Typo-squatting domains can harvest corporate emails
Typo-squatting domains might easily be used to intercept misdirected corporate emails, according to new research.Domain typo‐squatting has long been used as a means to expose butter-fingered users who accidentally misspell a legitimate domain to malware. So-called doppelganger domains take advantage of an omission instead of a misspelling, for example missing the dot between host/subdomain and domain.Security researchers at Godai Group profiled companies in the Fortune 500 for susceptibility to attacks based on this ruse, and found that 151 30 per cent were vulnerable.
via Typo-squatting domains can harvest corporate emails • The Register.
IPv6: The End of Security As We Know It
Many people have seen IPv6 as a simple addressing extension to the existing internet and see few changes to the way we secure systems.These people cannot be further from the truth. IPv6 will change the way we think about security. We need to start planning now or we will be left in the dust.This is another topic I will be addressing in the coming weeks and months so many security topics, so little time.IPv6 substantially changes how IP interacts with the link layer, in particular Ethernet. ARP will go away and be replaced by NDP, which is ICMPv6 based and we also need to look to protocols such as SEND to secure NDP or we will fall prey to the same class of attacks we faced in IPv4 over hub shared networks….
via Infosec Island IPv6: The End of Security As We Know It.
Air, Food, Water, Internet – Cisco Study
The second annual Cisco Connected World Technology Reportexamines the relationship between human behavior, the Internet, and networkings pervasiveness. It uses this relationship to provoke thoughts around how companies will remain competitive amid the influence of technology lifestyle trends. The global report, based on surveys of college students and professionals 30 years old and younger in 14 countries, provides insight intopresent-day challenges that companies face as they strive to balance current and future employee and business needs amid increasing mobility capabilities, security risks, and technologies that can deliver information more ubiquitously – from virtualized data centers and cloud computing to traditional wired and wireless networks.
Dont be fooled by these 10 PC performance myths
Computer lovers are always looking to get more speed out of their computers. Unfortunately, a number of incorrect or outdated performance tips have been around long enough to become myths. Here are 10 of these myths — and the truth about them. As always, I am sure you’ll be able to think of plenty more. So be sure to post your own myth-busting in the forums!
via Dont be fooled by these 10 PC performance myths | TechRepublic.
How we found the file that was used to Hack RSA – F-Secure Weblog
Posted by Mikko @ 09:29 GMT | Comments RSA was hacked in March.
This was one of the biggest hacks in history.
The current theory is that a nation-state wanted to break in to Lockheed-Martin and Northrop-Grumman to steal military secrets. They couldnt do it, since these companies were using RSA SecurID tokens for network authentication. So, the hackers broke into RSA with a targeted email attack. They planted a backdoor and eventually were able to gain access to SecurID information that enabled them to go back to their original targets and succesfully break into there. In the aftermath of the attack, RSA was forced to replace SecurID tokens for their customers around the world.
via How we found the file that was used to Hack RSA – F-Secure Weblog : News from the Lab.
10 Risky default settings in social media that you need to check
As online industry grows, and we sign up for one social network after the other, we can’t forget that we’re trusting our sensitive information to corporations. Most TOS include a clause that allows companies to change their TOS whenever they need to. So, in an effort to not be paranoid, but cautious, here’s a list of 8 things to check up on in social media. Who knows? Maybe you’ll be surprised by what you’ve agreed too…..
via 10 risky default settings in social media that you need to check – TNW Social Media.
Putting all of Your Eggs in One Basket – or How NOT to do Layoffs
The recent story about Jason Cornish, a disgruntled employee of pharmaceutical company Shionogi is getting a lot of attention this week. In a nutshell, he resigned after a dispute with management, and was kept on as a consultant for a few months after.The story then goes that he logged into the network remotely ie – VPNd in using his legitimate credentials, then logged into a “secret vSphere console” Id call “foul” on that one – there would be no reason to have a “secret” console – my guess is he used the actual corporate vCenter console or used a direct client against ESX, which you can download from any ESX server, so he had rights there as well then proceeded to delete a large part of the company infrastructure 88 servers in the story I read. The company was offline for “a number of days”, and Jason is now facing charges.This diary isnt about the particulars of this case, its much more of a common occurrence than you might think. Well talk a bit about what to do, a bit about what NOT to do, and most important, wed love to hear your insights and experiences in this area.First of all, my perspective …Separation of duties is super-critical. Unless you are a very small shop, your network people shouldnt have your windows domain admin account, and vice versa. In a small company this can be a real challenge – if youve only got 1 or two people in IT, we generally see a single password that all the admins have. Separation of duties is simple to do in vmWare vSphere – for instance, you can limit the ability to create or delete servers to the few people who should have that right. If you have web administrators or database administrators who need access to the power button, you can give them that and ONLY that.
via ISC Diary | Putting all of Your Eggs in One Basket – or How NOT to do Layoffs.
Dealing with Fake Tech Support & Phone Scams
On this blog, we’ve discussed the ways that scammers can attack your PC, through malicious software, rogue security alerts, phishing attacks and more. But the bad guys have now devised a new vector: the phone. I first learned about this when I heard my parents had received a call that they had been identified as having rogue software on their PC. The caller, who said he was from Microsoft, needed to remote access their PC to resolve the issue. Turns out scammers like these were simply taking the time to prey on potential victims by calling them and masquerading as a representative from a trusted institution to trick them into giving up valuable and personal information. Sometimes, as in my parents’ case and others, they even advise installing a remote access code so scammers will have full access to the PC…….
Whats in a Firewall?
We continue to hear reports of companies, government agencies, and systems being hacked into by the “Bad Boys” of the Internet. Most recently it was confirmed that the US Pentagon systems were hacked into and thousands of files were copied from the systems that were hacked. When I heard this report I thought “How in the world does an organization like the Pentagon with all of the resources they have get penetrated???” If organizations like the Pentagon have lowered defenses, how do we, the average system owner with a whole lot less resources protect ourselves?
As I thought about it I realized that there are just too many possible “holes” that can allow the “Bad Boys” in. Once an attacker penetrates the perimeter the internal systems are unprotected. Worms have penetrated many corporate networks through email systems, careless users, and the use of USB devices. Once they are in they spread quickly.
Today’s worms and viruses initiate a large percentage of the attacks that take place. Today’s hackers have become more and more sophisticated and continue to develop new methods to hack and avoid detection. You think you have the door closed and voila, you turn around and there they are. Once in, they start looking for other victims inside the network that they can infect. They can also use the infected computer to attack other computers both inside and outside your network. Besides wasting your resources (Bandwidth and other resources) they can get you or your company in a world of legal trouble. If your “network” is being used to perform a Denial of Service (DOS)attack or network reconnaissance scan against another companies network you have a responsibility to get the attack stopped immediately. Failure to do so can have devastating consequences…..
Indestructible rootkit enslaves 4.5m PCs in 3 months
One of the worlds stealthiest pieces of malware infected more than 4.5 million PCs in just three months, making it possible for its authors to force keyloggers, adware, and other malicious programs on the compromised machines at any time.The TDSS rootkit burst on the scene in 2008 and quickly earned the begrudging respect of security experts for its long list of highly advanced features. It is virtually undetectable by antivirus software, and its use of low-level instructions makes it extremely hard for researchers to conduct reconnaissance on it. A built-in encryption scheme prevents network monitoring tools from intercepting communications sent between control servers and infected machines……..
via Indestructible rootkit enslaves 4.5m PCs in 3 months • The Register.