DNS rebinding and IDS signatures

| 0 comments

DNS rebinding attacks have been around for a number of years and still present challenges today. This type of attack can propagate via malware and individuals who do not act appropriately to protect themselves often will become unknowing and unwilling victims. Often this risk is in play because of popular technologies such as Flash and the lack of common standards across vendors. DNS Rebinding Analysis I found the concept of DNS rebinding to extremely complicated. Upon investigation, I found that web browsers handle DNS queries differently during the Time to Life (TTL), for example, Internet Explorer uses what is called DNS pinning that is used beyond the TTL for caching the DNS query. The reality is something as simple as setting an IFrame could bind the attacker say to your internal corporate website and while the host headers would not match the attacker does in fact then have read access. The magnitude of DNS rebinding is very difficult to determine and likely, the large DNS companies would have to work together. It is also worth noting that it does not matter how strong an organizations firewall is, the fact is this attack completely circumvents the firewall. Because web browsers are …

Continue reading

Internet security, data breaches and password management

| 0 comments

Today’s state of security truly is in a poor state of affairs and there is really little indication that things will get any better anytime soon. How better to understand the scope of the problem than looking at the last nine years defined as the World’s Biggest Data Breaches? As you review this chart, it is important to understand the breach resulted from a wide variety of risk, which leads to the vulnerability being exploited. The saddest fact is that may of these breaches may have been prevented if more attention to security had been applied, but that is an assumption on my part because security is in not way 100% unbreakable. Have you heard of Heartbleed? No matter what your answer is, be sure to read this wonderful explanation. I recall in years past when someone said if you want to secure your laptop the only choice you have is to destroy it, encase it in concrete, and drop it in he middle of the ocean. I give you that this point is extreme, but it paints a vivid picture of the problems with protecting assets and data. At this stage you should be alarmed and if you are …

Continue reading

Computer forensics tools: Windows registry

| 0 comments

Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. There are many well defined tools and processes and you should understand the legalities behind computer forensics should you intend to consider this career field. That being said, you may want to give the following tools a test drive. You should also understand that some tools could cause harm if you do not understand what you are doing. Proceed with caution and have fun! MUICacheView Each time that you start using a new application, Windows operating system automatically extract the application name from the version resource of the exe file, and stores it for using it later, in Registry key known as the ‘MuiCache’. This utility allows you to easily view and edit the list of all MuiCache items on your system. You can edit the name of the application, or alternatively, you …

Continue reading

Securely delete files on your Mac

| 0 comments

Deleting a file from your computer is like opening a book and scratching out the name of a chapter in the table of contents. The chapter isn’t really gone, just the information about how to find it is. To really wipe out the information in a book, you would turn to the chapter itself and scribble over the words until they were illegible. When you delete a file by emptying the Trash folder, the only data erased from the hard drive is a small bit of information that points to the location of the file. The actual file remains on the hard drive where it can be retrieved with common software tools. Using Secure Empty Trash or the Disk Utility will prevent the recovery of deleted files by overwriting the file data with meaningless data. Securely erasing data with these procedures is considered a best practice for eliminating sensitive data, and is a critical task to perform if you donate or sell your computer. Once again, if you take a few additional steps to remove your track you will find the the job of the Men in Black becomes a little more difficult. Now I am not advocating that you …

Continue reading

Why oh why does SQLi continue to be a problem

| 0 comments

So far this year it seems just about every new day brings a new data breach. Now to be fair, I do not know how organizations are being breached, but I would tend to believe that SQL injection may be the culprit and this is just a simple suspicion on my part. However, my suspicion may be accurate as the Open Web Application Security Project (OWASP) has injection as the number one attack vector for 2013 as listed in the OWASP Top 10. Injection was also sitting at the number one slot in 2010 as well, which begs the question as to why injection continues to be the number on threat. Obviously the most widespread vulnerabilities are Cross-Site Scripting (XSS), Information Leakage, SQL Injection (SQLi), and Insufficient Transport Layer Protection. As a general rule of thumb, Cross-Site Scripting and SQL Injection are from poor design and validation, while Information Leakage and insufficient Transport Layer Protection are very often caused by insufficient administration. At this point we know what the problem is, but what is the answer? I for one believe that software developers have come to be known as someone who can do anything and everything in code in order …

Continue reading