Casino

Tabnapping – new style of attack.

I normally do not make so many cross links from my sites, but If you are now seeing this for first time,

Please be aware of this new style of attack.

I explain it a bit on my blogsite www.oversitesentry.com

azaraskin

this is what you see first, then within a hacker’s page it switches to a gmail login (which is on a hacker’s page designed to steal your gmail identity.

 

 

Kickstarter project ” Computer Security Simplified”

My Kickstarter Project Link

The Ebook will be available within 2 weeks from now

Contact me if you are interested in the E-book

On radio Wed 11am – 11:30am KXEN 1010AM

I will be discussing my new Kickstarter project – “Security Simplified”  among other security related topics.

The Kickstarter project has been started (kick-off was this morning 9/10/14)

 

The KXEN station:

KXEN Radio is located in St. Louis Missouri and ranks 30th out of 200 local radio stations, 
and transmits over 50,000 Watts that reaches 100 miles in all directions.

 

Click on http://www.businessinsideandout.com/ to listen.  (the radio show ended and the mp3 file of the show is here)

 

 

Penetration testing to test attack your site

We perform the Alpha scan to perform the initial scans, and then use the information to perform penetration testing (or pentesting) with the Sigma scan to attack the site as a hacker would do.

serverinfrastructure

If there are custom needs for your networked equipment, then it is necessary to do the Omega scan which requires other types of attacks.

Attacks consist of SQL injection(SQLi) tools

also Cross Site scripting (XSS) tools,

 

A very good understanding of 65,536 ports in udp or tcp is necessary as well.

 

New WordPress 4.0 ready to be upgraded

It is important to patch your software, I know it is tedious, and sometimes (for Windows) it requires a reboot.

for WordPress one may need to get out of the current tasks and perform the updates tab.

It is important to keep up with updates as security issues arise all the time, and the less of a vulnerable profile one has the better. The harder the life of a hacker is the more you can continue your life without interruption due to security issues.

 

As far as functionality 4.0 has embedded video and Twitter and more. you can review the function:

https://wordpress.org/news/2014/09/benny/

this site is now on WordPress 4.0 (as well as Oversitesentry

iCloud account hacks could have been averted

There are many news reports of Celebrities getting their accounts hacked and then pictures were taken in their archives of a compromising nature.

It is evident that everyone needs to have Two Factor Authentication (2FA), where it does not take just a password to enter the account. On a new computer the first time access must be granted with a password and an additional device, like a code to a cellphone.

Here is Apple’s tech support information for iCloud 2FA:

http://support.apple.com/kb/ht5570

Enter your Apple Id, receive a verification code, enter your code to verify your identity and finish singing in

Simple, once you know of it.

 

Of course also having a password that is long would be also good, I doubt the actors and actresses have 14 digit passwords with numbers and capital letters.

 

The effect of Heartbleed attacks on IBM customers

The security industry is usually very quiet about how security affects their products.

So in the new 3rd Quarter IBM threat intelligence Quarterly for 3rd quarter.

the following 2 charts are very interesting:

heartbleed affects

heartbleed attack activity

April 8, 2014 is when Heartbleed vulnerability was revealed as one can see from the US-CERT.

Which stated that the OpenSSL versions 0.9.8 and 1.0.0 does not have the  vulnerability whereas the version 1.0.1g has the vulnerability, as well as 1.0.2 beta as in this Note.

Knowing when the heartbleed vulnerability came into being one sees an almost immediate scan activity from hackers.In fact in one week  by 4/15 the activity reached 300k scans/attacks.

In case you are in denial of potential Internet attacks to your infrastructure… here is some evidence that shows the attacks from hackers after a vulnerability was exposed. And the top graph shows the continuing attacks on infrastructure many months after the vulnerability was exposed.

New Fixvirus Logo

fixvirus-logo-small

We are your network/Security shield. We defend your computer network and have done so for close to 20 years now – You will see our new logo placed in several spots from here on out.

Why spend money on Security prevention?

Hacker attacks occur for many reasons:

#1 Highest reason for an attack is to make money from the attack

8/19 Hackers hack Medical company – 4.5 million data sets stolen

8/5 Synology devices get ransomware

8/2 Jimmy John’s credit card breach investigation

7/15 NASDAQ was owned 2005 – 2012 Arstechnica story

#2 2nd reason to attack your systems and network is to use your computers on the network to attack other computers (to make money or for political ends)

7/28 elsticsearch vulnerability could cause DDOS attacks

3/15 WordPress vulnerability can be used to attack other sites

#3 next reason to hack computer networks:  Just because the hacker can –

The hacker may just want to test their computer skills

 

Can a business afford to take a chance?

As Bruce Schneier frequently talks about in his speeches and blog

The You tube video linked is a good review of the issues of incident response.

The most interesting item to me is the psychology of security that is included near the end of the video:

Humans are naturally risk averse in gains and risk seeking in losses.

This means that most people will not pay for a vulnerability scan or other security cost. The initial inclination is to take the risk.

Also if there is a risk in a potential gain we will not go the riskier route.

 

Here are the actual areas in Bruce Schneier’s web blog:

Prospect theory:

Prospect Theory

Here’s an experiment that illustrates a particular pair of heuristics.12 Subjects were divided into two groups. One group was given the choice of these two alternatives:

  • Alternative A: A sure gain of $500.
  • Alternative B: A 50% chance of gaining $1,000.

The other group was given the choice of:

  • Alternative C: A sure loss of $500.
  • Alternative D: A 50% chance of losing $1,000.

These two trade-offs aren’t the same, but they’re very similar. And traditional economics predicts that the difference doesn’t make a difference.”

 

 

People, Process, Technology = Security strategy

It is an old security  methodology to review what is necessary in a Security Strategy:

 

People = we know people can cause security holes, give out security secrets, or perform unknown(and known) security problems

Process = this is a set of events that hopefully will prevent some of the people problems, such as changing a critical system requires a second pair of eyes (peer review)

Technology = Use technology to prevent as many potential problems (including people).

we use Anti-virus, anti-malware, intrusion prevention, incident response software.

At Fixvirus, we have helped sompanies with all 3 pieces of a security strategy