Tech-2 Security

This one has reached a lot of people including myself. Check the email below. The url in red is where clicking the link above it actually takes you. Once clicked you are redirected to another fake webpage. (below) This is where you are asked to enter your credentials. Right or wrong the credentials entered get harvested and the link redirects you to another real BA webpage. BA are aware of this scam and are looking into it....

It would be fair to say that many companies assume they have secure systems because they implement strict security measures. The problem is how do we know that our security is working. Does never getting hit by a virus mean that our anti-virus software is doing it's job or have we just been lucky ? It usually takes an incident to focus awareness on system or procedural failings. The benefits of regular Penetration Tests are well understood in the industry, however taking more time to frequesntly examine and understand log files will pinpoint areas of concern a lot sooner if they are being exploited. The problem with log files typically falls into a few categories. 1) The number of devices which require management. 2) The quality and retention period of the logs produces. 3) Undestanding the meaning of the files themselves. Even the simplest of networks will have one or more servers, a firewall, a router and wireless access points to name a few. Firstly enable logging on each devic...

It is fair to say that vulnerability scanning / port scaning is a component of any penetration test, however many companies are relying purely on the results of these scans to assess their security, often carrying out these assessments themselves or using automated services. The role as a pen tester is a continuous learning curve and the use of tools can greatly simplify the bulk of the task, however many of the issues I find are through manual testing and verification as tools alone cannot always pinpoint these issues. Testing your own systems also has it's disadvantages due to the fact that tests are undertaken against known targets using expected input. A third party testing the same target will approach this from a different angle as they do not always know what is expected and will vary the attack in order to glean different responses. Interpreting these errors and modifying the approach can often lead to uncovering new vulnerabilities in the systems. On many occasions it m...

SC Magazine Full Story

Similar to the windows fake AV alerts, MAC users have now been targeted with a fake AV scam. After visiting an infected site, the software scans the users hard disk and reports on viruses found. Users are then given the opportunity to purchase remedial AV software, thus parting with credit card information. The trick here is that is can masqurade as the legitimate MAC Defender application making the users less suspicious about the warnings. Apple Mac users have been adviced to disable a setting in the Safari browser that allows "safe" files to be automatically installed. Full details on removing and preventing this malware can be found here. Apple MAC Malware Removal

Fortinet have delivered a solution for 2-factor authentication within their Version 4 FortiOS. Customers with the Fortigate UTM platform can make use of the solution by upgrading their systems to V4 MR3. This is a free upgrade for customers with maintenance. The only chargeable component are the tokens themselves. Traditionally 2-factor authentication required some form of middleware solution which intercepted the logon details to verify the token one time password. This middleware is included in the FortiOS and therefore minimises implementation and up front costs. The offering works with Fortinet's IPSec and SSL VPN remote access (also included within the FortiOS).

The Playstation network has been down since about 20th April now. The full consequences of the attack may take some time to manifest, however the commitment to ensuring security since the attack has been foremost in Sony's agenda. The difficulty here is that although what has happened may be relatively clear, the how and who may be less obvious and because of this Sony need to take extra care when restoring the services as they cannot afford another similar incident. The fact that they may be offering a reward for information relating to the identity of the attackers proves that whoever did this were skilled enough to hide their tracks well. With enough digging, many clever breaches can be traced due to the smallest fragment of information in the logs or other data leading to clues. There is claim that information pertaining to the group Anonymous has been located on the systems, however Anonymous have denied the incident and apparently say they may have been framed. If the o...