UnderAttack - Slashdot User

Comment Practical certs like GIAC help and hold value (Score 3, Informative) 317

by UnderAttack on Monday December 08, 2014 @09:25PM (#48552131) Attached to: Ask Slashdot: Are Any Certifications Worth Going For?

If you are serious about infosec certifications, check out GIAC (http://www.giac.org) . The certs are very applied and test practical knowledge (e.g. they are open book... no need to test how well you can memorize stuff). CISSP is good to get you started in the field.

Submission + - DVRs Used to Attack Synology Disk Stations and Mine Bitcoin (sans.edu)

Submitted by UnderAttack on Monday March 31, 2014 @01:36PM

UnderAttack writes: The SANS Internet Storm Center got an interesting story about how some of the devices scanning its honeypot turned out to be infected DVRs. These DVRs are commonly used to record footage from security cameras, and likely got infected themselves due to weak default passwords (12345). Now they are being turned into bots (but weren't they bots before that?) and are used to scan for Synology Disk Stations who are vulnerable. In addition, these DVRs now also run a copy of a bitcoin miner. Interestingly, all of this malware is compiled for ARM CPUs, so this is not a case of standard x86 exploits that happen to hit an embedded system/device.

Submission + - Linksys Routers Exploited by "TheMoon" (sans.edu)

Submitted by UnderAttack on Thursday February 13, 2014 @02:17PM

UnderAttack writes: A vulnerability in many Linksys routers, allowing for unauthenticated code execution, is used to mass-exploit various Linksys routers right now. Infected routers will start scanning for vulnerable systems themselves, leading to a very fast spread of this "worm".

Submission + - Scammers Intercept E-Mail in Targeted Attacks (sans.edu)

Submitted by UnderAttack on Wednesday January 08, 2014 @03:13PM

UnderAttack writes: In the old days, financial fraud usually relied on banking malware like Zeus. But as organizations become more aware of these threats, scammers bypass all the fancy anti-malware tools by going straight to the person with the money. In this case document by the Internet Storm Center, a scammer was able to view/intercept an e-mail exchange about a payment, and slipped in a note requesting the account number for the payment to be updated. These scams become more common as miscreants look for new ways to a get to a companies money

Submission + - Uptick in TOR traffic: More Privacy or more Malware? (sans.edu)

Submitted by Anonymous Coward on Friday August 30, 2013 @03:12PM

An anonymous reader writes: A number of sources commented on the significant uptick in TOR users in the middle of August. The uptick coincided with yet another set of leaks from Edward Snowden about internet wide spying, and the release of some new privacy tools. But can this explain the uptick? Or is it just some new malware that uses TOR as a C&C channel?

Submission + - Why you should wipe the drive after a compromise (sans.edu)

Submitted by

UnderAttack

on Monday March 18, 2013 @08:35AM

UnderAttack writes: "After a malware infection, or a compromise of the system in a more targeted attack, there is always a push to get "back into business" as quickly as possible. The malware artifact is quickly removed and the system is put back into service without too much scrutiny. Sadly, this way backdoors and other hidden gifts the attacker left behind are frequently overlooked. The result is that the system is compromised again quickly. The only real solution is wiping the drive and starting from scratch (and hoping that you have decent backups). This two part series by Mark Bagget makes this point by outlining some of the tricks an attacker may use to hide backdoors and to have them automatically executed on a system. Part 1 talks about how to usurp the windows update process to reinstall malware, and Part 2 shows how to use the unescaped space bug and the service restart tool to get the malware to start."

Submission + - Is your network managed by a "Slumlord"? (forbes.com)

Submitted by

UnderAttack

on Wednesday September 05, 2012 @10:44AM

UnderAttack writes: "The “Section 8 Bible”, a must read book for aspiring landlords, introduces a simple rule to deal with broken equipment in the apartment: If law does not require it, remove it. Don’t fix it. For example, interior doors are not necessarily required and can be removed. Network security professionals frequently follow similar guidance: If there is no business requirement, disable it. The rule assumes that minimizing features minimizes exposure. The fewer lines of code we run, the less likely are we going to be vulnerable to a bug.

How valid is slumlord network security? Can it really protect a network? Does it do more harm then good?"

Submission + - A Reporter's Doubts About AntiSec's Claim of Hacking Apple Data from FBI (cio.com)

Submitted by

Curseyoukhan

on Wednesday September 05, 2012 @10:36AM

Curseyoukhan writes: "AntiSec says they got it from Christopher K. Stangl, an agent featured in a 2009 recruitment video titled “Wanted by the FBI: Cyber Security Experts.” Not saying it didn't happen but the irony level is so high it should make you suspicious. That's not the only oddly perfect claim AntiSec made, either."

Comment Report it to DShield.org (Score 5, Informative) 241

by UnderAttack on Thursday August 30, 2012 @02:46PM (#41181289) Attached to: Ask Slashdot: Where To Report Script Kiddies and Other System Attacks?

"Random" attacks can be reported to DShield.org . They have a number of scripts to automatically submit firewall logs (including from Linux firewalls). See http://www.dshield.org/howto.html . Once set up, it just "runs" and DShield aggregates the data, uses it for research and reports worst offenders to ISPs and other contacts.

Submission + - Is Your Network Security Guy a "Slumlord"? (forbes.com) 1

Submitted by

UnderAttack

on Wednesday August 29, 2012 @04:35PM

UnderAttack writes: "The “Section 8 Bible”, a must read book for aspiring landlords, introduces a simple rule to deal with broken equipment in the apartment: If law does not require it, remove it. Don’t fix it. For example, interior doors are not necessarily required and can be removed. Network security professionals frequently follow similar guidance: If there is no business requirement, disable it. The rule assumes that minimizing features minimizes exposure. The fewer lines of code we run, the less likely are we going to be vulnerable to a bug. Is your network like that? Does it work for or against security?"

Submission + - IPMI: Hack a server that is turned "off" (sans.edu)

Submitted by

UnderAttack

on Thursday June 07, 2012 @10:45PM

UnderAttack writes: "A common joke in infosec is that you can't hack a server that is turned off. You better make sure that the power cord is unplugged too. Otherwise, you may be exposed via IPMI, a component present on many servers for remote management that can be used to flash firmware, get a remote console and power cycle the server even after the normal power button has been pressed to turn the server off."

Submission + - Microsoft Technet Forum hacked by Online Pharmacy (sans.org) 1

Submitted by Anonymous Coward on Wednesday January 20, 2010 @09:22AM

An anonymous reader writes: Over at the SANS Internet Storm Center, an article was just posted with screen shots and details on what looks like an attack against Microsoft's technet forum. I guess MSFT isn't using its own anti-xss libraries. Right now, the "defaced" site is still up here.

Submission + - Windows bug found - affects all versions since NT (theregister.co.uk)

Submitted by garg0yle on Wednesday January 20, 2010 @09:06AM

garg0yle writes: A researcher has found a security bug that could allow privilege escalation in Windows. Nothing new there, right? Well, this affects the Virtual DOS Machine, found in every 32-bit version of Windows all the way back to Windows NT. That's 17 years worth of Windows and counting.

Submission + - APNIC warns IPv6 delay could cost you more (computerworld.com.au)

Submitted by Anonymous Coward on Wednesday January 20, 2010 @05:37AM

An anonymous reader writes: Computerworld is reporting that APNIC — one of the regional bodies responsible for distributing IP addresses — is warning it could cost consumers and businesses more for their internet access if the adoption of IPv6 isn't sped up.

The official representative of the five regional bodies that oversee distribution of Internet number resources — the Number Resource Organization (NRO) — has announced the remaining allocation of IPv4 addresses had dropped below 10 per cent.

The article quotes APNIC chief scientist Geoff Huston as saying the rise of many Asian economies along with mobile devices is driving the accelerated decline of IPv4

"It's not that there won't be addresses [IPv4] to be had, but the price will make folks' eyes water," Huston is quoted as saying. "Because the only source of addresses will be someone who already has them and, in a market where scarcity dominates, you start to get an entirely different pricing structure."

http://www.computerworld.com.au/article/333162/apnic_ipv6_adoption_delay_could_create_costs/?c=4717

Submission + - CCTV catches Aussie thief infect firm with malware (itnews.com.au)

Submitted by Anonymous Coward on Wednesday January 20, 2010 @02:22AM

An anonymous reader writes: South Australian Police are hunting a male who broke into a recruitment firm and spent three hours installing remote access software on one of its computers. The incident was captured on closed-circuit television. The CCTV footage showed the suspect "basically open a few doors in other offices" before sitting down at the computer and "working away for a couple of hours."

Slashdot Top Deals