A reporter contacted me about a breach a while back, and asked, “So, is there anything new here or is this just another breach?”
“Just another breach.”
Are we at that point where the breach of the point of sale (POS) system at a national retail organization and the compromise of a large number of credit cards is “just another breach?”
Some of the breaches have come with a decent amount of insight about how the breach occurred. For others we don’t have as much information.
But, can we take the public information about what we do know and look at the types of things that the breaches have in common?
Around the holidays, fellow Solutionary Minds blogger Rob Kraus and I like to have little fun with our blogs. Last year, we came up with “The Top Eight Holiday Songs of IT Security.”
This year, we’re sticking with the holiday song theme, but came up with our take on the holiday classic “12 Days of Christmas” called The MSSP 12 Days of Christmas.
On the first day of Christmas, a malicious actor gave to me Heartbleed exploit code.
On the second day of Christmas, a malicious actor gave to me 2 DOS attacks.
On the third day of Christmas, a malicious actor gave to me 3 pastebin dumps.
On the fourth day of Christmas, a malicious actor gave to me 4... read more >
Traditional and Nontraditional Tools and Techniques
So, you’ve gotten past the front door by piggybacking, were granted access to the elevator by the receptionist, and then find yourself standing in front of another restricted area. The next step is to find a way to trigger the motion sensor from the other side of the door so that it will open for you. What would you do?
Physical Security Assessments are an essential part of a security program. If an attacker is able to gain physical access to your building and equipment, they essentially have “the keys to the kingdom.”
This blog was written to provide an overview of some tactics that assessors... read more >
No Room at the Inn for these Phishing Attempts
Ahh...the holidays are upon us once again.
Time to drag out your moose-shaped eggnog mugs, that really do exist and ugly Christmas sweaters. Or if you prefer, your little pink bunny outfit that Aunt Clara made for you. Whatever you’re most comfortable in while roasting chestnuts on an open fire.
As many are aware, the holidays are a crazy, busy time of year. Just because you have to help coordinate four different Christmas celebrations in three different time zones during two weeks, it doesn’t mean you can let your guard down when it comes to phishing and spear phishing attempts. If anything, you need to be more vigilant, especially as people clutter their... read more >
Detecting Malware through Static and Dynamic Techniques
Malware analysis involves two key techniques: static analysis and dynamic analysis.
Static analysis examines malware without actually running it. Dynamic analysis (also known as behavior analysis) executes malware in a controlled and monitored environment to observe its behavior.
Each of these techniques includes elements which are further categorized as basic or advanced. Although there are benefits for conducting static and dynamic analysis as separate tasks, an analyst can realize the value provided by conducting both techniques when reverse engineering complex malware.
Performing static and dynamic analysis together helps identify the... read more >
We always hear about passwords. They are weak. And, when they are not weak, there is another website compromise that results in the exposure of millions of accounts, like from CyberVor or the more recent exposure of Gmail accounts.
Do you think passwords are still important? Do you worry about your passwords?
We’ve been kicking around computer and information security for a while now. Why don’t we have a better answer?
You are not surprised that an analysis of compromised passwords shows the most commonly used passwords are old stalwarts like “123456” and “password," right?
Or are you surprised that surveys say 70-80% of passwords being used online are classified as “weak," which often means a password that is less than eight lower-case characters or are simple... read more >
Analyzing Anomalous Data Structures
Malware authors are known for developing clever, interesting and sometimes dastardly ways to move, hide and distribute their wares to the masses.
They often work tirelessly to stay ahead of security analysts by playing on doubts, limitations and red tape. Some authors use trivial encryptions or encoding schemes like base64 while others use high-grade encryption or perform small modifications to a file to avoid detection.
If that does not work, the attacker can hide content in, or append content to image files or files made to look like images, but structurally they are another file type entirely. From a forensic standpoint, some of these files do not have a known structure and can be extremely difficult to identify and categorize, therefore they fall into the anomalous category.
In my thought process, anomalous data is that binary file that does not have an identified file structure.... read more >