Casino

How would one analyze risks?

Risk analysis as it pertains to computer resources, is a process of determining potential fiscal cost of having one or more of the three elements(reliability, integrity, and confidentiality)

First what are we risk analyzing?     A Website that is hosted by a third party

Why are we risk analyzing?  To determine if we need more security (more resources)

A vulnerability analysis involves what could occur if the system was compromised and thus affect (reliability, integrity, and confidentiality)

A threat analysis is a process of identifying who can negatively affect (reliability, integrity, and confidentiality)

in these assessments a percentage chance of likelihood of attack on the system

what is the value of the website?

riskassessment

Out of the various analyses we can start to create a Risk Assessment matrix for each device or website. For each software

One unfortunate aspect of Risk assessment is not being able to asses the Unknown unknowns.

A new Zero-day attack could negatively affect the systems and thus either degrade or bring down the site for a while. One needs to decide on the value of the computing resources to decide the level of testing and monitoring.

 

Contact us to make an analysis for your situation.

Tony Zafiropoulos  314-504-3974

 

 

Kaspersky IT Security survey: “Fighting the Silent threat”

Kaspersky PDF download link

 

kasperskythreat

Highest threat(2013 survey) is malware or viruses. , the next threats come to Spam, and phishing attacks.

Network intrusion or hacking is 4th, then after that theft of mobile devices and then Denial Of Service attacks.

One can boil the survey down to the following:

Virus, malware, and phishing attacks coming in through Spam.

While Network intrusion and Denial of Service is next on the threat-meter.

Losing mobile devices to theft comes next.

 

Why discuss this at all? it seems that all of these answers are common sense.

even though each survey answer is understandable, it is good to know what is happening in other companies.

Plus one can budget resources appropriately.

 

If you ask me though, Anti-virus and anti-malware tools are a must, so once you have them the next point of order is to have more people working on the intrusion detection/ and denial of service attack vector.

Putting some resources into anti-theft technologies is also important.

 

Contact me and I can help you verify your systems.

 

In business since 1995 as IT consultant – Systems Engineer

My education is as a Systems engineer (and is in my Blood :)

 

What is a systems engineer?

Applied Mathematics as well as engineering.

 

What sets Systems Engineering apart from standard IT?

waterfall

Notice the Waterfall approach in software development (I worked at as software company before starting my business in 1995) the Analysis comes before Design and then development and then testing.

 

Now Systems engineering approach:

systemsengineeringprocess

From University of Arizona: http://www.sie.arizona.edu/sysengr/whatis/whatis.html

Notice the basic closed feedback loop:

closedloopfeedback

From http://fas.org/man/dod-101/navy/docs/es310/Int_SysE/Int_SysE.htm

Which I studied intimately.

The similarity of a closed feedback loop and Agile Programming methodologies are uncanny.

agiledevelopmentprocess1

This is why I was able to pick up Agile Programming methods(in late 90’s), as it  is very similar to a closed feedback loop in Systems Engineering.

So why are we discussing this?

closedloopCEOprocess

It is because I am trying to create a Closed Feedback loop for the CEO/CFO

Customer needs are input into the “Company system”- IT department/ IT Security  and products get created.

Fixvirus will test and let the IT department know how to fix, while writing the report for the CEO/CFO.

 

Contact Tony Zafiropoulos 314-504-3974 to discuss your testing needs.

tonyz”@”fixvirus.com

 

 

 

 

 

Defend correctly or in time the criminals will force you to pay attention- Cryptowall 2.0

Hopefully you will not see this image on any of your computers:

cryptowall2.0message

But unfortunately there is no way to recover from this Cryptowall infection, the only hope is to recover the files,from a shadow volume setting which you hopefully had turned on before the infection. Of course if you still have WindowsXP – you have no methods of recovery except from any backups created.

Notice the criminal is also asking to be paid using an anonymous method with the TOR browser. Please do not pay this criminal. There are no guarantees that you will receive the unencrypt method.

This is the  text:

What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.

How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 – public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1.https://paytordmbdekmizq.tor4pay.com/12Uj7f4
2.https://paytordmbdekmizq.pay2tor.com/12Uj7f4
3.https://paytordmbdekmizq.tor2pay.com/12Uj7f4
4.https://paytordmbdekmizq.pay4tor.com/12Uj7f4

If for some reasons the addresses are not available, follow these steps:
1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: paytordmbdekmizq.onion/12Uj7f4
4.Follow the instructions on the site.

IMPORTANT INFORMATION:
Your personal page: https://paytordmbdekmizq.tor4pay.com/12Uj7f4
Your personal page (using TOR): paytordmbdekmizq.onion/12Uj7f4
Your personal identification number (if you open the site (or TOR ‘s) directly): 12Uj7f4

 

 

Do you want to get ahead of all the security headlines?

Yes it is possible to get in front of security problems.

First have a Security policy in place.

The policy will include patching all systems in a best possible method. I.e. cannot patch a system during production hours without testing first. But as soon as a patch is tested, then the production system should be patched.

Items as how to handle new USB drives is important.

Second have the best possible technologies in place which includes the following:

NGFW – Next Generation FireWall  – not just stateful multi-layer inspection, but an integrated Intrusion Prevention System that operates at layer 3 or layer 2.

Wifi access points with  WPA2 encryption

wiresinto-modem

We can help you size a firewall technology for your needs.  Contact Us  Tony Zafiropoulos 314-504-3974

 

New video – includes Kmart breach

Kmart had an IT department and still got a malware breach with the credit card numbers stolen.

We are attacked by 5 trillion scans per month?

JPMORGAN SPENT $250 MIL DOLLARS ON SECURITY DEFENSE – STILL HACKED. http://oversitesentry.com/?p=614

http://oversitesentry.com/?p=606    The post that explains the number of scans per month ( a USENIX conference paper)

If there are any weaknesses the hackers will find them.

Bash Shellcode and why test your IT department?

I am discussing the new vulnerabilities regarding Bash Shellcode, and make a not that Shellcode in general means a piece of computer code that is an exploit.

What makes the Bash shellcode so dangerous is that once the following is set “env variable= () {;:}” then some Bourne Shell (Bash) commands can be run to attempt a takeover of your machine.  The full breadth of this exploit has not been felt yet, as the hackers are busy attacking and probing all the vulnerable machines.

 

As has been noted on some of my blog entries:   http://oversitesentry.com/?s=bash&submit=Search  (searching with bash)

This kind of attack is easier to perform and can affect more systems on the Internet, as one has to hunt for the bash software and make sure it does not exist at all, before saying this system is not vulnerable.

shellcode-safe  one of the 6 CVE tests (in the image)

As you can see, this subject gets very complicated, and it strikes me how executives do not see the obvious fox in the henhouse situation.

Hypothetically your system has this vulnerability, even if you do not have credit card data on your server the hacker could take over your server and launch more attacks on other systems until the criminal amasses enough resources to attack higher value targets to make money.  Now your computer is attacking other computers, and because you did nothing, you could also be liable for attacks.

Testing the IT department is important, and must be done.  Who is verifying the tests? The same person?

 

 

Tony Zafiropoulos: “Testing and reviewing IT security is too important to leave to the IT department” – it must be independently verified.

tzsuittiny

Contact me to test your systems 314-504-3974

Certified Ethical Hacker

Prioritize exploitable Bash Shellcode systems

(this post is in reference to the 6 CVE’s created from a Bash shellcode vulnerability family)

 

First review any Linux or Unix system that has cgi-bin in the URL ( you can search for this in Google – just like the hackers)     search for  “filetype:sh inurl:cgi-bin site:yoursite.com ”  or just remove filetype:sh.

Find any system with cgi-bin even Microsoft Windows and OS X systems.

In these systems with cgi-bin technologies short-term review patching options

Long-term think about changing to another technology, as this issue will not leave us, it is a complex issue and will be with the IT world for a while.  Minimally change any bash calls to another scripting language. be careful that PHP or other techniques do not call bash in an indirect manner.

This problem will vex the IT security field for a while, and the sooner we mitigate this issue and go back to a less dire state the better.  test, patch and implement. Re-test to ensure no vulnerability is still there.

 

Contact us for help on your remediation strategies.

 

Bash Shellcode Vulnerability

Contact us to review if you are vulnerable to  the current Bash code issue Common Vulnerability and Exposure’s CVE-2014-6271 and CVE-2014-7169

I have posted on my blog (oversitesentry.com) where I review the test and some of the fixes.

 

Each company has to review their vulnerability and remediation plans for their Internet facing computer systems.

Contact us to discuss this 314-504-3974 – tonyz”@”fixvirus.com