The Alfred

Exploit Kits are a mess

Alfred Salmen — Sun, 13 May 2012 13:10:57 +0000

As many of the Internet Storm Center readers know, my full time job is working for Sourcefire, the makers of SNORT, ClamAV, Razorback, Daemonlogger, and all of our commercial products. I work in the Vulnerability Research Team (VRT), where my job is to write detection for the above tools; Snort rules, ClamAV detection, etc. I often write about Snort related things here, since I know the SANS audience uses Snort heavily, and is even taught in the 513 course.

One of the areas that I’ve been looking at and following even more intently recently have been all the Exploit Kits. I refer to things like Incognito, Blackhole, Crimepack, and many more...read more here (http://isc.sans.edu/diary/Exploit+Kits+are+a+mess/13201)

The Ultimate Network Security Checklist

Alfred Salmen — Fri, 09 Mar 2012 20:29:54 +0000

Working on your network security? Check.

Want to make sure you have all your bases covered? Check.

Need some help getting started? Check.

How about a simple list you can follow, broken down by category, which includes some tips and tricks for getting the job done?

Here it is – The Ultimate Network Security Checklist: a document that provides you with the areas of information security you should focus on, along with specific settings or recommended practices that will help you to secure your environment against threats from within and without.

Using this checklist as a starting point and working with the rest of your IT team, your management, human resources, and your legal counsel, you will be able to create the ultimate network security checklist for your specific environment.

via The Ultimate Network Security Checklist.

The Biggest Security Vulnerability: The Wetware – Input Output

Alfred Salmen — Tue, 31 Jan 2012 13:58:09 +0000

If you try to keep up on the latest in security developments, then you know those three dreaded words: Zero-day threat. It has become a commonly-used phrase, one that makes for great headlines.

A zero-day exploit is one where there is no time – zero days – between the time the vulnerability is discovered by hackers and when the first attack takes place. There is usually no defense against these security vulnerabilities since no one has invented a patch or other fix – or even knew, until today, that one was necessary.

So you’d think that with all the screaming headlines on tech news sites about new zero-day exploits found in the wild, along with reports about how Microsoft (or whichever company) is scrambling to find a fix, that these security breaches would be a major source of computer security problems IT has to deal with on a daily basis.

And you’d be wrong, says Microsoft.

Twice a year, the company releases…..

via The Biggest Security Vulnerability: The Wetware – Input Output.

Should Organizations Retire FTP for Security?

Alfred Salmen — Tue, 24 Jan 2012 21:14:37 +0000

Web hosting firm DreamHost made headlines this past weekend when it opted to reset the file transfer protocol (FTP) and shell access passwords of its customers after uncovering a possible data breach. But it wasn’t just the prospect of the company adding its name to the list of organizations affected by data breaches that had some talking.

Instead, the move led to Adam Bosnian, executive vice president at password and identity management vendor Cyber-Ark Software, to question whether or not it’s officially time to put FTP on the shelf for good. more….

via Should Organizations Retire FTP for Security? | SecurityWeek.Com.

Newfangled graphics engine for browsers fosters data theft

Alfred Salmen — Thu, 15 Dec 2011 15:22:49 +0000

The shady truth behind CSS shaders

Software developers at Google, Apple, Adobe, and elsewhere are grappling with the security risks posed by an emerging graphics technology, which in its current form could expose millions of web users’ sensitive data to attackers.

The technology, known as CSS shaders is designed to render a variety of distortion effects, such as wobbles, curling, and folding. It works by providing programming interfaces web developers can call to invoke powerful functions from an end user’s graphics card. But it could also be exploited by malicious website operators to steal web-browsing history, Facebook identities, and other private information from unsuspecting users, Adam Barth, a security researcher on Google’s Chrome browser warned recently….. read more >>

www.theregister.co.uk

How To Hide Almost Anything On Facebook

Alfred Salmen — Thu, 08 Dec 2011 13:42:52 +0000

Are you tired of seeing what all of your friends are reading on Yahoo News, the Washington Post, Wall Street Journal Social Edition, or the U.K. Guardian? Do you not care to see what people are listening to on Spotify, Mog, or Rdio?

Facebook’s expansion beyond the like button has expanded the amount of content coming into our news feeds, yet we’ve got more choices than ever for getting unwanted items off of our screens: hide, delete, unsubscribe, unfriend, report or block.

I’ve long advocated hiding over all the others, and more recently became a fan of unsubscribing with the advent of the subscribe button. Consider these two options before doing anything more drastic like unfriending or blocking. more..

How To Hide Almost Anything On Facebook.

Top Five Security Settings for Apple iPhones and iPads

Alfred Salmen — Thu, 10 Nov 2011 13:02:30 +0000

Apple mobile devices are among the most popular gadgets today. In fact, Apple reports that 250 million iOS devices have been sold and 18 million apps downloaded.
I often find that, while the popularity of these devices increases, many don’t understand the basic security features that Apple makes available to them.
Some of you may not even realize that these features exist and how easy they are to use. Let’s walk through the top five security settings for these devices:

Infosec Island: Top Five Security Settings for Apple iPhones and iPads.

The Evercookie: Like trying to kill Steven Seagal • The Register

Alfred Salmen — Tue, 08 Nov 2011 16:39:41 +0000

Part 2 In part one of this series, I explored the privacy threats presented by targeted advertising, and asked why we should care. Browser referral, social media buttons and cookies were examined as examples of basic methods used to track our movements across the internet.I also explored why advertisers track us, and examined browser plugins that allow us to prevent it. Those plugins come in a few flavours, depending on the threat they are countering and whether or not they trust advertisers to play ball and honour our polite requests not to be tracked.Not all advertisers play by the rules. Some legitimate websites belong to organisations that gather your personal information not for their corporate advertising use, but to sell it at a profit. These companies rarely play nice, and they certainly don’t limit themselves to the basic tracking methods discussed in part one.

via The Evercookie: Like trying to kill Steven Seagal • The Register.

Skype’s future under Microsoft: integration everywhere?

Alfred Salmen — Wed, 12 Oct 2011 21:25:12 +0000

Microsoft has big plans for Skype; we just don’t know exactly what they are. But with Microsoft gaining both US and European regulatory approval for its $8.5 billion acquisition, the merger is likely to be completed in the near future, letting Microsoft integrate Skype into various product lines.

The most obvious places for integration are Lync, Microsoft’s unified communications platform, and Windows Phone. But over time, Skype could be baked into more products like Outlook, Windows Live Essentials, and Xbox Live, or even become a pre-installed component of Windows on the desktop, analysts are speculating. While users of the current Skype service probably won’t see any major changes immediately, future versions integrated with Microsoft products could get the Metro interface that dominates Windows Phones and the upcoming Windows 8 desktop software.

via Skype’s future under Microsoft: integration everywhere?.

Here come hypervisors you can trust

Alfred Salmen — Fri, 07 Oct 2011 14:44:09 +0000

Virtualisation has always bothered me. This is perhaps an odd statement to make; after all, I am personally responsible for virtualising thousands of servers.
But the truth of it lies in the special status the IT community has ascribed to hypervisors.

When we nerds talk about virtualisation, especially with relation to servers, we don’t talk about loading an operating system onto a server, we load a hypervisor. It’s a dangerous distinction and one that often leads systems administrators up a dark path of forgetting that a hypervisor is just as much of a security risk as any other operating system.

Indeed, hypervisors should be considered a bigger security risk than the traditional bare-metal operating system for the simple reason that we have become reliant upon them to host dozens, or even hundreds, of virtual machines per physical server.

Yet by and large, we tend to neglect the hypervisor, trusting it to just work. …..

Here come hypervisors you can trust • The Register.