Security » Intrusion Detection & Prevention

How DNS cache poisoning works

There has been a long history of attacks on the Domain Name System ranging from brute-force denial-of-service attacks to targeted attacks requiring specialized software. In July 2008 a new DNS cache-poisoning attack was unveiled that is considered especially dangerous because it does not require substantial bandwidth or processor resources nor does it require sophisticated techniques.

By Bob Halley | 21 October, 2008 09:30

Tags: DNS, internet security

Can we really stop malicious insiders?

In terms of malicious insiders committing fraud, can anything "really" be done?

By Brian Contos | 30 September, 2008 08:48

Tags: fraud, insider threats

Separation of duties and IT security

Separation of duties is a key concept of internal controls and is the most difficult and sometimes the most costly one to achieve. This objective is achieved by disseminating the tasks and associated privileges for a specific security process among multiple people.

Reflections on a new internal data theft study

While external data breaches involving household brand names such as TJX tend to grab more headlines, insider data thefts are emerging as compliance and reputational risks for organizations. Recent studies suggest that over 60 per cent of data breaches originate from an internal source or event. One reason for this is that in today's data-rich environment organizations continue to struggle with the 'human element' at the heart of data security. It can be extremely difficult to balance the protection of sensitive data with granting access to employees who need it to complete their daily job requirements. To that end, organizations have implemented several new security measures including employee education programs, data access monitoring, and strict policies regarding USB ports and portable devices. Although these are steps in a positive direction, little has been done to study and understand how the data is exploited once it leaves an organization.

New risks in 802.11n

Along with the potential performance and coverage benefits of 802.11n come a few new security risks, says industry security guru Joshua Wright. Wright presented a Webinar last week that outlined several new vulnerabilities that high-speed 802.11n networks introduce.

Major Sites Fall Victim to Web Hijack

Security company Finjan Wednesday reported it has found more than 1,000 sites infected by an attack toolkit called "Asprox," which exploits discovered flaws in a vulnerable site's programming to add hidden attack code. The attack code in turn searches for flaws on a browser's PC, and if any such holes are found it will download malware onto the computer.

Security is all about reputation

Australian organizations are now more vigilant when it comes to safeguarding sensitive information. It is a necessary measure when you consider that cybercriminals are constantly devising new ways to breach business security systems, from creating new spam techniques to using popular Web 2.0 Web sites such as Wikipedia and YouTube as a front for malicious Web sites that lure users to download malware. Add to that, social networking sites, like Facebook and MySpace, have an enormous impact on workplace security as use of these sites becomes more popular among employees.

When university research is responsible for that network probe

The Internet Storm Center, operated by SANS, is one of the leading sources when it comes to identifying emerging attacks against networks, through their DShield collaborative network analysis effort. Traffic spikes on network ports that are well above the normal rates of traffic flow can signify a rapidly spreading exploit or it could be a misconfigured network spewing rubbish across the rest of the Internet. One of the ISC's handlers noted a significant spike of traffic on port 7 recently and was surprised by what he found.

Disinfecting a spyware-riddled PC

What do I do if I suspect someone is controlling my PC? When my IP address has been changed without my knowledge? My boot-up process is getting harder unless I unplug the Ethernet cable and the CPU is at 100 per cent every time I open any program. There is also a new connection to the Internet that is between my connection and the net I know was not there a month ago. When I try to register my e-mail address the programs say it's invalid and does not match whatever it has to compare it to.-- Teresa Hurst.

How your cold explains network intrusion

With the cold an flu season most definitely upon us, there is much that the common cold can show us about network intrusion and what can happen once a single compromise has taken place.

Hacking tools: A new version of BackTrack helps ethical hackers

Version 3.0 of BackTrack has been released. BackTrack is a Linux-based distribution dedicated to penetration testing or hacking (depending on how you look at it). It contains more than 300 of the world's most popular open source or freely distributable hacking tools.

EU struggles with diversifying technology

In the immortal words of the Young Ones "[A] social conscience is like a garden shed. If you try to eat it, it will stick in your throat!". At least that is the lesson that the EU seems to be learning [1] in its efforts to promote greater competition in the technology industry as it tries to implement the use of alternate (to Microsoft) office software and operating systems that adhere to open standards.

Chinese financial systems begin hardening

China's financial markets have paralleled the rapid growth and development of the country and for a time were regarded as something of a 'Wild West' environment, where the risks were significant but the rewards were immense. Rapid growth in cities like Shanghai and the handover of Hong Kong and Macau have provided ample opportunities for investment and the development of a form of capitalist communism has created an environment where the potential rewards seemed to justify the risk.

Is data loss compensation unfair?

A well known Information Security researcher who is best known for his recent work in collating and archiving reports of the often-inextricably linked forerunner to identity theft, data loss, has recently spoken out against the seemingly poor standard of compensation generally offered by the affected companies to their consumers.

A resurgent Denial of Service threat emerges

A less known part of the recent ARP attack against H D Moore's MetaSploit site was an attempted Denial of Service attack that coincided with the successful ARP attack.

Silence of top security voices a cause for concern

Remaining platform and technology agnostic in Information Security is a progressively more difficult task as people and companies develop the skills and abilities to form professional fee-based relationships with the vendors that they previously reported about.

Notes from AusCERT 2008

I've had the pleasure of speaking and attending this year's AusCERT 2008 security conference held in Gold Coast, Australia. If you've never been to Australia, you're missing some of the best that life has to offer, and I feel the same way about the conference. Although a bit smaller than most US security conferences, it's intentionally kept small (around 1,000 participants) and makes up in quality speaker presentations and vendor participation what it lacks in headcount. One of the great attributes of the typical Aussie is their aversion to marketing hype, along with their ability to "cut the fat off a chicken" (as my grandmother used to say) and pull out the salient points. If a vendor tries to push marketing fluff about their product too much, they are likely to get verbally assailed rugby-style. Here are some of my favorite notes and quotes from selected speakers:

How to avoid the Debian SSH key attacks

If you are running a Debian-based Linux system and haven't already caught up with the announcement [1] that there was a major flaw with the generation of SSH, OpenVPN, DNSSEC, SSL/TLS session keys and X.509 certificate key material, you might want to update your system to address the problem.

Crimeware-as-a-service taking off

Online malware threats have taken the next step in their evolution from piecemeal creations to commercialized products, with security researchers charting the arrival of a growing number of hosted data theft services.