Search This Blog
Monday, 28 May 2012
Through the backdoor ! Chinese android handset problems.
Well it has been a while since the last post. I haven't really got too excited about anything in the news over the pat few months, or had many new toys to play with until recently. Just to get things started I did find the story below quite interesting.
Chinese Android handset,ZTE Score M has been found to have an application installed which acts as a backdoor to the operating system.
The application has a hard coded password which gives root level access to the device. The password and instructions are readily available online.
As of yet there is no proof of a remote exploit being possible, but it is very likely that software downloaded by the user could be coded in such a way to exploit the issue and give attackers access to your device.
Still, so far not a big issue for the UK as it is only linked to handsets which were supplied by China to the US !!
Monday, 19 December 2011
NACHA Phishing Scam
This phishing scam has been widely reported from as far back as Feb 2011. Today I received the email myself. The first warning sign was that there were approximately twenty other email addresses CC'd on the same email all supposedly having the same failed transaction number. Obviously a mistake on the part of the sender. Also the from address didn't bear much relation to the supposed sender. *thi***@sui****.com
Opening the email on a "safe" machine I took a look through the source and there was a significant amount of javascript. along with a link to a website in South Africa which is accessed once the "view report" link is clicked.
The site is a company site and therefore has likely been compromised and the offending link hidden with a numeric directory name.
NACHA have reported this scam and users should not open the link due to it's likelihood to infect the machine.
To protect identities, the CC'd addresses, website link and from address have been omitted from this post.
Saturday, 17 September 2011
Fake BA Email Scam
This one has reached a lot of people including myself. Check the email below. The url in red is where clicking the link above it actually takes you.
Once clicked you are redirected to another fake webpage. (below)
This is where you are asked to enter your credentials. Right or wrong the credentials entered get harvested and the link redirects you to another real BA webpage.
BA are aware of this scam and are looking into it....
Once clicked you are redirected to another fake webpage. (below)
This is where you are asked to enter your credentials. Right or wrong the credentials entered get harvested and the link redirects you to another real BA webpage.
BA are aware of this scam and are looking into it....
Monday, 12 September 2011
Would you know if you had been hacked ?
It would be fair to say that many companies assume they have secure systems because they implement strict security measures.
The problem is how do we know that our security is working. Does never getting hit by a virus mean that our anti-virus software is
doing it's job or have we just been lucky ?
It usually takes an incident to focus awareness on system or procedural failings. The benefits of regular Penetration Tests are well understood in the industry, however taking more time to frequesntly examine and understand log files will pinpoint areas of concern a lot sooner if they are being exploited.
The problem with log files typically falls into a few categories.
1) The number of devices which require management.
2) The quality and retention period of the logs produces.
3) Undestanding the meaning of the files themselves.
Even the simplest of networks will have one or more servers, a firewall, a router and wireless access points to name a few.
Firstly enable logging on each device, be familiar with the options for logging on these devices and make an effort to understand the logs. In medium to large networks consider implementing centralised logging such as syslog or a proprietory system.
I will focus more on log files and options in further posts. If you have any questions or related input please leave a comment.
The problem is how do we know that our security is working. Does never getting hit by a virus mean that our anti-virus software is
doing it's job or have we just been lucky ?
It usually takes an incident to focus awareness on system or procedural failings. The benefits of regular Penetration Tests are well understood in the industry, however taking more time to frequesntly examine and understand log files will pinpoint areas of concern a lot sooner if they are being exploited.
The problem with log files typically falls into a few categories.
1) The number of devices which require management.
2) The quality and retention period of the logs produces.
3) Undestanding the meaning of the files themselves.
Even the simplest of networks will have one or more servers, a firewall, a router and wireless access points to name a few.
Firstly enable logging on each device, be familiar with the options for logging on these devices and make an effort to understand the logs. In medium to large networks consider implementing centralised logging such as syslog or a proprietory system.
I will focus more on log files and options in further posts. If you have any questions or related input please leave a comment.
Sunday, 14 August 2011
Subscribe to:
Posts (Atom)