Advertisement

   

Main Menu  

   

Cyberfreek on Twitter  

   

CyberFreek Follows:  

   

RDP Brute Force attacks are on the rise again.

Details
Category: Network Security
RDP attacks on the rise again

With the Covid-19 scare in place, many companies are allowing their workers to Work From Home.  At the same time, many companies were not prepared for this to occur, so they instituted a highly insecure plan.  Open up RDP access directly into their network for their employees to work from home.

latest bind has problems

Details
Category: Network Security

On Twitter, I came across this post...

@thedarktangent: Looks like the latest bind 9.11.b1 dies every few hours, process killed due to lack of swap space, all previous versions didn't do this.

What do they call software that is updated but contains bugs or problems introduced due to poor QA?

Sloppy coding practices.....

Ok... update.
9.11.0b2 is out. But does it fix it?
Anyone testing it?

Network Defense using Air-Gap

Details
Category: Network Security

Air Gap'd network.

 

The concept of not having a physical connection from Control Systems and the rest of the world. Interesting concept, isn't it?

The term is mostly used in SCADA systems. You have a gap between your control system and the rest of the world so nothing can attack your infrastructure.

Great name, great concept, but is it real?  How can you protect your infrastructure so tightly when there should be a complete gap from public to private side? No connectivity at all.  Does it work ?  Does it exist?  I'm sure it does in various formats

Lets look at WikiPedia says:

An air gap or air wall[1] is a security measure often taken for computers and computer networks that must be extraordinarily secure. It consists of ensuring that a secure network is completely physically, electrically, and electromagnetically isolated from insecure networks, such as the public Internet or an insecure local area network. Limitations imposed on devices used in these environments may include a ban on wireless connections to or from the secure network or similar restrictions on EM leakage from the secure network through the use of TEMPEST or a faraday cage. It is most recognizable in the time-honored configuration known as "sneaker-net" where the only connection between two devices or networks is via a human being providing media-switching, i.e.; floppies, CDs, or USB drives. The term derives from the notion that one must put on sneakers and walk to transfer data.

Sneaker Net?  Does anyone remember how well this worked?  It was a term used BEFORE networks were readily available for the average company and person.  As explained, you physically had to carry a copy of whatever you wanted to share to those you wanted to share it with.  Did it work?  Does anyone remember the use of 5-1/4 floppies and how reliable they were?  In many instances they failed, because companies bought sub standard floppies. Or worse, someone rubbed the outer shell to the disk while taking it to their destination.  They became scratched and useless.

Now I can see the need for some "top secret" organizations disconnecting itself from the Internet completely.  But does this happen regularly for your average company or organization?  No.  Because users demand Internet connectivity. A closed network limits creativity some might argue as well.

To take more from WikiPedia for examples:

Examples of the types of networks or systems that may be air gapped include:

 

 

Does this actually happen? Does it ?  I don't think so, again because users demand connectivity to the web.

Click on the link to read a great post on the fantasy of the air gap

Take a real close look at the diagram presented.  Real close look.   Can you spot the Air Gap ?

 

 

RSA Hacked

Details
Category: Network Security

March 17, 2011

RSA announced that they had been hacked.  They have sent out warnings to their customers that it seems that the hackers stole information related to their SecureID tokens.

Just imagine what this means.  If their Tokens are compromised, then your SysAdmins and Security folks need to be a little more diligent in watching your networks and access points.

My question is, When will people learn to keep diligent in this ever changing Security environment? Just because you have certain protections in place, does not mean you are secure. You are secure based upon a slice of time. If you do not keep up with the latest trends, patches, fixes and in some ways technology, you are a target. Hell, you ARE a target no matter what.  What are you doing to keep yourself as a never ending moving target?

Here is the article:

http://www.pcworld.com/businesscenter/article/222522/rsa_warns_securid_customers_after_company_is_hacked.html

What is the product ?  A very popular device to enable 2 factor authentication.

http://www.rsa.com/node.aspx?id=1156

 

Other Articles:

Engadget

Computerworld

 

Additional Information

The link to the DELL information page, is helpful to some degree.
http://www.secureworks.com/research/threats/rsacompromise/


Open Letter from RSA: http://www.rsa.com/node.aspx?id=3872

More importantly, the SecurCare Online Note:
http://www.sec.gov/Archives/edgar/data/790070/000119312511070159/dex992.htm

In this note, there are recommendations that could be followed.

   

Twitter for Cyberfreek

   
© Cyberfreek.com 1997-2024