Cyber Protection & Response
How to setup Security Onion on a home network with Splunk, email alerts and some basic tuning
Fix for compiling VMwaretools 9.9.2 on kernel 3_18+
We recently encountered some errors when trying to recompile the VMwaretools on Kali (kernel 3.18) and Security Onion (Kernel 3.2):
iOS Backdoors
In the last few days there has been an increasing noise related to some iOS backdoors. Apple does not deny they exist, but contests how they can be used.
This is not new, and the security researcher who presented his findings did highlight that, it is likely related to methods being used by certain forensic software sold to law enforcement.
What is “concerning” is the following:
– These backdoors are actively maintained and developed by Apple, how much more data will they allow to be extracted from iOS device in future;
– Those backdoors provide access to SMS, Contact, and other potential sensitive data on the phone; they also allow to bypass full disk encryption. This highlight the fact that unless you phone is off, the data on your phone is no longer encrypted per say, but only protected by access control (PIN);
– If it can be used by law enforcement, it can be used by “greyer” parties ...
>>[READ MORE]
Critical Infrastructure and Cyber attacks
I recently came across an article on a UK newspaper, the Guardian, about Mt Kaspersky predicting a riot. Well, not exactly. He is predicting a major cyber terrorist attack on UK soil which will disrupt major critical infrastructure.
http://www.theguardian.com/technology/2014/may/01/eugene-kaspersky-major-cyberterrorist-attack-uk
I find this interesting, not because it is new, it isn’t. I find it interesting because there has been an increasing media visibility and attention to this topic in the last few years. By the way, I am also a big believer of “it will happen soon”. The internet of things is not a secure affair.
And I also find it quite a coincidence that Mr Kaspersky is warning us about a real life Die Hard 4 risk scenario as only yesterday I came across that following article:
...
>>[READ MORE]
Heartbleed, do not panic!
The security issue related to OpenSSL has been all over the news in the last couple of days.
It is indeed a very bad issue, one that can let an attacker access the login details, including passwords, of registered users from vulnerable Websites/Servers. Yahoo mail, was one of those sites…out of nearly a million others!
This vulnerability has been around for 2 years, it affects servers usingOpenSSL 1.0.1 through 1.0.1f (inclusive).
Those servers could be running consumer websites or other applications. For example, the Network Security Monitoring suit: Security Onion, was vulnerable until yesterday when a security fix/update was released. The same applies to the Penetration Testing platform Kali 1.06, which was vulnerable until today!
If those applications/environments were internet facing, userids and passwords may have been compromised in the last 2 years.
This issue allows the attacker to access the memory of a vulnerable server, it means that ...
>>[READ MORE]
Using a phone as a keylogger, next it will be a smartwatch!
There is an interesting paper from Georgia Tech College describing a clever proof of concept where a phone is used to eavesdrop on keystrokes.
This is done by leveraging the phone motion sensor capability and placing it next to a keyboard. They managed to create a dictionary of words/vibrations that is able to recognise words typed on a keyboard just by analysing the vibrations made from typing.
Of course, you are likely to notice someone’s else phone sitting next to your keyboard but what if your phone got hacked and that software loaded onto it?
They conducted their proof of concept on an iPhone 4 but this is likely to be also possible on other platforms/devices.
In fact, with upcoming smart watches this concept will be even more relevant! Now I can see a use for that Apple M7 chip! ;)
As I am typing this note, my phone is next to my keyboard. Maybe I should move it awayR...
>>[READ MORE]
New iPhone 5S Fingerprint reader, a step in the right direction!
Apple has just announced two new models of iPhones, one of them is the iPhone 5S which comes with a fingerprint reader. Like others I believe this is no silver bullet, but it is a step in the right direction in terms of helping the masses to secure their iPhones.
There are two main areas of potential security failures:
– Fingerprints can be copied and once compromised you can’t “change” for new ones;
– The Fingerprint reader security implementation will be very important, any defects or flawed could be exploited to gain unauthorised access.
Apple may not be the first company to provide an embedded fingerprint reader into their phones, but like it did for tablets and smartphones, it will be the company that will popularise it...
>>[READ MORE]
Mobile Device Management Limitations
Current MDM frameworks, unless using some kind of container approach, will always play catch-up to hackers wanting to bypass the controls enforced to their phones, as highlighted in the following article describing how to get around Airwatch’s MDM restrictions.
The conclusion of that article is spot on:
“MDM solutions are great for employers to manage mobile devices. However, they are not without their problems. Not only was I able to bypass compliance for having a rooted device, but I was also able to bypass the need to encrypt my device from the profileGroupSetting table. Bypassing compliance restrictions for AirWatch is relatively trivial after a few hours and I’m sure it is probably similar with many others MDM solutions.”
An MDM container approach will only ensure your corporate data does not leave that secured container and stays safe wit...
>>[READ MORE]
The right (way) to disclose vulnerabilities
An article was discussed last month in The Guardian and The BBCexplaining how a research paper from the University of Birmingham had been barred by a judge from being published because it discussed weaknesses in the security related to cars starting mechanisms from many manufacturers (BMW, Porsche, Fiat, Peugeot, etc).
This was already discussed publicly at the 21st Usenix Security Sympposium, where an online video is available. A quick search on Google also produces a PDF paper explaining how a car can be gone in 360 seconds through hijacking car key transponders. If that was the paper stopped from publication, then I don’t think it provided enough details that warranted those legal actions.
Thi...
>>[READ MORE]
iOS7 and Mavericks Security
There is an interesting article HERE that describes the new security features of iOS7 and Mavericks. It also asks some interesting questions that still need answering.
...
RSS Feeds