Video Screencast Help
Cyber Readiness and Response
Showing posts tagged with Data Loss Prevention (Vontu)
Showing posts in English
Joseph.Rogalski | 05 Mar 2013 | 0 comments

So what is the big deal if a few of my corporate PCs are infected with malware, what’s the worst that can happen? In this post I want to cover what can be done with a compromised PC and why it is a big deal. Many Security Managers minimize the importance of having clean PCs on their networks and comment what is the worst that can happen. We will walk though why it is extremely important to be diligent about protecting your endpoints.
Some “What ifs” to think about, these are the more obvious risks if a user’s PC is infected?
What if account credentials were harvested and used to access internal corporate information, or place fraudulent orders within your internal systems?   How would you know and what could you do about it?
What if access was granted to the user corporate email? Sending phishing emails internally or external from what is a trusted email address and further...

Joseph.Rogalski | 28 Feb 2013 | 0 comments

While managing Operational Risk for a large IT organization, one of my responsibilities was to work with Corporate Operational Risk to define Key Risk Indicators (KRIs) KRIs were monitored at a corporate level.  We took the easy route by using canned reports that were already in production rather than taking the time to evaluate what may be useful to measure. We looked at things such as spam activity and external firewall activity.  These KRIs provided very little value, as they were not actionable.  If blocked spam activity went up or down, what could be done about it? If the firewalls were being scanned more frequently, was there much, if anything, we could do?   When I speak with clients today about reporting and KRIs, I encourage them to measure and report on areas where action can be taken and is useful to the organization.
I recently dealt with a number of customers who experienced MAJOR Severity 1 issues.  The impact and...

vince_kornacki | 26 Feb 2013 | 0 comments

Ready for one last slick web application penetration test trick? In this installment we'll explore a subtle and often overlooked vulnerability related to web application authentication. In response to the login request containing posted authentication credentials the web application should return a "302 Found" redirect with a corresponding "Location" header specifying the next page within the application workflow. However, many web applications instead return a "200 OK" response without including this intermediate redirect. So what’s the problem?

In essence, browsers choose whether to resubmit posted data back to web applications based on the response codes returned by the web application. When a "200 OK" response code is received, the information originally submitted to the web application will be resubmitted when the "Back" button is clicked. However, when a "302 Found" redirect is received, the...

vince_kornacki | 22 Feb 2013 | 0 comments

Ready for another cool web application penetration test trick? In this installment we'll cover clickjacking, also known as "UI redressing". Clickjacking is an instance of the classic "confused deputy" problem, and occurs when attackers leverage framesets and stylesheets in order to create opaque bottom and transparent top layers within the victim's browser. The target web application is loaded within the transparent top layer, while a dummy web application is loaded within the bottom opaque layer. By aligning elements between the transparent top and opaque bottom layers, attackers entice the victim to click on something within the opaque bottom layer, but the transparent top layer hijacks the click and performs some unintended action.

For example, the dummy web application loaded within the opaque bottom layer could inform the victim that they have won $1,000 and they simply need to click the "Claim Prize" button in order to cash in....

vince_kornacki | 19 Feb 2013 | 2 comments

Performing a web application penetration test is not voodoo magic, but rather an exercise in knowledge, prioritization, and efficiency. During years of hard work penetration testers hone their methodology and develop efficient ways of applying their knowledge in order to identify specific vulnerabilities. The "Web Application Penetration Test Tricks" blog series will examine simple methods for testing some interesting web application vulnerabilities. In other words, we'll take a look at some tricks of the trade that you can implement while performing penetration tests against your own web applications!

Many web applications implement file upload functionality using an <input type=" file"> field. The file is uploaded to the server where the web application does something with it, often storing the file for subsequent download by other application users. What if a file containing a virus could be uploaded? Could the virus be spread to other...

PaulTobia | 12 Feb 2013 | 0 comments

Information Technology is radically changing. We can wrap it in terms and buzzwords like cloud, mobility, BYOD, Web 3.0, but the reality is both the sum of and more complex than the names we give it. IT is no longer in the hands of the professionals. It’s not just the devices but all aspects: the networks, the software, the services, and the infrastructure have become so ubiquitous and cost effective that any individual can own and manage their own IT.

As information security professionals how can we bring any safety or security to this explosion of IT? It’s not as bleak as it sounds. Just as the current environment is the acceleration and combination of directions and trends from the past so our existing tools and controls provide a basis to manage this new world. Don’t go looking for one technology or process to solve the problem, because there isn’t one. We must be as flexible and agile as the industry.

I was securing mobility back when it...

franklin-witter | 07 Feb 2013 | 0 comments

In part 1 of this series, we looked at three possible signs you may have been the victim of an APT and how to detect and defend against these activities:  1)Gaps in System and Security Logs; 2) Unexplained Changes in System Configurations; and 3) Anomalous Traffic.  Part Two examined two more potential signs of APT activity:  4) Odd Activity Appearing in Application and/or Database Logs; and 5) Your Organization is Experiencing a DDoS Attack.  In this third installment of the “You Might Be an APT Victim if…” series, we’ll look at two more signs of potential APT activity inside your networks and systems. 
Sign 6:  Anomalous User Activity
One of the ways that advanced attackers “hide in plain sight” is to steal legitimate user credentials and then poke around the network using those stolen credentials.  This type of activity can be very difficult to...

uuallan | 05 Feb 2013 | 1 comment

Symantec security response has posted a write-up about a new Android threat, Android.Claco (also known as SuperClean) that poses new challenges to security teams in a world of BYOD.  You can read about the threat here:, it is a typical piece of Android Malware in that it will send contact lists, images, etc. to a command and control server. But it adds a new layer of maliciousness by downloading autorun.inf, folder.ico, and svchosts.exe to the phone.

In effect, SuperClean turns any Android phone into the equivalent of a compromised thumb drive. This means any employee who brings their Android phone into the office and plugs it into their computer to recharge could compromise their entire network. While we have seen malware that moves from PC to phone, this is the first time that we have seen malware...

franklin-witter | 05 Feb 2013 | 0 comments

In part 1 of this series, we looked at three possible signs you may have been the victim of an APT and how to detect and defend against these activities:  1)Gaps in System and Security Logs; 2) Unexplained Changes in System Configurations; and 3) Anomalous Traffic. In this second installment of the “You Might Be an APT Victim if…” series, we’ll continue our look into signs of potential APT activity inside your networks and systems. 
Sign 4: Odd Activity Appearing in Application and/or Database Logs
The bad news is that attacks against web applications continue to be a favorite for unskilled and advanced attackers alike.  Unfortunately, as seen repeated again and again in headline news, this attack vector is often very successful.  While progress has been made in the realms of IPS and application level firewalls, these defenses are not bulletproof and can be evaded by skilled...

franklin-witter | 01 Feb 2013 | 1 comment

InfoWorld recently ran an interesting article discussing 5 signs that indicate you might be the victim of an Advanced Persistent Threat (,0&source=rss_security). The signs outlined in the article are good, but I don’t think that the author intended for this to be a comprehensive list.  With that in mind, this blog series takes a look at some of the other signs you might be an APT victim.  Like the InfoWorld article, this series isn’t intended to be comprehensive; rather it will just provide more food for thought in the effort to detect and defend against advanced attackers.
Sign 1:  Gaps in System and Security Logs
Part of...