Old vulnerabilities continue plaguing organizations
The Solutionary Security Engineering Research Team (SERT) released its Q2 2015 Quarterly Threat Report today. In the report, SERT identified trends in detected attacks, analyzed continuing activity, and took a closer look at the impact of the U.S. government Office of Personnel Management (OPM) breach.
It probably surprises no one to see the United States leading as the source of attacks. Analysis showed that almost 46% of all malware came from the U.S., making it the leader in that category as well. But would you be surprised to find out that as a source of command and control traffic, China is pretty much neck and neck with the U.S. (21% for the U.S. vs. 20% for China).
It is also impressive to see how persistent some of these attacks are. When the top 25 hostile non-U.S. IP addresses from Q2 2014 were also in the top 34 hostile non-U.S. IP... read more >
Don’t let IoT insecurity be the death of you and me
There has been a lot of news regarding Internet of Things (IoT) security lately. Perhaps the biggest news in cybersecurity in awhile came from Wired last week in their story, “Hackers Remotely Kill a Jeep on the Highway – With Me In It”. Car hacking is a topic close to the security risks we covered recently in my post, “The (Not So) Secure Smart City of Tomorrow”.
In recent years, almost everything that can be connected to the Internet has been shown to be vulnerable: home security systems, baby monitors, cars, manufacturing equipment, home entertainment networks, and the list goes on. And when it comes to transportation systems, it’s not just cars that are being found... read more >
Using Python to modify packet captures
In my previous article we kicked it old school, leveraging Wireshark to identify protocol anomalies, using a hex editor to modify packet capture (PCAP) files. Today we are still following Alice down the rabbit hole into the Wonderland of packets and protocol anomalies. Continuing our progression we are going to evolve and use Python to modify the PCAP to achieve the same results. This is the beginning process for developing your own scripts or applications. You’ve established the foundation of what needed to be done, but now it’s time for a more streamlined approach. Think of it this way, do you want to modify 10,000 packets manually? Python provides a useful interactive console that can be leveraged for testing each of your instructions before the final build. For many other developers and me, this is how most projects begin.
Before we begin, we need to set up our development environment to assist with this... read more >
Flash continues to pose a significant threat
Again with the Flash.
It seems like only yesterday I wrote a blog about a critical patch for Adobe Flash Player. And suddenly this week we have more. Yeah, not only is it yet another Flash vulnerability, it is multiple CVEs, with CVSS scores of 10 – with a high impact (execute arbitrary code or DoS), and simple to exploit. Actually, given the way Flash has been doing so far this year, it seems like that is more like “about every 35.5 hours” we would see a new Flash vulnerability.
Think about that.
“Every 35.5 hours.”
What is the state of your IT security team?
When it comes to incident response, “always be prepared” is a key phrase. I often give lectures to security professionals, and one of my favorite questions to ask is, “How many hours per day do you spend at work?”. The usual answer is eight, which is common in the corporate world. We go to work. We spend our allotted amount of time doing whatever it is we do during the morning. We go to lunch. We return and finally we go home at the end of our eight hours. Do you think this is what the hackers are doing? No, they spend 12, 16 and even 18 or more hours a day trying to breach your network. They live, breath, eat and sleep hacking. Can your security staff say the same?
If we fail to prepare for an incident or deal with a threat, then it is little wonder that we are losing the cybersecurity battle. Our enemies dream in code and we worry about the inter-office bureaucratic things. Rather than being given the time, the support and the authority... read more >
Breach provides government-quality surveillance tools to just about everyone
On Sunday, July the 5th, the proverbial crap hit the fan.
Hacking Team was…
…wait for it…
When most people saw the headlines the following day they didn’t even know who Hacking Team was. Hacking Team, based in Milano, Italy, specializes in surveillance technology, but also maintains its own private attacks and exploits. Well, they were private. Attackers released a 400GB torrent file containing everything from hacking/surveillance tools to administrative documents and emails. The source code is available in a Github repository. This brought a level of public scrutiny I’m sure the company did not desire, nor anticipate.
Surveillance software. Does that mean they spy on people? No, but they create software for people who do. And yes, that puts them in the business of violating your... read more >