Tuesday, February 24, 2015

These are a few of my favorite blogs

In no particular order, a list of security bloggers and information sources I find useful:


  • [web] [rss] Krebs on Security (Brian Krebs)
  • [web] [rss] Graham Cluley
  • [web] [rss] Hot for Security
  • [web] [rss] lcamtuf (Michal Zalewski)
  • [web] [rss] Troy Hunt
  • [web] [rss] Full Disclosure (mostly vulnerability disclosures)
  • [web] [rss] F-Secure Labs
  • [web] [rss] SANS Internet Storm Center
  • [web] [rss] SANS Curated News
  • [web] [rss] SANS Industrial Control Systems Blog
  • [web] [rss] SANS Digital Forensics and Incident Response Blog
  • [web] [rss] Exploit DB
  • [web] [rss] Microsoft Security Response Center
  • [web] [rss] Dave Shackleford
  • [web] [rss] Google Project Zero issue tracker
  • [web] [rss] Google Project Zero blog
  • [web] [rss] Google Online Security Blog
  • [web] [rss] Carnal0wnage (Chris Gates)
  • [web] [rss] OpenDNS Labs
  • [web] [rss] Dark Reading
  • [web] [rss] Help Net Security
  • [web] [rss] Verizon Security Blog
  • [web] [rss] Errata Rob (Robert Graham)
  • [web] [rss] Wh1t3 Rabbit (Rafal Los)
  • [web] [rss] Schneier on Security (Bruce Schneier)
  • [web] [rss] Social-Engineer
  • [web] [rss] Common Exploits (Daniel Compton) 
  • [web] [rss] McAfee Labs
  • [web] [rss] CSO Online Dashboard / Security News
  • [web] [rss] Uncommon Sense Security (Jack Daniel)



Along with some useful finds:
  • CapTipper: Malicious HTTP traffic explorer tool. Point it at a PCAP or live traffic and easily pull out hosts, conversations, downloaded files, etc.
  • Bit.ly to track malware outbreaks: A short piece using bit.ly's click analysis to view geographic distribution and infection rates.
  • Pemcrack: ErrataRob's tool to crack SSL PEM files that hold encrypted private keys (first authored to crack the Superfish cert)
  • Recommended forensic reading: a list of books
  • APTNotes: Github repository of whitepapers, docs and articles related to APT campaigns
  • Telerik Fiddler: web debugging proxy

Please reply in the comments below if you have a favorite that I overlooked!

Thursday, February 19, 2015

Lenovo PCs preloaded with "Superfish" malware that breaks security

Technology and security are rife with shades of grey. Even in this field though, some lines are so indistinguishable from black that they should never be crossed. Laptop maker Lenovo crossed one of these lines with recent models, by pre-installing Superfish adware that breaks otherwise secure HTTPS website connections.
Technology and security are rife with shades of grey. Even in this field though, some lines are so indistinguishable from black that they should never be crossed. Laptop maker Lenovo crossed one of these lines with recent models, by pre-installing adware that breaks otherwise secure HTTPS website connections.

Recent Lenovo laptops include what can only be described as malware, malware that intercepts all web traffic whether secured or not. The "VisualDiscovery" adware from a company called Superfish reads all web traffic and injects advertisements into web pages. In doing so it completely breaks HTTPS security.

Thursday, February 12, 2015

Shades of Grey

It may seem as though there is an easy distinction between the legitimate and the malicious. The reality is, the world of online security is not always black and white. More often, it is filled with shades of grey.
I frequently write about malware, spam, credit card fraud, and various computer crimes. In my and others' writing it may seem as though there is an easy distinction between the legitimate and the malicious. The reality is, the world of online security is not always black and white. More often, it is filled with shades of grey.

Thursday, February 5, 2015

Data stolen from Anthem could be an identity thief's dream

Wednesday night, insurance provider Anthem Inc. revealed that they had been the target of a cyber attack in which considerable personal identity information was taken. Ordinarily my response to the major breach notices in the news is "meh." When credit card information is stolen, it's easy enough to get a card replaced and watch for fraudulent charges. The media tends to over-hype such breaches because they affect a large number of people and make for good headlines, but in the end, the real effect on people like you and me is little more than the inconvenience of replacing a card and perhaps disputing a few easily-noticed fraudulent charges.

This is different.

Sunday, February 1, 2015

Don't get flashed by Flash

Flash Player is a common browser plug-in for rich content, but is also a common method of "drive-by" infection. Here are some security tips.
This article was written in the context of a series of Flash exploits in early 2015, but in Chrome the same technique of making plug-ins click-to-play will stop exploits against any plug-ins, including Windows Media Player.

Adobe Flash Player is a common browser enhancement that enables so-called "rich web content" - animations, video, in-browser games, interactive advertisements, and more. It's also a top target for malicious hacks - a bogus Flash program that automatically launches when you open a web page can take over your computer. Over the last few weeks, there have been a series of malware outbreaks exploiting vulnerabilities in Flash to infect unsuspecting people's computers.

With Flash installed, all it takes is browsing to a compromised website to become infected yourself. There's no way of knowing in advance if a site is compromised: in fact, a common infection method lately is to insert a malicious Flash file into an advertising network, which may be used by hundreds if not thousands of otherwise benign websites. Visit a normally-safe site whose ad network has been compromised, and your PC can become infected as soon as the page loads.