http://www.computerworld.com/s/article/9247465/5_year_old_hacks_Xbox_now_he_s_a_Microsoft_39_security_researcher_39_ By Zach Miners IDG News Service April 4, 2014 A 5-year-old San Diego boy has been commended by Microsoft for his security skills after finding a vulnerability in the company’s Xbox games console. Kristoffer Von Hasssel’s parents noticed earlier this year that he was logged into his father’s Xbox Live account and playing games he was not supposed to. He hadn’t stolen his father’s password. Instead, he stumbled upon a very basic vulnerability that Microsoft is said to have now fixed. After typing an incorrect password, Kristoffer was taken to a password verification screen. There, he simply tapped the space bar a few times, hit “enter” and was let into his father’s account. […]
http://www.darkreading.com/advanced-threats/cyberespionage-operators-work-in-groups/240156664 By Robert Lemos Dark Reading June 13, 2013 In a study of the life cycle of cyberespionage attacks, a group of researchers at a Taiwanese security startup have found that the nation’s major government agencies encounter a dozen such attacks each day and that the operators behind the attacks have virtual data centers that appear to be processing enormous workloads. The research, which will be presented at the Black Hat Briefings later this summer, focuses on a part of the espionage life cycle that most incident responders do not see: the attackers sifting through their data caches and processing the stolen information in virtual “APT [advanced persistent threat] operation centers,” says Benson Wu, co-founder and lead security researcher at Taiwan-based Xecure Lab and one of the presenters. “[We] will show that there are lots of people in these APT operation centers,” Wu says. “We can’t see [the] data that is being stolen, but there are a lot of operators. The workloads are so high that there must be tons of victims.” Wu — along with researchers at Academia Sinica/Taiwan, a top research university — describes the life cycle of cyberespionage attacks in five steps: the enemy creates their tools and infrastructure; they then get by their victim’s defenses; they search for and exfiltrate data using their command-and-control servers; they use a back-end console to gain access to the data; and they process the stolen information in an APT operations center. Their research focuses on the last two steps, he says. […] _______________________________________________ ISN mailing list ISN@lists.infosecnews.org http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org
By Lucian Constantin Techworld.com 04 December 2012
Attackers can read emails, contacts and other private data from the accounts of Yahoo users who visit a malicious page by abusing a feature present on Yahoo’s Developer Network website, according to an independent security researcher.
A limited version of the attack was presented on Sunday at the DefCamp security conference in Bucharest, Romania, by a Romanian Web application bug hunter named Sergiu Dragos Bogdan.
In his presentation, the researcher showed how the Web-based YQL (Yahoo Query Language) console, available on the developer.yahoo.com website, can be abused by attackers to execute YQL commands on behalf of authenticated Yahoo users who visit malicious websites.
YQL is a programming language similar to SQL (Structured Query Language) that was created by Yahoo. It can be used to query, filter and combine data stored in databases.
______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org
Save the following into a file named “squidstats” in the /usr/sbin/ directory
#Start of Script
squidclient -h 127.0.0.1 -p 8080 mgr:info|grep its
squidclient -h 127.0.0.1 -p 8080 mgr:info|grep ‘Storage Mem’
squidclient -h 127.0.0.1 -p 8080 mgr:info|grep StoreEntries
# echo “Press [CTRL+C] to stop..”
# End of Script
Chmod +x /usr/sbin/squidstats
Install and Enable squid cachemanager
While there are different stories about what cloud computing “is”, there is one specific direction that virtualization is headed that could bring along with it some additional problems for the security industry. One issue I wanted to focus in on is centered around vulnerability management and how it is implemented in a cloud environment. Many customer’s are faced with the need to scan their cloud, but unable to do so.
Virtualization providers have been pushing their customers and hosting providers to adopt new infrastructure to automate the distribution of CPU processing time for their applications across multiple condensed hardware devices. This concept was originally conceived as “Grid-Computing” which was created to address the limits of processing power in single CPU systems. This new wave of virtualization technology is meant to automatically distribute processing time to maximize the utilization of hardware for reduced Cap Ex (Capital Expenditures) and ongoing support costs. VMware’s Cloud Director is a good example of the direction that virtualization is going and how the definition of “cloud computing” is changing. Virtualized systems are quickly being condensed into combined multi-CPU appliances that integrate the network, application and storage systems together for more harmonious and efficient IT operations.
The vulnerability management problem:
While cloud management is definitely becoming much more robust, one issue that is apparent for cloud providers is the management of the vulnerabilities inside a particular customer’s cloud. In a distributed environment, if the allocation of systems changes by either adding or removing virtual systems/instances from your cloud you quickly face the fact that you may not be scanning the correct system for it’s vulnerabilities. This is especially important in environments that are “shared” across different customers. Since most Vulnerability Management products use CIDR blocks or CMDB databases for defining the profile for scanning, you could easily end up scanning an adjacent customer’s system and hitting their environment with scans due to either a lag between CMDB updates or due to static definitions of scan network address space.
The vulnerability management cloud solution:
My belief is that this vulnerability management problem will be addressed by the integration and sharing of asset information between the cloud and vulnerability scanning services. Cloud providers will more than likely need to provide application programming interfaces which will allow the scan engines/management consoles to read-in current asset or deployment information from the cloud and then dynamically update the IP address information before scans commence.
Furthermore, I feel that applications such as web, ftp and databases will be increasingly distributed across these same virtualized environments and automatically integrate with load distribution systems (load balancers) to ensure delivery of the application no matter where the applications move inside the cloud. The first signs of this trend are already apparent in the VN-Link functionality release as part of the Unified Computing System from Cisco however adoption has been slow due to legacy and capital deployment on account of the world’s market recession. This may even lead to having multiple customer applications being processed or running on the same virtual host with different TCP/UDP port numbers.
This information would also need to roll down to the reporting and ticketing functionality of the vulnerability management suite so that reports and tickets are dynamically generated using the most up-to-date information and no adjacent customer data leaks into the report or your ticketing system for managing remediation efforts. Please let me know your thoughts….
As many security professionals know, Symantec in the last couple of years seemed to have stumbled a bit. The merger with Veritas which left IT professionals scratching their heads and lead many to feel they were losing their focus. Later they acquired Altiris and everyone said “ho hum” to that and struck it up as just another crazy purchase. The interesting thing is how this seems to be all coming together in 2010…
McAfee on the other hand was still recovering from their stock option scandal, brought in a completely new management team in with a billion dollars in the bank. At the same time, Sophos, Kaspersky and other anti-virus companies were pounding the pavement as well. This created a hyper competitive marketplace for Symantec’s leadership. Then last year, McAfee announced their “Security Innovation Alliance” which basically allowed them to bring smaller vendors in and integrate functionality into their ePO console providing McAfee a better integration story against Symantec.
So where’s the “Trump card”?
The real trump card for Symantec against McAfee and others in the security industry is the Altiris management console. The key benefit for Symantec is the framework that Altiris provides to the multi-faceted agent based technologies that Symantec has acquired over the years. Altiris is very well known for their asset management technology and the ease of management of agent based technologies. This combo will provide Symantec a significant advantage against McAfee mostly in the ease of adding new integrated agents. I feel the Altiris integration framework is superior to that of McAfee’s ePO so if Symantec is successful in making this their main console to manage their endpoint protection products this could be a game changer and bring much greater competitiveness to Symantec’s story. Stay tuned….
Best Enterprise Vulnerability Management Product: Rapid 7 NeXpose
After reviewing the top players in my select list, it is my opinion that the vendor who is the most feature rich, low cost and safest deployment option currently available is the Rapid 7 appliance. Qualys is my second choice based on the same criteria and mostly due to my favoring onsite deployment. Finally with McAfee and they come in last for me mostly due to their lack of web and database scanning. I just jotted down SWOT thoughts on the following vendors so if there are any corrections please send me them via my blog’s contact form.
Vendors I Selected for the SWOT
- Rapid 7
- McAfee, Inc.
Rapid 7 – NeXpose
– Highly focused on just vulnerability management
– Quick deployment
– Fast customer adoption (high growth)
– Recent infusion of growth capital (VC funding)
– Enterprise ticketing integration
– Web application scanning
– Database scanning
– VMware capability
– Onsite deployment
– Low cost (depreciable)
– Small company
– Limited policy compliance functionality (ITGRC)
– Operations cost (management, power, rack space etc)
– Small research team
– Small support team
– Take greater market share as larger vendors lag
– Expansion to policy management (ITGRC)
– Expand distribution channel
– Integration with 3rd party blocking technology (web app firewalls)
– Integrate web app scanning ticketing to development bug tracking systems
– Company aquisition
– Alternative technologies are developed
– Large players address weaknesses
Qualys – QualysGuard Enterprise
– SaaS and cloud adoption increasing
– Web application security
– Database security
– Quick deployment
– Enterprise ticket integration
– Highly focused on vulnerability management
– SaaS only (high cost for onsite deployment option)
– High ongoing fees (non depreciable)
– Lower ROI due to continuous yearly subscription model
– Limited database scanning support
– Commitment to on site deployment option
– Reduce yearly subscription renewals to address ROI argument
– Move more towards SaaS based ITGRC platform
– Integrate web app scanning ticketing to development bug tracking systems
– ITGRC vendors expand to Vulnerability management space
– Smaller (more nimble companies) develop better functionality
– Larger players lower pricing further
– Larger players match SaaS offering
McAfee – McAfee Vulnerability Manager
– Large market share
– Countermeasure awareness
– Vmware option available
– Foundstone research heritage
– Instant new threat assessment reporting
– Onsite deployment option
– Limited web application scanning
– Limited database scanning
– Countermeasure awareness limitations (competitor products?)
– Console strategy unknown (epo?)
– Some functionality requires separate console
– SaaS expansion to include ticketing and policy compliance (ITGRC)
– Consolidate existing SaaS offerings under one single website console.
– Consolidate separately managed products into EPO (i.e. Vuln manager, Risk and compliance manager and remediation manager)
– Poor execution of consolidated console strategy
– Possibility of Acquisition
– Reduced revenue due to commoditization
Note: The results of this analysis are not quantitative in nature and are only opinions of the author and no other associations, organizations or persons.