Practical Information Security

Posts

New year, New Vulnerabilities, Old problem...

Happy New Year to everyone! May 2018 provide you with interesting problems and the patience to solve them :) On to the recent kerfuffle about the Intel processor bugs. These vulnerabilities were identified in early January by Google (original Google security post) CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 These vulnerabilities have been named "Spectre" and "Meltdown" and are causing a certain amount of anxiety in some environments. IBM has produced an excellent write up of the vulnerabilities and includes information about the impacts and includes the CVE ratings: https://exchange.xforce.ibmcloud.com/collection/c422fb7c4f08a679812cf1190db15441 Of course new vulnerabilities are bad, and often require work and remediation, but this should be part of your environment's standard vulnerability assessment and remediation program. It's not sufficient to just apply patches from a single vendor (e.g. Microsoft) on a monthly basis and consider

Weekly recap and why you should be concerned about "attackers" even if you have "nothing to hide" Why you should be aware of, defend against, and prevent attackers... even at home: I often hear from future victims "well I don't have anything to hide/anything of value/why would they target me!?" It's really not about you, usually the attackers aren't looking for your data (if they get it, or have easy access to it, they may try to profit from it, but the people doing the compromising aren't usually the same folks that monetize). What the attackers want are compromised systems they can use to do what they want at scale. So if they can compromise 50 systems, they can send 50X the amount of SPAM... 100 systems, 100X, etc. Some operations get paid based on the number of emails they can send per day. Of course the email will likely not just be SPAM, but may also be malicious (ransomware, etc.). http://thehackernews.com/2017/09/linux-ma

Privacy considerations for home users

In light of the recent new stories regarding the recently signed legislation allowing ISP's to be able to sell your data http://www.vox.com/new-money/2017/3/29/15107110/republican-isp-data-privacy Here are a couple ideas and tips about privacy in general. Don't panic - a lot of the info was already being gathered, this isn't that large of a change regarding scope, it's more of a change to who can profit or sell it (which is a shift for sure). Remember a lot of the services you use today already gather your browser, activity, and search info (google, bing, yahoo, facebook, etc.). ISP's haven't implemented this yet, expect to see new terms of service in an upcoming bill, or an email sent to you, etc. If you would like to take some steps to try to preserve your privacy, here are some ideas and examples: VPN (Virtual Private Network) - this in essence creates an encrypted tunnel between two points on the Internet. One point being your system

Internet of unpatchable devices

http://arstechnica.co.uk/business/2016/10/future-of-the-internet-iptv-ddos-iot-security-issues/ Computers (yes that includes "smart" devices, phones, refrigerators, etc.) will always have maintenance and configuration issues, they may be able to be deployed in a way that allows them to "work" immediately, but this does not mean they are secure or maintained. It's hard enough today to get people to configure their computers and patch their computers, can you imagine someone actually patching their fridge? toaster? TV, etc. if it still works the likelihood i s they will ignore it until it doesn't work. They don't know or don't care that by having this vulnerable system on the internet they are enabling malicious actors to attack networks using their systems as a proxy or amplification point. # internetofinsecurethings # infosec # cybersecurity

Busting the myth of the malicious insider

The Myth of the Insider Threat Too often after the announcement of a new breach, the first reaction from the victim company and the media is "another malicious insider attack". Case in point, I was catching up on news from various sources and came across the following: http://www.idgconnect.com/abstract/19647/lessons-sage-leak " “We believe there has been some unauthorised access using an internal login to the data of a small number of our UK customers so we are working closely with the authorities to investigate the situation,” the Newcastle, England-headquartered firm said in a statement." Of course an internal login was used to access the data, as part of the attack lifecycle, during your reconnaissance phase you identify accounts to target for possible compromise, based on the access/role of the individual. Phishing attacks or other simply attacks are often successful in gathering login credentials for individual users, which can then of

Good article

http://www.securityweek.com/too-busy-round-wheels Good article reminding us all that running a SOC is hard work, and it takes effort, it takes planning, does not happen by accident, requires skilled staff, processes, and tools, and management who understand the objective, and who can provide the political cover to make sure the mission is achieved. Plenty more to be said on this issue. Building Incident Response Programs is something I do a lot professionally, so I'll write on this coming soon.