Archive for January, 2010

Nmap network scanner Version 5.20 arrives

Posted in IT Security on January 26, 2010 by cobra

Version 5.20 of the Nmap network scanner arrives

The Insecure.org developers have announced the release of version 5.20 of Nmap, their popular network scanner and mapper. According to the developers, this first stable update since Nmap 5.00, released last July, includes more than 150 “significant improvements”.
In addition to reduced memory consumption and performance improvements, Nmap 5.20 features protocol-specific payloads for more effective UDP scanning and the addition of 31 new Nmap Scripting Engine (NSE) scripts, bringing the total to 80. NSE allows users to create scripts to automate several common network tasks. For better performance, the traceroute engine has been completely rewritten and now sends probes in parallel to individual hosts – previously it would send probes across all hosts.
The OS and version detection databases have also been updated, bringing the total to 10,000+ signatures. Additionally, the Zenmap host filter mode now only shows hosts that a user is interested in and the Ndiff scan comparison tool and Ncat tool for data transfer have both received updates.

Nmap 5.20 is available to download for Windows, Mac OS X

Ransomware: Extortion via the Internet

Posted in IT Security on January 14, 2010 by cobra

Operation

Ransomware typically propagates as a conventional computer worm, entering a system through, for example, a vulnerability in a network service or an e-mail attachment. It may then:

Disable an essential system service or lock the display at system startup.
Encrypt some of the user’s personal files.
Prompting the user to enter a code obtainable only after wiring payment to the attacker or sending an SMS message and accruing a charge.
Urging the user to buy a decryption or removal tool.

More sophisticated ransomware may hybrid-encrypt the victim’s plaintext with a random symmetric key and a fixed public key. The malware author is the only party that knows the needed private decryption key. The author who carries out this cryptoviral extortion attack offers to recover the symmetric key for a fee.

History

The first known ransomware was the 1989 PC Cyborg Trojan, which only encrypted filenames with a weak symmetric cipher. The notion of using public key cryptography for these attacks was introduced by Young and Yung in 1996 who presented a proof-of-concept cryptovirus for the Macintosh SE/30 using RSA and TEA.

Examples of extortive ransomware reappeared in May 2005. By mid-2006, worms such Gpcode, TROJ.RANSOM.A, Archiveus, Krotten, Cryzip, and MayArchive began utilizing more sophisticated RSA encryption schemes, with ever-increasing key-sizes. Gpcode.AG, which was detected in June 2006, encrypted with a 660-bit RSA public key. Gpcode.AK, detected in June 2008, uses a 1024-bit RSA key, which is believed to be large enough to be computationally infeasible to break without a concerted distributed effort.

Please access the link below to get more detailed information about Ransomware and its dangers to vulnerable systems and solutions to defend your system from this Phenomenon.

Ransomware: Extortion via the Internet:

Information Security Magazine Dec 2009/Jan 2010 (Basic Database Security)

Posted in IT Security on January 11, 2010 by cobra

This Magazine issue explains the following points to educate you on some Basic concepts every individual must know in Information Security.


– Basic Database Security: Step-by-Step

– Carefully Evaluate Providers’ SaaS Security Model

– Writing Security Policies using a Taxonomy-based Approach.

Please click on the link below to access the Magazine PDF file.

Click Here

🙂

2010 IT Security Predictions

Posted in IT Security on January 4, 2010 by cobra

It’s that time of year again, the time when some things are simply inevitable. Things like fruitcake, maxed out credit cards, endless commercials about the “sale to end all sales”, and last, but not least, end of year predictions by everyone in the Security field who thinks they know something the rest of us do not. I don’t want to buck the trend or to be dubbed a scrooge, so I thought I would add my own two cents. My 2010 predictions are listed below, so give them a read and let me know your thoughts.

2010 predictions:

1.) Services will protect themselves: Facebook, Google, Twitter, TinyURL and the like will gain more control over criminal content. They will achieve this by either eradicating it or flagging it as bogus (or questionable), since not doing so seriously jeopardizes their business model. Those that do not will lose significant advertising revenue and go under (or away, or will be consumed by competitors).

2.) Malware will not evolve. No significant changes in malware will occur in 2010. Botnets won’t get more “sophisticated”, although they may make changes in the way they work (so what, they always have been.) No mass outbreaks will occur, and highly targeted attacks will remain only on the very fringes, as it has been for years.

3.) Consumers are getting smarter: The number of older “newbies” being introduced to the Internet’s crime is going to be significantly less in 2010 than in the past. While younger “newbies” will make their introductions via more secure services, or with friends who have been scammed in the past or otherwise have a good level of awareness. The base level of “cluefulness” for consumers will rise in 2010, which is
another reason for prediction #1 above.

4.) Windows 7 (not necessarily IE8) will prove to be more robust than expected, but ISV’s will have the light shone on them by MS as the attacks move more towards the applications (and, possibly, away from browser exploits.) ATL issues in ISV products will have a spotlight in 2010 (those that don’t use IE to do their interactions.)

5.) Serious finger-pointing and frustration over basic essential protocols (SMTP, DNS) will occur amongst “governments”, and non-technical organizations as spam and phishing prove even more difficult to thwart. Microsoft’s legal efforts, however, will pay off with at least one major arrest in this arena (and the details should give hope to those who’d like to see many more arrests.) Criminals will begin to think twice.

6.) Breaches will increase, albeit possibly smaller in average number of records compromised. There will be more money transfers made via accounting staff compromised credentials in 2010 than past years. Mid-sized businesses will be “shocked,” and some representative organization will call for major changes in some form of infrastructure (again!) A PCI-like standard will likely be announced/enforced by several major banks to cover electronic access to accounts for businesses. ACE (or ACE-like) tokens go mainstream (again)!

7.) Nothing of note happens to non-PCs (e.g. phones, PDAs, Macs, etc)

8.) CaaS works, not surprisingly for most of us.

9.) Virtualization does not come under real-world attack as a target, but the media will sensationalize at least one story where VM’s were involved (but the VM software had nothing to do with the issue.) Joanna will continue to ride her horse.

10.) China will continue to be blamed for everything.

Cheers
🙂