December, 2014

now browsing by month

 

Internet Explorer must die

Source: CNN Money

Internet Explorer must die! I love the title of this article. Internet Explorer first roared onto the market, to battle Netscape Navigator, in 1995 (over 19 years ago). Since then, Internet Explorer has been plagued by numerous security, compatibility, and usability issues, making it one of the most despised applications by security experts.

I have used Internet Explorer minimally (only required to to access certain SharePoint sites, within company’s intranet). I whole-heartedly agree, that Internet Explorer should be placed in the scrap-heap, and either re-done, or preferably removed, and let the Internet Explorer team focus on writing plug-ins for Chrome and Firefox.

From the article:

The browser has become synonymous with bugs, security problems and outdated technology. Even as Internet Explorer has improved dramatically in recent years, it continues to lose serious ground to rival browsers.

Once the most-used Web browser, Internet Explorer had been on a steady downward trajectory for years. Its share of the browser market fell below the 50% threshold in 2010 and sank below 20% in October, according to browser usage tracker StatCounter.Google’s (GOOGL, Tech30) Chrome is currently the browser leader, commanding a 48% share of the market.

If It Can Happen to Sony, It Can Happen to You

Source:  Re/Code

Following up on the recent breach at Sony; this article states that 2014 was labelled as “The Year if the Breach”. The other thing that this article is pointing out, you don’t have to be a mega-corporation to get breached, you can be a small business, you can be a small start-up, it doesn’t matter. You can be targeted, your company may or may not contain valuable information, that is valued by the attacker.

Security experts are now saying there are only two types of companies left in the U.S.: Those that have been hacked, and those that don’t yet know they’ve been hacked. And although cybersecurity is being forced to the forefront of national consciousness, we still are not seeing the urgency needed to make a difference.

There is no more time to wait on the issue of cybersecurity. Government agencies and corporations alike must become both educated and absolutely determined to stop cybercrime now. Neither can afford mediocre approaches to security and customers (whether citizens, in the case of government; or paying clients, in the case of corporations) must demand better. Organizations must have the right plans and the right technologies in place to deal with the threats we’ve seen do so much damage in 2014, and the threats we know are on the way in 2015.

It is important to keep you guard up, maintain safe systems, and keep your organization secure. Remember that 556 Forensics can assist you in keeping you and your organization safe.

More on Sony and North Korea

Source: Krypt3ia

First, I want to point out, that I’m loving all the info that Krypt3ia is throwing out there.

There has been many battles brewing on the internet, IRC, and twitter about what is going on, and how the U.S. is attributing the Sony hack to North Korea. From everything, I have read, it has been based on circumstantial evidence, primarily from the piece that says U.S. has determined that this is directly linked to North Korea, because a) The vulnerability was developed in the Korean language, and b) Because it uses the same malware, that was attributed to 2 or 3 other breaches, that were also from “North Korea”. I’m not necessarily doubting that the other attacks came from North Korea, but what I want to point out, is that these attacks and vulnerabilities have ways of making themselves known to other people, other groups, other countries; that doesn’t 100% tie attribution to North Korea.

From Krypt3ia’s blog:

Well here we are… It’s the beginning of the cyber wars my friends. POTUS came out on stage and said that we would have a “proportionate response” to the hacking of Sony and that in fact the US believes that it was in fact Kim Jong Un who was behind this whole thing. Yup, time to muster the cyber troops and attack their infrastructure!

Anyways, all credit goes to Krypt3ia for the analysis he has performed on this, and I definitely think you should check out his blog.

Why the Sony hack is unlikely to be the work of North Korea

Source: Marc’s Security Ramblings and Krypt3ia

I agree, that everyone jumping on the band-wagon, saying that N. Korea is behind this hack is wrong. This is the way I feel about a fair number of security ramblings coming from Mandiant/Fire Eye, Norse, and the rest of the huge companies out there. I think some of their information can be wrong. I also agree with the statements made at Krypt3ia, that we are now at “cyber-war” with North Korea. It feels like another Cold War race, with a lot more countries involved.

However, the really scary part, is that now, foreign influences have now proved, that they can hold United States (and companies within the US) at bay with attacks on there computer infrastructure.

 

From the article:

Everyone seems to be eager to pin the blame for the Sony hack on North Korea. However, I think it’s unlikely. Here’s why:

1. The broken English looks deliberately bad and doesn’t exhibit any of the classic comprehension mistakes you actually expect to see in “Konglish”. i.e it reads to me like an English speaker pretending to be bad at writing English.

2. The fact that the code was written on a PC with Korean locale & language actually makes it less likely to be North Korea. Not least because they don’t speak traditional “Korean” in North Korea, they speak their own dialect and traditional Korean is forbidden. This is one of the key things that has made communication with North Korean refugees difficult. I would find the presence of Chinese far more plausible. See here – http://www.nytimes.com/2006/08/30/world/asia/30iht-dialect.2644361.html?_r=0

here – http://www.nknews.org/2014/08/north-korean-dialect-as-a-soviet-russian-translation/

and here – http://www.voanews.com/content/a-13-2009-03-16-voa49-68727402/409810.html

This change in language is also most pronounced when it comes to special words, such as technical terms. That’s possibly because in South Korea, many of these terms are “borrowed” from other languages, including English. For example, the Korean word for “Hellicopter” is: 헬리콥터 or hellikobteo. The North Koreans, on the other hand, use a literal translation of “vehicle that goes straight up after takeoff”. This is because such borrowed words are discouraged, if not outright forbidden, in North Korea – http://pinyin.info/news/2005/ban-loan-words-says-north-korea/

Lets not forget also that it is *trivial* to change the language/locale of a computer before compiling code on it.

 

Read more at Marc’s Security Ramblings and at Krypt3ia

The Spam Wars

Source: Slate

An article discussing a piece of Brian Krebs latest book, Spam Nation, from Slate.com.

This article discusses the economics in Russia of spammers, how they support their families.

Indeed, spam email has become the primary impetus for the development of malicious software—programs that strike comput­ers like yours and mine daily—and through them, target our identities, our security, our finances, families, and friends. These botnets are virtual parasites that require care and constant feeding to stay one step ahead of antivirus tools and security firms that work to dismantle the networks. To keep their bot colonies thriving, spammers (or botmasters—the term is interchangeable) must work constantly to spread and mutate the digital disorders that support them. Because antivirus programs routinely clean up infected PCs used to send spam, botnet operators need to contin­uously attack and seize control over additional computers and create new ways to infiltrate previously infected ones.