A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.
I find in these situations, who is it you should actually tell? In the
your case were the traffic is coming from a University I'm sure the
Uni tech team would appreciated knowing but I have had it from some IP
in Brazil, I never reported it because I couldn't think who would give
a damn?
I could swear I once read an "authoritative" source doc on this subject, maybe an RFC (Site Security Handbook?), or
something from CERT. But I can't seem to dig it up. Anyone?
Honestly thats more than enough. I've had client sites that were doing
the same and the notifications were more than ample to at least look
into it. A nice note to the person should work, we had a couple in the
past where the admin was a complete jerk in letting us know. So
personally I'd recommend a screenshot of a log and perhaps just listing
the IP and what its hammering against. (ssh in this case). Hope this...
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a...
I've been getting a slew of SSH brute forces coming from a university
inside the US over the
past week. Normally I wouldn't even bother with reporting, but I
figured this would be a
chance to clear this up.
Fail2ban bans for 10 hours, and then the login attempts area right
back at it. Repeat.
An email with associated logs, and perhaps a little info from this
side is the best I can come
up with. I suppose there's not much else to...
Step one is to now change all of your passwords unless you put bogus hashes in there when you posted this. Otherwise,
everyone on this list can tell you what they are now :)
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your...
Take a look at the Cisco IOS benchmark from CIS [1]
type this
MARIO (config)#ip ssh?
does it show anything? [2]
Yes. You better change this access list with one that only allows the
traffic that you want and place a deny-all rule at the end. (You will
see this int the CIS benchmark as well)
But that's the access list that's applied to your internal network
going out. You also have an access-list that seems to be applied to
the...
If this is a Cisco Catalyst, that should be support SSH. Just enable SSH by entering the command :
crypto key generate rsa
line vty 0 4
And disable telnet, make SSH the only transport agent, use ACL to restrict inbound & outbound packet passing your
interfaces (by ip address & services), enable logging, secure your login, etc...etc.
You should, at least learn some basic command or consults about configuring Catalyst IOS to someone has...
Last week, Pennsylvania's chief information security officer Robert
Maley was at an information security conference in San Francisco talking
about a hacking incident involving PennDOT's computers. This week, Maley
is gone.
Gary Tuma, Gov. Ed Rendell's press secretary, confirmed that Maley is no
longer...
While FBI Director Robert Mueller was talking about possible threats to
the U.S. supply chain at the RSA Conference last week, staffers at the
first-ever FBI RSA booth were getting ribbed about the pens they were
giving out.
A former employee of the Transportation Security Administration has been
indicted by the Denver federal grand jury for attempting to sabotage TSA
computers that enable TSA airport personnel to spot potential terrorists
before they board airliners.
Douglas James Duchak, 46, of Colorado Springs, worked for the TSA from
August 2004 through October 2009....
By Dan Goodin in San Francisco
The Register
10th March 2010
At least a quarter of the command and control servers linked to
Zeus-related botnets have suddenly gone quiet, continuing a recent trend
of takedowns hitting some of the world's most nefarious cyber
operations.
The massive drop is the result of actions taken by two Eastern European
network providers. On Tuesday, they...
By Elinor Mills
InSecurity Complex
CNet News
March 10, 2010
WhitePages.com has stopped ad networks from delivering ads to its site
after they were found to contain fake antivirus malware.
"On Monday morning WhitePages received reports from users [about]
malware in the form of a fake antivirus upsell program that we believe
originated (against our terms) from a third-party advertising...
By Dan Goodin in San Francisco
The Register
8th March 2010
A criminal court in Thailand has approved the extradition to the US of a
Malaysian man suspected of participating in credit card thefts of more
than $152m, according to a local news report.
Gooi Kokseng, 44, was arrested on January 30 after being accused of
causing more than 5 billion baht, or $152.9m, in...
By J. Nicholas Hoover
InformationWeek
March 8, 2010
Government officials played a starring role at the annual RSA Conference
last week, laying out their plans for government cybersecurity,
particularly the need for increased cooperation with industry, in
keynotes and panel sessions throughout the week.
Implementing the Comprehensive National Cybersecurity Initiative, a
broad program intended to protect the nation.s cyber infrastructure, has
been hampered by a lack of coordination and transparency, according to
the Government Accountability Office.
"CNCI is unlikely to fully achieve its goal of reducing potential
vulnerabilities,...
By Kelly Jackson Higgins
DarkReading
March 08, 2010
Automobile giant Ford Motor this year will debut vehicles with built-in
WiFi -- along with enhanced security features to prevent data breaches
via its new cars.
Ford has offered the so-called Sync technology service it co-developed
with Microsoft in most of its Ford, Lincoln, and...
By Elinor Mills
InSecurity Complex
CNet News
March 8, 2010
Software that can be downloaded for use with the Energizer Duo USB
battery charger contains a backdoor that could allow an attacker to
remotely take control of a Windows-based PC, Energizer and US-CERT is
warning.
"The installer for the Energizer Duo software places the file
UsbCharger.dll in the application's directory and...
Botnets, malware and capturing cybercriminals
- Malware isn't getting more sophisticated, but cybercriminals have better tools to control their botnets and deploy more targeted attacks, says Gunter Ollmann of Damballa, Inc.
VeriSign on DNSSEC support
- Joe Waldron, a product manager in VeriSign's Naming (DNS) Group, said engineers are testing and upgrading systems to support security extensions for DNS (DNSSEC).
Experts laud IPS virtual patching, but warn against misuse
- Virtual patching with intrusion prevention systems can offer a quick fix for vulnerabilities on an enterprise network, say experts at RSA Conference 2010, but the technique is no substitute for proper system and application patching.
IE zero-day flaw leaks out; Exploit code published
- Using obvious clues from a McAfee blog post, an Israeli hacker was able to pinpoint the latest Internet Explorer zero-day vulnerability and create working exploit code
Adobe Reader and targeted malware attacks
- If you're still tardy in applying security patches for the ever-present Adobe Reader software, this chart from F-Secure should jolt you into action.
Researchers build 8,000-strong smartphone botnet
- Security researchers used the lure of an innocuous weather application to commandeer about 8,000 iPhones and Android devices in a mobile botnet.
An Estonian virus writer has been jailed for two and a half years for
creating a Windows worm family that launched denial of service attacks
on the websites of a local insurance firm and ISP. Read the full article. [The Register]
Pennsylvania's chief information security officer, Robert Maley, has been fired, apparently for talking publicly at the RSA security conference last week about a recent incident involving the Commonwealth's online driving exam scheduling system. Read the full article. [Computerworld]
Using obvious clues from a McAfee blog post, an Israeli hacker was able to pinpoint the latest Internet Explorer zero-day vulnerability and create working exploit code.
The exploit code, which provides a clear roadmap to launch drive-by download attacks against IE 6 and IE 7 users, is being fitted into the Metasploit point-and-click tool.
Malicious hackers have pounced on a newly patched Adobe PDF Reader vulnerability to plant Trojan downloaders on tardy Windows users.
According to researchers in Microsoft's malware protection center, the vulnerability (CVE-2010-0188) was patched less than a month ago, proving that malicious hackers are quick to find fresh targets for malware.
Dennis Fisher talks with Paul Judge of Barracuda Networks about the company’s new report on Twitter phishing trends, search engine poisoning, Web security and what can be done about the spam pandemic.
WhitePages.com has stopped ad networks from delivering ads to its site after they were found to contain fake antivirus malware. Visitors to the Drudge Report, The New York Times, the San Francisco Chronicle, and other Web sites were found to be delivering ads containing malware last year. Read the full article. [CNet]
A Cambridge University study has shown how easy it is to guess the answer to common questions, such as someone's mother's maiden name. It found attackers will be able to break into 1 in 80 accounts if they get three chances to guess answers. Read the full article. [BBC]
Audio visual cabling giant monoprice.com shut down its Web site – possibly for the next couple of weeks – while it investigates the possible compromise of its customer credit and debit card information. Read the full article. [KrebsonSecurity]
Twitter is launching a new service designed to prevent users from being tricked into visiting malicious Web sites after clicking on shortened URLs in direct messages or Twitter messages.