Sensitive corporate data can be stolen at this very second; unfortunately, breaches can be invisible. As cyber threats multiply at an exponential rate, reacting to them like before no longer works. The answer lies in more innovative threat intelligen...
Domain name hijacking broadly refers to acts where a registered domain name is misused or stolen from the rightful name holder. A domain hijacking is a security risk many organizations overlook when they develop security policy and business continuity plans. While name holders can take measures to protect their domain names against theft and loss, many measures are not generally known.
CNN reported late Tuesday that a worm had hit computers in its newsroom, those at rivals ABC and the New York Times, some on Capitol Hill, and machines in Europe and Asia. Experts assumed that it was the Zotob bot worm, or one of the other bots that exploit last week's Plug and Play vulnerability on Windows 2000 machines.
Security issues involving Cisco kit highlighted in Michael Lynn’s presentation at Black Hat are characteristic of networking vendors in general. Cisco is just the most visible of these vendors to target as hackers raise their sights from attacking operating systems towards attacking network infrastructure and database systems, security researchers warn.
DMZs (short for demilitarized zones) have been a standard component of network design ever since firewalls were invented. A DMZ is a network segment that contains all resources, such as Web servers and mail servers, accessible from the Internet. Implementing a DMZ allows you to limit network traffic from the Internet to these resources in the DMZ, while preventing any network traffic from the Internet to your internal network. As a general rule, a DMZ server should never contain any valuable data, so even if someone managed to break into a server in the DMZ, the damage would be minor.
Future worms could evade a network of early-warning sensors hidden across the Internet unless countermeasures are taken, according to new research.
In a pair of papers presented at the Usenix Security Symposium here Thursday, computer scientists said would-be attackers can locate such sensors, which act as trip wires that detect unusual activity. That would permit nefarious activities to take place without detection.
There's some new information on last week's Lynn/Cisco/ISS story: Mike Lynn gave an interesting interview to Wired. Here's some news about the FBI's investigation. And here's a video of Cisco/ISS ripping pages out of the BlackHat conference proceedings.
Hundreds of thousands of Internet servers are at risk of an attack that would redirect unknowing Web surfers from legitimate sites to malicious ones.
In a scan of 2.5 million so-called Domain Name System machines, which act as the White Pages of the Internet, security researcher Dan Kaminsky found that about 230,000 are potentially vulnerable to a threat known as DNS cache poisoning.
Last week, former Internet Security Systems researcher Michael Lynn presented at the Black Hat USA 2005 conference a reliable process that could be used to exploit Cisco routers running the Internetworking Operating System (IOS.)
Even though the exact exploit demonstrated during his presentation was not disclosed, Lynn showed enough details to prove that the exploit is real and that previous misconceptions that routers and switches are not exploitable are false.
Although security software can identify when an attacker is performing reconnaissance work on a company's network, attackers can find network topology information on Google instead of snooping for it on the network they're studying, he said. This makes it harder for the network's administrators to block the attacker. "The target does not see us crawling their sites and getting information," he said.
It's Saturday night, a time for blowout parties at the annual DEF CON hacker convention, including the Goth-flavored Black and White Ball. But a half dozen researchers in the nondescript room quietly drink, stare at the screens of their laptops, and in low voices, discuss how to compromise two flat metal boxes sitting on a sofa side table: Cisco routers.
Cisco Systems Inc. on Friday confirmed that a security hole in its Internetwork Operating System could be exploited by remote attackers to execute arbitrary code.
One can only imagine what raced through Michael Lynn's mind the penultimate moment before he saved or sacrificed our nation's critical infrastructure, depending on your take of the researcher's Black Hat Briefings presentation this week.
"There are many research reports that try to compare the number of vulnerabilities between Linux and other operating systems but none take into account the severity of the issues." said Mark Cox head of the Red Hat security response team, "This report shows there are relatively few critical issues affecting users of Linux based operating systems. However, we believe even one is unsatisfactory, and our strategy is to rapidly respond to fix these issues whilst innovating new technology to reduce the risk of future issues."
Kerberos, the popular authentication protocol developed by the Massachusetts Institute of Technology, is vulnerable to three serious flaws that could allow an attacker to gain access to protected corporate networks, MIT researchers disclosed late on Tuesday.
Forty-five percent of corporate chief security officers believe a "digital Pearl Harbor" will take place eventually, with 13 percent anticipating such an attack within a year, according to a survey by CSO Magazine.
This is a review of the new release of LANguard Network Security Scanner (GFI LANguard NSS) from GFI. NSS will scan computers for known vulnerabilities and common misconfigurations and other potential security issues. It produces reports that can be used to assist in the tracking and mitigation of security issues that have been identified. Furthermore, NSS provides patch management capabilities that allow you to centrally download and push out patches to systems with identified vulnerabilities.
Constant monitoring and troubleshooting are key to maintaining a network's availability. With ngrep, you can analyze network traffic in a manner similar to that of other network sniffers. However, unlike its brethern, ngrep can match regular expressions within the network packet payloads. By using its advanced string matching capabilities, ngrep can look for packets on specified ports and assist in tracking the usernames and passwords zipping off the network, as well as all Telnet attempts to the server.
Web sites both big and small face the risk of having their Web addresses stolen because of flaws in the way domain names are registered, transferred and tracked, a report released this week found.
A Korea-UK team (contact Myungshik Kim, Queen's University, Belfast, This email address is being protected from spambots. You need JavaScript enabled to view it., or Chilmin Kim, Paichai University) has introduced a method for preventing several clever attacks against quantum cryptography, a form of message transmission that uses the laws of quantum physics to make sure an eavesdropper does not covertly intercept the transmission. Making the message sender and receiver a little blind to each other's actions, the researchers have shown, can bolster their success against potential eavesdroppers.
You've got to hand it to the IT security industry for its ability to coin new and impressive sounding terms for security threats. Hot on the hells of WiPhishing and Evil Twins comes the latest buzz word for wireless Lan security: phlooding.