Security Balancetrying to bring balance to the Force |
 |
Sometimes we spend so much time discussion network based IDS that we end up not looking at other interesting places to look for intrusion signs. There is a very nice post on SANS ISC Diary today about an organization that has one of its border routers compromised and detected it through a periodical configuration file [...]
Rothman pointed to a nice discussion on how to prevent the extrusion (borrowing the term from Bejtlich) of stolen data in cases like Heartland, where credit card data was sent to Russia over clear text connections. Rothman post references a nice post from Richard Mogull on the subject.
Well, I’m an old advocate of analyzing outbound [...]
Do you know what that is? That’s a complete disaster!
I’ve got the tip for this very interesting Burton Group discussion from Anton Chuvakin’s post (who also has an overflowing ”2blog” queue .
There is a way to summarize that discussion. The key issue on deperimeterization is the control over the endpoint. If you are pushing the [...]
The logic behind risk management makes almost all companies to focus on protecting their servers instead of spending time on the workstations. Although it seems to make sense, it is important to note that people access, generate and input information on sensitive applications and servers mostly through their workstations. Owning the workstations of an organization [...]
Richard Mogull mentions on his blog today the concepts of adaptative Authentication and Authorization. In short, from his post:
“User: This is an area I intend to talk about in much greater depth later on. Basically, right now we rely on static authentication (a single set of credentials to provide access) and I think we need [...]
I have been away from the blog for a while because of a series of reasons, but I couldn’t avoid to comment on this recently published advisory from Microsoft, MS08-067. Just as some worms we witnessed in the past, this one is related to a core Windows service, meaning that almost all boxes are vulnerable. [...]
It would be impossible to write about low hanging fruits without mentioning network shares. I say it because they are usually my favorite path to elevate privileges when I’m performing a penetration test. Among stuff that I’ve already found on unprotected (I mean, Everyone – Full Control) shares are:
- Source code for critical applications
- Configuration [...]
Now that I’m back to pen testing I’m having the chance to see the mistakes that admins are going into nowadays. There is something very interesting that Windows domain administrators sometimes forget and needs to be addressed as it brings serious security implications: login script files permissions.
Login scripts are those little batch scripts that run [...]
I already mentioned how I like stuff like port knocking. It can’t be used as replacement for other security measures, but it’s a nice way to keep important stuff out of radar. Imagine if you had some SSH daemons remotely accessible when that OpenSSL PRNG crisis started. I saw lots of admins running to replace [...]
The indictment of 11 people on a mass card theft is all over the news this week. I’ve seen reports about software developed to steal cards, war driving and other stuff that I really don’t know if it’s just bad press or actual facts. There are some good info here and here.
Of course PCI will [...]
