Tech-2 Security

SC Magazine Full Story

I was lucky enough to attend the Fortinet Global Partner Conference in Miami this month. The conference took place on a cruise ship which traveled around the Bahamas from Monday-Friday. There was a good mixture of Fortinet presentations and technical training which took place on the ship as well as off ship excursions to several Islands. The focus of the conference was the release of FortiOS Version 5. Once again Fortinet have produced a significant release with a great set of enhancements and new features including endpoint device recognition which can be used in firewall policies, Wireless improvements, advanced anti-malware detection, Anti-Virus, IPS and client reputation. The number of features is too great to include in this post but a quick check on the Fortinet website will give more information. http://www.fortinet.com/solutions/os5.html All in all the conference seemed like a great success and the attendance was high at around 1700 people.

New York Daily News Story

Well it has been a while since the last post. I haven't really got too excited about anything in the news over the past few months, or had many new toys to play with until recently. Just to get things started I did find the story below quite interesting. Chinese Android handset,ZTE Score M has been found to have an application installed which acts as a backdoor to the operating system. The application has a hard coded password which gives root level access to the device. The password and instructions are readily available online. As of yet there is no proof of a remote exploit being possible, but it is very likely that software downloaded by the user could be coded in such a way to exploit the issue and give attackers access to your device. Still, so far not a big issue for the UK as it is only linked to handsets which were supplied by China to the US !!

This phishing scam has been widely reported from as far back as Feb 2011. Today I received the email myself. The first warning sign was that there were approximately twenty other email addresses CC'd on the same email all supposedly having the same failed transaction number. Obviously a mistake on the part of the sender. Also the from address didn't bear much relation to the supposed sender. *thi***@sui****.com Opening the email on a "safe" machine I took a look through the source and there was a significant amount of javascript. along with a link to a website in South Africa which is accessed once the "view report" link is clicked. The site is a company site and therefore has likely been compromised and the offending link hidden with a numeric directory name. NACHA have reported this scam and users should not open the link due to it's likelihood to infect the machine. To protect identities, the CC'd addresses, website link and from address have...

This one has reached a lot of people including myself. Check the email below. The url in red is where clicking the link above it actually takes you. Once clicked you are redirected to another fake webpage. (below) This is where you are asked to enter your credentials. Right or wrong the credentials entered get harvested and the link redirects you to another real BA webpage. BA are aware of this scam and are looking into it....

It would be fair to say that many companies assume they have secure systems because they implement strict security measures. The problem is how do we know that our security is working. Does never getting hit by a virus mean that our anti-virus software is doing it's job or have we just been lucky ? It usually takes an incident to focus awareness on system or procedural failings. The benefits of regular Penetration Tests are well understood in the industry, however taking more time to frequesntly examine and understand log files will pinpoint areas of concern a lot sooner if they are being exploited. The problem with log files typically falls into a few categories. 1) The number of devices which require management. 2) The quality and retention period of the logs produces. 3) Undestanding the meaning of the files themselves. Even the simplest of networks will have one or more servers, a firewall, a router and wireless access points to name a few. Firstly enable logging on each devic...