Week 06: Sniffers
Cyber security has been at the center stage during the U.S. primaries and general elections this year. Without diving any further, several U.S. agencies were in the mix to investigate many high profile figures and defend the U.S. against foreign state sponsored attacks. One of the controversies that got a lot of people’s attention was that Russia allegedly trying to interfere to influence the U.S.’ presidential election outcome this year.
Several major media outlets published stories warning local states such as North Carolina, Florida, and so forth to cautiously ensure proper technology tools to prevent foreign hackers from manipulating their system to possibly change elections’ outcomes. In fact, things got escalated to a higher level as the U.S. formally accuses Russia of trying to infiltrate the Democratic Party organizations ahead of the Nov. 8 presidential election. Today, Reuters’ Mark Hosenball, Dustin Volz and Jonathan Landay write “U.S. formally accuses Russian hackers of political cyber attacks,” amidst everything else already going on regarding emails and hacking. It comes to a point where cyber security should finally be regarded through the lens of serious concerns and not taking lightly as previously.
You may read the full article via http://www.reuters.com/article/us-usa-cyber-russia-idUSKCN12729B.
WordPress is a popular target because majority or the web uses it to manage and publish their content. According to the 2016 Sucuri report on WordPress continues to lead the number of infected websites at 74%. This report focuses on four open-source content management systems(CMS). In addition to WordPress, it covers Joomla!(14%), Magento(5%) and Drupal (2%). Sucuri found that on average, WordPress installations had 12 plugins installed at any given time. The top three plugin vulnerabilities contributed to 22% of WordPress site hacks: Gravity Forms, TimeThumb and RevSlider.
I know that sites that we are using for our classes are all WordPress based. It is dangerous if school accounts are hacked. It may lead to identity theft. WordPress is very useful for developers to design but meanwhile, they need to pay attention on the security side of using WordPress.
The article is about Tor not being as anonymous as many think. Tor users can be identified through Tor’s use of DNS or by deploying a Tor sniffer at ‘internet scale.’ The article gets more in depth about how DNS requests aren’t encrypted. Defec Tor are attacks that exploit the DNS requests lack of encryption. If these attacks monitor egress and ingress traffic, then the attack can easily map the user’s DNS traffic. If the DNS traffic map is used in conjunction with website fingerprinting it becomes even more potent. The article mentions a few suggestions to help mitigate this problem which you can see at: http://www.theregister.co.uk/2016/10/04/domain_name_resolution_is_a_tor_attack_vector_but_dont_worry/
I stumbled upon this article while I was looking for sniffer related news articles. While this article isn’t explicitly about sniffers I found it interesting because, while I don’t know much about Tor, I understand its supposed to provide anonymous web browsing. The article makes me wonder if its really possible to be 100% anonymous on the web. I know you can utilize VPNs, Proxys, etc to help with anonymity, but how secure are they, what vulnerabilities do they have?
Security vendor FireEye recently published a report describing the carder business of two cyber criminals called “Vendetta Brothers.” The two cyber criminals are likely operating out of Spain and Eastern Europe. They currently operate an underground website for selling stolen credit and debit card data from 639 banks in 41 countries via phishing attacks. They offer about 10,000 cards for sale, which is relatively small comparing to other carder business. One interesting thing is that how the brothers operated to scale their criminal business. They diversified their business using legitimate business tactics like outsourcing. One tactic is that they partnered with hacker without malware to obtain card data but have gained access to POS terminals remotely or physically. The brothers have the hackers to di the dirty work and so they can focus on higher-level planning. One thing I’m surprised is that the data of 10,000 stolen cards is still considered as small carder business. If 100,000 cards are considered as a large business and there are 10 carder businesses exist, 0.1% of world’s credit card information may be stolen, since the number of world’s credit cards is around 1 billion in 2015. Another thing is that even hackers now are able to use business tactics to mange and scale their operations. They use legitimate tactics to do illegal business. It makes me think about one of the largest criminal organization, Yamaguchi-gumi in Japan. It operates more like a company rather than a criminal organization. It does have criminal activities like arms trafficking and bank fraud, but it also does legitimate business.
Cisco forgot to remove an internal testing interface from software releases for email security appliances. This vulnerability allows the attacker to gain full access to the affected device with root privileges. To remedy this, the user must reboot the device more than once, which would disable the vulnerable interface. Cisco has also released a patch for a couple of the device versions that have this problem.
It goes to show that a hacker doesn’t even need to do a lot of work in order to find vulnerabilities. Sometimes, they just fall into your lap. Reminds me of what the Professor was explaining during ‘scanning for vulnerabilities’ lectures, how sometimes devices have default (factory) user and passwords set so that a simple Nessus scan will display vulnerabilities.
link to the article: http://www.securityweek.com/cisco-forgets-remove-testing-interface-security-appliance
In this article Samuel Visner & Beth Musumeci discuss that the management of cyber security in organizations today are not able to keep up with zero-day vulnerabilities that can cripple them. With the increase of devices on the internet today more of an organization’s customer information is available to hackers to infiltrate. Over the past six years cyber terrorism has increased with hacks that included organizations like JPMorgan Chase, Adobe, Target and Walgreens. According to Gartner research “44% of reference customers for endpoint protection solutions have been successfully compromised.” This shows that even though security is present on an organization that new vulnerabilities play a major role. Visner & Musumeci propose that a new approach is the only way to prevent these vulnerabilities. They propose that white-listing certain “known good” applications is the only way to effectively protect against malware. Any untrusted or unknown applications are put in an isolated container away from the network and tested before being allowed on the network. A new model like this needs to be proposed among organizations to prevent such attacks from happening in the future.
An American Information Security Company, Zerodium, is offering up to $1.5 million “for original and unreported vulnerabilities with fully functional exploits on major operating systems, software and/or devices.” With iOS 10 recently released, this OS can offer the biggest chance of payouts. Zerodium’s main business focuses on “acquiring zero-day vulnerabilities and exploits and creating protective security measures and recommendations for them.” The biggest bounty paid by the company was to a team of Zerodium researchers who “successfully made a remote browser-based untethered iOS 9.1/9.2b jailbreak.”
This is an interesting concept that is taking biometrics to the next level. This article describes an authentication mechanism that uses fingerprint sensors to generate signals that travel through the users’ body to authenticate the user. There is no need to send this signal over a network to authenticate the user.
It sounds like this mechanism is more complex and more difficult to hack than a normal fingerprint scan, but I would call it a stretch to say it is hack-proof. As with any authentication mechanism, an algorithm is still required to perform the logic to authenticate the user and make a decision as to whether the user is who they say they are. This feature may make that algorithm more complex, but hack-proof Probably not.