Video Screencast Help
Security Community Blog
Showing posts in English
Kari Ann | 07 Aug 2014 | 4 comments

The prevalence of zero-day vulnerabilities hit close to home this week when a North American penetration tester published a report claiming they had found a vulnerability in Symantec Endpoint Protection. The reality of Symantec’s ISTR vo. 19 seeing a 64%* increase in zero-day discoveries last year came alive as the Endpoint Protection product team reacted quickly to confirm and respond to the risk with a patch (available on FileConnect).

To date, no known compromise has been reported due to this medium severity vulnerability. The issue affects the Application and Device Control component of Symantec Endpoint Protection. If exploited, it could result in a client crash, denial of service or, if successful, escalate to admin privileges and gain control of the system.

It’s important to note that the vulnerability is not...

Chetan Savade | 07 Aug 2014 | 0 comments

Hello Everyone,

Symantec Endpoint Protection support is availalble with multiple options like Phone Support, Chat Support, Social support & Web Support via MySymantec 

Here is the landing page: 


Phone Support:

Phone Support.JPG

Check Phone Support conact by region. Here is the link.


Chat Support:

Chat Support.JPG

To initiate Chat support, Enter initial word like...

EfrainO | 06 Aug 2014 | 0 comments


This is the first of a multipart blog. I want to advocate a process change to continuously monitor an organization’s digital population, healthy or otherwise, modeled after Dr. John Snow and the Center for Disease Control and Prevention’s Epidemic Intelligence Service (CDC EIS). This Snow–and-CDC inspired process will help in detecting outliers or indicators of early stage digital disease onset, limiting the exposure time to hosts, and limiting the total cost of loss. Instead of waiting for a digital disease outbreak to engage responders, we should engage in the constant day to day analysis of population health data to find the digital disease pathogen before it becomes an epidemic and possible pandemic. In this paper I’ll discuss Dr. Snow’s investigation of cholera and how his investigation method relates to digital disease detection, response and prevention. I will also cover some tools used in epidemiology that demonstrate epidemiology’s applicability to advance...

Brandon Noble | 01 Aug 2014 | 0 comments

Security Response is aware of an alert from US-CERT regarding a threat they are calling Backoff. This threat family is reported to target Point of Sale machines with the purpose of logging key strokes and scraping memory for data (like credit card info) and then exfiltrating the data to the attacker.

Symantec Security Response is currently investigating this threat family and is working to obtain samples that were mentioned in the IOC section of the CERT alert. All detections for threat files have been, or will, be mapped to: Trojan.Backoff

Detection information:
AV:      Trojan.Backoff – available in RR def 20140731.025 (156267)
IPS:   ...

robertckl | 31 Jul 2014 | 1 comment

Remember the movie "The Truman Show", where Jim Carrey played the main character of a TV show that chronicled the life of a man who was initially unaware that he was living in a constructed reality television show, broadcast around the clock to billions of people around the globe. Imagine that your organisation is chronicled the same way. Every online transaction, secured or not.

That's what Heartbleed can do.  Fortunately most systems using OpenSSL libraries have been patched (hopefully) to counter this. What if there is another way that this can be done. That this could be happening right now, on a  daily basis and that this is not a vulnerability, but is actually how most clients connect to organisations during SSL/TLS negotitaions for the past decade?

Fristly have a look at how SSL/TLS handshake works. 


Consider this scenario:

robertckl | 23 Jul 2014 | 1 comment

A special request was made today: "How does SSL work? What is an SSL handshake?"

Here are some quick info.


SSL/TLS are protocols used for encrypting information between two points. It is usually betwen server and client, but there are times when server to server and client to client encryption are needed. For the purpose of this blog, I will focus only on the negotiation between server and client.


For SSL/TLS negotiation to take place, the system administrator must prepare the minimum of 2 files: Private Key and Certificate. When requesting from a Certificate Authority such as Symantec Trust Services, an additional file must be created. This file is called Certificate Signing Request, generated from the Private Key. The process for generating the files are dependent on the software that will be using the files for encryption.

For a list of the server softwares Symantec has, have a look at:...

robertckl | 22 Jul 2014 | 0 comments

Look! I have a lock, I see https://, I even see the Green Bar, I believe I have protected my server and the clients connecting to our services from attackers now. I can't start increasing security and block clients to my site by disabling SSLv3, MD5 or RC4. I'll be losing customers and profit! I can accept a weaker security as long as user traffic and profit are not affected.


Performance vs Security is a constant struggle between security experts and management. When it comes to SSL it is no different. Do we allow as many clients to access our site as possible, or do we block all the weak connectivities. There has been numerous studies on this, so I won't go into it here. As a SSL security expert, allow me to take sides this time. Allow me to provide some more gear for us to convince our management why SSL security is more important and how we can migitate the risks without affecting performance or traffic too much.


Last year September a...

Adam Burt | 18 Jul 2014 | 2 comments

If you don't care for the details of this blog, there is a Summary at the bottom.


Recently I was called, at home, informing me that my computer was “downloading viruses”. This is the fourth time this has happened and so I decided to take notes, screenshots and follow through with what happens.

Just a quick note about my setup; I pretended that my machine was a Windows XP SP2 box, which is actually virtualised and has many snapshots already taken. This means, if required, I can give control to anyone online of this machine without worry. Consequently, whilst the caller was describing my problems, I had created a backdoor to this system that allowed me to control processes from another computer. This meant, if anything TOO bad was about to happen, I can cut them off. I also had to pretend that I knew next to nothing about my computer and that I just used it for web browsing and e-mail.

So, here’s what happened: I received a call at...

SebastianZ | 17 Jul 2014 | 0 comments

Following Security Bulletins have been released in July 2014:



Microsoft Security Bulletin Summary for July 2014

Symantec product detections for Microsoft monthly Security Advisories - July 2014



Cumulative Security Update for Internet Explorer (2975687)


Remote Code Execution


Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689)

InsentraCameronM | 14 Jul 2014 | 0 comments

Because of its non-centralised nature, PGP key management can be challenging. This is especially true when you are managing your own PGP keys.

Follow the steps below to get up and running quickly with PGP encryption.

Note: The steps below apply to all PGP/GPG clients.

Personal PGP Key Management

  1. Install a PGP client such as Symantec Encryption Desktop
  2. Create/generate a PGP private key
    1. Ensure that you use a strong pasword
    2. Set an expiry date
    3. Set an appropriate key strength
    4. Create a revocation certificate
  3. Create a PGP public key
    1. Export your public key using the following format for the filename: Firstname Lastname (0xFFFFFFFF) pub.asc
      1. Replace (0xFFFFFFFF) with you PGP public key's fingerprint/key id
  4. Distribute your PGP public...