More News
This section is for more news for you.
Security Basics
This list is for the new security administrator.
Security Basics
A high-volume list which permits people to ask "stupid questions" without being derided as "n00bs". I recommend this list to network security newbies, but be sure to read Bugtraq and other lists as well.
-
Re: Reporting SSH abuse
-
Posted by James Bensley on Mar 10
I find in these situations, who is it you should actually tell? In the
your case were the traffic is coming from a University I'm sure the
Uni tech team would appreciated knowing but I have had it from some IP
in Brazil, I never reported it because I couldn't think who would give
a damn?
-
Re: Help hardening router
-
Posted by Dave LaDuke on Mar 10
Thanks for telling him, I had planned to have some fun later.
--------------------------------------------------
From: "Curt Shaffer" <cshaffer () gmail com>
Sent: Tuesday, March 09, 2010 1:49 AM
To: <mzcohen2682 () aim com>
Cc: <security-basics () securityfocus com>
Subject: Re: Help hardening router
------------------------------------------------------------------------
Securing Apache Web Server with thawte...
-
RE: Reporting SSH abuse
-
Posted by Dan Lynch on Mar 10
I could swear I once read an "authoritative" source doc on this subject, maybe an RFC (Site Security Handbook?), or
something from CERT. But I can't seem to dig it up. Anyone?
Here's what I did find:
Going to the Source: Reporting Security Incidents to ISPs (2002)
http://www.securityfocus.com/infocus/1555
And a most-excellent write up "Composing abuse reports" (2007)
http://blog.anta.net/2007/04/18/composing-abuse-reports/...
-
Re: Reporting SSH abuse
-
Posted by Liquid on Mar 10
Dan Pilcheck wrote:
Dan,
Honestly thats more than enough. I've had client sites that were doing
the same and the notifications were more than ample to at least look
into it. A nice note to the person should work, we had a couple in the
past where the admin was a complete jerk in letting us know. So
personally I'd recommend a screenshot of a log and perhaps just listing
the IP and what its hammering against. (ssh in this case). Hope this...
-
Re: Help hardening router
-
Posted by doug schmidt on Mar 10
http://www.cymru.com/Documents/secure-ios-template.html
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a...
-
Reporting SSH abuse
-
Posted by Dan Pilcheck on Mar 09
Hello list,
I've been getting a slew of SSH brute forces coming from a university
inside the US over the
past week. Normally I wouldn't even bother with reporting, but I
figured this would be a
chance to clear this up.
Fail2ban bans for 10 hours, and then the login attempts area right
back at it. Repeat.
An email with associated logs, and perhaps a little info from this
side is the best I can come
up with. I suppose there's not much else to...
-
Re: Help hardening router
-
Posted by Mike Hale on Mar 09
Wouldn't you want to encrypt your passwords in 5? Level 7 can be
cracked in seconds online.
-
Re: Help hardening router
-
Posted by Curt Shaffer on Mar 09
Step one is to now change all of your passwords unless you put bogus hashes in there when you posted this. Otherwise,
everyone on this list can tell you what they are now :)
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your...
-
Re: Help hardening router
-
Posted by Alex on Mar 09
Hi you
Take a look at the Cisco IOS benchmark from CIS [1]
type this
MARIO (config)#ip ssh?
does it show anything? [2]
Yes. You better change this access list with one that only allows the
traffic that you want and place a deny-all rule at the end. (You will
see this int the CIS benchmark as well)
But that's the access list that's applied to your internal network
going out. You also have an access-list that seems to be applied to
the...
-
RE: Help hardening router
-
Posted by Jatmoko, Arif (ID - Jakarta) on Mar 09
If this is a Cisco Catalyst, that should be support SSH. Just enable SSH by entering the command :
crypto key generate rsa
line vty 0 4
And disable telnet, make SSH the only transport agent, use ACL to restrict inbound & outbound packet passing your
interfaces (by ip address & services), enable logging, secure your login, etc...etc.
You should, at least learn some basic command or consults about configuring Catalyst IOS to someone has...
Information Security
Info Security News
Carries news items (generally from mainstream sources) that relate to security.
-
Pennsylvania's Web security officer leaves post a week after talking about PennDOT hacking incident
-
Posted by InfoSec News on Mar 10
http://www.pennlive.com/midstate/index.ssf/2010/03/pennsylvanias_web_security_off.html
By JAN MURPHY
The Patriot-News
March 10, 2010
Last week, Pennsylvania's chief information security officer Robert
Maley was at an information security conference in San Francisco talking
about a hacking incident involving PennDOT's computers. This week, Maley
is gone.
Gary Tuma, Gov. Ed Rendell's press secretary, confirmed that Maley is no
longer...
-
The FBI supply chain illustrated
-
Posted by InfoSec News on Mar 10
http://blogs.csoonline.com/the_fbi_supply_chain_illustrated
By Robert McMillan
Security Blanket
2010-03-09
While FBI Director Robert Mueller was talking about possible threats to
the U.S. supply chain at the RSA Conference last week, staffers at the
first-ever FBI RSA booth were getting ribbed about the pens they were
giving out.
http://blogs.csoonline.com/sites/blogs.csoonline.com/files/pensm.jpg
-
Colorado Springs man allegedly sabotaged TSA computers
-
Posted by InfoSec News on Mar 10
http://www.denverpost.com/ci_14648083
By Howard Pankratz
The Denver Post
03/10/2010
A former employee of the Transportation Security Administration has been
indicted by the Denver federal grand jury for attempting to sabotage TSA
computers that enable TSA airport personnel to spot potential terrorists
before they board airliners.
Douglas James Duchak, 46, of Colorado Springs, worked for the TSA from
August 2004 through October 2009....
-
Zeus botnets suffer mighty blow after ISP taken offline
-
Posted by InfoSec News on Mar 10
http://www.theregister.co.uk/2010/03/10/massive_zeus_takedown/
By Dan Goodin in San Francisco
The Register
10th March 2010
At least a quarter of the command and control servers linked to
Zeus-related botnets have suddenly gone quiet, continuing a recent trend
of takedowns hitting some of the world's most nefarious cyber
operations.
The massive drop is the result of actions taken by two Eastern European
network providers. On Tuesday, they...
-
WhitePages.com halts ad networks over malware
-
Posted by InfoSec News on Mar 10
http://news.cnet.com/8301-27080_3-10466753-245.html
By Elinor Mills
InSecurity Complex
CNet News
March 10, 2010
WhitePages.com has stopped ad networks from delivering ads to its site
after they were found to contain fake antivirus malware.
"On Monday morning WhitePages received reports from users [about]
malware in the form of a fake antivirus upsell program that we believe
originated (against our terms) from a third-party advertising...
-
Thailand approves extradition of credit card hack suspect
-
Posted by InfoSec News on Mar 09
http://www.theregister.co.uk/2010/03/08/thailand_extradites_hacking_suspect/
By Dan Goodin in San Francisco
The Register
8th March 2010
A criminal court in Thailand has approved the extradition to the US of a
Malaysian man suspected of participating in credit card thefts of more
than $152m, according to a local news report.
Gooi Kokseng, 44, was arrested on January 30 after being accused of
causing more than 5 billion baht, or $152.9m, in...
-
RSA: Cybersecurity A Joint Fed, Industry Effort
-
Posted by InfoSec News on Mar 09
http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=223200125
By J. Nicholas Hoover
InformationWeek
March 8, 2010
Government officials played a starring role at the annual RSA Conference
last week, laying out their plans for government cybersecurity,
particularly the need for increased cooperation with industry, in
keynotes and panel sessions throughout the week.
White House cybersecurity coordinator Howard...
-
Cybersecurity program has serious defects, GAO says
-
Posted by InfoSec News on Mar 09
http://gcn.com/articles/2010/03/08/cnci-assessment-030810.aspx
By William Jackson
GCN.com
March 08, 2010
Implementing the Comprehensive National Cybersecurity Initiative, a
broad program intended to protect the nation.s cyber infrastructure, has
been hampered by a lack of coordination and transparency, according to
the Government Accountability Office.
"CNCI is unlikely to fully achieve its goal of reducing potential
vulnerabilities,...
-
Ford Motor Rolls Out New Security Features To Prevent Car-Hacking
-
Posted by InfoSec News on Mar 09
http://www.darkreading.com/vulnerability_management/security/client/showArticle.jhtml?articleID=223200163
By Kelly Jackson Higgins
DarkReading
March 08, 2010
Automobile giant Ford Motor this year will debut vehicles with built-in
WiFi -- along with enhanced security features to prevent data breaches
via its new cars.
Ford has offered the so-called Sync technology service it co-developed
with Microsoft in most of its Ford, Lincoln, and...
-
Backdoor found in Energizer Duo USB battery charger
-
Posted by InfoSec News on Mar 09
http://news.cnet.com/8301-27080_3-10465429-245.html
By Elinor Mills
InSecurity Complex
CNet News
March 8, 2010
Software that can be downloaded for use with the Energizer Duo USB
battery charger contains a backdoor that could allow an attacker to
remotely take control of a Windows-based PC, Energizer and US-CERT is
warning.
"The installer for the Energizer Duo software places the file
UsbCharger.dll in the application's directory and...
Security Wire - Search Security News
SearchSecurity: Security Wire Daily News
The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.
-
Microsoft repairs Excel flaws, warns of new IE vulnerability
- Two bulletins address eight vulnerabilities in Microsoft Windows and Office. Internet Explorer advisory warns of new zero-day vulnerability being used in targeted attacks.
-
Botnets, malware and capturing cybercriminals
- Malware isn't getting more sophisticated, but cybercriminals have better tools to control their botnets and deploy more targeted attacks, says Gunter Ollmann of Damballa, Inc.
-
VeriSign on DNSSEC support
- Joe Waldron, a product manager in VeriSign's Naming (DNS) Group, said engineers are testing and upgrading systems to support security extensions for DNS (DNSSEC).
-
FBI asks for more private-sector help reporting cybercrime cases
- FBI director talks about the agency's work to track down cybercriminals, but says it needs helps from private sector.
-
At RSA Conference, experts dismiss end-to-end encryption claims
- Payment industry "buzz" term isn't really reality, say some industry experts at RSA Conference 2010.
-
Experts laud IPS virtual patching, but warn against misuse
- Virtual patching with intrusion prevention systems can offer a quick fix for vulnerabilities on an enterprise network, say experts at RSA Conference 2010, but the technique is no substitute for proper system and application patching.
-
Microsoft to address eight security vulnerabilities in Windows, Office
- Next week, Microsoft will issue two bulletins that address eight vulnerabilities in Windows and Microsoft Office.
-
Medical identity fraudsters target health care info, experts say
- Health care organizations say medical identity fraud is on the rise and they're boosting their online security with anti-fraud measures used in the banking industry.
-
Trustwave seeks SIEM technology upgrade with Intellitactics deal
- In an attempt to upgrade its security information and event management products and services, Trustwave Inc. announced yesterday its acquisition of Intellitactics Inc.
-
PCI tokenization push promising but premature, experts say
- Merchants see value in the technology helping to reduce the scope of a PCI assessment, but a lack of standards and complexity issues are a cause for concern.
Zero Day
This is the Security Digest of Kapersky Labs.
Zero Day
Tracking the hackers
-
IE zero-day flaw leaks out; Exploit code published
- Using obvious clues from a McAfee blog post, an Israeli hacker was able to pinpoint the latest Internet Explorer zero-day vulnerability and create working exploit code
-
A Special Offer From Our Sponsor
-
-
Freshly patched Adobe PDF flaw under 'active attack'
- Malicious hackers have pounced on a newly patched Adobe PDF Reader vulnerability to plant Trojan downloaders on tardy Windows users.
-
Hackers can locate and exploit the Energizer USB charger backdoor
- Hackers using the freely available Metasploit tool can locate infected systems on the local network or gain access to a system running the Energizer backdoor.
-
Adobe Reader and targeted malware attacks
- If you're still tardy in applying security patches for the ever-present Adobe Reader software, this chart from F-Secure should jolt you into action.
-
Microsoft plugs dangerous Excel security holes
- Microsoft today issued patches for seven potentially dangerous security flaws in the Microsoft Excel worksheet software
-
New Microsoft IE zero-day flaw under attack
- A zero-day (unpatched) vulnerability in Microsoft's Internet Explorer vulnerability is being exploited in the wild
-
Vodafone HTC Magic shipped with Conficker, Mariposa malware
- Researchers from PandaSecurity have detected Conficker and Mariposa malware samples shipped on a recently purchased Vodafone HTC Magic smartphone.
-
Researchers build 8,000-strong smartphone botnet
- Security researchers used the lure of an innocuous weather application to commandeer about 8,000 iPhones and Android devices in a mobile botnet.
-
'Highly critical' flaw found in Opera browser
- Security researchers are sounding the alarm for an unpatched, remote code execution flaw in the Opera Web browser.
Threat Post
Security News from Kapersky Labs.
threatpost - The First Stop for Security News
-
DDoS Worm Creator Heading to Prison
-
An Estonian virus writer has been jailed for two and a half years for creating a Windows worm family that launched denial of service attacks on the websites of a local insurance firm and ISP. Read the full article. [The Register]
Shorten URL: http://threatpost.com/en_us/3ux. Click to copy to clipboard or post to Twitter -
State CSO Fired for Talking Openly at RSA
-
Pennsylvania's chief information security officer, Robert Maley, has been fired, apparently for talking publicly at the RSA security conference last week about a recent incident involving the Commonwealth's online driving exam scheduling system. Read the full article. [Computerworld]
Shorten URL: http://threatpost.com/en_us/3uO. Click to copy to clipboard or post to Twitter -
Exploit Code Published for Latest IE Zero-Day
-
Using obvious clues from a McAfee blog post, an Israeli hacker was able to pinpoint the latest Internet Explorer zero-day vulnerability and create working exploit code.
The exploit code, which provides a clear roadmap to launch drive-by download attacks against IE 6 and IE 7 users, is being fitted into the Metasploit point-and-click tool.
Shorten URL: http://threatpost.com/en_us/3zA. Click to copy to clipboard or post to Twitter -
Recently Patched Adobe PDF Flaw Being 'Actively Exploited'
-
Malicious hackers have pounced on a newly patched Adobe PDF Reader vulnerability to plant Trojan downloaders on tardy Windows users.According to researchers in Microsoft's malware protection center, the vulnerability (CVE-2010-0188) was patched less than a month ago, proving that malicious hackers are quick to find fresh targets for malware.
Shorten URL: http://threatpost.com/en_us/3zd. Click to copy to clipboard or post to Twitter -
Paul Judge on Twitter Crime and Web Security
-
Digital Underground podcast with Dennis Fisher
Dennis Fisher talks with Paul Judge of Barracuda Networks about the company’s new report on Twitter phishing trends, search engine poisoning, Web security and what can be done about the spam pandemic.
Shorten URL: http://threatpost.com/en_us/3zU. Click to copy to clipboard or post to Twitter -
Online Ad Networks Are On Malware Hot Seat
-
WhitePages.com has stopped ad networks from delivering ads to its site after they were found to contain fake antivirus malware. Visitors to the Drudge Report, The New York Times, the San Francisco Chronicle, and other Web sites were found to be delivering ads containing malware last year. Read the full article. [CNet]Shorten URL: http://threatpost.com/en_us/3zN. Click to copy to clipboard or post to Twitter -
E-Mail Security Questions Easily Answered
-
A Cambridge University study has shown how easy it is to guess the answer to common questions, such as someone's mother's maiden name. It found attackers will be able to break into 1 in 80 accounts if they get three chances to guess answers. Read the full article. [BBC]Shorten URL: http://threatpost.com/en_us/3z9. Click to copy to clipboard or post to Twitter -
Monoprice.com Goes Offline, Investigates Fraud
-
Audio visual cabling giant monoprice.com shut down its Web site – possibly for the next couple of weeks – while it investigates the possible compromise of its customer credit and debit card information. Read the full article. [KrebsonSecurity]Shorten URL: http://threatpost.com/en_us/3zZ. Click to copy to clipboard or post to Twitter -
Tom Ptacek at RSA 2010
-
Ryan Naraine talks with Tom Ptacek of Matasano Security about the current state of the security industry and themes at the RSA Conference.
Shorten URL: http://threatpost.com/en_us/3zg. Click to copy to clipboard or post to Twitter -
Twitter Deploys New Anti-Phishing Service
-
Twitter is launching a new service designed to prevent users from being tricked into visiting malicious Web sites after clicking on shortened URLs in direct messages or Twitter messages.Shorten URL: http://threatpost.com/en_us/3zc. Click to copy to clipboard or post to Twitter