Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Cyber Readiness and Response

Showing posts tagged with Email Encryption
Showing posts in English
Joseph.Rogalski | 28 Feb 2013 | 0 comments

While managing Operational Risk for a large IT organization, one of my responsibilities was to work with Corporate Operational Risk to define Key Risk Indicators (KRIs) KRIs were monitored at a corporate level.  We took the easy route by using canned reports that were already in production rather than taking the time to evaluate what may be useful to measure. We looked at things such as spam activity and external firewall activity.  These KRIs provided very little value, as they were not actionable.  If blocked spam activity went up or down, what could be done about it? If the firewalls were being scanned more frequently, was there much, if anything, we could do?   When I speak with clients today about reporting and KRIs, I encourage them to measure and report on areas where action can be taken and is useful to the organization.
I recently dealt with a number of customers who experienced MAJOR Severity 1 issues.  The impact and...

vince_kornacki | 26 Feb 2013 | 0 comments

Ready for one last slick web application penetration test trick? In this installment we'll explore a subtle and often overlooked vulnerability related to web application authentication. In response to the login request containing posted authentication credentials the web application should return a "302 Found" redirect with a corresponding "Location" header specifying the next page within the application workflow. However, many web applications instead return a "200 OK" response without including this intermediate redirect. So what’s the problem?

In essence, browsers choose whether to resubmit posted data back to web applications based on the response codes returned by the web application. When a "200 OK" response code is received, the information originally submitted to the web application will be resubmitted when the "Back" button is clicked. However, when a "302 Found" redirect is received, the...

vince_kornacki | 22 Feb 2013 | 0 comments

Ready for another cool web application penetration test trick? In this installment we'll cover clickjacking, also known as "UI redressing". Clickjacking is an instance of the classic "confused deputy" problem, and occurs when attackers leverage framesets and stylesheets in order to create opaque bottom and transparent top layers within the victim's browser. The target web application is loaded within the transparent top layer, while a dummy web application is loaded within the bottom opaque layer. By aligning elements between the transparent top and opaque bottom layers, attackers entice the victim to click on something within the opaque bottom layer, but the transparent top layer hijacks the click and performs some unintended action.

For example, the dummy web application loaded within the opaque bottom layer could inform the victim that they have won $1,000 and they simply need to click the "Claim Prize" button in order to cash in....

vince_kornacki | 19 Feb 2013 | 2 comments

Performing a web application penetration test is not voodoo magic, but rather an exercise in knowledge, prioritization, and efficiency. During years of hard work penetration testers hone their methodology and develop efficient ways of applying their knowledge in order to identify specific vulnerabilities. The "Web Application Penetration Test Tricks" blog series will examine simple methods for testing some interesting web application vulnerabilities. In other words, we'll take a look at some tricks of the trade that you can implement while performing penetration tests against your own web applications!

Many web applications implement file upload functionality using an <input type=" file"> field. The file is uploaded to the server where the web application does something with it, often storing the file for subsequent download by other application users. What if a file containing a virus could be uploaded? Could the virus be spread to other...

PaulTobia | 12 Feb 2013 | 0 comments

Information Technology is radically changing. We can wrap it in terms and buzzwords like cloud, mobility, BYOD, Web 3.0, but the reality is both the sum of and more complex than the names we give it. IT is no longer in the hands of the professionals. It’s not just the devices but all aspects: the networks, the software, the services, and the infrastructure have become so ubiquitous and cost effective that any individual can own and manage their own IT.

As information security professionals how can we bring any safety or security to this explosion of IT? It’s not as bleak as it sounds. Just as the current environment is the acceleration and combination of directions and trends from the past so our existing tools and controls provide a basis to manage this new world. Don’t go looking for one technology or process to solve the problem, because there isn’t one. We must be as flexible and agile as the industry.

I was securing mobility back when it...

franklin-witter | 07 Feb 2013 | 0 comments

In part 1 of this series, we looked at three possible signs you may have been the victim of an APT and how to detect and defend against these activities:  1)Gaps in System and Security Logs; 2) Unexplained Changes in System Configurations; and 3) Anomalous Traffic.  Part Two examined two more potential signs of APT activity:  4) Odd Activity Appearing in Application and/or Database Logs; and 5) Your Organization is Experiencing a DDoS Attack.  In this third installment of the “You Might Be an APT Victim if…” series, we’ll look at two more signs of potential APT activity inside your networks and systems. 
Sign 6:  Anomalous User Activity
One of the ways that advanced attackers “hide in plain sight” is to steal legitimate user credentials and then poke around the network using those stolen credentials.  This type of activity can be very difficult to...

uuallan | 05 Feb 2013 | 1 comment

Symantec security response has posted a write-up about a new Android threat, Android.Claco (also known as SuperClean) that poses new challenges to security teams in a world of BYOD.  You can read about the threat here:, it is a typical piece of Android Malware in that it will send contact lists, images, etc. to a command and control server. But it adds a new layer of maliciousness by downloading autorun.inf, folder.ico, and svchosts.exe to the phone.

In effect, SuperClean turns any Android phone into the equivalent of a compromised thumb drive. This means any employee who brings their Android phone into the office and plugs it into their computer to recharge could compromise their entire network. While we have seen malware that moves from PC to phone, this is the first time that we have seen malware...

franklin-witter | 05 Feb 2013 | 0 comments

In part 1 of this series, we looked at three possible signs you may have been the victim of an APT and how to detect and defend against these activities:  1)Gaps in System and Security Logs; 2) Unexplained Changes in System Configurations; and 3) Anomalous Traffic. In this second installment of the “You Might Be an APT Victim if…” series, we’ll continue our look into signs of potential APT activity inside your networks and systems. 
Sign 4: Odd Activity Appearing in Application and/or Database Logs
The bad news is that attacks against web applications continue to be a favorite for unskilled and advanced attackers alike.  Unfortunately, as seen repeated again and again in headline news, this attack vector is often very successful.  While progress has been made in the realms of IPS and application level firewalls, these defenses are not bulletproof and can be evaded by skilled...

franklin-witter | 01 Feb 2013 | 1 comment

InfoWorld recently ran an interesting article discussing 5 signs that indicate you might be the victim of an Advanced Persistent Threat (,0&source=rss_security). The signs outlined in the article are good, but I don’t think that the author intended for this to be a comprehensive list.  With that in mind, this blog series takes a look at some of the other signs you might be an APT victim.  Like the InfoWorld article, this series isn’t intended to be comprehensive; rather it will just provide more food for thought in the effort to detect and defend against advanced attackers.
Sign 1:  Gaps in System and Security Logs
Part of...

Phil Harris | 21 Jan 2013 | 1 comment

There's a growing buzz in the industry about "who" should be responsible for encryption in the cloud from a user perspective.  As usual, the technology to do this is not the hard part – crypto is crypto is crypto, etc.  It's really more of a privacy and legal issue; privacy from the perspective of preventing others from seeing your stuff in the cloud and legal from the perspective of who has control over that data that is secured in the cloud.  
I think we all get the idea of privacy of our data in the cloud.  For example, if you put your personal financial data in the cloud to either be stored and/or used by an application, you want to make sure the data is secure.  If it's just storage, then you can personally encrypt the data before you store it in the cloud using encryption solutions like PGP.  If you're lucky enough to have a cloud provider that encrypts it for you, but gives you complete...