Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Cyber Security Group
Showing posts tagged with Endpoint Protection Small Business Edition 2013
Showing posts in English
Vince Kornacki | 26 Feb 2013 | 0 comments

Ready for one last slick web application penetration test trick? In this installment we'll explore a subtle and often overlooked vulnerability related to web application authentication. In response to the login request containing posted authentication credentials the web application should return a "302 Found" redirect with a corresponding "Location" header specifying the next page within the application workflow. However, many web applications instead return a "200 OK" response without including this intermediate redirect. So what’s the problem?

In essence, browsers choose whether to resubmit posted data back to web applications based on the response codes returned by the web application. When a "200 OK" response code is received, the information originally submitted to the web application will be resubmitted when the "Back" button is clicked. However, when a "302 Found" redirect is received, the...

Vince Kornacki | 22 Feb 2013 | 0 comments

Ready for another cool web application penetration test trick? In this installment we'll cover clickjacking, also known as "UI redressing". Clickjacking is an instance of the classic "confused deputy" problem, and occurs when attackers leverage framesets and stylesheets in order to create opaque bottom and transparent top layers within the victim's browser. The target web application is loaded within the transparent top layer, while a dummy web application is loaded within the bottom opaque layer. By aligning elements between the transparent top and opaque bottom layers, attackers entice the victim to click on something within the opaque bottom layer, but the transparent top layer hijacks the click and performs some unintended action.

For example, the dummy web application loaded within the opaque bottom layer could inform the victim that they have won $1,000 and they simply need to click the "Claim Prize" button in order to cash in....

Vince Kornacki | 19 Feb 2013 | 2 comments

Performing a web application penetration test is not voodoo magic, but rather an exercise in knowledge, prioritization, and efficiency. During years of hard work penetration testers hone their methodology and develop efficient ways of applying their knowledge in order to identify specific vulnerabilities. The "Web Application Penetration Test Tricks" blog series will examine simple methods for testing some interesting web application vulnerabilities. In other words, we'll take a look at some tricks of the trade that you can implement while performing penetration tests against your own web applications!

Many web applications implement file upload functionality using an <input type=" file"> field. The file is uploaded to the server where the web application does something with it, often storing the file for subsequent download by other application users. What if a file containing a virus could be uploaded? Could the virus be spread to other...

PaulTobia | 12 Feb 2013 | 0 comments

Information Technology is radically changing. We can wrap it in terms and buzzwords like cloud, mobility, BYOD, Web 3.0, but the reality is both the sum of and more complex than the names we give it. IT is no longer in the hands of the professionals. It’s not just the devices but all aspects: the networks, the software, the services, and the infrastructure have become so ubiquitous and cost effective that any individual can own and manage their own IT.

As information security professionals how can we bring any safety or security to this explosion of IT? It’s not as bleak as it sounds. Just as the current environment is the acceleration and combination of directions and trends from the past so our existing tools and controls provide a basis to manage this new world. Don’t go looking for one technology or process to solve the problem, because there isn’t one. We must be as flexible and agile as the industry.

I was securing mobility back when it...

franklin-witter | 07 Feb 2013 | 0 comments

In part 1 of this series, we looked at three possible signs you may have been the victim of an APT and how to detect and defend against these activities:  1)Gaps in System and Security Logs; 2) Unexplained Changes in System Configurations; and 3) Anomalous Traffic.  Part Two examined two more potential signs of APT activity:  4) Odd Activity Appearing in Application and/or Database Logs; and 5) Your Organization is Experiencing a DDoS Attack.  In this third installment of the “You Might Be an APT Victim if…” series, we’ll look at two more signs of potential APT activity inside your networks and systems. 
 
Sign 6:  Anomalous User Activity
 
One of the ways that advanced attackers “hide in plain sight” is to steal legitimate user credentials and then poke around the network using those stolen credentials.  This type of activity can be very difficult to...

uuallan | 05 Feb 2013 | 1 comment

Symantec security response has posted a write-up about a new Android threat, Android.Claco (also known as SuperClean) that poses new challenges to security teams in a world of BYOD.  You can read about the threat here: http://www.symantec.com/security_response/writeup.jsp?docid=2013-020415-5600-99, it is a typical piece of Android Malware in that it will send contact lists, images, etc. to a command and control server. But it adds a new layer of maliciousness by downloading autorun.inf, folder.ico, and svchosts.exe to the phone.

In effect, SuperClean turns any Android phone into the equivalent of a compromised thumb drive. This means any employee who brings their Android phone into the office and plugs it into their computer to recharge could compromise their entire network. While we have seen malware that moves from PC to phone, this is the first time that we have seen malware...

franklin-witter | 05 Feb 2013 | 0 comments

In part 1 of this series, we looked at three possible signs you may have been the victim of an APT and how to detect and defend against these activities:  1)Gaps in System and Security Logs; 2) Unexplained Changes in System Configurations; and 3) Anomalous Traffic. In this second installment of the “You Might Be an APT Victim if…” series, we’ll continue our look into signs of potential APT activity inside your networks and systems. 
 
Sign 4: Odd Activity Appearing in Application and/or Database Logs
 
The bad news is that attacks against web applications continue to be a favorite for unskilled and advanced attackers alike.  Unfortunately, as seen repeated again and again in headline news, this attack vector is often very successful.  While progress has been made in the realms of IPS and application level firewalls, these defenses are not bulletproof and can be evaded by skilled...

franklin-witter | 01 Feb 2013 | 1 comment

InfoWorld recently ran an interesting article discussing 5 signs that indicate you might be the victim of an Advanced Persistent Threat (http://images.infoworld.com/d/security/5-signs-youve-been-hit-advanced-persistent-threat-204941?page=0,0&source=rss_security). The signs outlined in the article are good, but I don’t think that the author intended for this to be a comprehensive list.  With that in mind, this blog series takes a look at some of the other signs you might be an APT victim.  Like the InfoWorld article, this series isn’t intended to be comprehensive; rather it will just provide more food for thought in the effort to detect and defend against advanced attackers.
 
Sign 1:  Gaps in System and Security Logs
 
Part of...

Phil Harris | 21 Jan 2013 | 1 comment

There's a growing buzz in the industry about "who" should be responsible for encryption in the cloud from a user perspective.  As usual, the technology to do this is not the hard part – crypto is crypto is crypto, etc.  It's really more of a privacy and legal issue; privacy from the perspective of preventing others from seeing your stuff in the cloud and legal from the perspective of who has control over that data that is secured in the cloud.  
 
I think we all get the idea of privacy of our data in the cloud.  For example, if you put your personal financial data in the cloud to either be stored and/or used by an application, you want to make sure the data is secure.  If it's just storage, then you can personally encrypt the data before you store it in the cloud using encryption solutions like PGP.  If you're lucky enough to have a cloud provider that encrypts it for you, but gives you complete...

uuallan | 26 Nov 2012 | 1 comment

On Tuesday, November 20th, routers, switches and servers across the Internet reset themselves (or attempted to reset themselves) back to the year 2000.  This sudden change was caused by a reboot of the time server at the US Naval Observatory.  Timing is extremely important to Internet communications, to that end most network devices use a protocol known as Network Time Protocol (NTP) to ensure they are running at the correct time.  NTP operates over UDP 123 and reaches out to a designated device to maintain time sync.  There are volunteer hosts throughout the Internet, such as the one at the US Naval Observatory, that make themselves available for network administrators to sync their servers.  When the reboot of the NTP server at the US Naval Observatory occurred the server set itself back to the year 2000 and when network devices across the Internet checked in for an NTP update the clocks tried adjust themselves back to the year 2000 (many devices will not...