OnStar has backed down from a proposed change in its terms and conditions that would have seen the vehicle info system collecting car monitoring data on former customers.…
View full post on The Register – Security
Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle’s Java software framework.…
View full post on The Register – Security
Kingston Digital announced the DataTraveler 6000 (DT6000) USB Flash drive, which protects sensitive data with FIPS 140-2 Level 3 Validation and 100-percent encryption.
For financial service organ…
View full post on Help Net Security – News
Address Resolution protocol [1] in IPv4 is a method in which 48 bit ethernet addresses are matched up with network addresses. We cover many things here on the Storm Center, and lately Man in the Middle has come up often. One of the ways that Man in the middle can be achieved is via ARP Cache poisoning.
Wait, that sounds like a very old method? Shouldnt we be protected against that?
Most of your higher end hardware have ARP validation or Dynamic ARP inspection. The question often comes up is, who has turned the feature on? [2] [3]
There are simple tools and tutorials out on the Intertubes that demonstrate how to achieve an ARP cache poison man-in-the-middle [4] attack, so I will not reproduce them here. This diary is to simply state that I am seeing this in my day to day operations still and to increase awareness.
In this XSS web app penetration world, we often forget the lower layers and how to best protected them. 802.1x is pervasive in the Wifi space, and with the Wired edge disappearing, perhaps that is a blessing in disguise, but how many networks implement 802.1x at the edge? Or better? Data Center?
Fortunately the last event that was encountered was simply a miss-configuration, however it does demonstrate the risks. This client also had validation turned on and detected it but that was a first that I could remember.
Question for this diary, given that MiTM [4] is on our minds lately? What, if possible for you to share, steps do you take to insure L2 protection?
[1] http://tools.ietf.org/html/rfc826
[2] http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SXF/native/configuration/guide/dynarp.html
[3] http://www.juniper.net/techpubs/software/erx/erx50x/swconfig-routing-vol1/html/ip-config8.html
[4] http://en.wikipedia.org/wiki/Man-in-the-middle_attack
Richard Porter
— ISC Handler on Duty
Twitter: packetalien
Email: richard at isc dot sans dot edu
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View full post on SANS Internet Storm Center, InfoCON: green
Swiss Cyber Storm 3 – May 2011 “Zeus botnets are trojans accountable for a large percentage of all trojan infections. Zeuss availability and ease of use make it popular amongst malicious individuals with low technical sophistication. Better social engineering scams, coupled with consistent levels of victim unawareness and carelessness on the part of software vendors, have created a need for greater web security. Using a standard LAMP stack and web programming techniques, a guideline was developed to mitigate and reduce the exposure of sensitive information from compromised clients. Because of the resultant confusion, attackers have either given up and moved on to an easier target, or have spent significant amounts of resources undoing damage to harvested POST data. The immediate objective of implementing these new techniques is to reduce the efficacy of Zeus and its counterparts and ebb cybercrime and identity fraud. Future use of these techniques will provide better chances against the compromising of users and web applications.” Slides: media.hacking-lab.com Event: www.swisscyberstorm.com