Home
First Android Bot discovered?
- Details
- Category: Celll Phones and Mobile devices
So, is it possible that an Android based cell phone or tablet could be get infected with a BOT or is this just another case of Spoofing of email ?
New Scam aimed at Travelers
- Details
- Category: Personal Cyber Security
There seems to be a new scam hitting the streets as we travel for the Summer months. Actually, anyone that travels for pleasure or for a living should take note of this.
The scam goes like this :
Hotel/Motel Scam (This one is so simple it is shocking)
This is kinda scary if only because of how simple it is.
You arrive at your hotel and check in at the front desk. When checking in, you give the front desk your credit card (for all the charges for your room). You get to your room and settle in.
Someone calls the front desk and asks for (example) Room 620 - which happens to be your room. The phone rings in your room. You answer and the person on the other end says the following, 'This is the front desk. When checking in, we came cross a problem with your charge card information. Please re-read me your credit card number and verify the last 3 digits numbers at the reverse side of your charge card.'
Not thinking anything, you might give this person your information, since the call seems to come from the front desk. But actually, it is a scam of someone calling from outside the hotel/front desk. They ask for a random room number. Then, ask you for credit card information and address information. Sounding so professional, that you do, thinking you are talking to the front desk.
MS Zero Day and State Sponsored attacks
- Details
- Category: Information Security
How do you respond to a Zero Day notification ?
Ok, now how do you respond to an alert or warning issued by a Mega company like Google ?
Now couple this with, how do you respond to a State Sponsored attack ? Oh heck, how about any attack on your network or infrastructure?
It seems that there is a Zero Day attack on Windows again. It can allow a Drive By Download within MS Internet Explorer. The problem lies within the XML Core Services / framework that Windows relies upon.
But State Sponsored attacks? Many in the Security field have been complaining about this logical progression for years. Some have awoken, some still have their head in the sand.
I say Logical Progression, well lets look at this for a moment. I did an ISO meeting with IBM and they asked me to speak on Hacking and tools to help protect applications. I started off with a timeline or logical progression.
- Computers arrive on the scene
- People begin to play and find they can access all sorts of things (malicious and "for the fun of it")
- birth of the term "hacker"
- Companies and Organizations lock down modem access.
- Birth of Internet, why dumpster dive anymore when Script Kiddies are overly abundant?
- Servers and networks are left open. Birth of Firewalls and Gateways.
- Servers are still open, birth of locking down the Server by turning off non required services.
- Lock down the network and servers? Ok, attacks begin through required ports (DNS, HTTP, HTTPS, SSH, SMTP, etc)
- More security brought in to inspect and lock down access more.
- Application Security is born because someone figured out a way to make applications do things not designed to do, grant access to OS.
- Tighten down access even more, wait, did you just say outsource? Attacks escalate, I wonder why?
- Tighten security and access more, make it much more difficult to break in. Birth of professional Sponsored attackers and teams of attackers.
- whats next ? Tighten Security more? What happens when you over tighten anything ? you risk cutting off too much. Ever been choked before?.
Before I continue, take the time to read this article that fired this article of mine off.
It seems that we are deep in the throws of a Global Cyber War but no one wants to admit it.
Taken from the article:
The vulnerability, known as CVE-2012-1889, allows remote code execution in computers that get infected when users visit the target malicious website and can give an attacker the same rights as a registered user.
Isn't this similar to an attack about 2 years ago ? Drive by download is a serious every changing problem. How do you stop it ?
Set up an ACL in your firewall to prevent access to this drive by IP ? You're chasing the dragon here. Block access to 1 IP and it will pop up from a million other places overnight. Now how do you find the time and resources to find out what the IP may be when some of the IPs may also be from legitimate sites?
Or how about from legitimate search sites that are infected with information contained in databases that all you need to do is run the right search ?
You need some sort of stateful packet inspection device or server that can be updated from a vendor or a free site that keeps track of these things for you. But wait, its found to be embedded within your application as well? A request to go to an off site location for a Javascript file or Image or who knows what? How do you stop that?
Ok, back to the article. Zero Day vulnerabilities are a huge problem. Especially when they are found within an Operating System that you rely upon.
If you are legally bound to protect information within your organization and are diligent to protect it, but the OS is found to be weak. Who is responsible for this potential breach or vulnerability that could lead towards a breach of Security? You are. Never the vendor, because there are clauses in the Use Licensing that says, "they are not responsible".
We need to change this. We as users, Professionals and the like. The Vendor / User relationship is a symbiotic one. One can not live without the other. The louder we complain, the faster these things get patched OR the faster they rewrite the OS or components to function in a more secure way.
Did you read that article ?
Did you go and download the suggested fix yet ? What are you waiting for?
Enjoy and stay safe!
Steve