Category Archives: Security

Abusing JavaScript for Social Engineering Fun!

Security,

There is a really interesting blog post by @ossij called “Hacking the a tag in 100 characters“.

I suspect the nefarious utility of this is going to be pretty extensive. We often tell our constituents in security awareness training to look at the address of a link before clicking on it. This strategy certainly has the ability to undermine that guidance, particularly if this JavaScript works in HTML emails. And I expect that it will work in HTML emails. One more reason that viewing email in plain text is a good idea.

I can envision some new crafty targeted watering hole attacks with this method. Rather than including a noisy iframe that gets presented to everyone, links on the page are redirected to a malicious site after clicking, but only for the intended victim – the page looks and works normally for everyone else.

Stay safe,

Jerry

The Importance of Reinstalling After a Virus or Malware Infection

Malware, Security,

In episode 11, I made some comments about wiping a compromised system rather than trying to clean it. I saw in my twitter feed a bit ago that the 2013 Shmoocon videos were posted. I looked through and one talk stuck out and I wanted to share here, given my comments: Wipe The Drive – Techniques for malware persistence..

Basically, the presenters show why it’s such a bad idea to simply clean a computer after a virus infection. I like to think this is common knowledge, but I meet people daily who so not understand the reasons behind taking this draconian approach.

Defensive Security Podcast Episode 11

Podcast, Security, , , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

Krebs Swatted: http://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/

China: http://www.slate.com/articles/technology/future_tense/2013/03/the_u_s_response_to_chinese_cyberespionage_will_backfire.html

http://www.crn.com/news/security/240150929/new-exploit-evades-all-antivirus-products-for-almost-a-day.htm

http://www.net-security.org/malware_news.php?id=2441

http://m.threatpost.com/en_us/blogs/ramnit-malware-back-and-better-avoiding-detection-031513

http://www.honeynet.org/node/1031

http://arstechnica.com/security/2013/03/national-vulnerability-database-taken-down-by-vulnerability-exploiting-hack/

Mandiant report: http://www.mandiant.com/library/M-Trends_2013.pdf

Solutionary report: http://www.solutionary.com/dms/solutionary/Files/SERT/2013GTIR.pdf

Defensive Security Podcast Episode 10

Podcast, Security, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Feedback/comments – info@defensivesecurity.org
@defensivesec

Interesting Writeup by ESET on sink holing the zortob.b botnet http://www.welivesecurity.com/2013/03/08/sinkholing-trojan-downloader-zortob-b-reveals-fast-growing-malware-threat/
– common phishing emails emanating from it at the rate of 80m per hour Continue reading Defensive Security Podcast Episode 10

Defensive Security Podcast Episode 9

Podcast, Security, , , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Episode 9 – From Las Vegas
Comments/questions/hate mail to info@defensivesecurity.org
Follow podcast on twitter @defensivesec

DDOS attack on Bank of the West masked a $900,000 theft from the account of Ascent Builders. http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000-cyberheist/

Bible.org- https://isc.sans.edu/diary/When+web+sites+go+bad%3A+bible+.+org+compromise/15250
Site compromised – serving malware, had rudimentary defense against automated analysis

Bit9 update: https://blog.bit9.com/2013/02/25/bit9-security-incident-update/
– kudos to bit9 for transparency and disclosure – hopefully works in their favor

Continue reading Defensive Security Podcast Episode 9

Defensive Security Podcast Episode 8

Podcast, Security, , ,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

News:

Burger King & Jeep twitter accounts hacked

Microsoft and Apple hacked with same exploit that hit Facebook

NBC.com’s site is hacked, injecting an iframe directing visitors to a site that served an exploit kit and installed the Citadel trojan. Continue reading Defensive Security Podcast Episode 8

Defensive Security Podcast Episode 4

Podcast, Security,

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Happy New Year!

In this week’s podcast, I cover an article about the alleged Chinese hacking of Solid Oak due to a lawsuit over China’s improper use of Solid Oak’s software CYBERsitter covered in a Business Week post.

First, a bit of news.  Unless you’re still recovering from an egg-nog hangover, you’ve probably heard about the Internet Explorer zero day exploit. Note that it doesn’t impact the latest versions of IE, only 6, 7 and 8. Continue reading Defensive Security Podcast Episode 4

Defensive Security Podcast Episode 3

Podcast, Security

Podcast: Play in new window | Download | Embed

Subscribe: RSS

2013 security predictions

I have collected security predictions from many IT security vendors

While there are many, many unrelated predictions, and some that are self-serving, some trends emerge:

Continue reading Defensive Security Podcast Episode 3

Defensive Security Episode 2

Podcast, Security, , , ,

Episode 2 – December 16, 2012

Podcast: Play in new window | Download | Embed

Subscribe: RSS

Topics

South Carolina released a report on the attack which resulted in the loss of millions of tax payers information

Continue reading Defensive Security Episode 2