Archive

Category Archives for "Security"

BRKSEC-2010: Emerging Threats – The State of Cyber Security

Presenter: Craig Williams (@security_craig) – Sr Technical Leader / Security Outreach Manager, Cisco TALOS

I’m from Talos. We love to stop bad guys.

 
Talos by the numbers:

  • 1.1 million incoming malware samples per day
  • 1.5 billion Sender Base reputation queries per day

Talos has a serious amount of data. For serious.

Data is key. It allows generation of real threat intel.

We basically have a bottomless pit of data

Talos vuln dev team:

  • Looking for ways to programmatically find 0-days
  • Takes this research and feeds it back into Cisco to a) make Cisco products more secure and b) generate sigs and threat intel to protect customers

With ransomware, you’re basically funding the malware underground.

Malvertizing:

  • Malicious ads which redirect user to malware and then infects them
  • Kyle & Stan campaign dynamically generated a new .exe every time it was downloaded; prevented matching on the file hash; Cisco AMP can stay on the bleeding edge of this
  • blogs.cisco.com/security/talos/kyle-and-stan

Destructive/Wiper Malware:

  • Targets your data
  • Not just file data, but also seen targetting network devices and wiping their configs
  • Cryptolocker 2.0: uses TOR for C&C; encrypted binary to avoid hash fingerprinting; anti-VM check
  • Cryptolocker 3.0: still Continue reading

What’s the state of iPhone PIN guessing

I think even some experts have gotten this wrong, so I want to ask everyone: what's the current state-of-the-art for trying to crack Apple PIN codes?

This is how I think it works currently (in iOS 8).

To start with, there is a special "crypto-chip" inside the iPhone that holds your secrets (like a TPM or ARM TrustZone). I think originally it was ARM's TrustZone, but now that Apple designs its own chips, that they've customized it. I think they needed to add stuff to make Touch ID work.

All the data (on the internal flash drive) is encrypted with a random AES key that nobody, not even the NSA, can crack. This random AES key is stored on the crypto-chip. Thus, if your phone is stolen, the robbers cannot steal the data from it -- as long as your phone is locked properly.

To unlock your phone, you type in a 4 digit passcode. This passcode gets sent to the crypto-chip, which verifies the code, then gives you the AES key needed to decrypt the flash drive. This is all invisible, of course, but that's what's going on underneath the scenes. Since the NSA can't crack the AES key Continue reading

PQ Show 51 – LightCyber Magna Active Breach Detection – Sponsored

LightCyber Magna Active Breach Detection automatically detects active attackers by identifying the anomalous operational behaviors sourced from compromised hosts in your network. By focusing on actual attack behaviors, and not technical artifacts like signatures, Magna provides accurate breach indicators and eliminates excessive false positives.

Author information

Ethan Banks

Co-host at Packet Pushers

Ethan Banks, CCIE #20655, has been managing networks for higher ed, government, financials and high tech since 1995. Ethan co-hosts the Packet Pushers Podcast, which has seen over 3M downloads and reaches over 10K listeners. With whatever time is left, Ethan writes for fun & profit, studies for certifications, and enjoys science fiction. @ecbanks
TwitterGoogle+LinkedIn

The post PQ Show 51 – LightCyber Magna Active Breach Detection – Sponsored appeared first on Packet Pushers Podcast and was written by Ethan Banks.

How to Enable Dot1x – more complex setup for wired network

How does Internet work - We know what is networking

This one is long. Do not be afraid though, I made it just to give you the fastest way to deploy functional dot1x to your company HQ without reading even more documentation and searching for those little timer default settings. I the article prior to this I showed you how to setup your environment with simple dot1x and make it as simple as possible. I will not repeat again the part about setting up Radius Clients on server side, everything else is here once again just more complex. Now is time for a more complex example that will make your implementation

How to Enable Dot1x – more complex setup for wired network

How to Enable Dot1x authentication for wired clients

How does Internet work - We know what is networking

If your LAN is extending to some places where unauthorised people can just plug in and gain access to your protected network, it’s time to implement some security on your access switch. The best thing to do is to implement IEEE 802.1X port-based authentication which will enable users/machine authentication and prevent unauthorized devices from getting access switch port running when connected. IEEE 802.1X port-based authentication is mostly called simply as dot1x. In this article I will show you how to configure some basic dot1x stuff on switch side. I will also include Windows machine side of configuration as this is something most people presume

How to Enable Dot1x authentication for wired clients

Why It’s So Hard To Find Intruders After A Network Penetration

This guest blog post is by Jason Matlof, Executive Vice President, LightCyber. We thank LightCyber for being a sponsor. LightCyber’s Magna Active Breach Detection platform is a behavior-based detection system that integrates network and endpoint context and is designed specifically to find active breaches after a threat actor has already penetrated a network. To hear […]

Author information

Drew Conry-Murray

I'm a tech journalist, editor, and content director with 17 years' experience covering the IT industry. I'm author of the book "The Symantec Guide To Home Internet Security" and co-author of the post-apocalyptic novel "Wasteland Blues," available at Amazon.
TwitterLinkedIn

The post Why It’s So Hard To Find Intruders After A Network Penetration appeared first on Packet Pushers Podcast and was written by Drew Conry-Murray.

Uh, the only reform of domestic surveillance is dismantling it

A lot of smart people are cheering the reforms of domestic surveillance in the USA "FREEDOM" Act. Examples include  Timothy Lee, EFF, Julian Sanchez, and Amie Stepanovich. I don't understand why. Domestic surveillance is a violation of our rights. The only acceptable reform is getting rid of it. Anything less is the moral equivalent of forcing muggers to not wear ski masks -- it doesn't actually address the core problem (mugging, in this case).

Bulk collection still happens, and searches still happen. The only thing the act does is move ownership of the metadata databases from the NSA to the phone companies. In no way does the bill reform the idea that, on the pretext of terrorism, law enforcement can still rummage through the records, looking for everyone "two hops" away from a terrorist.

We all know the Patriot Act is used primarily to prosecute the War on Drugs rather than the War on Terror. I see nothing in FREEDOM act that reforms this. We all know the government cloaks its abuses under the secrecy of national security -- and while I see lots in the act that tries to make things more transparent, the act still Continue reading

Understanding TSA Math

At the end of every year, the TSA blogs about the weapons and explosives it prevented from getting on board airplanes. They are trying to brag about all the dangers they've stopped. But the opposite is true, when you do the math, you realize that they are stopping no dangers at all. The TSA stops less than half the bombs that get on board airplanes -- yet airplanes are not falling out of the sky due to the bombs that do get on board. Thus, mathematically, bombs aren't a danger. It therefore doesn't matter if the TSA stops bombs or not.

We know the TSA stops less than 50% of bad stuff from various sources. The first is the government's own tests, such as that described in a recent story where the TSA failed a shockingly 95% of the time.

Another is a statistic reported by the TSA where the number of firearms they stop every year is rapidly increasing. This does not match any other trend in society, such as the number of people carrying firearms. The only reason for such rapid growth is that the TSA gets better every year at detection. That means, historically, the TSA is Continue reading

Ulbricht’s judge punished him for political dissent; you should find this outrageous

Silk Road operator Ross Ulbricht was sentenced to life in prison without parole. Maybe this is a fair sentence for selling $200 million in illegal drugs. Or, since all the lawyers I talk to think it's excessive (worse than what even the prosecutors asked for), maybe it's within the normal range of excess in the War on Drugs. I'm not a lawyer, so I can't judge this.

But, I'm interested in the comments the judge made justifying her hard sentence. According to Andy Greenberg at WIRED, the judge said:
“The stated purpose [of the Silk Road] was to be beyond the law. In the world you created over time, democracy didn’t exist. ... Silk Road’s birth and presence asserted that its…creator was better than the laws of this country. This is deeply troubling, terribly misguided, and very dangerous.”
This is silly on the face of it. The stated purpose of all crime is to "be beyond the law". I mean, when I go above the speed limit in my BMW, my stated purpose is to go beyond the legal limit. I'm not sure I understand the logic here.

I'm being disingenuous, of course, because I do understand. What the Continue reading

Why Firewalls Won’t Matter In A Few Years

This presentation from Alex Stamos, CSO of Yahoo during the AppSec conference is explains why firewalls are not part of their security strategy. Firewalls operating at 10G or more are not cost effective. Vertical scaling of performance costs more than the services are worth. At 100G, a firewall has less than 6.7 nanoseconds to “add value” […]

The post Why Firewalls Won’t Matter In A Few Years appeared first on EtherealMind.

1 164 165 166 167 168 178