Wednesday, August 5, 2009

Wednesday 08/05/09

DEFCON: Danger from automatic updates Security experts Itzik Kotler and Tomer Bitto have presented a new tool known as Ippon at hacker conference DEFCON. They plan to make the tool available as a download in the near future. Ippon compromises the automatic update mechanisms used by many different applications. It fools applications, such as Adobe Reader, Alcohol 120, Notepad++ and Skype into thinking that an update is available. In an attack scenario, rather than containing an update, the file passed to the relevant application contains a trojan or rootkit. http://www.h-online.com/security/DEFCON-Danger-from-automatic-updates--/news/113911

----------

Malware, oversharing lead Marines to ban social networks
August 4, 4:10 p.m. UTC - by Jacqui Cheng Posted in: The Web
IT managers frequently voice their concerns about people's careless behavior online, but the US Marine Corps have taken it a step further by completely blocking Facebook and its ilk from its network.
Read more

----------

Accused domain thief faces jail time for "stealing" P2P.com
August 4, 12:17 a.m. UTC - by Chris Foresman Posted in: The Web
Domain name thieves have, until now, generally gotten away with their crimes. But the arrest of a domain name thief in New Jersey could set a precedent for future criminal prosecution of domain thieves.
Read more

----------

China starting to worry about its own hackers
The picture seen above is an advertisement for a Chinese hacker training course. Now I know many of you are struggling to process this information; something seems wrong with the picture. The reason your brain is having trouble with the image, is that it is located in a place called, the “outdoors”. Like me, many of you spend way too much time online and this poster is horribly out of place.

----------

Hacking the DefCon 17 Badges

----------

Feds at DefCon Alarmed After RFIDs Scanned
Kevin Manson, a former senior instructor at the Federal Law Enforcement Training Center in Florida, was sitting on the “Meet the Fed” panel when a DefCon staffer known as “Priest,” who prefers not to be identified by his real name, entered the room and told panelists about the reader.

----------

Benchmarks: Windows 7 RTM versus Vista, XP
ZDNet Germany put Microsoft's newest operating system to the test and found that the change from Vista to Windows 7 is like releasing a car's handbrake. The early signs are that Windows 7 will enjoy a much better take-up than Vista.

----------

Update: Mozilla patches six Firefox vulnerabilities

ERIC: We need to discuss updating Firefox inside the boundaries.

----------

Report rips Microsoft over Bing's sponsored online drug ads Microsoft profits by selling online ads on its search engine to criminal gangs running pharmaceutical Web sites that offer medication to people without a proper prescription, according to a new study. Read more...

----------

Apple keyboard firmware vulnerability demonstrated Macworld.com – 2 hrs 35 mins ago
Apple may have rolled out a security patch for the iPhone SMS vulnerability demonstrated at last week’s Black Hat security conference, but it wasn’t the only Apple device under attack. One hacker demonstrated a way that a keylogging application—a piece of malware that keeps track of what you type—could be installed in the firmware of Apple’s keyboards.

----------

After Links to Cybercrime, Latvian ISP Is Cut off PC World – Wed Aug 5, 2:40 am ET
A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers.

----------

White House still seeking cybersecurity czar

----------

Web Surfers Forced to Choose Security or Anonymity
Practicing "safe surfing" can derail attempts to cruise the Internet anonymously.

----------

Switch hardening on your network
So here are some of the things we did to start with on the switches:

Default passwords - change the default passwords on the device, all of them, not just the one on the account being used. A number of switches have multiple built in accounts, some of which are easily forgotten.

SNMP v3 - if the device supports it used it, otherwise use a nice long comunity string, just be aware that it will be compromised and at least read access to the device will be gained.

Logging - Use centralised logging of switch activities.

AAA - Create a management group in AD, place those that need access to the devices in the group and then use Radius to authenticate users. This does make access as good as the password used by staff, but you can also use tokens to authenticate. Shouldn't be much of a problem as people generally don't need to log into switches anyway.

Backup userid/password - if using AAA authentication make sure you have a local userid or password that can be used in case the radius servers aren't available.

Management VLAN - Many switches support a management VLAN so configure it and then use ACL to control access to this VLAN. This just takes the management function of the main network and makes life harder for the pentester.

Network Segmentation - Set up VLANs to segregate your network segments, then use ACLs to control traffic flows between them (Note: use with care as this is easy to get wrong). Also for network segments of different security requirements such as a DMZ, use a different physical switch, don't just VLAN them off.

Labeling of Ports - Not really a security measure as such, but many switches allow you to name ports. This means that with a simple show command you can see which port is your uplink, downlink, etc. Comes in handy when the diagram is missing or out of date. Of course this does mean that if someone compromises the device they know what to target.

SSH /Telnet - Use SSH v2, disable telnet.

Web interface - If you need it use SSL, otherwise disable it. Unfortunately many switches still need you to mange the device using multiple interface as not all the functionality is available from every interface.

TFTP - well if you really, really need it, but at least configure the location that is valid.
Management IPs - Many switches allow you to configure the management IP addresses for the device. Configure these and you make life harder for attackers.

Couple of updates:

Port Security - 802.1x port security may be a bit much for you, but you can still do a few things on most switches, such as preventing ports from learning more than 1 mac address, assigning mac addresses to ports.

Dynamic VLAN - Allocate the VLAN dynamically and if the user doesn't match place them on a holding VLAN.

NTP - I had logging and in my head that included time synchronisation, but someone pointed out that it would be better to spell it out

Monitoring - Ports that receive 10x the usual traffic may need a closer look

----------

How to Evaluate, Compare and Implement Enterprise Antivirus
Performance counts, but CISOs and analysts say it's not by any means the only point for comparison
Read more

----------

Researchers: XML Security Flaws are Pervasive
Permalink
"XML is being used in so many different things we're doing on the Web today," Schmidt said. "So it's a big deal when something goes wrong with something that's Internet-facing that so many people depend upon."

----------

HD DVD returns and kicks Blu-ray
Robin Harris: Toshiba has licensed its HD DVD to China and it will be the unit world leader in HD optical technology in just 12 months. One reason is that the CBHD disks cost a quarter of Blu-ray.

----------

No comments: