http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2010-03-15 18:38:41 - Internet Security News : Whether or not the American government knows it, we've apparently gone to cyber war Iranian authorities claim to have arrested 30 people who were part of an online conspiracy, and they've attacked 29 sites that were supposedly backed by the US, too Iran Cracks Down On Alleged US Cyber War Network Iran Cracks Down On Alleged US Cyber War Network IMAGE The Islamic Revolution Guards Corps IRGC on Sunday announced that its cyber teams have hacked 29 websites affiliated with the US espionage network, according to the Fars News Agency The IRGC alleged that the hacked websites acted against Iran's national security under the cover of human rights activities Obviously, this isn't great news for relations between the two countries Iran's infamous for making bold statements about its willingness to retaliate, so we may see US institutions under attack online before long Also, even if nothing happens, this case brings up questions that may be familiar to fans of Wag the Dog The concept of cyber warfare has made it easier than ever for countries to fake attacks and spin things to suit their needs, meaning a pretense for war can be created with ease It should be very interesting to see how this situation resolves itself At least Iran isn't supposed to have nukes or any missiles capable of reaching the US just yet IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/201769.shtmlhttp://www.secuobs.com/revue/news/201769.shtml 2010-03-15 17:15:10 - Hacker The dude Hacking Tech And News : Some days ago i got some scripts from one of my friend which was certain to use when pentesting stuff for Testing the internet connectivity of a window s computer version ahead of windows xp well it have many usages but you can use it as you want Activator CreateInstance Type GetTypeFromCLSID Guid ' DCB00C01-570F-4A9B-8D69-199FDBA5723B ' IsConnectedToInternet IMAGE There it so, use it if you want because its made for you only If TRUE, the local machine is connected to the internet if FALSE, it is not I Didn't find it much useful to me as it doesn't work on windows Xp but still its good for the storage of scripts The Script works on windows computer which have vista, windows 7 or windows server 2008 Personally, i am not so big fan of power shell but still its a good utility by windows, but as you see its too much complicated that you need to learn things Well this is what is Hacking, Learning learning and Learning HTD Who said i cant make quotes D Happy Hacking hackerthedude IMAGE http://www.secuobs.com/revue/news/201725.shtmlhttp://www.secuobs.com/revue/news/201725.shtml 2010-03-15 11:59:26 - SecurityPark.net : During the past two weeks, the Kaspersky Lab research team has observed the Koobface live C C servers shut down or cleaned, on average, three times per day The number dropped steadily from 107 on 25th February, to as low as 71 on 8th March Then, in just 48 hours, the number grew from 71 to 142, precisely doubling its total number, which all Koobface-infected computers use to get remote commands more http://www.secuobs.com/revue/news/201628.shtmlhttp://www.secuobs.com/revue/news/201628.shtml 2010-03-14 10:33:27 - Rootsecure.net : cnet Privacy is not dead, says SXSWi keynoter Boyd Privacy is not dead in the era of online social networking It just needs careful curation http://www.secuobs.com/revue/news/201461.shtmlhttp://www.secuobs.com/revue/news/201461.shtml 2010-03-14 07:54:31 - PenTestIT : CHScanner is an ARP, IPv4 and IPv6 network scanner with 31 scan methods it scans for open ports, protocols, NetBIOS informations and Windows shares, SNMP information, and WMI WBEM information It also have the ability to turn on using Wake-On-LAN and to shutdown or reboot a remote Windows host Features an automatic scriptable working mode, IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/201456.shtmlhttp://www.secuobs.com/revue/news/201456.shtml 2010-03-13 14:52:23 - pcapr updates : by tysonkey ieee 80211 13 packets, 1 KB 00 23 4d 6d 9d 69 ff ff ff ff ff ff ieee 80211 Probe Request, SN 14, FN 0, Flags , SSID f2 r 2671X 243Zpourcents 005 027X 351 00 23 4d 6d 9d 69 ff ff ff ff ff ff ieee 80211 Probe Request, SN 15, FN 0, Flags , SSID f2 r 2671X 243Zpourcents 005 027X 351 00 23 4d 6d 9d 69 ff ff ff ff ff ff ieee 80211 Probe Request, SN 16, FN 0, Flags , SSID f2 r 2671X 243Zpourcents 005 027X 351 00 23 4d 6d 9d 69 ff ff ff ff ff ff ieee 80211 Probe Request, SN 17, FN 0, Flags , SSID f2 r 2671X 243Zpourcents 005 027X 351 http://www.secuobs.com/revue/news/201356.shtmlhttp://www.secuobs.com/revue/news/201356.shtml 2010-03-12 22:24:39 - Security Bloggers Network : http wwwvirtualizationinfo 2010 03 secure-network-launches-first-securityhtml http://www.secuobs.com/revue/news/201227.shtmlhttp://www.secuobs.com/revue/news/201227.shtml 2010-03-12 22:01:37 - Rootsecure.net : Network World Security industry faces attacks it cannot stop Tests find that most AV is still not blocking Aurora exploit http://www.secuobs.com/revue/news/201211.shtmlhttp://www.secuobs.com/revue/news/201211.shtml 2010-03-12 17:19:26 - Slashdot Your Rights Online : santosh maharshi writes On social networks like Facebook, even if you have kept your profile very private, people can just look at your friends list and infer lots of vital information about you Most of the social networks like Facebook and LinkedIn allow people to see your picture and your friends list as part of the open access for visitors the article says that only 5pourcents of Facebook users have bothered to hide their friends list In a study titled You Are Who You Know Inferring User Profiles in Online Social Networks PDF , conducted by Alan Mislove of Northeastern University and his colleagues at the Max Planck Institute for Software Systems, an algorithm was tested that can accurately infer the personal attributes of Facebook users simply by looking at their friend lists 'At Rice University , the algorithm accurately predicted the correct dormitory, graduation year, and area of study for the many of the students In fact, among these undergraduates, researchers found that with as little as 20 percent of the users providing attributes we can often infer the attributes for the remaining users with over 80 percent accuracy ' IMAGE IMAGE Read more of this story at Slashdot IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/201143.shtmlhttp://www.secuobs.com/revue/news/201143.shtml 2010-03-12 13:11:56 - SecurityPark.net : Between Hong Kong and mainland China, a number of checkpoints have been set up by the government for travelers Two of the busiest of these checkpoints are Lok Ma Chau in Hong Kong's Frontier Closed Area, and Lo Wu Station in the northern terminus of the East Rail Line of Hong Kong Lok Ma Chau is a buffer zone established by the Hong Kong government to prevent illegal immigrants from entering fro more http://www.secuobs.com/revue/news/201064.shtmlhttp://www.secuobs.com/revue/news/201064.shtml 2010-03-12 10:53:40 - Offensive Computing Community Malicious code research and analysis : Hi, Long time not blogging due to real life issues Today we are going to inspect Win32PariteB a trojan that modifies System Files and Enstablishes a Network Activity with an Irc Server and Downloads other potential threats We can consider PariteB an IrcBot Client Let's perform a first basilar inspection of the malicious binary The executable is delivered under the name of Protesto_Serasaexe MD5 475D456FA0062BB5323F1F002AC143DA Application presents an interesting Section Directory UPX0 UPX1 rsrc wtq Apparently appears to be a classical UPX packed application, but if we go to inspect deeply the wtq section we can suddenly see that the EntryPoint is located at 00096000 that belogs exactly to wtq This means that at loading time, UPX presence is quite useless because the first code that will be execute comes out from wtq that as we will see contains layer of decryption for the rest of the code Pay attention that exists also a TLS Directory, so in debugging phase we have to set TLS Awareness Break on TLS to be sure that we are able to follow the potentially hidden to debugger code read more http://www.secuobs.com/revue/news/201038.shtmlhttp://www.secuobs.com/revue/news/201038.shtml 2010-03-12 06:54:29 - Hacker Public Radio : Robert Laymans Borderless networking talk http://www.secuobs.com/revue/news/201006.shtmlhttp://www.secuobs.com/revue/news/201006.shtml 2010-03-12 05:38:01 - Security Bloggers Network : 最近这两周成了开会专业户了 刚从RSA那边回来 又被拉到曼哈顿的Marriott酒店参加NetworkWorld搞的ITRoadmap大会 看到边上的照片了 大家对其中的图标相比非常熟悉 中国三大运营商之一的联通 没错 联通在美国成立了分公司 http wwwunicomamericascom 总部设在了LA 熟悉CMC CTC CUC的海外拓展 美国运营等情况的朋友也来介绍分享一下 赞助了这次会议 下面的照片是展会中联通的展台 背对着镜头这位老兄是联通美国公司的BD总监Jack先生 看来联通对于图标中的方块字也情有独钟 一定要让方块字在米国更广泛的传播 和RSA大会上中关村展台有同样的理想抱负 大会做Keynote的是美国网球协会USTA的CIO Larry 他讲了很多IT运营的数字 USTA已经将自己的大部分IT应用搬到了Amazon的云里 被问到云安全时 我觉得Larry的回答非常精彩 不能空说 云 安全不安全 要比的是你要选择的云提供商的安全和你现在的安全水平 Amazon自己的关键业务已经在云里运行了很多年 我相信它的安全水平比我们几个人的机房更为安全 下载他的报告 他的这个判断和原来McKinsey的一个报告里的观点是符合的 如果你的IT规模很小 云很有可能会给你带来收益 而对于大型IT规模用户 还是在虚拟化和内部优化上多下下功夫 对云稍微观察等一下 后面的技术论坛分为五个Track Cloud Virtualization Roadmap Convergence Wireless Roadmap Datacenter Roadmap Managing, Controlling Optimizing Application Delivery Roadmap The Secure Enterprise Roadmap 我跟了安全的Track 这个主要是Andreas单练 这位老兄知识面很宽 充满激情 口若悬河 还能穿插故事笑话 演讲很精彩 下面贴上他的一幅图 对过去十年的安全威胁 安全合规性要求等的一个总结 整的不错 大家看到HITECH了吗 不是对Hi-Tech企业的啊 还是HIPAA这条线的 全称叫The Health Information Technology for Economic and Clinical Health Act HITECH Act 巨长 回家后出于好奇心 到联通美国网站上又闲逛了一下 发现了下面这幅图 心里很是困惑 为啥非要让老美了解我们家里这错综复杂的电信整合历史 或许是利用敌人头晕目眩之计 乘机出手签单 呵呵 下面是我在以前画的 Share To Related Posts2010 03 09 -- RSA 2010 大会纪行 6 2010 02 03 -- 云计算安全之名词解释 cloud bursting 0 2010 02 03 -- 云计算安全之名词解释 deperimeterization 2 2010 02 03 -- 云计算安全之名词解释 http://www.secuobs.com/revue/news/200999.shtmlhttp://www.secuobs.com/revue/news/200999.shtml 2010-03-12 03:11:09 - Infrastructure 2.0 : The Virtualization and the Future of the Network webinar is now available for viewing on demand without having to register The webinar features Andreas Antonopoulos Nemertes , Chris Hoff Cisco , Mark Thiele formerly VMware and Rick Kagan Infoblox http://www.secuobs.com/revue/news/200960.shtmlhttp://www.secuobs.com/revue/news/200960.shtml 2010-03-11 15:22:03 - Global Security Mag Online : Fortinet annonce avoir organisé avec succès sa conférence annuelle des partenaires, à Macao Chine , les 9 et 10 mars Lors de cet événement qui réunissait 230 distributeurs et revendeurs issus de 44 pays des zones EMEA et APAC, Fortinet a pu présenter sa stratégie de développement, le plan d'évolution de ses produits ainsi que partager son expertise sur le marché de la sécurité informatique La société en a également profité pour récompenser ses partenaires les plus impliqués et fêter ses résultats 2009 - Business http://www.secuobs.com/revue/news/200681.shtmlhttp://www.secuobs.com/revue/news/200681.shtml 2010-03-11 14:40:10 - Help Net Security News : According to the Washington Post, in any given second, nearly 22 million people around the globe are on peer-to-peer file-sharing networks downloading and swapping movies, software and documents over http://www.secuobs.com/revue/news/200671.shtmlhttp://www.secuobs.com/revue/news/200671.shtml 2010-03-11 11:58:47 - SecurityPark.net : Korenix has released the JetWave 2450 IEEE 80211b g n complaint Outdoor Wireless-N Access Point to provide supercharged speed, range and performance for the most demanding high-bandwidth wireless surveillance networking applications The cost-effective JetWave 2450 with up to 150Mbps data rate connection by high throughput 80211n technology allows you to extend wireless coverage up to 5KM wit more http://www.secuobs.com/revue/news/200636.shtmlhttp://www.secuobs.com/revue/news/200636.shtml 2010-03-11 05:46:58 - Security : Another botnet takes a beating as Kazakh ISP Troyak is taken offline, temporarily disabling most of the command-and-control servers for the Zeus network Read More Computerworld, abusech Read the comments on this post IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/200594.shtmlhttp://www.secuobs.com/revue/news/200594.shtml 2010-03-11 00:48:07 - MX Logic Security News : A representative from the Senate Committee on Environment and Public Works told CNet on Tuesday that WhitePagescom is under investigation after a malware strain found on its computer was traced by government IT personnel back to the popular directory website Whitepages halted the delivery of advertisements to its website following the accusations after it found that they contained scareware in the form of a fake antivirus software On Monday morning WhitePages received reports from users about malware in the form of a fake antivirus upsell program that we believe originated against our terms from a third-party advertising network serving ads on our website, in addition to other websites, a WhitePages spokeswoman said in an e-mail to CNet on Tuesday The represenative also claimed that malware found on Senate computers was traced back the Drudge Report, the popular news aggregating website made famous by Matt Drudge's breaking of the Monica Lewinsky scandal that rocked the Clinton presidency Popular newspaper websites have also been cited in the last year as unknowingly spreading malware The New York Times and the San Francisco Chronicle reported incidents last year, meanwhile the Minneapolis Star Tribune released a statement in February apologizing to readers for the web security breach it found on its websiteADNFCR-1765-ID-19662515-ADNFCR http://www.secuobs.com/revue/news/200461.shtmlhttp://www.secuobs.com/revue/news/200461.shtml 2010-03-10 23:37:03 - SearchSecurity Security Wire Daily News : Social networking risks to enterprises may be outweighed by the benefits, but experts at the 2010 RSA Conference say infrastructure providers must improve security IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/200444.shtmlhttp://www.secuobs.com/revue/news/200444.shtml 2010-03-10 21:26:12 - threatpost The First Stop for Security News : WhitePagescom has stopped ad networks from delivering ads to its site after they were found to contain fake antivirus malware Visitors to the Drudge Report, The New York Times, the San Francisco Chronicle, and other Web sites were found to be delivering ads containing malware last year Read the full article CNet Shorten URL http threatpostcom en_us 3zN Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/200386.shtmlhttp://www.secuobs.com/revue/news/200386.shtml 2010-03-10 19:36:55 - InSecurity Complex : Site investigates malware delivered via ads on its site in a fake antivirus attack similar to that on the Drudge Report site http://www.secuobs.com/revue/news/200341.shtmlhttp://www.secuobs.com/revue/news/200341.shtml 2010-03-10 17:38:56 - Infosecurity USA Latest News : Almost one in five participants at the RSA conference last week believe that their companies' security policies are being effectively enforced, according to figures released by data center fabric company Brocade That said, at least half of them seem to be unhappy with their companies' security technology solutions http://www.secuobs.com/revue/news/200273.shtmlhttp://www.secuobs.com/revue/news/200273.shtml 2010-03-10 14:11:50 - Infosecurity USA Latest News : IdentityFinder, the identity theft prevention company, are set to offer protection for social networking sites later this year http://www.secuobs.com/revue/news/200196.shtmlhttp://www.secuobs.com/revue/news/200196.shtml 2010-03-10 08:12:58 - PenTestIT : A program to monitor network traffic and detect unauthorized sessions Provides the ability to send alerts based on source and or duration of each session, which aids in the detection of malware such as botnets and bind shells Features of ackack - Detection of already-running sessions - Policies based on session origination and session duration - Group specification using subnet, IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/200132.shtmlhttp://www.secuobs.com/revue/news/200132.shtml 2010-03-10 06:24:47 - PacketLife.net Community Blog : A number of people have written asking me what happened to a paper I wrote back in 2008 entitled The Science of Network Troubleshooting Unfortunately, I neglected to republish the paper after revamping packetlifenet in late 2009, so here it is again as a blog article Troubleshooting is not an art Along with many other IT methodologies, it is often referred to as an art, but it's not It's a science, if ever there were one Granted, someone with great skill in troubleshooting can make it seem like a natural talent, the same way a professional ball player makes hitting a home run look easy, when in fact it is a learned skill Another common misconception holds troubleshooting as a skill derived entirely from experience with the involved technologies While experience is certainly beneficial, the ability to troubleshoot effectively arises primarily from the embrace of a systematic process, a science It's said that troubleshooting can't be taught, but I disagree More accurately, I would argue that troubleshooting can't be taught easily, or to great detail This is because traditional education encompasses how a technology functions troubleshooting encompasses all the ways in which it can cease to function Given that it's virtually impossible to identify and memorize all the potential points of failure a system or network might hold, engineers must instead learn a process for identifying and resolving malfunctions as they occur To borrow a cliché analogy, teach a man to identify why a fish is broken, rather than expecting him to memorize all the ways a fish might break Troubleshooting as a Process ---------------------------- Essentially, troubleshooting is the correlation between cause and effect Your proxy server experiences a hard disk failure, and you can no longer access web pages A backhoe digs up a fiber, and you can't call a branch office Cause, and effect Moving forward, the correlation is obvious the difficulty lies in transitioning from effect to cause, and this is troubleshooting at its core Consider walking into a dark room The light is off, but you don't know why This is the observed effect for which we need to identify a cause Instinctively, you'll reach for the light switch If the light switch is on, you'll search for another cause Maybe the power's out Maybe the breaker's been tripped Maybe someone stole all the light bulbs it happens Without much thought, you investigate each of these possible causes in order of convenience or likelihood Subconsciously, you're applying a process to resolve the problem Even though our light bulb analogy is admittedly simplistic, it serves to illustrate the fundamentals of troubleshooting The same concepts are scalable to exponentially more complex scenarios From a high-level view, the troubleshooting process can be reduced to a few core steps Identify the effect s Eliminate suspect causes Devise a solution Test and repeat Mitigate Step 1 Identify the Effect s ------------------------------ If you've been a network engineer for more than a few hours, you've been told at least once that the Internet is down Yes, the global information infrastructure some forty years in the making has fallen to its knees and is in a state of complete chaos All this is, of course, confirmed by Mary in accounting Last time it was discovered her Ethernet cable had come unplugged, but this time she's certain it's a global catastrophe Correctly identifying a the effects of an outage or change is the most critical step in troubleshooting A poor judgment at this first step will likely start you down the wrong path, wasting time and resources Identifying an effect is not to be confused with deducing a probable cause in this step we are focused solely on listing the ways in which network operation has deviated from the norm Identifying effects is best done without assumption or emotion While your mind will naturally leap to possible causes at the first report of an outage, you must force yourself to adopt an objective stance and investigate the noted symptoms without bias In the case of Mary's doomsday forecast, you would likely want to confirm the condition yourself before alerting the authorities Some key points to consider What was working and has stopped An important consideration is whether an absent service was ever present to begin with A user may report an inability to reach FTP sites as an outage, not realizing FTP connections have always been blocked by the firewall as a matter of policy What wasn't working and has started This is can be a much less obvious change, but no less important One example would be the easing of restrictions on traffic types or bandwidth, perhaps due to routing through an alternate path, or the deletion of an access control mechanism What has continued to work Has all network access been severed, or merely certain types of traffic Or only certain destinations Has a contingency system assumed control from a failed production system When was the change observed This critical point is very often neglected Timing is imperative for correlation with other events, as we'll soon see Also remember that we are often limited to noting the time a change was observed, rather than when it occurred For example, an outage observed Monday morning which could have easily occurred at any time over the preceding weekend Who is affected Who isn't Is the change limited to a certain group of users or devices Is it constrained to a geographical or logical area Is any person or service immune Is the condition intermittent Does the condition disappear and reappear Does this happen at predictable intervals, or does it appear to be random Has this happened before Is this a recurring problem How long ago did it happen last What was the resolution You do keep logs of this sort of thing, right Correlation with planned maintenance and configuration changes Was something else being changed at this time Was a device added, removed, or replaced Did the outage occur during a scheduled maintenance window, either locally or at another site or provider Step 2 Eliminate Suspect Causes -------------------------------- Once we have a reliable account of the effect or effects, we can attempt to deduce probable causes I say probable because deducing all possible causes is impractical, if not impossible One possible cause is a power failure Another possible cause is spontaneous combustion Only one of these possible causes is probable There is a popular mantra of always start with layer one, suggesting that the physical connectivity of a network should be verified before working on the higher layers I disagree, as this is misleading and often impractical You're not going to drive out to a remote site to verify everything is plugged in if a simple ping verifies end-to-end connectivity Similarly, it's unlikely that any cables were disturbed if you can verify with relative certainty no one has gone near the suspect devices Perhaps this is an oversimplified argument, but verifying physical connectivity is often needlessly time consuming and superseded by alternative methods Instead, I suggest narrowing causes in order of combined probability and convenience For example, there might be nothing to indicate DNS is returning an invalid response, but performing a manual nslookup takes roughly two seconds, so this is easily justified Conversely, comparing a current device configuration to its week-old backup and accounting for any differences may take a considerable amount of time, but this presents a high probability of exposing a cause, so it too is justified The order in which you decide to eliminate suspect causes is ultimately dependent on your experience, your familiarity with the infrastructure, and your allowance for time Regardless of priority, each suspect cause should undergo the same process of elimination Define a working condition You can't test for a condition unless you know what condition to expect Before performing a test, you should have in mind what outcome should be produced in the absence of an outage For example, performing a traceroute to a distant node is meaningless if you can't compare it against a traceroute to the same destination under normal conditions Define a test for that condition Ensure that the test you perform is in fact evaluating the suspect cause For instance, pinging an E-mail server doesn't explicitly guarantee that mail services are available, only the server itself technically, only that server's address To verify the presence of mail services, a connection to the relevant daemon s must be established Apply the test and record the result Once you've applied the test, record its success or failure in your notes Even if you've eliminated the cause under suspicion, you have a reference to remind you of this and avoid wasting time repeating the same test again unnecessarily It is common to uncover multiple failures in the course of troubleshooting When this happens, it is important to recognize any dependencies For example, if you discover that E-mail, web access, and a trunk link are all down, the E-mail and web failures can likely be ignored if they depend on the trunk link to function However, always remember to verify these supposed secondary outages after the primary outage has been resolved Step 3 Devise a Solution ------------------------- Once we have identified a point of failure, we want to continue our systematic approach Just as with testing for failures, we can apply a simple methodology to testing for solutions In fact, the process very closely mirrors the steps performed to eliminate suspect causes Define the failure At this point you should have a comfortable idea of the failure Form a detailed description so you have something to test against after applying a solution For example, you would want to refine The Internet is down to Users in building 10 cannot access the Internet because their subnet was removed from the outbound ACL on the firewall Define the proposed solution Describe exactly what changes are to be made, and exactly what the expected outcome is Blanket solutions such as arbitrarily rebooting a device or rebuilding a configuration from scratch might fix the problem, but they prevent any further diagnosis and consequently impede mitigation Apply the solution and record the result Once we have a defined failure and a proposed solution, it's time to pit the two against each other Be observant in applying the solution, and record its product Does the outcome match what you expected Has the failure been resolved In addition to our defined process, some guidelines are well worth mentioning Maintain focus Far too often I encounter a technician who, upon becoming frustrated with a failure or failures, opts to recklessly reboot, reconfigure, or replace a device instead of troubleshooting systematically This is the high-tech equivalent of pounding something with a hammer until it works Focus on one failure at a time, and one solution at a time per failure Watch out for hazardous changes When developing a solution, remember to evaluate what affect it might have on systems unrelated to those being troubleshot It's a horrible feeling to realize you've fixed one problem at the expense of causing a much larger one The best course of action when this happens is typically to immediately reverse the change which was made Note that this is only possible with a systematic approach Step 4 Test and Repeat ----------------------- Upon implementing a solution and observing a positive effect, we can begin to retrace our steps back toward the original symptoms If any conditions were overlooked because they were decided to be dependent on the recently resolved failure, test for them again Refer to your notes from the initial report and verify that each symptom has been resolved Ensure that the same tests which were used to identify a failure are used to confirm functionality If you notice that a failure or failures remain, pick up where you left off in the testing cycle, annotate it and press forward Step 5 Mitigate ---------------- The troubleshooting process does not end when the problem has been resolved and everyone is happy All of your hard work up until this point amounts to very little if the same problem occurs again tomorrow In IT, problems are commonly fixed without ever being fixed Band-aids and hasty installations are not acceptable substitutes for implementing a permanent and reliable solution So to speak, many people will go on mopping the floor day after day without ever fixing the leak A permanent solution may be as complex as redesigning the routed backbone, or as simple as moving a power strip somewhere it won't be tripped on anymore A permanent solution also doesn't have to be 100pourcents effective, but it should be as effective as is practical At the absolute minimum, ensure that you record the observed failure and the applied solution, so that if it the condition does reoccur you have an accurate and dated reference A Final Word ------------ Everyone has his or her own preference in troubleshooting, and by no means do I consider this paper conclusive However, if there's only one concept you take away, make it this above all else, remain calm You're no good to anyone in a panic One's ability to manage stress and maintain a professional demeanor even in the face of utter chaos is what makes a good engineer great Most network outages, despite what we're led to believe by senior staff, are not the end of the world There are instances where downtime can lead to loss of life fortunately, this isn't the case with most networks Money may be lost, time may be wasted, and feelings may be hurt, but when the problem is finally resolved, odds are you've learned something valuable http://www.secuobs.com/revue/news/200122.shtmlhttp://www.secuobs.com/revue/news/200122.shtml 2010-03-10 06:08:33 - Network Security Blog : Can you hear that That s the sound of air escaping as we all finally recover from the RSA conference Rich and Martin are back, and Zach never left but did celebrate a birthday last week We do a quick recap of RSA and then dig into the security news much of which had nothing to http://www.secuobs.com/revue/news/200115.shtmlhttp://www.secuobs.com/revue/news/200115.shtml 2010-03-10 03:55:25 - News : Mobile networks may not be getting upgraded as fast as some subscribers would like, but carrier spending on infrastructure is expected to rebound slightly this year after falling in 2009 IMAGE http://www.secuobs.com/revue/news/200096.shtmlhttp://www.secuobs.com/revue/news/200096.shtml 2010-03-10 03:13:59 - New RFCs : 189KB This document specifies PA-TNC, a Posture Attribute protocol identical to the Trusted Computing Group's IF-M 10 protocol The document then evaluates PA-TNC against the requirements defined in the NEA Requirements specification STANDARDS TRACK http://www.secuobs.com/revue/news/200086.shtmlhttp://www.secuobs.com/revue/news/200086.shtml 2010-03-10 03:13:59 - New RFCs : 165KB This document specifies PB-TNC, a Posture Broker protocol identical to the Trusted Computing Group's IF-TNCCS 20 protocol The document then evaluates PB-TNC against the requirements defined in the NEA Requirements specification STANDARDS TRACK http://www.secuobs.com/revue/news/200085.shtmlhttp://www.secuobs.com/revue/news/200085.shtml 2010-03-10 02:08:40 - threatpost The First Stop for Security News : For the second time in less than six months, visitors to the Drudge Report say they got malware in addition to the Web site's usual sensational headlines Matt Drudge denied that his site was infecting visitors, however it's likely that the malware is coming from ads delivered by a third-party ad network and not the site itself Read the full article CNet Shorten URL http threatpostcom en_us 3tG Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/200067.shtmlhttp://www.secuobs.com/revue/news/200067.shtml 2010-03-10 00:30:28 - News : Machine to machine M2M communications via 3G cellular data links is expanding in the enterprise Sixnet offers a battery of new products to make it simple and cost-effective to network kiosks, remote offices, point-of-sale equipment and digital signage IMAGE http://www.secuobs.com/revue/news/200007.shtmlhttp://www.secuobs.com/revue/news/200007.shtml 2010-03-09 23:00:40 - eSecurity Planet Features : For the second time in two years, Wyndham Hotels and Resorts says hackers managed to access its computer systems, stealing sensitive information, including customer payment card data http://www.secuobs.com/revue/news/199938.shtmlhttp://www.secuobs.com/revue/news/199938.shtml 2010-03-09 22:08:32 - Security Bloggers Network : The Department of Homeland Security s top cybersecurity official told CNET on Wednesday that the department may eventually extend its Einstein technology, which is designed to detect and prevent electronic attacks, to networks operated by the private sector The technology was created for federal networks via taosecurityblogspotcom Scary times http://www.secuobs.com/revue/news/199921.shtmlhttp://www.secuobs.com/revue/news/199921.shtml 2010-03-09 21:30:37 - Rootsecure.net : Network World Former NSA tech chief - I don't trust the cloud http://www.secuobs.com/revue/news/199896.shtmlhttp://www.secuobs.com/revue/news/199896.shtml 2010-03-09 21:28:53 - Reverse Engineering : submitted by rolfr link comment http://www.secuobs.com/revue/news/199891.shtmlhttp://www.secuobs.com/revue/news/199891.shtml 2010-03-09 20:53:49 - eSecurity Planet Features : Cisco recently announced the expansion of TrustSec to help create identity secured networks http://www.secuobs.com/revue/news/199885.shtmlhttp://www.secuobs.com/revue/news/199885.shtml 2010-03-09 14:09:01 - Security : Thought those math rules you learned in 6thgrade were useless Think again some are more applicable to the architecture of your data center than you might think Remember back when you were in the 6th grade, learning about the order of operations in math class You might recall that you learned that the order in which mathematical operators were applied can have a significant impact on the result That s why we learned there s an order of operations a set of rules that we need to follow in order to ensure that we always get the correct answer when performing mathematical equations image Rule 1 First perform any calculations inside parentheses Rule 2 Next perform all multiplications and divisions, working from left to right Rule 3 Lastly, perform all additions and subtractions, working from left to right Similarly, the order in which network and application delivery operations are applied can dramatically impact the performance and efficiency of the delivery of applications no matter where those applications reside --------------------------------------------------------------------- HERE COMES the SCIENCE MATH --------------------------------------------------------------------- tableofopsLet s do some math to prove our theory, shall we Consider the following table of the time it takes to execute certain network operations Note that these are completely arbitrary in that they do not represent actual performance statistics, though the values are relative to one another based on real metrics The actual time to execute a given operation will be highly dependent on load and device performing the operation, thus it will be variable However, what is static is that each operation will consume time on a given system to execute, and this table is designed to represent that basic truism Architecture 1 orderofops1 Let s assume for a moment that our architecture is simple two network devices, both will need to inspect the payload to apply security or routing policies, and an application Assuming that the application is responsible for compression and SSL operations, this means that on the ingress inbound requests, both network devices must necessarily decrypt and then re-encrypt the request in order to apply policies The application, because it is assuming it handled the SSL, also needs to decrypt Based on our completely arbitrary and fictitious table of operational costs, this means the time to execute on ingress is SSL 25 units Compression 9 units Inspection 14 units 48 units and our total CPU cycle utilization is SSL 50 units Compression 21 units Inspection 16 units 87 units On egress outbound our total time to execute will be SSL 25 units Compression 15 units Inspection 14 units 54 units and total CPU cycle utilization at SSL 50 units Compression 35 units Inspection 16 units 101 units Our total time to execute 1 transaction using this order of operations is 102 units with a total CPU cycle utilization of 188 units Now let s compare that with a more strict order of operations in the architecture, delegating responsibility for compression and SSL operations to Network Device 1 Architecture 2 orderofops2 Let us now assume that we are moving those functions that must be repeated throughout the architecture closer to the edge of the flow of traffic such that we reduce the number of times the functions must be repeated due to the need to inspect data Based on our completely arbitrary and fictitious table of operational costs, this means the time to execute using our new order of operations on ingress is SSL 5 units Compression 3 units Inspection 14 units 22 units and our total CPU cycle utilization is SSL 10 units Compression 7 units Inspection 16 units 33 units On egress outbound our total time to execute will be exactly the same SSL 5 units Compression 3 units Inspection 14 units 22 units and our total CPU cycle utilization is SSL 10 units Compression 7 units Inspection 16 units 33 units Our total time to execute 1 transaction using this order of operations is 44 units with a total CPU cycle utilization of 66 units Let s compare the two side by side Architecture 1 Architecture 2 Time to Execute 102 44 CPU cycles consumed 188 66 That pretty much says it all Note that we re not comparing costs as the cost per unit to execute will vary from device to device, although it is almost certainly true that execution on the network device will cost more per CPU cycle than on the application server because network devices are usually more expensive Note, however, that the time to execute and CPU cycles consumed does not reflect the fact that when executed on specialized hardware the processing is more efficient, so the total cost will likely not be too much higher because it s offset by the reduction in number of cycles required Just as is true for mathematical operations the order in which capabilities are applied dramatically impacts the end result --------------------------------------------------------------------- APPLICATION DELIVERY ORDER of OPERATIONS RULES --------------------------------------------------------------------- The point of this little exercise was twofold First, it s a reminder to pay attention to the application delivery architecture you are employing no matter where it might be located That means from point of ingress through the network to the application and back again Every point at which packets and or payloads must be inspected is a potential point at which the efficiency and performance of your application will be affected by the order in which application delivery security and acceleration policies are applied Second, it s to mathematically illustrate the impact of offloading compute intense calculations and processes such as SSL and compression to network-hosted application delivery platforms, especially those enabled with specialized hardware designed to improve the execution performance of such processes Now, given this data we should be able to abstract what we ve learned into a basic set of rules regarding the application delivery network order of operations Rule 1 Offload all cryptographic or obfuscating like compression functions to the last device in the delivery network which needs to inspect the payload to reduce the impact of redundant operations Well, there you have it One simple rule takes care of the application delivery network order of operations It s more efficient, will be more cost effective, and in your application performance will thank you for it because we all know your users won t, even though they should --------------------------------------------------------------------- Related blogs articles When Did Specialized Hardware Become a Dirty Word Square Infrastructure Pegs Don t Fit in Round Network Holes Virtual Network Infrastructure Virtually Good Enough I am wondering why not all websites enabling this great feature GZIP Pay No Attention to the Infrastructure Behind the Cloudy Curtain The Devil is in the Details The Question Shouldn t Be Where are the Network Virtual Appliances but Where is the Architecture VM Sprawl is Bad but Network Sprawl is Badder A Green Architectural Strategy That Puts IT in the Black PDF Follow me on Twitter View Lori's profile on SlideShare friendfeed icon_facebook AddThis Feed Button Bookmark and Share cc10_120x90-joinmeat Technorati Tags MacVittie,F5,infrastructure,architecture,performance,math,operations,network,application delivery,offload,SSL,compression IMAGE http://www.secuobs.com/revue/news/199717.shtmlhttp://www.secuobs.com/revue/news/199717.shtml 2010-03-09 10:53:57 - Rootsecure.net : H Security ZigBee - attack of the killer bees open source collection of Linux tools intended for testing the security of ZigBee networks http://www.secuobs.com/revue/news/199676.shtmlhttp://www.secuobs.com/revue/news/199676.shtml 2010-03-09 04:52:33 - News : If a pending federal grant is approved, one of the first LTE Long-Term Evolution wireless broadband networks in the US will be built across 15,120 square miles of desert IMAGE http://www.secuobs.com/revue/news/199629.shtmlhttp://www.secuobs.com/revue/news/199629.shtml 2010-03-09 03:58:00 - Mu Dynamics Research Labs : We launched xtractr earlier this week for network forensics, troubleshooting and handling support escalations involving large packet captures Just so you know xtractr is a 4-tier app more on that below that combines the best of Web 20 with looking at packets in new light Looking beyond the unleash the power of packets message, I http://www.secuobs.com/revue/news/199603.shtmlhttp://www.secuobs.com/revue/news/199603.shtml 2010-03-09 03:26:53 - Hack In The Box : Social networking sites such as Facebook, LinkedIn, and Xing have been reporting exponential growth rates These sites have millions of registered users, and they are interesting from a security and privacy point of view because they store large amounts of sensitive personal user data In this paper, we introduce a novel de-anonymization attack that exploits group membership information that is available on social networking sites More precisely, we show that information about the group memberships of a user ie, the groups of a social network to which a user belongs is often sufficient to uniquely identify this user, or, at least, to significantly reduce the set of possible candidates To determine the group membership of a user, we leverage well-known web browser history stealing attacks Thus, whenever a social network user visits a malicious website, this website can launch our de-anonymization attack and learn the identity of its visitors http://www.secuobs.com/revue/news/199580.shtmlhttp://www.secuobs.com/revue/news/199580.shtml 2010-03-08 22:51:53 - Rootsecure.net : Bruce Schneier De-Anonymizing Social Network Users pdf http://www.secuobs.com/revue/news/199473.shtmlhttp://www.secuobs.com/revue/news/199473.shtml 2010-03-08 20:52:21 - What's New Mu : xtractr is the latest tool available to all community members of pcapr, a crowd-sourced packet capture repository the largest in the world with more than 55 million packets, over 400 protocols and 2,700 users pcapr provides a simple way for members to share and access network packets in order to test their IP services http://www.secuobs.com/revue/news/199424.shtmlhttp://www.secuobs.com/revue/news/199424.shtml 2010-03-08 12:00:51 - SecurityPark.net : A social network is a communication network of social contacts and seems to have become the most popular way to stay in touch Forrester Research stated that the number of people using the web will increase by 45pourcents to 22 billion by 2013, the total global internet audience is currently 625M and two thirds of these internet users have now joined a social networking site 417M This is a huge number more http://www.secuobs.com/revue/news/199298.shtmlhttp://www.secuobs.com/revue/news/199298.shtml 2010-03-08 08:27:05 - ARCHIMEDIUS : When VMware entered the production data center it was the beginning of a massive IT disruption with profound implications for careers, vendors and the next tech innovation cycle, driven by deep reductions in network operating expenses and equally uplifting increases in network flexibility and intelligence VMware set the stage for the multibillion dollar system virtualization category http://www.secuobs.com/revue/news/199263.shtmlhttp://www.secuobs.com/revue/news/199263.shtml 2010-03-08 08:10:33 - Infrastructure 2.0 : When VMware entered the production data center it was the beginning of a massive IT disruption with profound implications for careers, vendors and the next tech innovation cycle, driven by deep reductions in network operating expenses and equally uplifting increases in network flexibility and intelligence VMware set the stage for the multibillion dollar system virtualization category by allowing operating systems and applications to be easily set up and moved on top of commodity server hardware They automated systems that had been requiring ever increasing amounts of manual labor as data centers grew ever more complex by creating an abstracting layer between software and hardware Check out the IDC slide referenced in the October, 2008 infrastructure 20 blog on Virtualization, Cloud Computing and IT Diseconomies The market cap of VMware was to a great extent driven by the increasing proportions of management expense required for supporting ever more complex system infrastructures There is a similar internal HP only, based on IDC data slide showing the creeping opex menace growing every year to consume more than 50pourcents of server costs Also read Server Management Costs Soar, Says IDC For every server that is purchased and installed, management costs increase exponentially Matt Eastwood, vice president, enterprise server research for Framingham, Mass,-based IDC says that a penny saved in initial cost is a dollar spent on management IT pros are always interested in getting the best deal that they can when they purchase new equipment But what they are beginning to realize is that the cost of maintaining a server is five to seven times the purchase price - Brian Kraemer, SearchDataCentercom Feb 2006 Now that VMware, Citrix and Microsoft have now declared war on manual labor and rising system management expense, it s the network s turn to get automated At stake are scattered, multibillion dollar empires driven by complexity, expertise and black holes of arcane scripts, configurations and multi-step network management processes It all starts at the core, in the core network services addressed by the emerging DDI appliance category kicked off by Gartner last fall, then emanates into a host of initiatives like virtualization and IPv6 that are slowed down and incur heightened cost and risk due to the persistence of complexity and manual processes required to simply keep networks available and secure as more IP addresses are added The IPAM diseconomies of scale discovered by Computerworld during the fall of 2008 was eerily reminiscent of the data discovered by IDC on rising server management costs As networks grew, the costs of managing each IP address grew, creating the IPAM opex hockey stick Now that CIOs have discovered the power of system automation to break the bonds between software and hardware and automate once manual system processes, they will be looking for solutions that can break the bonds between the meaty address space DNS, DHCP, IPAM, etc and physical location enabling unprecedented breakthroughs in operating expense and risk, power savings and scalability They will leverage the network like never before to take IT automation to new levels Network automation will start with the automation and integration of IPAM, DNS and DHCP and will spread from this waste-ridden meat space core into areas strategically bound by those manual processes Look to announced partnerships between companies like Infoblox my employer in the DDI space and the likes of Riverbed, Cisco, Neustar and the recent F5 and Infoblox announcement related to DNSSEC to tackle a host of costs and challenges emanating from the network s tired core IT is about to be radically transformed, not by cloud computing but by a wave of innovation that will make networks as powerful and nimble and economical as recently virtualized systems And those virtualized systems will become more secure, more efficient and even more economical than ever before As system virtualization decoupled software and operating systems from the bonds of specialized dedicated hardware, network virtualization will decouple those systems from the limitations of specialized, dedicated locations Those who embrace network automation first will attain strategic advantage over their peers Hence the recent announcements and breakthroughs by Cisco, Citrix, F5, Juniper, Riverbed, VMware and others, setting the stage for the inevitable transformation foreshadowed by the rise of system virtualization and the resultant shift in market caps between tired incumbents and the virtualization ecosystem You can follow my rants in real-time at Archimedius http://www.secuobs.com/revue/news/199262.shtmlhttp://www.secuobs.com/revue/news/199262.shtml 2010-03-08 07:03:00 - Security For All : I must have been out cold But the way the story s told They found me lying naked in the rain From Bible Black by Heaven and Hell Any number of times in the past I ve warned about the inherent lack of privacy with social networking in posts like this, this, this and even this But this week Sharon Nelson of the http://www.secuobs.com/revue/news/199253.shtmlhttp://www.secuobs.com/revue/news/199253.shtml 2010-03-08 06:33:32 - Rational Survivability : At the RSA security conference last week I spent some time with Tom Gillis on a live uStream video titled Securing the Network Tom happens to be as he points out during a rather funny interlude my boss boss he s the VP and GM of Cisco s STBU Security Technology Business Unit It s an interesting discussion albeit http://www.secuobs.com/revue/news/199247.shtmlhttp://www.secuobs.com/revue/news/199247.shtml 2010-03-07 16:41:38 - MX Logic Security News : The US Navy announced Tuesday that it will seek bids from web and network security companies to develop and implement a highly secure cyber defense system to use in the event of cyber war The Navy expects the system to cost roughly 16 billion over the next five years Ideally, the system would be highly secure against the even the most sophisticated attacks Beyond a system to use during cyber war, the Navy hopes to augment its overall network security as well The Navy plans to award multiple web security companies with contracts The prototype will lead to new concepts for protecting data traversing the Department of the Navy networks and will provide decision management, intelligent decision aids, data fusion and correlation and visualization capabilities, the Navy wrote on its website The announcement comes shortly after the Bipartisan Policy Center conducted a similar national cyber attack to test the nation's preparedness in case of a largescale cyber attack Also, earlier this month, the Air Force awarded IBM with a contract to develop a secure cloud for USAF operations ADNFCR-1765-ID-19632885-ADNFCR http://www.secuobs.com/revue/news/199140.shtmlhttp://www.secuobs.com/revue/news/199140.shtml 2010-03-07 16:41:38 - MX Logic Security News : Former United States government officials staged a massive attack on cell phone networks, internet service providers and the power grid to test the potential response of the country to such an attack The attack, called Cyber Shockwave by the bipartisan committee, which believes that the US is working toward complete preparedness for such an attack However, steps still need to made and further precautions taken to ensure national safety Several former government officials took part in the simulation including former Secretary of Homeland Security Michael Chertoff, who acted as National Security Advisor for the exercise, and Charles Wald, a retired general acting as Secretary of Defense I think the scenario we saw today is believable I think we're preparing for it I don't think we're as prepared as we should be, Wald told the Associated Press The goal of the event was to highlight vulnerabilities within policy should an event ever occur The US government has procedures in place to respond physical national disasters and attacks, but Matthew Stern, former head of US Army's protected networks believes the government needs to develop plans for a cyber disasterADNFCR-1765-ID-19635381-ADNFCR http://www.secuobs.com/revue/news/199137.shtmlhttp://www.secuobs.com/revue/news/199137.shtml 2010-03-07 16:41:38 - MX Logic Security News : A report published Monday by Boston-based IT firm Sophos reported that malware and spam attacks on social media sites like Facebook and Twitter rose 70 percent in the year, greatly compromising companies' network security Fifty-seven percent of social networking users reported receiving spam at some point, while an additional 36 percent received malware Both of those figures rose more than 50 percent from the previous year's report In fact, reported spam cases rose 706 percent, according to the study entitled Social Security The survey found that 60 percent of people considered Facebook the most dangerous medium MySpace and Twitter polled in second and third place with 18 and 17 percent respectively Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made, said Graham Cluley, senior technology consultant for Sophos LinkedIn was not considered particularly dangerous by those surveyed, however, Sophos cites that is provides hackers with an essential company directory The amount of personal employment information each page contains can open users and companies up to further attacksADNFCR-1765-ID-19635434-ADNFCR http://www.secuobs.com/revue/news/199135.shtmlhttp://www.secuobs.com/revue/news/199135.shtml 2010-03-07 16:41:38 - MX Logic Security News : Reports of the so-called blue screen of death following the installation of the latest Microsoft security update are the result of malware, not a defect in the update The company said in a statement that only 32-bit computers previously infected with the Alureon roolkit malware suffered the defect Microsoft ceased distribution of the update for 32-bit systems, but offers it for 64-bit systems as no similar results have been reported A malware compromise of this type is serious, and if customers cannot confirm removal of the Alureon rootkit using their chosen anti-virus anti-malware software, the most secure recommendation is for the owner of the system to back up important files and completely restore the system from a cleanly formatted disk, Microsoft said, according to CNET The Alureon malware is a form of trojan virus Kaspersky, a web security company, stated earlier this month seven of the eight newest cyber threats are trojans A company official said that 91 percent of all known active threats are trojansADNFCR-1765-ID-19635458-ADNFCR http://www.secuobs.com/revue/news/199133.shtmlhttp://www.secuobs.com/revue/news/199133.shtml 2010-03-07 16:41:38 - MX Logic Security News : Intel, a global provider of computer chips, revealed that it was the target of a highly sophisticated network security breach in January, in its Form 10-K Annual Report to the Securities and Exchange Commision The company has since addressed and removed the infection from its network the true scope and effects of the cyber attack are unknown It is not uncommon for Intel to be targeted by cyber criminals The company says, however, that it is rare for the attacks to be successful One recent and sophisticated incident occurred in January 2010 around the same time as the recently publicized security incident reported by Google, the company states in the report We seek to detect and investigate these security incidents and to prevent their recurrence, but in some cases we might be unaware of an incident or its magnitude and effects While Intel cites that the compromise came at around the same time as Google's incident, there is nothing tying the attacks together The announcement comes following the discovery of the Kneber botet, which is believed to have infected more than 70,000 computers and more than 2,500 corporations worldwideADNFCR-1765-ID-19638590-ADNFCR http://www.secuobs.com/revue/news/199129.shtmlhttp://www.secuobs.com/revue/news/199129.shtml 2010-03-07 16:41:38 - MX Logic Security News : A unique tool developed to prevent the spread of malware from social networking websites has been recommended Processorcom, a web and network security news provider The program, called PhishMe, is designed to simulate a spear-phishing attack, which are carried out by cyber criminals to trick social networking users into downloading dangerous programs on their computers If an employee clicks the link and downloads the program, PhishMe tells them what they did wrong and how it can affect their company's network Most companies have measures in place to prevent transmission of malware from older media such as email and links However, precautions taken against web 20-based sites like Facebook and Twitter is lagging There is a lot out there, and it's always changing Only when a company understands its specific information assets and risks, likely attackers, and potential for loss can it prioritize the effort and expense required to address vulnerabilities from social networks, according to Processorcom The Independent reported earlier this month that among the scams currently making their way through Twitter and Facebook, the most alarming recent trend has been the presence of cash scamsADNFCR-1765-ID-19638677-ADNFCR http://www.secuobs.com/revue/news/199125.shtmlhttp://www.secuobs.com/revue/news/199125.shtml 2010-03-07 12:21:11 - Security Database Tools Watch : The NeoPwn Mobile Pentesting project is proud to announce that it is merging with BackTrack, to produce the first ever BackTrack Mobile suite The migration of the NeoPwn project will give way to a sharp development team, focused on fully supporting the Nokia N900 mobile phone Future plans of the project will extend support for other mobile devices as they become compatible This is an exciting leap from the original project, as there are incredible improvements in hardware, usability and - Security Tools Penetration testing Ethical Hacking, Handhelds, NeoPwn IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/199101.shtmlhttp://www.secuobs.com/revue/news/199101.shtml 2010-03-07 12:10:56 - insecure : Ncrack is a high-speed network authentication cracking tool It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords Security professionals also rely on Ncrack when auditing their clients Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic http://www.secuobs.com/revue/news/199099.shtmlhttp://www.secuobs.com/revue/news/199099.shtml 2010-03-07 10:52:35 - Rootsecure.net : Network World Legal firm faces investigation over net piracy letters http://www.secuobs.com/revue/news/199094.shtmlhttp://www.secuobs.com/revue/news/199094.shtml 2010-03-07 07:27:44 - SecurityTube.Net : Attacking and Defending WPA Enterprise Networks Video Tutorial IMAGE http://www.secuobs.com/revue/news/199077.shtmlhttp://www.secuobs.com/revue/news/199077.shtml 2010-03-07 05:18:50 - TaoSecurity : IMAGE In my Predictions for 2008 I wrote Expect greater military involvement in defending private sector networks The plan calls for the NSA to work with the Department of Homeland Security DHS and other federal agencies to monitor such networks to prevent unauthorized intrusion, according to those with knowledge of what is known internally as the Cyber Initiative Now in Feds weigh expansion of Internet monitoring we read Homeland Security and the National Security Agency may be taking a closer look at Internet communications in the future The Department of Homeland Security's top cybersecurity official told CNET on Wednesday that the department may eventually extend its Einstein technology, which is designed to detect and prevent electronic attacks, to networks operated by the private sector The technology was created for federal networks Greg Schaffer, assistant secretary for cybersecurity and communications, said in an interview that the department is evaluating whether Einstein makes sense for expansion to critical infrastructure spaces over time Not much is known about how Einstein works, and the House Intelligence Committee once charged that descriptions were overly vague because of excessive classification The White House did confirm this week that the latest version, called Einstein 3, involves attempting to thwart in-progress cyberattacks by sharing information with the National Security Agency The first step towards creating Cyber NORAD is instrumentation Stay tunedCopyright 2003-2009 Richard Bejtlich and TaoSecurity taosecurityblogspotcom and wwwtaosecuritycom http://www.secuobs.com/revue/news/199070.shtmlhttp://www.secuobs.com/revue/news/199070.shtml 2010-03-06 04:16:04 - National Vulnerability Database : Multiple buffer overflows in the authentication functionality in librpcdll in the Informix Storage Manager ISM Portmapper service aka portmapexe , as used in IBM Informix Dynamic Server IDS 10x before 1000TC9 and 11x before 1110TC3 and EMC Legato NetWorker, allow remote attackers to execute arbitrary code via a crafted parameter size http://www.secuobs.com/revue/news/198915.shtmlhttp://www.secuobs.com/revue/news/198915.shtml 2010-03-06 04:16:04 - National Vulnerability Database : Integer signedness error in the authentication functionality in librpcdll in the Informix Storage Manager ISM Portmapper service aka portmapexe , as used in IBM Informix Dynamic Server IDS 10x before 1000TC9 and 11x before 1110TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow http://www.secuobs.com/revue/news/198914.shtmlhttp://www.secuobs.com/revue/news/198914.shtml 2010-03-05 23:53:26 - Help Net Security News : Brocade's man-on-the-street survey at this week's RSA conference in San Francisco, revealed that 47 percent of respondents believe their network security solutions are less than 25 percent effecti http://www.secuobs.com/revue/news/198826.shtmlhttp://www.secuobs.com/revue/news/198826.shtml 2010-03-05 16:14:09 - Crabbyolbastard Ruminates : By Byron Acohido, USA TODAY SAN FRANCISCO Hey Alice, look at the pics I took of us last weekend at the picnic Bob That Facebook message, sent last fall between co-workers at a large US financial firm, rang true enough Alice had, in fact, attended a picnic with Bob, who mentioned the outing http://www.secuobs.com/revue/news/198676.shtmlhttp://www.secuobs.com/revue/news/198676.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : Body We all know that crime is global and that they are doing their best to leverage the legal shortcomings and the limitations of the cooperation between Law Enforcement agencies There is a good article about one case in the New York Times which is definitely worth reading Global Trail of an Online Crime Ring Roger Category CybercrimePublished 13082008 09 46 http://www.secuobs.com/revue/news/198543.shtmlhttp://www.secuobs.com/revue/news/198543.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : If you are looking into deploying Network Access Protection, have a look at the recently published Network Access Protection Design Guide Roger http://www.secuobs.com/revue/news/198519.shtmlhttp://www.secuobs.com/revue/news/198519.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : I am often asked by a lot of people what my view is on the social networks like Facebook and what I think about it Well, the most important points first I am using social networks myself as I like them to keep an eye on people I might lose otherwise However, I am really careful putting too much information on these networks like pictures as I want to keep my privacy We now released 10 tips for social networking safety which I think are pretty good and might even be used by your teen kids as well Roger http://www.secuobs.com/revue/news/198499.shtmlhttp://www.secuobs.com/revue/news/198499.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : First of all, before I really start, I hope that you all had a great start in 2009 Mine was actually pretty mixed The good side was, how my year really started and what I saw when I looked out the window at January 1st yes, I was on vacation skiing and this was how the view was almost each and every morning IMAGE But honestly, this is not the only reason, why I wrote this post There is another one which is much, much more serious Unfortunately there are still plenty of customers playing Russian Roulette with their network This term was actually used by one of our security engineers who was kind of upset to say the least who had to work December 31st and January 1st because of customers still not having rolled out MS08-067 and not just one We ran to our limits with regards to support capacity in EMEA Just to remind you This is the Out of Band security update we released back on October 23rd and which then was pretty soon attacked by ConfickerA But it seems that a lot of customer did not care back then they were not attacked, so why bother In the last days of 2008 ConfickerB broke out and even though it was not spread too widely, the customers who were hit or still are hit are hit very, very badly Account Lockouts all over the place, admin passwords that were grabbed often the Domain Admins etc and we had some really upset engineers as they had to work instead of having off because some customers were not up to their duty and this is what it is for me And this is not the end of the story For quite a while, our Anti-Malware solution was the only one, which was able to remove the thing And without an Anti-Malware solution it is close to impossible to actually get rid of it As always, all the information about the malware was shared amongst VIA Virus Information Alliance to all the partners NT got infected as well and the calls came What shall we do now Well, there is not too much you can do As you might know, Windows NT is out of support for a long time since December 31st, 2004 - see our Lifecycle Page if you need more information Isolate your Windows NT boxes as you should have done a long time ago and migrate away from it I know that there are still a lot of machines with NT embedded isolate them and work with the vendors to get to an up to date version of the OS Let me add a final comment The story above is not a Microsoft-only story The same processes and technologies around patch management have to be applied to each and every component of your environment Back after the Blaster times, we start to tell the consumer to apply three things to their PC to protect it 1 Switch on your Firewall 2 Keep your Software Updated 3 Run an Anti-Malware software and keep it updated Guess what If you would have applied 2 and 3 to your network, you would not have been hit by this problem Roger http://www.secuobs.com/revue/news/198469.shtmlhttp://www.secuobs.com/revue/news/198469.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : This is very exciting news Unet, one of our NAP partners now delivers a NAP Client for Mac and Linux Here are some very cool screenshots from their website This is the Windows Client IMAGE Here for Mac IMAGE And finally for Linux IMAGE If you are running mixed environments, you should look into Roger http://www.secuobs.com/revue/news/198468.shtmlhttp://www.secuobs.com/revue/news/198468.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : My latest blog post on this matter generated quite some attention Based on what happened since then, let me be clear on what I wanted to say and still want to say If you decide not to roll out a security update which is so critical that we decide to go out of band, you play Russian Roulette with your network as you can guess that there will be attacks exploiting this vulnerability pretty soon The same is actually true if you do not run and maintain an appropriate Anti-Malware solution There were just a few that are able to detect and remove Conflicker ours was one of the first Now, if we look at ConfickerB This is really an ugly beast You need just one infected machine in your network in order to have it spread across your network fast and aggressively You can get it even through a USB-stick So, drawing the conclusion that I said every customer having ConflickerB did not patch and therefore playing Russian Roulette is completely inaccurate and not what I said it just needs one unpatched infected machine Roger http://www.secuobs.com/revue/news/198465.shtmlhttp://www.secuobs.com/revue/news/198465.shtml 2010-03-05 12:02:46 - Roger Halbheer on Security : As you know, I am a big fan of the concepts behind Network Access Protection as it allows to dynamically define zones on you network We just published a whitepaper called Manage Network Access Protection at Microsoft Network Access Protection NAP is a powerful new Windows Server 2008 feature that can help protect networks from malicious software malware and other threats Describes how organizations can use NAP to institute requirements for accessing a network, create policies that check for compliance with those requirements, and update and manage devices that are not in compliance Here you find this information Technical White Paper Webcasts IT Pro Webcast WMA MP3 Have fun Roger http://www.secuobs.com/revue/news/198389.shtmlhttp://www.secuobs.com/revue/news/198389.shtml 2010-03-05 12:01:08 - Forensic Focus : Solera Networks has announced its partnership with EMC Corporation The companies' technologies will create a network forensics storage solution to meet the growing needs of Fortune 1000 companies and government institutions IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/198348.shtmlhttp://www.secuobs.com/revue/news/198348.shtml 2010-03-05 10:27:40 - Security Bloggers Network : Not at RSAC but still networking here in NYC Time for lunch with another infosec pro Always enjoy these chats Related Posts Networking lunch with past pre Streaming the US State of the Superbowl infosec colts ki CIA triad AT T iPhone drop State of the Union was the Eco Ken Belva at SecurityMaverickcom, 2010 Permalink No comment Add to delicious Post tags http://www.secuobs.com/revue/news/198330.shtmlhttp://www.secuobs.com/revue/news/198330.shtml 2010-03-05 07:20:57 - DarkReading All Stories : Core Security Labs researcher releases code for spear phishing attacks on Twitter http://www.secuobs.com/revue/news/198287.shtmlhttp://www.secuobs.com/revue/news/198287.shtml 2010-03-04 22:57:30 - McGrew Security Blog : Today, results were posted for Sherri Davidoff and Jonathan Ham s third network forensics puzzle contest The puzzles, hosted at forensicscontestcom, are meant to encourage the development of network forensic tools that might be integrated into SANS training and toolkits Puzzle 3 involved pulling information from an Apple TV device s network traffic I participated in http://www.secuobs.com/revue/news/198163.shtmlhttp://www.secuobs.com/revue/news/198163.shtml 2010-03-04 22:05:24 - News : Intel today announced a new processor controller combination targeted at home and small office storage networks that will increase performance for some home applications, such as video processing, by as much as 85pourcents IMAGE http://www.secuobs.com/revue/news/198154.shtmlhttp://www.secuobs.com/revue/news/198154.shtml 2010-03-04 21:50:59 - Rootsecure.net : Computer World RealNetworks settles lawsuits, will stop selling DVD-copying software RealNetworks has agreed to pay 45 million and permanently stop selling its RealDVD software as part of a legal settlement with six Hollywood movie studios http://www.secuobs.com/revue/news/198138.shtmlhttp://www.secuobs.com/revue/news/198138.shtml 2010-03-04 17:08:32 - Security Bloggers Network : BruCON is proud to announce this second training session More training sessions will be published in the following days, so check back regularly Abstract As VoIP networks become more and more This is a content summary only Visit my website for full links, other content, and more IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/198048.shtmlhttp://www.secuobs.com/revue/news/198048.shtml 2010-03-04 17:07:34 - News : The debate about whether companies should let their workers access social networking sites on the job is about more than corporate productivity It's about security, too IMAGE http://www.secuobs.com/revue/news/198044.shtmlhttp://www.secuobs.com/revue/news/198044.shtml 2010-03-04 10:32:42 - Rootsecure.net : Darknet Ncrack - High Speed Network Authentication Cracking Tool http://www.secuobs.com/revue/news/197963.shtmlhttp://www.secuobs.com/revue/news/197963.shtml 2010-03-04 01:56:37 - Hack In The Box : RealNetworks Inc has settled lawsuits with six movie studios that sought to stop it from selling technology that let consumers copy DVDs to their computers Under the settlement terms, which were announced Wednesday, RealNetworks can't sell its RealDVD product or other similar technology, the company said Walt Disney Co, Sony Corp and others sued RealNetworks in 2008, arguing RealDVD is an illegal pirating tool that would stop consumers from buying movies on DVD that they could cheaply rent, copy and return RealNetworks will also withdraw an appeal it filed after a judge barred the company from selling RealDVD in August http://www.secuobs.com/revue/news/197841.shtmlhttp://www.secuobs.com/revue/news/197841.shtml 2010-03-04 00:34:38 - Cryptome : March 3, 2010 http://www.secuobs.com/revue/news/197809.shtmlhttp://www.secuobs.com/revue/news/197809.shtml 2010-03-03 23:49:53 - SearchSecurity Security Wire Daily News : Healthcare security managers say their bosses and others are increasing the pressure on them to allow access to social networking and other Internet services, making it more difficult for them to mitigate the potential threats those services pose IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/197786.shtmlhttp://www.secuobs.com/revue/news/197786.shtml 2010-03-03 17:28:42 - Global Security Mag Online : F5 Networks, Inc, annonce la disponibilité de nouvelles solutions venant enrichir sa gamme BIG-IP Parmi les nouveautés proposées par F5 figurent Le boîtier BIG-IP Edge Gateway, pour contrôler les accès distants Ce boîtier réunit sur une plate-forme les dispositifs d'accès distant sécurisé VPN SSL, d'optimisation de trafic optimisation WAN et d'accélération applicative optimisation Web BIG-IP Edge Gateway est d'ores et déjà disponible Le module logiciel BIG-IP Access Policy Manager APM - Produits http://www.secuobs.com/revue/news/197631.shtmlhttp://www.secuobs.com/revue/news/197631.shtml 2010-03-03 16:55:54 - Network Security Podcast : Martin and Rich are away at RSA and I m all alone Well, actually, I have a special guest host Jamie Arlen aka Myrcurial and boy did we have a lot to talk about Tonight s show is a bigun , clocking in at about 50 minutes So, apologies for the lengthy show and file Network http://www.secuobs.com/revue/news/197616.shtmlhttp://www.secuobs.com/revue/news/197616.shtml 2010-03-03 16:02:03 - BreakingPoint Labs Blog : On the show floor at RSA Conference there is a lot happening and overall the show seems much more well attended than last year This show, as most of you know, is also a harbinger of news releases and product announcements Crossbeam, providers of scalable software and hardware platforms, distributed a few pieces of news leading up to the show and at the conference itself I went over to visit the Crossbeam booth 545 while at RSA so check out a live demonstration of their X-Series security platform using four BreakingPoint Elite chassis With this impressive demonstration in the background I talked with Crossbeam's Peter Doggart Q First off Peter, can you provide us with an overview of what Crossbeam provides Crossbeam s X-Series security platform lets customers virtualize third-party, best-in-class security applications and scale them to meet the needs of large, high-performance network environments Today, more than 900 leading enterprises and service providers, including 10 of the top 11 telecom carriers worldwide, rely on Crossbeam as the underlying architecture for the delivery of security services Q Crossbeam is demonstrating something very interesting here at RSA, can you tell us about what is going on and why In working with service providers over the past year, and in particular mobile network operators MNOs , it has become evident that they are under enormous pressure to meet growing network demands while simultaneously delivering clean data pipes What we are showing at RSA is proof that our X-Series security platform delivers the world s fastest firewall performance to meet the needs of mobile operators Using BreakingPoint Elite, we are conducting a to stress-test the X-Series chassis We are running a best-in-class application on the X-Series, Check Point Security Gateway R70 Firewall, to clean, inspect and secure the traffic This demonstration shows how service providers and mobile carriers can easily scale their network security infrastructure to cope with the next generation of mobile technology, 4G LTE, under real-world conditions Q You mention real world a few times in your answer and in the news release that went out What does that mean to mobile network operators There is a growing gap between what vendors state on their data sheets and what we typically see out in the real world in terms of performance There are two key elements at play in the real world First, we are seeing more attacks, which place a greater burden on our security systems and, second, we are seeing smaller payload sizes, especially with the growing number of mobile devices The result is that mobile operators need to buy and manage a lot more equipment than they budgeted for as the real-world demands are far greater than they ever anticipated This is not only more costly to them, but it is also a lot more complex to manage Realistic tests like this one at RSA validate that we deliver the fastest-performing firewall on the market under real-world conditions which means that we can stand behind our performance claims and mobile network operators can be assured that their X-Series security infrastructure delivers the flexibility, superior performance and high availability required to handle the unpredictability of growing data traffic demands Q How can this type of validation, throughout the industry, not just at Crossbeam, help the overall performance of MNOs Crossbeam s policy is to be transparent when it comes to performance claims We are doing the opposite of what many vendors do by actually creating tests that provide worst case metrics, not the best case Take the RSA live demonstration We are using BreakingPoint to generate 96 byte HTTP packets, which in the real mobile world would be the worst case payload size At Crossbeam, we want to create some real-world industry guidelines that everyone follows so mobile operators, government and enterprise customers understand exactly what they are buying, and can capacity plan correctly Q I noticed four BreakingPoint chassis in the Crossbeam booth generating the traffic for the demonstration Why does Crossbeam use BreakingPoint for product validation First, we use the BreakingPoint Elite chassis because they can accurately simulate the type of traffic we see in the real world and, second, because BreakingPoint is the only vendor that can push the Crossbeam chassis to its current performance limits Q How has using BreakingPoint helped the evolution of Crossbeam products Because BreakingPoint equipment pushes our chassis to its absolute limits, Crossbeam is better able to fine-tune its performance to address customer needs with the assurance that the X-Series can handle their network demands In the latest release of the X-Series operating system, for instance, we boosted the number of concurrent IP connections we can support up to 10 million, and increased the new connection rates per second to 320,000 These numbers are critical to mobile operators who need to support the growing number of smartphones and other devices, which create more traffic than traditional mobile phones and are nearly always connected Without BreakingPoint, we couldn t have confidence in our real-world performance metrics IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/197597.shtmlhttp://www.secuobs.com/revue/news/197597.shtml 2010-03-03 14:03:45 - Help Net Security News : Cisco announced the Cisco Secure Borderless Network architecture, which evolves enterprise security by focusing on four critical anchors enterprise endpoints mobile or fixed , the Internet edge, t http://www.secuobs.com/revue/news/197567.shtmlhttp://www.secuobs.com/revue/news/197567.shtml 2010-03-03 13:51:25 - SecurityPark.net : Eurotunnel manages the Channel Tunnel fixed link between the UK and France and operates the Shuttle service for tourist vehicles or trucks It also shares the track with rail freight and passenger trains passing through the Tunnel As with any major transport hub, Eurotunnel has a demanding and diverse environment for surveillance and security, requiring a distributed system that can deliver high- more http://www.secuobs.com/revue/news/197560.shtmlhttp://www.secuobs.com/revue/news/197560.shtml 2010-03-03 12:07:14 - Security Bloggers Network : I ll start with the stats we found 1,420 Raven Airlink devices in a wireless class B network that any customer with a wireless card from the carrier could access These are ruggedized devices with Ethernet and serial connectors used for sending monitoring and control data back from the field We read way too many articles about http://www.secuobs.com/revue/news/197542.shtmlhttp://www.secuobs.com/revue/news/197542.shtml 2010-03-03 08:50:02 - Darknet The Darkside : http://www.secuobs.com/revue/news/197488.shtmlhttp://www.secuobs.com/revue/news/197488.shtml 2010-03-03 05:54:37 - Infosecurity USA Latest News : Active network forensics company Solera Networks announced its partnership with EMC at RSA Conference 2010 on March 2 in San Francisco http://www.secuobs.com/revue/news/197471.shtmlhttp://www.secuobs.com/revue/news/197471.shtml 2010-03-03 05:19:54 - Cryptome : March 2, 2010 http://www.secuobs.com/revue/news/197459.shtmlhttp://www.secuobs.com/revue/news/197459.shtml 2010-03-03 05:03:37 - Infosecurity USA Latest News : A unique panel session convened at the RSA Conference in San Francisco today to discuss the pros and cons of social networking on the job, specifically by the under-30 set http://www.secuobs.com/revue/news/197456.shtmlhttp://www.secuobs.com/revue/news/197456.shtml 2010-03-02 23:02:09 - News : Software AG opened a beta version of its social network for business process management BPM on Tuesday, a year after it first announced the service IMAGE http://www.secuobs.com/revue/news/197332.shtmlhttp://www.secuobs.com/revue/news/197332.shtml 2010-03-02 23:00:33 - 4sysops : Submitted by Inian NetFlow Analyzer is a, web based, bandwidth monitoring, network forensics and network traffic analysis tool that has been optimizing thousands of networks across varied industries for peak performance and helping them to put their bandwidth for a better use NetFlow Analyzer gives detailed information on network bandwidth usage pattern for traffic analysis, capacity http://www.secuobs.com/revue/news/197320.shtmlhttp://www.secuobs.com/revue/news/197320.shtml 2010-03-02 22:38:00 - eSecurity Planet Features : At RSA, IBM announces it will expand its security portfolio with new static code analysis and secure Web services http://www.secuobs.com/revue/news/197311.shtmlhttp://www.secuobs.com/revue/news/197311.shtml 2010-03-02 22:03:26 - Tenable Network Security : Welcome to the Tenable Network Security Podcast - Episode 25 Announcements Two new blog posts have been released titled Implementing Perimeter Intrusion Detection and SecurityCenter 4 Introduction Also, Nessus 421 was released with support for Solaris and some significant performance http://www.secuobs.com/revue/news/197294.shtmlhttp://www.secuobs.com/revue/news/197294.shtml 2010-03-02 21:55:54 - Rootsecure.net : Gigaom How AT T Plans to Keep SXSW From Swamping Its Network http://www.secuobs.com/revue/news/197290.shtmlhttp://www.secuobs.com/revue/news/197290.shtml 2010-03-02 19:41:53 - Global Security Mag Online : Le lancement de la solution Cisco AnyConnect Secure Mobility ainsi que le déploiement de Cisco TrustSecTM sont les premiers éléments de cette nouvelle architecture La protection et la sécurité continues apportées par ces solutions sont d'autant plus importantes que les employés, de plus en plus mobiles, utilisent de nouveaux outils de collaboration et de communication reposant sur le Web Les approches de sécurité traditionnelles sont désormais devenues insuffisantes Cisco AnyConnect Secure - Produits http://www.secuobs.com/revue/news/197229.shtmlhttp://www.secuobs.com/revue/news/197229.shtml 2010-03-02 18:36:33 - threatpost The First Stop for Security News : The personal health and financial information stored in thousands of North American home computers may be vulnerable to theft through file-sharing software, according to a research study published online in the Journal of the American Medical Informatics Association Read the full article ScienceDaily Shorten URL http threatpostcom en_us 36P Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/197190.shtmlhttp://www.secuobs.com/revue/news/197190.shtml 2010-03-02 11:53:15 - Global Security Mag Online : Palo Alto Networks , spécialiste de la sécurité des réseaux, a renforcé son technologique et commercial avec un pare-feu de nouvelle génération Le nouveau logiciel PAN-OS 31 de Palo Alto Networks affine le contrôle des applications métier et Web 20 dans les entreprises et les environnements informatiques distribués La société vient de franchir la barre des 1000 clients, dont un certain nombre figurent au classement Fortune 500, telles que Constellation Energy, DTE Energy, Qualcomm et Western - Produits http://www.secuobs.com/revue/news/197082.shtmlhttp://www.secuobs.com/revue/news/197082.shtml 2010-03-02 07:58:40 - PenTestIT : keimpx can be used to quickly check for the usefulness of credentials across a network over SMB Credentials can be - Combination of user plain-text password - Combination of user NTLM hash - Combination of user NTLM logon session token If any valid credentials has been discovered across the network after its attack phase, IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/197030.shtmlhttp://www.secuobs.com/revue/news/197030.shtml 2010-03-02 06:42:08 - Security : IMAGE A team of Canadian medical researchers have inadvertently provided a very clear picture of the current state of the security risks posed by P2P networks The authors intended to determine whether P2P clients were exposing personal health information, but their approach downloading all files from a set of common document formats provided them a clear picture of just what's being made available on Gnutella and eDonkey personal identification, health, and medical information, and a healthy collection of trojans The motivation for the work is pretty simple With the increasing digitization of health records, individual users are more likely to exchange e-mails and files with their doctors, insurers, and other health care officials An obvious consequence is that personal health information PHI will end up on the users' hard drives, which creates a potential security hole In the past, the research team has found that they could scrounge PHI from roughly 10 percent of the used hard drives available through second-hand computing vendors Read the rest of this article Read the comments on this post IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/197020.shtmlhttp://www.secuobs.com/revue/news/197020.shtml 2010-03-02 03:21:29 - News : Has your 3G network ever suffered from conventionitis It's a condition known to strike when a few too many smart phone users take advantage of their provider's data network to share photos, inspirational quotes, bragging, video, and other goings-on in the midst of fine tech festivals and conferences such as South by Southwest SXSW , Macworld and WWDC IMAGE http://www.secuobs.com/revue/news/196980.shtmlhttp://www.secuobs.com/revue/news/196980.shtml 2010-03-02 03:21:29 - News : Following a ban on social networking by some sectors of the US Department of Defense, the agency has now decided that social networking is integral to its operations and is to be encouraged IMAGE http://www.secuobs.com/revue/news/196979.shtmlhttp://www.secuobs.com/revue/news/196979.shtml 2010-03-02 02:52:33 - Hack In The Box : As you may be aware, some customers have been unable to connect to the PlayStation Network today This problem affects the models other than the new slim PS3 We believe we have identified that this problem is being caused by a bug in the clock functionality incorporated in the system Errors include The date of the PS3 system may be re-set to Jan 1, 2000 When the user tries to sign in to the PlayStation Network, the following message appears on the screen â An error has occurred You have been signed out of PlayStation Network 8001050F â When the user tries to launch a game, the following error message appears on the screen and the trophy data may disappear â Failed to install trophies Please exit your gameâ When the user tries to set the time and date of the system via the Internet, the following message appears on the screen â The current date and time could not be obtained 8001050F â Users are not able to play back certain rental video downloaded from the PlayStation Store before the expiration date We hope to resolve this problem within the next 24 hours In the meantime, if you have a model other than the new slim PS3, we advise that you do not use your PS3 system, as doing so may result in errors in some functionality, such as recording obtained trophies, and not being able to restore certain data http://www.secuobs.com/revue/news/196961.shtmlhttp://www.secuobs.com/revue/news/196961.shtml 2010-03-02 01:52:33 - Symantec Security Response Podcasts : In this podcast, Sr Manager of Product Management, Mike Baldwin, provides an overview of the Symantec Protection Network and the Online Backup offering of the newly launched Symantec service For more information, visit wwwspncom http://www.secuobs.com/revue/news/196844.shtmlhttp://www.secuobs.com/revue/news/196844.shtml 2010-03-01 22:38:02 - Napera Networks : This morning we are excited to announce the release of the first app for Napera Insight, our breakthrough network management service in the cloud PC Security Informer helps IT managers prevent avoidable security compromises caused by missing security patches, ineffective antivirus and antispyware software and inoperative desktop firewalls It s a 100pourcents cloud based http://www.secuobs.com/revue/news/196727.shtmlhttp://www.secuobs.com/revue/news/196727.shtml 2010-03-01 20:34:44 - Rootsecure.net : BBC News Universities protest against government wi-fi plans Libraries and universities are protesting about plans to make them police users of wireless networks http://www.secuobs.com/revue/news/196682.shtmlhttp://www.secuobs.com/revue/news/196682.shtml 2010-03-01 19:23:37 - News : IMAGE http://www.secuobs.com/revue/news/196657.shtmlhttp://www.secuobs.com/revue/news/196657.shtml 2010-03-01 19:23:37 - News : Microsoft will install a plug-in for its Outlook 2010 e-mail application for Xing, a large professional networking site dominant in Germany, the companies said Monday IMAGE http://www.secuobs.com/revue/news/196656.shtmlhttp://www.secuobs.com/revue/news/196656.shtml 2010-03-01 17:48:48 - BreakingPoint Labs Blog : While catching up on security news and blogs the other day, I came across a blog post from ICSA Labs entitled Why a Test Lab Needs to be Wary of Commercial Exploit Packet Captures and thought that it would be a good conversation starter to inform our readers about how BreakingPoint approaches developing test cases for security device testing, our methodology behind why we develop our test cases the way we do, and the thought processes and conclusions behind those decisions First, it's important to note that ICSA's blog post is primarily talking about test tools that replay packet captures as their security tests While the BreakingPoint devices do provide a packet capture replay component, this component is not what we use for security testing The BreakingPoint devices provide a dedicated security component that execute packaged attacks targeting individual vulnerabilities that we call strikes Strikes are not packet captures, and we'll discuss how strikes operate and the benefits derived from them a little later in this post Toward the beginning of their blog post, ICSA wrote the following If ICSA Labs were to use one or more exploit packet captures created elsewhere, then we would be effectively vouching for the quality and accuracy of these packet captures But that is the problem we cannot vouch for their quality and accuracy This is also one of the primary reasons that we do not use packet captures of attack traffic that we have come across in our research However, we take it one step further and and don't even use packet captures created in-house We simply don't use packet captures for security testing at all, which brings me to the first subject I'd like to discuss Attack Realism -------------- Let's look at what ICSA has to say on attack realism using third-party packet captures ICSA Labs does not know whether the code for each would-be exploit actually works as expected Even if it did work, we cannot confirm that the would-be exploit was run against a vulnerable system when the capture was made And assuming it was a working exploit that was run against a vulnerable system, we do not know whether the attack succeeded when the packet capture was made Also, information in the commercial tool typically indicates at which vulnerability each exploit packet capture is aimed But again, a test lab has no reasonable way to confirm that To use the tool in this way ICSA Labs would have to make many assumptions and essentially trust an entity outside of our control The BreakingPoint Labs team builds each strike by hand after performing our own analysis of the vulnerability We have a high degree of certainty that our attacks are correct because we do this analysis and then we test the strikes afterward when possible against the actual vulnerable target Then, we use these strikes not packet captures of them in testing performed using the BreakingPoint device There are currently two ways to test using these strikes passing attack traffic through an intermediary Device Under Test DUT , and sending attack traffic directly to an endpoint DUT, which I'll cover next Attack Simulation ----------------- But what happens if the vendor's IPS proxies traffic or alters the content of traffic as some IPS products do Keep in mind that this is a replayed packet capture, not a live exploit If the commercial tool with its packet capture of an exploit is run against an IPS that does one of these things and the IPS fails to block the attack, did the IPS really fail Remember, the IPS modified the traffic on the line This is a valid concern when testing an intermediary DUT, and even more so when you're using static data from packet captures In this scenario, our strikes act as both the attacker and target, and send the attack traffic from one port on our device, through the DUT, and back to a second port In this way, it's really an attack simulation using real attack traffic because we're essentially sending traffic back to ourselves rather than a real target Because we know what valid attack traffic looks like for each individual iteration of the strike, we know what data we're sending, and we know what the data should look like when we the target receive it, if the DUT modifies the attack traffic in transit we consider the attack blocked as it is no longer the attack traffic that we sent and is invalid One-Arm Strikes ----------------- If the IPS vendor cannot reproduce the issue reported to them by the test lab, then the test lab should be able to confirm its findings in some way But minus the real attack and actual vulnerable system, that is either a very tall order or impossible Once again, we're in total agreement here, which is why we use real attacks To the extent possible, strikes that target servers can be run in one-arm mode where rather than passing attack traffic through a DUT and back to ourselves, the traffic is sent to the DUT as the attack's target server In this mode, strikes can be used to actually trigger vulnerabilities on actual vulnerable systems This is what test houses that use BreakingPoint devices like NSS do to verify that the test cases they are using are indeed valid, even though they are provided by BreakingPoint, their vendor Custom Strikes -------------- What if BreakingPoint doesn't have a strike for the vulnerability you want to test Or what if, like ICSA, you don't trust third party content at all Even though BreakingPoint provides you with real attacks packaged as strikes, users can easily develop their own strikes I won't cover this topic in any detail here, as we've already had a three part series 1, 2, 3 on this subject posted to the blog Strike Development Goals ------------------------ 1 Trigger Just the Vulnerability Use Unidentifiable Payloads One of the most frequently raised concerns about our strikes is that they contain no active payloads or executable shellcode This is by design Sure, network security devices often have filters for well-known shellcode and common payload encoders, and we have specific strike categories to test those specific cases, however if you are relying on the detection of such by your IPS to protect you from actual vulnerabilities then you have already failed Most network security devices are reactive in nature, and in order to detect a particular shellcode or payload encoder, it must first be aware of it and or have a filter for it We know there are payload encoders and shellcode out there that devices are unaware of, so we simulate this by using completely random data as our payloads This forces the DUT to identify attacks based on the properties of the vulnerability, not by relying on detecting known shellcode or a decoder stub from an encoded payload We focus entirely on triggering the vulnerability, not actually exploiting it with an operational payload 2 Randomness Uniqueness on the Wire ICSA Labs is unwilling to risk its reputation and the trust of end users through the use of packaged exploit packet captures in its testing All of the exploit packet captures we use in network IPS testing were captured here in the lab by our experts And in ALL cases, we are in a position to verify our coverage protection test results by running the real, live attack against the actual vulnerable system The problem with ICSA's approach here is that you're initially still testing with static packet captures Consider the scenario where you replay your packet capture of a malicious TIFF file traversing the wire The IPS under test blocks it, and you mark that as a success How do you know that if some unrelated parts of the TIFF file are modified, that the IPS won't miss it How do you know that if you add a whole lot of padding or superfluous structure to the file and move the evil from the beginning of the file to beyond the padding, that the IPS won't miss it If you're initially relying on packet captures of static attack traffic and then only breaking out the real exploits and targets when something seems amiss or a customer questions your tests, you're not being thorough in your testing BreakingPoint's approach to providing these various attack permutations is to identify all of the components of the attack that are absolutely essential for the attack to work and trigger the vulnerability We identify these values and their upper and lower bound thresholds as well as identify behavioral protocol and process interactions and what combination and permutations of these are valid We then develop our strikes to randomize these properties as much as possible while still conforming to the identified valid parameters Further, we randomize as much other data as possible that is not directly related to triggering the vulnerability while still remaining valid for whatever protocol, file format, or other data structure is being used in the attack All of this context information and the flexibility provided by dynamic test cases such as strikes as opposed to packet captures is the benefit we get from performing the vulnerability analysis ourselves, understanding the operational bounds of the data involved, and developing strikes that launch attacks that actually utilize that knowledge You can read more about this subject in one of my previous blog posts, File Format Vulnerabilities and Dynamic Exploit Generators 3 Evasions To further the previous point, BreakingPoint can optionally also mutate attack traffic by employing various evasion techniques When you combine evasion techniques such as IP fragmentation with fragment reordering, using various text encoding methods, and HTTP chunked encoding transmission, among others, with the randomization of the attack traffic that we are already performing as outlined in the previous section, nearly endless permutations of a single attack are dynamically generated which using static packet captures simply can't compete with Forgive me for quoting a deodorant commercial, but anything less would be uncivilized For much more in-depth information on the subject of evasions, please see our recent webcast entitled Harden Security Devices Against Increasingly Sophisticated Evasions or this previous blog post on the subject Conclusion ---------- I hope you enjoyed this look into the BreakingPoint strike development and security device testing mindset and found the information both useful and enlightening Please do follow some of the links above as there is much more information available about the topics discussed http://www.secuobs.com/revue/news/196618.shtmlhttp://www.secuobs.com/revue/news/196618.shtml 2010-03-01 14:08:49 - Security Bloggers Network : NetworkMashupxls is a spreadsheet with VBA macros I scraped from the Internet to execute pings and name address resolution from within Excel with WIN32 API calls Not only is it handy when you need to do some network mapping in a restricted environment, but also if you ve just a list of machines to monitor The spreadsheet contains several http://www.secuobs.com/revue/news/196571.shtmlhttp://www.secuobs.com/revue/news/196571.shtml 2010-03-01 14:05:36 - The Tech Herald Security News : CertiVox, a start-up founded by ex-executives - one from RSA Security and McAfee, another from DAT Group and altaVENTE Ltd - is going against the grain and traditional methods used to offer DRM by selling a personal distribution network service not to businesses, but end users themselves http://www.secuobs.com/revue/news/196567.shtmlhttp://www.secuobs.com/revue/news/196567.shtml 2010-03-01 11:38:30 - SecurityPark.net : Axis Communications' network video cameras are playing a key role in a comprehensive safe school project in Portugal In total, more than 12,000 network cameras will be installed in order to increase security in public schools in a cost-effective way The installation started in August 2009 and is expected to continue during 2010 The selected network camera models are the AXIS 225FD for the in more http://www.secuobs.com/revue/news/196536.shtmlhttp://www.secuobs.com/revue/news/196536.shtml 2010-03-01 09:45:17 - News : Sony's PlayStation Network has been hit by a glitch that has left users on all continents unable to connect to the online service, the company said Monday IMAGE http://www.secuobs.com/revue/news/196513.shtmlhttp://www.secuobs.com/revue/news/196513.shtml 2010-03-01 09:31:40 - Rootsecure.net : Network World Another case of MacBook-based spying on students Maybe not http://www.secuobs.com/revue/news/196509.shtmlhttp://www.secuobs.com/revue/news/196509.shtml 2010-03-01 09:31:40 - Rootsecure.net : Network World Perfume business rescued from DDoS attack http://www.secuobs.com/revue/news/196506.shtmlhttp://www.secuobs.com/revue/news/196506.shtml 2010-03-01 08:42:34 - SecurityPark.net : Korenix has announced that its JetNet 4506- M12 RJ Outdoor Surveillance Managed Ethernet Switches now incorporate the new LLDP feature and can work with Korenix patented JetView Pro to provide auto-topology visualization to efficiently manage industrial network performance in IP surveillance networks The 6 Fast Ethernet ports of the switches come with rugged IP67 grade RJ45 and IP68 grade M12 more http://www.secuobs.com/revue/news/196502.shtmlhttp://www.secuobs.com/revue/news/196502.shtml 2010-03-01 07:56:21 - Didier Stevens : NetworkMashupxls is a spreadsheet with VBA macros I scraped from the Internet to execute pings and name address resolution from within Excel with WIN32 API calls Not only is it handy when you need to do some network mapping in a restricted environment, but also if you ve just a list of machines to monitor The spreadsheet contains several http://www.secuobs.com/revue/news/196496.shtmlhttp://www.secuobs.com/revue/news/196496.shtml 2010-03-01 04:38:46 - Office of Inadequate Security : Over the weekend, I added 19 financial, 21 business, 4 healthcare, 1 government and 1 not-for-profit breaches thanks to the Maryland Attorney General s Office updating their web site You may also be interested in reading how much manpower was involved in trying to identify whose data and what kinds of data were in the audio and http://www.secuobs.com/revue/news/196480.shtmlhttp://www.secuobs.com/revue/news/196480.shtml 2010-02-28 12:28:21 - Security Bloggers Network : I thought it was about time I resurrected the IT Security Expert Podcast, so I dusted off my podcast mic and put together a podcast on using Social Networking safely This podcast is aimed at day to day people outside the security industryhttp itsec http://www.secuobs.com/revue/news/196361.shtmlhttp://www.secuobs.com/revue/news/196361.shtml 2010-02-27 23:58:29 - Rootsecure.net : Wi-Fi Networking News Another, Better TKIP Attack That's Still Limited pdf http://www.secuobs.com/revue/news/196311.shtmlhttp://www.secuobs.com/revue/news/196311.shtml 2010-02-27 04:55:23 - News : Cleversafe today announced upgrades to its storage servers and management appliances as well as a bundled product that offers up to 432TB of capacity in a single, preconfigured cabinet IMAGE http://www.secuobs.com/revue/news/196164.shtmlhttp://www.secuobs.com/revue/news/196164.shtml 2010-02-27 00:44:59 - eSecurity Planet Features : Columnist Sonny Discini takes a stand against outmoded security policies and points out flaws in the conventional wisdom http://www.secuobs.com/revue/news/196111.shtmlhttp://www.secuobs.com/revue/news/196111.shtml 2010-02-26 17:11:26 - ICSA Labs What's New for Network IPS : ICSA Labs today published a network IPS testing report for Stonesoft The report focuses on the security coverage protection aspects of testing across all previous testing iterations up to now In addition to helping decision makers purchase the right IPS, the report includes graphs of interesting trends we have observed in our testing of Stonesoft's IPS Also because the format for the report is new, let us know what you think Send us an e-mail with your comments IMAGE http://www.secuobs.com/revue/news/195954.shtmlhttp://www.secuobs.com/revue/news/195954.shtml 2010-02-26 14:01:43 - eWeek Security Watch : Abandoned or unmanaged social networking accounts have become a major point of risk related to the applications IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/195915.shtmlhttp://www.secuobs.com/revue/news/195915.shtml 2010-02-26 13:45:22 - SecurityPark.net : The City of St Cloud, Florida, has deployed Axis network cameras at its water and wastewater plants as a first step in modernizing its existing analog video surveillance capabilities St Cloud's most recent video surveillance project for the water and wastewater treatment plants was originally designed for analog cameras However, after completing an ROI project analysis with security integr more http://www.secuobs.com/revue/news/195904.shtmlhttp://www.secuobs.com/revue/news/195904.shtml 2010-02-26 07:59:06 - Rational Survivability : About a year before I started working at the Jolly Green Giant Cisco I had a rather loud and addictive hobby that was focused on proving that Cisco would offer a third party virtual switch for VMware environments This sort of unhealthy fascination also dovetailed with another related to Project California which later became the http://www.secuobs.com/revue/news/195837.shtmlhttp://www.secuobs.com/revue/news/195837.shtml 2010-02-26 05:45:18 - SecurityTube.Net : How to Audit WPA Networks Video Tutorial IMAGE http://www.secuobs.com/revue/news/195814.shtmlhttp://www.secuobs.com/revue/news/195814.shtml 2010-02-26 04:21:45 - The Academy Pro : Today we have three Network Critical videos The featured video of the day demonstrates how to configure SNMP authentication traps We also take a look at locking unused ports and autolocking ports You can follow The Academy Pro updates on Twitter and Feedburner Thank you all for your on-going support and recommendations Peter Giannoulis The Academy Pro wwwtheacademyprocom This update has http://www.secuobs.com/revue/news/195787.shtmlhttp://www.secuobs.com/revue/news/195787.shtml 2010-02-26 01:26:24 - Hack In The Box : A network breach can be a nightmare scenario for your enterprise In addition to being an embarrassment to the company, it can cost millions of dollars to clean up and can irreparably harm a good reputation that has taken several years to build Heartland Payment Systems dominated security headlines with its massive data breach that compromised the identity of about 130 million customers According to reports, that breach has cost the credit card processing company 126 million in legal fees and fines alone The fifth annual â US Cost of a Data Breach Studyâ conducted by the Ponemon Institute shows that, in 2009, network breaches cost organizations an average of 204 per compromised record Additionally, the cost of a data breach has risen each year the Ponemon Institute has conducted the survey http://www.secuobs.com/revue/news/195752.shtmlhttp://www.secuobs.com/revue/news/195752.shtml 2010-02-26 01:26:24 - Hack In The Box : Social networks and other collaborative Web 20 sites illustrate an interesting case of cognitive dissonance within todayâ s business community Many IT executives view them as just another time-wasting Internet pariah like shopping, sports, or video streaming sites In fact, a survey last fall by Robert Half Technology of more than 1,400 CIOs found that 54pourcents donâ t allow employees to visit social networking sites at work for any reason Bolstering this response, Ciscoâ s wwwciscocom ScanSafe Web content filtering unit found a 20pourcents increase, to 76pourcents of their customers, in the number of companies blocking social networking sites, which was the highest level for any filtering category While management frets over the effect of social networks on employee productivity and company reputation, their workers have a different view An April 2009 study by Deloitte LLP found that 22pourcents of employees use social networking sites at work five times a week, and 53pourcents feel these activities are none of the companyâ s business http://www.secuobs.com/revue/news/195751.shtmlhttp://www.secuobs.com/revue/news/195751.shtml 2010-02-25 23:55:33 - No Tricks : Microsoft Research has released a new Excel 2007 add-in for rendering network visualizations NodeXL is a powerful and easy-to-use interactive network visualisation and analysis tool that leverages the widely available MS Excel application as the platform for representing generic graph data, performing advanced network analysis and visual exploration of networks The tool supports multiple social network data providers that import graph data nodes and edge lists into the Excel spreadsheet The graph visualizations seem stunning for Excel An example is shown below from Visual Business Intelligence, where the graph depicts shared Board memberships of major US companies image More information on using NodeXL and the external people Microsoft collaborated with to create the tool can be found here at CodePlex http://www.secuobs.com/revue/news/195718.shtmlhttp://www.secuobs.com/revue/news/195718.shtml 2010-02-25 22:31:15 - News : The US Federal Communications Commission will ask Congress for US 16 billion to 18 billion to pay for building and maintaining a nationwide mobile broadband network for emergency response agencies, including police and fire departments IMAGE http://www.secuobs.com/revue/news/195699.shtmlhttp://www.secuobs.com/revue/news/195699.shtml 2010-02-25 21:55:11 - eSecurity Planet Features : SQL injection attacks pose a massive potential threat to your organization Learn ten ways to prevent or mitigate them http://www.secuobs.com/revue/news/195682.shtmlhttp://www.secuobs.com/revue/news/195682.shtml 2010-02-25 18:18:54 - Graham Cluley's blog : Sally in the marketing department has put together a really handy package, which will help you educate your users about social networking threats And the best news of all is that it's completely free Tell us all about it Sally Hi, I'm Sally Adam from the Sophos marketing team and I'm hijacking Graham's blog to http://www.secuobs.com/revue/news/195613.shtmlhttp://www.secuobs.com/revue/news/195613.shtml 2010-02-25 17:28:43 - Infosecurity USA Latest News : Researchers have combined stolen web browser history data with membership of social networking groups to identify large numbers of users who would otherwise be anonymous, it was revealed this week http://www.secuobs.com/revue/news/195586.shtmlhttp://www.secuobs.com/revue/news/195586.shtml 2010-02-25 03:52:06 - The Tech Herald Security News : Zscaler recently published their quarterly report on the State of the Web for Q4 2009 In it, they examine Web traffic passed through their global network to detail attack trends including botnet traffic, Internet access policy, and the use of outdated browsing software In their report, Zscaler noted that when it comes to attacks online, criminals are persistent if nothing else http://www.secuobs.com/revue/news/195360.shtmlhttp://www.secuobs.com/revue/news/195360.shtml 2010-02-25 01:21:42 - Hack In The Box : Simply joining a few groups at social networking sites may reveal enough information for hackers to personally identify you, according to some recent computer science research In a paper that will be presented at a security conference later this year, an international team of academics describes how they were able to build membership sets using information that social networking sites make available to the public, and then leverage an existing attack on browsing history to check for personal identity That information, they argue, can then be combined with other data to create further security risks, such as a personalized phishing attack The vulnerability of social networking groups is the product of a few decisions that require a balancing between security and usability The first takes the form of providing unique identifying information for groups Many social networking sites simply track groups like science writers or Ars Technica fans by IDs in the form of integers These IDs make their way into a browser's history because they're often incorporated into a URL via HTTP GET, which sends information to servers via variables incorporated into the URL http://www.secuobs.com/revue/news/195334.shtmlhttp://www.secuobs.com/revue/news/195334.shtml 2010-02-25 01:21:42 - Hack In The Box : Cisco Systems Inc CSCOO will announce in March new technology for communications service providers to offer more advanced, high-speed Internet connections, a source familiar with the plan said on Wednesday The move comes as the US Federal Communications Commission plans to demand faster Internet speeds as part of its National Broadband Plan to be unveiled on March 17 Cisco said on Wednesday it will unveil technology on March 9 that will forever change the Internet On its website, the network equipment maker said the change would show what's possible when networking gets an adrenaline boost http://www.secuobs.com/revue/news/195320.shtmlhttp://www.secuobs.com/revue/news/195320.shtml 2010-02-25 00:51:02 - Security Bloggers Network : A group of researchers have discovered a simple way to reveal the identity of a user based on his interactions with social networks The deanonymization attack uses social network groups as well as some traditional browser history-stealing tactics to narrow down and find the user behind the browser Check out the article Dark Reading Related Posts Card http://www.secuobs.com/revue/news/195312.shtmlhttp://www.secuobs.com/revue/news/195312.shtml 2010-02-24 23:49:25 - Security Bloggers Network : Get your votes and comments in because there is only a few more days left for this month s Security Poll Related Posts Security Poll on Social NetworksSecurity Poll on Social NetworksRecognizing Fraudulent Web AddressesCompliance in 2010Dilbert Project ManagementPowered by Contextual Related Posts http://www.secuobs.com/revue/news/195295.shtmlhttp://www.secuobs.com/revue/news/195295.shtml 2010-02-24 23:17:51 - eSecurity Planet Features : The Texas-based company is in the process of deploying a secure network of more than 3,000 video cameras covering 335 buildings throughout its home state http://www.secuobs.com/revue/news/195281.shtmlhttp://www.secuobs.com/revue/news/195281.shtml 2010-02-24 22:38:07 - Hot Security News : Palo Alto Networks, the network security company, has extended its technology and market leadership with new next-generation firewall software and a major customer milestone With its PAN-OS 31 software, Palo Alto Networks enables finer-grained control over business and Web 20 applications for enterprises and distributed computing environments The company has surpassed the 1,000 enterprise customer milestone, which includes Fortune 500 organizations such as Constellation Energy, DTE Energy, Qualcomm and Western Southern Financial Group IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/195259.shtmlhttp://www.secuobs.com/revue/news/195259.shtml 2010-02-24 18:51:32 - Help Net Security News : PandaLabs has reported the appearance of a new worm, FTLogA, which spreads through the popular Fotolog social networking site This foto-blogging portal is used by almost 30 million users around the http://www.secuobs.com/revue/news/195161.shtmlhttp://www.secuobs.com/revue/news/195161.shtml 2010-02-24 16:52:27 - securitystream.info : Faked femtocells will eff up your ess Malware on smartphones is just the first in a series of new security threats for mobile networks ushered in by the embrace of internet technologies, according to mobile phone encryption firms Related posts 1 Mobile-Phone GSM Encryption Has Been Cracked 2 VeriSign Identity Protection Access for Mobile Wins 2009 Mobile Star Awards 3 Juniper and Nokia Siemens Networks Introduce New Security Solutions http://www.secuobs.com/revue/news/195115.shtmlhttp://www.secuobs.com/revue/news/195115.shtml 2010-02-24 13:12:26 - SecurityPark.net : Samsung has launched two new high performance iPOLiS network domes Samsung's new network PTZ dome cameras, the SNP-3350 and SNP-3750 incorporate an MPEG-4 JPEG dual codec to allow multi-streaming of high resolution real-time images at 25 frames per second Both of the recently launched models can simultaneously stream up to six different channels of MPEG-4 or JPEG video at 4-CIF, CIF or QCIF more http://www.secuobs.com/revue/news/195039.shtmlhttp://www.secuobs.com/revue/news/195039.shtml 2010-02-24 07:20:48 - DarkReading All Stories : Seeking proposals for a system that ensures cyber operations aren't shut down in the event of a cyber war http://www.secuobs.com/revue/news/194976.shtmlhttp://www.secuobs.com/revue/news/194976.shtml 2010-02-24 06:42:39 - Network Security Podcast : It was one of those nights where just about everything that could go wrong did The firewire module in Martin s mixer died just before recording Rich got a call about halfway through the recording Zach was suspiciously lacking in rage Like I said, just about everything was wrong tonight But we pulled it off despite http://www.secuobs.com/revue/news/194968.shtmlhttp://www.secuobs.com/revue/news/194968.shtml 2010-02-24 05:56:59 - Stratagem 13 : Recognizr Phone App Helps You Identify And Friend Strangers Through Face Recognition, Social Networking http://www.secuobs.com/revue/news/194963.shtmlhttp://www.secuobs.com/revue/news/194963.shtml 2010-02-24 05:53:29 - Security Database Tools Watch : dnsmap aka subdomains bruteforcer was originally released back in 2006 and was inspired by the fictional story The Thief No One Saw by Paul Craig, which can be found in the book Stealing the Network - How to 0wn the Box dnsmap is mainly meant to be used by pentesters during the information gathering enumeration phase of infrastructure security assessments During the enumeration stage, the security consultant would typically discover the target company's IP netblocks, domain - Security Tools Enumeration, Information Gathering, Network Discovery, dnsmap IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/194961.shtmlhttp://www.secuobs.com/revue/news/194961.shtml 2010-02-24 02:11:36 - Hack In The Box : Intel Corp was the target of cyber attacks in January, around the same time of the reported cyber attacks on Google Inc, the chip giant said in a regulatory filing Intel INTC 2040, 001, 006pourcents disclosed the incident in a Securities and Exchange Commission filing on Monday in which it listed cyber attacks as among the risk factors facing the semiconductor company These attempts, which might be the result of industrial or other espionage, or actions by hackers seeking to harm the company, its products, or end users, are sometimes successful, Intel said One recent and sophisticated incident occurred in January 2010 around the same time as the recently publicized security incident reported by Google, the company said http://www.secuobs.com/revue/news/194895.shtmlhttp://www.secuobs.com/revue/news/194895.shtml 2010-02-24 01:18:22 - LinuxSecurity.com Latest News : LinuxSecuritycom The Federal Trade Commission today finally voiced concern about the long-known problem of data leaking into criminal hands via LimeWire, BearShare, Kazaa and dozens of other peer-to-peer P2P file sharing networks http://www.secuobs.com/revue/news/194880.shtmlhttp://www.secuobs.com/revue/news/194880.shtml 2010-02-23 21:34:58 - Computer Security News : February 22, 2010, 04 59 PM - - No one likes to be hated, but if you're running a small business, sometimes you've got to take security measures that will make your employees really angry http://www.secuobs.com/revue/news/194806.shtmlhttp://www.secuobs.com/revue/news/194806.shtml 2010-02-23 21:25:00 - eSecurity Planet Features : 3Com announced Monday a trio of new products including a new switching platform and a pair new security initiatives from its TippingPoint security division http://www.secuobs.com/revue/news/194802.shtmlhttp://www.secuobs.com/revue/news/194802.shtml 2010-02-23 20:43:50 - Securosis Blog : Over the next 3 days, we'll be posting the content from the Securosis Guide to the RSA Conference 2010 We broke the market into 8 different topics Network Security, Data Security, Application Security, Endpoint Security, Content web email Security, Cloud and Virtualization Security, Security Management and Compliance For each section, we gave a little history and what we expect to see at the show First up is Network Security Network Security Since we ve been connecting to the Internet, people have been focused on network security, so the sector has gotten reasonably mature As such, there has been a distinct lack of innovation over the past few years There have certainly been hype cycles NAC, anyone , but most organizations still focus on the basics of perimeter defense That means intrusion prevention IPS and reducing complexity by collapsing a number of functions into an integrated unified threat management UTM device What We Expect to See --------------------- There are four areas of interest at the show relative to network security Application Awareness This is the ability for devices to decode and protect against application layer attacks Since most web applications are encapsulated in HTTP port 80 or HTTPS port 443 traffic, to really understand what s happening it s important for network devices to dig into each packet and understand what the application is doing This capability is called deep packet inspection DPI and most perimeter devices claim to provide this capability, making for a confusing environment, with tons of unsubstantiated vendor claims The devil is in the details of how each vendor implements DPI, so focus your questions on which protocols they understand and what kinds of policies and reporting are available on a per-protocol basis Speeds and Feeds As with most mature markets, especially on the network, at some point it gets down to who has the biggest and fastest box Doing this kind of packet decodes and attack signature matching requires a lot of horsepower, and we are seeing 20gbps IPS devices appear You will also see blade architectures on integrated perimeter boxes, and other features focused on adding scale to the environment as customer networks continue to go faster Since every organization has different requirements, spend some time ahead of the show on understanding what you need and how you d like to architect your network security environment Get it down on a single piece of paper and head down to the show floor When you get to the vendor booth, find an SE don t waste time with a sales person and have them show you how their product s can meet your requirements They ll probably want to show you their fancy interface and some other meaningless crap Stay focused on your issues and don t leave until you understand in your gut whether the vendor can get the job done Consolidation and Integration After years of adding specific boxes to solve narrow problems, many organizations perimeter networks are messes Thus the idea of consolidating both boxes with bigger boxes and functions with multi-function devices continues to be interesting There will be lots of companies on the show floor talking about their UTM devices, targeting small companies and large with similar equipment Of course, the needs of the enterprise fundamentally differ from small business requirements, so challenge how well suited any product is for your environment That means breaking out your marker again, and having the SEs on the show floor show you how their integrated solutions can solve your problems Also challenge them on architecture, given that the more a box needs to do firewall, IPS, protocol decode, content security, etc the lower its throughput Give vendor responses the sniff test and invite those that pass in for a proof of concept Forensics With the acknowledgement that we cannot detect some classes of attacks in advance, forensics and full packet capture gear will be high profile at this year s conference This actually represents progress, although you will see a number of vendors talking about blocking APT-like attackers The reality is as we ve been saying for a long time via the React Faster doctrine that you can t stop the attacks not all of them, anyway , so you had better figure out sooner rather than later that you have been compromised, and then act accordingly The key issues around forensics are user experience, chain of custody, and scale Most of today s networks generate a huge amount of data, and you ll have to figure out how to make that data usable, especially given the time constraints inherent to incident response You also need to get comfortable with evidence gathering and data integrity, since it s easy to say the data will hold up in court, but much harder to make it do so And for those of you who cannot stand the suspense, you can download the entire guide PDF - Mike Rothman 0 Comments http://www.secuobs.com/revue/news/194787.shtmlhttp://www.secuobs.com/revue/news/194787.shtml 2010-02-23 19:51:01 - Network World on Security : You've been hit by a social network scam on Twitter and don't know how to warn your contacts Mary Landesman of ScanSafe offers four simple, clear steps to help protect your contacts http://www.secuobs.com/revue/news/194773.shtmlhttp://www.secuobs.com/revue/news/194773.shtml 2010-02-23 17:12:38 - Cryptome : February 16, 2010 http://www.secuobs.com/revue/news/194696.shtmlhttp://www.secuobs.com/revue/news/194696.shtml 2010-02-23 15:07:58 - ITAC Blog : Yesterday, the Federal Trade Commission FTC announced that it has notified almost 100 organizations that personal information, including sensitive data about customers and or employees, has been shared from the organizations computer networks and is available on peer-to-peer P2P file-sharing networks to any users of those networks, who could use it to commit identity theft or http://www.secuobs.com/revue/news/194625.shtmlhttp://www.secuobs.com/revue/news/194625.shtml 2010-02-23 14:14:57 - security_watchdog : Security-as-a-service firm ScanSafe, now part of the Cisco fold, has decided to share some advice on what users should do if they fall victim to a phishing scam pushed out via social networking sites Phishing scams are becoming increasingly popular via social networking sites, as they try to tap the implicit trust users have in their friends' or followers' messages By hacking users' accounts, sending out messages to their friends and using social engineering techniques to get them to click on malicious links in these messages, cyber criminals have been able to harvest a rich bounty of user credentials - many of which can then be exploited on other sites such as online banking According to ScanSafe senior security researcher Mary Landesman, there should be an ABC of proper etiquette after suffering one of these scams acknowledge the attack to anyone affected be detailed in telling them what might have happened as a result use the attack as an opportunity to caution friends followers in case it happens again If sending out an apology to their followers after their account has been hacked and malicious messages sent out, users should never stick another link in the message, she advised Using as few words as possible, try to include enough details about the message sent so folks can identify it, ended with a brief 'I'm sorry', said Landesman Another best practice tip Landesman gave was that when sending legitimate links, users steer clear of generic messages, which are usually used by cyber criminals Get in the habit of including some identifying info so that the recipient can tell that the human you really did intend to send it, she said For example, instead of sending 'check out this funny video', always include more specifics like, 'funny video - reminds me of that crazy guy we saw on the beach in the Bahamas' If enough folks adopted this habit, it would become much easier to distinguish the really generic messages as being likely phishing malware attacks All good advice, although some stronger content filtering technology from the likes of Twitter would also help matters no doubt http://www.secuobs.com/revue/news/194605.shtmlhttp://www.secuobs.com/revue/news/194605.shtml 2010-02-23 14:03:52 - threatpost The First Stop for Security News : The Federal Trade Commission today finally voiced concern about the long-known problem of data leaking into criminal hands via LimeWire, BearShare, Kazaa and dozens of other peer-to-peer p2p file sharing networks The FTC put nearly 100 companies and agencies on notice that their employees appear to be regularly leaking large amounts of sensitive customer and employee data on popular peer-to-peer, or P2P, file-sharing networks Read the full story The Last Watchdog Shorten URL http threatpostcom en_us 379 Click to copy to clipboard or post to Twitter http://www.secuobs.com/revue/news/194603.shtmlhttp://www.secuobs.com/revue/news/194603.shtml 2010-02-23 13:12:47 - SecurityPark.net : Hardware security modules HSMs are widely accepted as industry best practice for protecting cryptographic keys and for performing encryption and digital signing HSMs provide a cost-effective way to increase the security of software-based systems, enforcing access control and key management policies within a tamper-resistant security environment Thales has announced nShield Connect 500 and more http://www.secuobs.com/revue/news/194591.shtmlhttp://www.secuobs.com/revue/news/194591.shtml 2010-02-23 04:28:41 - New RFCs : 64KB RANGER is an architectural framework for scalable routing and addressing in networks with global enterprise recursion The term enterprise network within this context extends to a wide variety of use cases and deployment scenarios, where an enterprise can be as small as a Small Office, Home Office SOHO network, as dynamic as a Mobile Ad Hoc Network, as complex as a multi-organizational corporation, or as large as the global Internet itself Such networks will require an architected solution for the coordination of routing and addressing plans with accommodations for scalability, provider-independence, mobility, multihoming, and security These considerations are particularly true for existing deployments, but the same principles apply even for clean-slate approaches The RANGER architecture addresses these requirements and provides a comprehensive framework for IPv6 IPv4 coexistence This document is not an Internet Standards Track specification it is published for informational purposes http://www.secuobs.com/revue/news/194460.shtmlhttp://www.secuobs.com/revue/news/194460.shtml 2010-02-23 03:31:02 - Hack In The Box : The ever-increasing amount of information we post on social networking sites is leaving us vulnerable to criminals Whether it's birthdates, home addresses or where we're planning to go on holiday, these details can be a goldmine to criminals You'll be amazed how little information criminals need to carry out an ID theft Similarly, mentioning that you're stuck at work might seem innocent enough, you've actually just advertised to burglars that your home is going to be empty for some time To highlight just how many people are leaving themselves vulnerable through what they disclose on the internet, a Dutch website called Please Rob Me is posting live updates sent by users declaring when they are not at home - and thus at risk of burglary http://www.secuobs.com/revue/news/194417.shtmlhttp://www.secuobs.com/revue/news/194417.shtml 2010-02-22 21:40:14 - News : While the communications networks that aid groups set up quickly following the earthquake in Haiti were surely critical to rescue efforts, the new networks have had some negative effects on the local ISP community IMAGE http://www.secuobs.com/revue/news/194305.shtmlhttp://www.secuobs.com/revue/news/194305.shtml 2010-02-22 19:03:41 - News : Alcatel-Lucent wants to make it easier for developers to use data and features in operator networks, including billing, location and presence information Today it is too complicated and expensive, and changing that would result in cooler applications, according to the telecom vendor IMAGE http://www.secuobs.com/revue/news/194245.shtmlhttp://www.secuobs.com/revue/news/194245.shtml 2010-02-22 18:55:24 - Tenable Network Security : Welcome to the Tenable Network Security Podcast - Episode 24 Announcements Two new blog posts have been released titled Not Just for Health Care Providers Any More - HITECH for Business Partners and Nessus Plugin Spotlight Linksys Router Detection Come http://www.secuobs.com/revue/news/194238.shtmlhttp://www.secuobs.com/revue/news/194238.shtml 2010-02-22 13:33:58 - Global Security Mag Online : Aruba Networks, Inc, acteur des réseaux sans fil 80211n et des solutions sécurisées de mobilité, annonce être à nouveau positionné en tant que Leader dans le Magic Quadrant 2009 de Gartner dédié aux infrastructures LAN sans fil Pour Gartner, Les équipementiers considérés comme leaders, sont ceux qui ont prouvé leur capacité à répondre aux nombreux besoins clients, à proposer des solutions d'infrastructure de bout en bout et à démontrer leur solidité financière, qui sont autant de gages d'un - Magic Quadrant http://www.secuobs.com/revue/news/194118.shtmlhttp://www.secuobs.com/revue/news/194118.shtml 2010-02-22 11:38:44 - SecurityPark.net : The price of a file of user credentials - known as a 'dump' in hacking circles - depends greatly on the Internet service s where they can be used The rapid evolution of Web 20 services and the parallel world of cybercrime is driving a revolution in the price that criminals charge each other for user credentials Amichai Shulman, Imperva's chief technology officer, said Just five years ago, more http://www.secuobs.com/revue/news/194075.shtmlhttp://www.secuobs.com/revue/news/194075.shtml 2010-02-22 10:31:52 - Darknet The Darkside : http://www.secuobs.com/revue/news/194065.shtmlhttp://www.secuobs.com/revue/news/194065.shtml 2010-02-22 01:33:41 - SearchSecurity.com.au Analysis Commentary : Learn four ways to secure Windows networks in this tip IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/193985.shtmlhttp://www.secuobs.com/revue/news/193985.shtml 2010-02-21 02:40:12 - Chick Bits : http://www.secuobs.com/revue/news/193904.shtmlhttp://www.secuobs.com/revue/news/193904.shtml 2010-02-20 22:10:29 - Research Library : Stand by for our network security page http://www.secuobs.com/revue/news/193876.shtmlhttp://www.secuobs.com/revue/news/193876.shtml 2010-02-19 23:30:08 - News : Social networking is providing new ways for businesses to unlock tacit knowledge within their organizations, according to Dr David Jacobson, director of emerging technologies at PricewaterhouseCoopers PwC Canada IMAGE http://www.secuobs.com/revue/news/193688.shtmlhttp://www.secuobs.com/revue/news/193688.shtml 2010-02-19 19:07:26 - News : Golfer and purported sex addict Tiger Woods plans press conference that could bring corporate networks to their knees as employees log on to watch live streaming via the Internet IMAGE http://www.secuobs.com/revue/news/193606.shtmlhttp://www.secuobs.com/revue/news/193606.shtml 2010-02-19 19:07:26 - News : Maybe someone at Staples believes the Easy Button is real technology How else does one explain the office supply chain's announcement last week that it is branching out to become a one-stop provider of data center and network services for corporate customers of all sizes IMAGE http://www.secuobs.com/revue/news/193602.shtmlhttp://www.secuobs.com/revue/news/193602.shtml 2010-02-19 11:18:39 - Network World on Security : When you use the public cloud, is your data in the public space According to the Department of Justice it is In a number of cases, the Justice Department is asserting that data help by a third party, such as a cellular service provider or a hosting provider, can be demanded by government agents without a warrant http://www.secuobs.com/revue/news/193494.shtmlhttp://www.secuobs.com/revue/news/193494.shtml 2010-02-19 10:42:25 - Global Security Mag Online : ARKOON Network Security, fournisseur de solutions de sécurité, renforce son Top Management en annonçant les nominations de Gilles D'Arpa et Christophe Grangeon Cette annonce s'inscrit dans le cadre de la nouvelle organisation du groupe, formalisée à l'occasion du récent rachat de l'éditeur SkyRecon en fin d'année 2009 Désormais, ARKOON Network Security s'appuiera sur deux Business Unit afin de commercialiser ses produits et solutions Dans le cadre de leur mission, Gilles D'Arpa et Christophe - Business http://www.secuobs.com/revue/news/193476.shtmlhttp://www.secuobs.com/revue/news/193476.shtml 2010-02-19 09:15:15 - SecurityPark.net : Napatech has announced the introduction of full IPv6 support in all Napatech PCI-Express network adapters IPv6 usage is expected to grow with IPv4 addresses running out and the number of Internet users set to increase by 45pourcents over the next 5 years Napatech has therefore ensured that the advanced packet capture, analysis and transmission capabilities offered for IPv4 today are also supported for I more http://www.secuobs.com/revue/news/193470.shtmlhttp://www.secuobs.com/revue/news/193470.shtml 2010-02-19 06:30:57 - Security Bloggers Network : PandaLabs detected a new worm, SpybotAKB, which spreads using P2P programs copying itself to the usual shared folders with different names and also via e-mail Check out the article - Help Net Security http://www.secuobs.com/revue/news/193452.shtmlhttp://www.secuobs.com/revue/news/193452.shtml 2010-02-18 21:51:08 - News : New website pleasrobmecom helps thieves by listing potentially empty homes But it's done with information posted voluntarily on Twitter IMAGE http://www.secuobs.com/revue/news/193301.shtmlhttp://www.secuobs.com/revue/news/193301.shtml 2010-02-18 19:56:05 - Help Net Security News : PandaLabs detected a new worm, SpybotAKB, which spreads using P2P programs copying itself to the usual shared folders with different names and also via e-mail What s new about this worm is th http://www.secuobs.com/revue/news/193254.shtmlhttp://www.secuobs.com/revue/news/193254.shtml 2010-02-18 12:43:04 - Security Bloggers Network : http://www.secuobs.com/revue/news/193133.shtmlhttp://www.secuobs.com/revue/news/193133.shtml 2010-02-18 12:08:32 - SecurityPark.net : Connetquot Central School District of Islip in Long Island, NY, is using Axis network cameras to enhance the security and safety of its public school students and facilities Connetquot is comprised of 11 schools located as far as 15 miles apart within the hamlets of Ronkonkoma, Bohemia and Oakdale, close to the geographic center of Long Island, about 50 miles east of New York City There are s more http://www.secuobs.com/revue/news/193128.shtmlhttp://www.secuobs.com/revue/news/193128.shtml 2010-02-18 11:41:56 - News : A group of 16 Utah towns that operate a fiber-optic network want to be among the first in the US to get ultra high-speed Internet access IMAGE http://www.secuobs.com/revue/news/193122.shtmlhttp://www.secuobs.com/revue/news/193122.shtml 2010-02-18 05:01:02 - News : Brocade and McAfee have announced that they have entered a strategic partnership to deliver a broad set of fully interoperable end-to-end network security solutions As part of the partnership, Brocade will work in conjunction with McAfee to integrate critical security capabilities into the Brocade family of networking products http://www.secuobs.com/revue/news/193046.shtmlhttp://www.secuobs.com/revue/news/193046.shtml 2010-02-17 23:09:59 - Rootsecure.net : Net Security Global network of infected devices unearthed http://www.secuobs.com/revue/news/192956.shtmlhttp://www.secuobs.com/revue/news/192956.shtml 2010-02-17 22:12:56 - RLR UK : Wireless Networks are still causing businesses problems By their very nature they are insecure, as they are a broadcast network that frequently extends beyond your physical boundary - remember radio signals don't stop at your door There ARE security mechanisms to make them secure, but too often these are not implemented properly or are circumvented by users It is vital that all traffic on the wireless network be encrypted, and connections authenticated, otherwise anyone with a laptop can view all your traffic There are many mechanisms for achieving this, but at the very least you should use WPA with long pass phrases not simple passwords and MAC address authentication Don't use WEP it can be broken easily I won't bore you with details here, but I refer you to Google instead However, there are several flaws such as using a linear Integrity Check Value, such that predictable bit-flipping can be used to send invalid messages that will appear to be valid Secondly, the 40-bit shared secret is 'extended' by use of a 24-bit per-packet Initialising Vector As any cryptographer will tell you, the more often you use the same key, the easier it is to recover the plaintext particularly if you have known plaintext, which we do have in the headers of network packets of course IV collisions happen surprisingly quickly, especially on corporate wireless networks, as they will usually have reasonably heavy load TKMaxx found this out the hard way when they lost half a million credit card details to a hacker sitting in their car park This also shows that they almost certainly didn't segregate the traffic and force it through a firewall So what can we do about this Well, all modern equipment will support Wi-Fi Protected Access WPA and WPA2 A standard implementation of this is to use a Pre-Shared Key PSK , ie a pass phrase, and the AES block cipher for encryption This is the minimum requirement for a wireless LAN Again, don't use simple passwords, as the security of your system is relying on them You should use long complex pass phrases, with punctuation Another idea is to encrypt a pass phrase using itself or another as a key in an encryption tool then use the resulting base-64 encoded string as your PSK However, automatic key negotiation and the use of digital certificates is a better option in a corporate environment remember for wireless access you can run your own internal certificate server so that you don't incur additional costs This doesn't solve everything though A little while ago the head of a department in an organisation I was involved with decided that he didn't want to have to use the docking station for his laptop as it constrained where he could work in his office So, he didn't contact the IT department, but instead went to his local IT retailer and bought a cheap wireless access point He plugged this into the network and, not only did he not configure any security, but he didn't even change the default password on the device Do you categorically know that you don't have a rogue access point on your network This can be stopped by using technologies such as 8021X port-based authentication and a RADIUS server Wireless networks also need to be treated as insecure and separated from your wired network via a firewall, with real-time virus checking and an Intrusion Detection System This doesn't mean that they have to be unprotected themselves you should still protect them from outside attack by firewalling them off from the Internet The important point is not to let traffic flow, unchallenged, from the wireless network onto the wired network This is not often done though I was in Vienna recently on business and the hotel I was staying at had free wireless access for guests However, one night I couldn't get access and asked why I was told that they had switched it off as someone was trying to access their servers they weren't very proficient or experienced hackers fortunately The point that I found more worrying was that their public wireless network was directly connected to their servers, which the hold names, addresses and payment details of guests and even the door card programming details You can imagine what could happen if someone were to get into the servers Wireless networks and wired networks should not coexist on the same subnets This is for two reasons Firstly, it is easier to attack and, therefore, attach to a wireless network, so you don't know categorically that all stations are legitimate Secondly, most wireless networks are used to connect mobile devices, such as laptops and netbooks, to the network Do you know that these haven't picked up any malware whilst not connected to your corporate LAN You can address the latter with network access control, but that's a different topic However, all traffic from the wireless network should be treated with a level of suspicion and therefore separated You don't have to have a separate Internet connection or new wiring to achieve this VLANs or Virtual LANs can solve the problem by logically segregating the traffic into the firewall This also allows you to provide public wireless access for visitors customers as you can run two separate, VLANed wireless networks through the same access points onto the network - one with limited access to the corporate LAN and the other with none Wireless networks can be implemented securely, but remember to separate your wired and wireless networks and implement secure encryption and authentication http://www.secuobs.com/revue/news/192933.shtmlhttp://www.secuobs.com/revue/news/192933.shtml 2010-02-17 18:47:33 - BreakingPoint Labs Blog : Network Management Tools IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE IMAGE http://www.secuobs.com/revue/news/192808.shtmlhttp://www.secuobs.com/revue/news/192808.shtml 2010-02-17 16:22:36 - Help Net Security News : While working on a project for the Ministry of Defense, a team of Czech researchers has discovered a global network of virus-infected devices that makes it possible to redirect the flow of information http://www.secuobs.com/revue/news/192757.shtmlhttp://www.secuobs.com/revue/news/192757.shtml 2010-02-17 12:32:12 - SecurityPark.net : Tennis Australia, the national governing body for the sport of tennis in Australia, has deployed Aruba Networks' 80211n Wi-Fi network at Melbourne Park to provide network access during the Australian Open Tennis Championship Tennis Australia required a single wireless LAN infrastructure that would support the Australian Open Tennis Championship as well as day-to-day business at its Melbourne more http://www.secuobs.com/revue/news/192690.shtmlhttp://www.secuobs.com/revue/news/192690.shtml 2010-02-17 11:20:48 - Rootsecure.net : Slashdot Verizon To Allow Skype Calling On Its Network http://www.secuobs.com/revue/news/192680.shtmlhttp://www.secuobs.com/revue/news/192680.shtml 2010-02-17 06:50:58 - Computer Security News : Security giant McAfee and networking firm Brocade have announced a new partnership under which the two companies will produce a set of jointly designed network security solutions for enterprise customers http://www.secuobs.com/revue/news/192634.shtmlhttp://www.secuobs.com/revue/news/192634.shtml 2010-02-17 04:59:41 - Network Security Podcast : Chaos ensues this week when Martin, Rich, and Zach are joined by more of the Securosis gang Mike Rothman and Adrian Lane Somewhere between jabs at Martin and chatter about, uh, pay-for companionship and stimulants , we actually talked about some security stuff Who da thunk Network Security Podcast, Episode 185 Time 26 28 Show Notes Record 13-Year Sentence http://www.secuobs.com/revue/news/192614.shtmlhttp://www.secuobs.com/revue/news/192614.shtml 2010-02-17 03:02:04 - Hack In The Box : EMC NYSE EMC has updated its Atmos cloud storage system to add new levels of data protection, along with a big boost in performance and capacity The new GeoProtect feature gives Atmos RAID-like data protection â in addition to replication â with support for three or six failures at 33 percent and 66 percent storage overhead, respectively, by encoding and distributing objects across an Atmos cloud Atmos also gets new Intel Xeon 5500 processors for a 50 percent performance boost and 2 terabyte drives to double capacity Atmos nodes can pack in anywhere from 60TB to 720TB with the new drives Jon Martin, director of product management and marketing for EMC's Cloud Infrastructure Group, said Atmos is nothing like the wave of clustered network-attached storage offerings that have hit the market lately and instead is more along the lines of Amazon's Simple Storage Service S3 , except in product form a massively scalable storage network that can span many locations across the globe http://www.secuobs.com/revue/news/192595.shtmlhttp://www.secuobs.com/revue/news/192595.shtml 2010-02-17 01:54:29 - Hack In The Box : Czech security experts have uncovered a global network of devices attacked by computer viruses within which it was possible to wiretap and gain access to sensitive data, Jan Vykopal, head of the security project of Masaryk University, told CTK yesterday Modems were among the attacked devices as they are only poorly protected The viruses were able to deflect the communication of Internet users to servers where they could be wiretapped, Vykopal said Vykopal's colleagues along with experts from the Brno Military Academy and the Defence Ministry have uncovered the dangerous network The assailants have denoted the network of the subjugated installations as Chuck Norris, Defence Ministry spokeswoman Lucie Kubovicova said http://www.secuobs.com/revue/news/192564.shtmlhttp://www.secuobs.com/revue/news/192564.shtml 2010-02-17 01:54:29 - Hack In The Box : Earlier this month, CSO reported that cybercrime attacks on Facebook, Twitter and LinkedIn have exploded, according to a recent survey conducted by security firm Sophos See Facebook, Twitter, Social Network Attacks Tripled in 2009 Reports of malware and spam rose 70 percent on social networks in the last 12 months and 57 percent of users report they have been spammed via social networking sites Another 36 percent reveal they have been sent malware via social networking sites The Social Security survey is part of Sophos' 2010 Security Threat Report, which looks at current and emerging computer security trends and found that social networks are opening up new opportunities for cyber criminals to locate so-called soft targets and pull of precise and targeted attacks We wanted to know What makes someone look like an easy hit for the bad guys Chet Wisniewski, Senior Security Advisor with security firm Sophos, gives us some clues http://www.secuobs.com/revue/news/192563.shtmlhttp://www.secuobs.com/revue/news/192563.shtml 2010-02-17 01:37:25 - Packet Storm Security Headlines : http://www.secuobs.com/revue/news/192553.shtmlhttp://www.secuobs.com/revue/news/192553.shtml 2010-02-16 23:32:42 - eSecurity Planet Features : The companies are collaborating on a set of jointly designed, interoperable applications that will be integrated into Brocade's networking equipment products http://www.secuobs.com/revue/news/192494.shtmlhttp://www.secuobs.com/revue/news/192494.shtml