Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.
Security Community Blog
Showing posts in English
Vince Kornacki | 10 Feb 2014 | 11 comments

​In previous installments we installed our mobile development toolchain and cross compiled LIBPCAP and TCPDUMP. Now it's finally time to install and execute TCPDUMP! CyanogenMod includes a terminal emulator, however in my humble opinion it's much easier to type commands on a regular workstation keyboard. We can utilize the Android Debug Bridge (ADB) in order to connect to our CyanogenMod Mobile Device from our Debian Workstation. First we'll need to install the ADB package onto our Debian Workstation:

root@debian $ apt-get install android-tools-adb
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
android-tools-adb
[OUTPUT TRUNCATED]

Next we'll need to enable USB debugging on our CyanogenMod Mobile Device. Open the CyanogenMod "Settings" application and notice that there's currently no "Developer...

Vince Kornacki | 10 Feb 2014 | 3 comments

In the previous installment we installed our mobile development toolchain. Let's keep the party rockin' and download the latest versions of LIBPCAP and TCPDUMP. LIBPCAP is the packet capture library required by TCPDUMP. First let's unpack LIBPCAP and move into the newly created LIBPCAP directory:

root@debian $ tar zxvf libpcap-1.6.1.tar.gz
libpcap-1.6.1/
libpcap-1.6.1/grammar.y
libpcap-1.6.1/pcap_setnonblock.3pcap
libpcap-1.6.1/fad-glifc.c
[OUTPUT TRUNCATED]

root@debian $ cd libpcap-1.6.1

Now it’s time to make the magic happen! Time to cross compile TCPDUMP! I know that’s not as exciting as pulling a rabbit out of hat or sawing a lovely assistant in half, but you can only do so much in a blog post. First we'll need to set the "CC" environment variable to specify the ARM C compiler:

root@debian $ export CC=arm-linux-gnueabi-gcc

Note this environment variable syntax is specific to Bash and...

The Conquistador | 07 Feb 2014 | 2 comments

I have come across some instances where servers would have failing services or instances where they would have perticularly unusual behavior. Typically resulting in a restart of the services or the server. Even with the most current version of SEP, malicious/dangerous files can still be hidden. I have had a few cases where I ran complete windows updates and have found malicious files that SEP did not detect. I have come to learn that SEP alone cannot get rid of every threat out there, so I make sure that my systems are up to date and alerts are in place if anything occurs. The approach I will use is to run a complete scan of a suspected machine, clean and make sure it is up to date. I would advise caution depending on what your server is utilized for.

I would continue to make sure that it is current with Windows and SEP updates. If there is an instance that is repetitive there is a pretty large chance that this is an undetced infection.

DomSYMC | 05 Feb 2014 | 0 comments

Within Authentication Services there are three types of SSL certificates. These different types of SSL certificates each contain different features and level of authentication that is required in order to get it issued. Understanding these differences can prepare you in knowing what you need to prepare for in order to get the certificate issued as fast as possible.

The Three Types Are:

Extended Validation (EV) SSL
Examples: Secure Site with EV, Secure Site Pro with EV, True business ID with EV, SSL Web Server with EV, MPKI for SSL EV validated

A premium business class SSL security product fully authenticated, visually confirming the highest level of authentication available among SSL certificates. It gives your customers two highly  visible ways to confirm that your web site is secure—the green address bar and the True Site Seal, while providing strong encryption to protect their confidential...

SebastianZ | 29 Jan 2014 | 0 comments

Data Privacy Day led by National Cyber Security Alliance being held in the United States and Canada on 28 January 2014 alongside of the Data Protection Day celebration in Europe. The purpose of Data Privacy day is to raise awareness and promote data privacy education. For those not able to attend - there is a free stream recording available at: http://www.ustream.tv/staysafeonline

- See more at: http://www.staysafeonline.org/data-privacy-day/about

smartblogger | 28 Jan 2014 | 0 comments

An SSL certificate is a mode of authenticating a website and securing the transactions, as well as the data communicated through the website by users. It is, therefore, a critical tool for any website that is involved in e-commerce or similar ventures. Any responsible webmaster understands the indispensable value of this tool to the success of their website.

The first step to have your website SSL certified involves acquiring an SSL certificate from the companies that deal in internet based security. These companies will create the certificate for the website as well as a private key. The private key is what enables the webmaster to use the certificate that they have acquired. Many times SSL certificate India providers, in order to boost the security of the certificate; will delete all copies of the key from their server. This means that a webmaster must store his or her copy of the key quite securely to prevent it from getting lost. The webmaster will need to sign the...

SebastianZ | 27 Jan 2014 | 1 comment

Fortinet’s FortiGuard Labs has published a very interesting whitepaper about 10 years anniversary of mobile malware. According to the study mobile malware is evolving quite rapidly - only in 2013 researchers of FortiGuard have see more than 1300 new malicious applications per day with up to 400.000 malicious applications in total.

The whitepaper goes back up to 2004 and the first mobile worm - Cabir (infecting Nokia phones) up to year 2013 and arrival of first Ransomware for Android devices - FakeDefend.

Reference:
The World’s First Mobile Malware Celebrates its 10th Birthday
http://www.fortinet.com/resource_center/whitepapers/10th-anniversary-of-first-mobile-malware.html

...

SebastianZ | 27 Jan 2014 | 0 comments

Spoofed websites for popular social apps have been observed for some time now - recent reports from Malwarebytes show that one of the most popular mobile app - WhatsApp has been targetted recently as well.

The particular site at question aimed at Russian speakers and offered app download for broad scope of mobile devices - IOS, Android, Windows Phone and Blackberry. The site was resambling the legitimate website quite a bit with lot of code scrambled from the oficial website. The unsuspecting users downloading the application would get infected by variant of Android SMS Trojan that once installed would start sending text messages to premium rate numbers.

 

Reference:

Spoofed Whatsapp site delivers polymorphic SMS Trojan
http://www.net-security.org/malware_news.php?id=2687...

The Conquistador | 24 Jan 2014 | 1 comment

Here is how I corrected this

Baseline Filtering Engine service issue.

Good day everyone, here are the steps that worked for me with the BFE issue.

Error Code 0x80070424 with Windows Firewall and "Base Filtering Engine Service" Not available in services database list.

 

danma_

danma_

13,009 Points 10 3 3

Recent Achievements

Ratings Board President Blog Party Starter New Wiki Editor

View Profile

26 Dec 2011 11:44 PM

  • Comments 261
  • ...
Brandon Noble | 23 Jan 2014 | 2 comments

Recently we have seen a re-emergence of polymorphic file infectors, AKA viruses.

Threats like W32.Sality and W32.Xpiro are using some old-school tactics to infect good files and spread through networks. As the former captain of my high school analogy team, I’m writing this informal blog to help de-mystify some of the difficulties around dealing with these kinds of threats.

If we think of our normal run-of-the-mill Trojans and worms like a specific kind of fruit, it helps a little bit. Let’s say we need to create detection for an apple…That’s pretty simple right? We look for common traits that the apple has with other apples of the same kind. Something like this:
IF fruit AND red skin AND white flesh AND black seeds>detect W32.Apple!red
So now we can detect Galas,...