Use Wufoo integrations and get your data to your favorite apps.
[email protected]

Category: White Hat

There are 5 posts published under White Hat.
4 Dec, 2013

The Best Security Defense is a Good Open Source Offense

The hackers who compromised Adobe’s network knew, when they hacked into the system, that the most valuable prize would be the one that was the most secretive – their source code.

 

Exploiting secrets is the name of the game for the hacking community, but now, the new hot secret to steal is beyond personal data, it’s the code that makes things tick.

 

In the past, companies viewed source code as their best defense. Develop a code, hold it tight to the vest, and your system would be as secure as a maximum-security prison, or so they thought. Today, many of the same organizations, which thought keeping their code closed was a best practice in security, are finding themselves in hot water and re-evaluating their security policies.

 

What’s the solution? It’s quite simple. The best security defense is a good open source offense. Instead of holding your code so close, open it up and share it with the community. Although it may seem counter-intuitive to share more, if there’s no secret, there’s nothing to steal.

 

Greater scrutiny

 

Oftentimes, rather than thinking of open source as an offensive strategy to protect against security breaches, people believe that sharing code makes you more vulnerable to security threats. The truth is that open source code goes through much more vigorous scrutiny and is, therefore, less likely to have security holes. Not only are you one step ahead of the hackers by sharing your past secrets, but you have an entire community of developers helping you to make sure that bugs are flagged and fixed faster, assuring that the code does not become vulnerable to any future attacks.

 

Quicker evolution of code

 

Open source is inherently dynamic – constantly evolving with faster releases compared to proprietary code. And, with the software quickly changing, hackers have less time to infiltrate the code. Since the hacker community is constantly looking for new ways to attack companies and software, it is important that security holes get identified quickly.  When code is open source, everyone from end-users to community developers is able to identify issues and fix them quickly. Hackers might be fast, but when there is a community evaluating code, organizations have the opportunity to be much faster.

 

Transparent solutions

 

Companies often use proprietary software from third-party vendors. As a result, they do not have a clear and transparent view of how their software works while using the code. Proprietary vendors hold on to their “secrets” and, if there is a security issue, customers are unable to get a full picture of the problem. Organizations can find themselves in a situation where they know they have a breach, but are unable to identify the source. In the meantime, their customers are waiting for them to resolve the problem. If they had chosen an open source software solution instead, they would have a much easier time identifying and understanding the issue. Open source provides a complete picture of the software and how it is integrated with the overall product, providing a tremendous advantage when answering the big question – “what went wrong?”

 

The more inter-dependencies, the bigger the issue

 

Software has several interdependencies and if one portion is hacked, it’s very likely that other parts of the product will also be affected. Open source operating systems (OS), like Linux, are modeled on UNIX – a modular OS. These systems are not only transparent to users and administrators, but also have fewer interdependencies in comparison to proprietary systems. When there is an issue with one part, it’s easier to work on fixing it without having to worry about its impact on other components. And of course, if one part is hacked, it doesn’t mean that the entire system has been compromised.

 

As we all know in the security world, hackers are always thinking of new ways to attack our systems, and open source is not going to solve all security challenges, but going on the offensive is the first step in taking back control. The characteristics of open source, such as constant evolution, quicker fixes and lesser interdependencies, can be a huge advantage when facing hackers. Evaluating security policies to understand the “secrets” in an organization’s IT vault and how they are impacting the organization is critical in assuring that the next breach is merely an inconvenience rather than a catastrophe.

 

Security cannot be taken for granted and requires constant vigilance. There are no easy fixes and substitutes for being aware of ones environment and vigilant for threats and attacks. Using open source software is one tool in an entire arsenal of protective strategy that is needed to ensure security in the modern enterprise.

Allan Foster
295
18 Nov, 2013

Server Configuration Can Protect against Fast-Growing CHARGEN Attacks

Hundreds of thousands of Internet servers sit at risk of being used in a fast-growing technique to reflect and amplify distributed denial of service (DDoS) attacks, despite the fact that a simple server configuration change could eliminate the DDoS threat.

 

Incidences of DDoS attacks using the character generator CHARGEN protocol rose sharply in the third quarter of 2013, according to data reported in the Q3 2013 Global Attack Report from the Prolexic Security Engineering and Response Team (PLXsert).

 

Attacks using the CHARGEN protocol, which was noted as vulnerable to these types of attacks as early as 1999, were the fastest-growing type of DDoS attack in Q3 2013, with attackers using vulnerable servers around the world to reflect and amplify data onslaughts at target servers.

 

The CHARGEN protocol was initially created to enable testing and measurement of servers. Today, it is obsolete, and it should be disabled. Many legacy servers have it turned on by default.

 

Despite its age, the re-emergence of CHARGEN attacks within the underground DDoS-as-a-Service marketplace suggests the abuse of this internet protocol retains value to malicious actors engaging in distributed reflected denial of service (DrDoS) attacks.

 

In Q3, Prolexic observed CHARGEN DrDoS attacks against its customers in the gambling and entertainment industries. Prolexic’s experts mitigated these attacks before they affected the availability of the customers’ servers. A subsequent analysis found similar CHARGEN attack patterns in each case.

 

In the gambling industry attack, most of the reflected traffic originated from Asia, and particularly China. The attack lasted 1.5 hours and reached a peak rate of 2 Gbps.

 

In the entertainment industry incident, although much of the traffic originated in China CHARGEN servers from all continents except Antarctica were engaged in the attack, which lasted a half-hour and reached a peak rate of 2 Gbps.

 

Because vulnerable servers used to reflect CHARGEN data may respond with as much as 17 times more data than they receive, attackers find the approach  attractive. An attack launched with just one or two servers can overwhelm a standard 1GB virtual private server in a matter of seconds. In addition, the use of the UDP CHARGEN enables spoofing of IP addresses, which provides pseudo-anonymity for attackers.

 

Meanwhile, hundreds of thousands of CHARGEN servers lie susceptible to use as attack vectors, a situation that can be readily addressed with a simple change to the server configuration. Of 1,000 attack events involving CHARGEN analyzed by PLXsert, more than 99 percent were found to have taken advantage of Windows servers – from Windows NT to Windows 2008 R2.

 

Step-by-step instructions explain how to disable CHARGEN on a Windows server in a case study on new DDoS techniques, including CHARGEN attacks, available in the Q3 2013 Global Attack Report from Prolexic.

 

More information is available in the Q3 2013 Global Attack Report.

Michael Donner
363
1 Oct, 2013

Cyber Mercenary 'Icefog' Attacks South Korean and Japanese Supply Chains

An advanced persistent threat (APT), named Icefog, has been detected; mostly targeting South Korean and Japanese supply chains, including: government institutions, military contractors, maritime and ship-building group, telecom operators, satellite operators, industrial and high technology companies and mass media.

 

Icefog, tracked by Kaspersky since 2011, was recently discovered in June 2013 following an attack sample which was retrieved from Fuji TV. Upon analysis, different variants were identified — 6 to be exact. It was also found that these attacks were essentially a newer form of an original attack on the Japanese Parliament in 2011.

 

Icefog follows an ongoing trend, consisting of a relatively small group of attackers that perform hit-and-run tasks with a focus on supply chain. The attack is done, initially, through spear-phishing emails — the victims get an email with an attachment or link to malicious sites with downloadable files. When the files are downloaded, a backdoor is dropped into the system, giving Icefog access to the machine. Then specific, sensitive information is extracted with surgical precision. Special to Icefog’s method of attack, once information has been acquired, the group moves on to another machine in sharp contrast to the usual, long-time infection that other APTs maintain.

 

So, who, in general, is susceptible to Icefog’s attack? Their attacks are done through the use of custom-made cyber espionage tools that act on Microsoft Windows and Apple Mac OSX, leaving Linux computers immune to hacking attempts. An Android variant is suspected to exist, but has not yet been found.

 

Considering some of the major tensions in East Asia, Icefog’s attack pattern begs the question “are these attacks sponsored by a state?” Usually, a state is inferred and determined based on the motivations of the campaign, which tends to last a long time. Because of the hit-and-run method of attack by Icefog, it’s hard to determine an overarching theme beyond supply chain and, thus, makes it difficult to pinpoint anyone. Though, it should be mentioned that, based on the IP addresses used to monitor and control the infrastructure, the ones that could be responsible for Icefog could be deduced to: China, South Korea, or Japan.

 

Fortunately, Kaspersky found a few command-and-control servers and sinkholed some of them — preventing access to hundreds of users. Additionally, Kaspersky is able to identify and neutralize all variants of Icefog. Despite the work being done towards these APTs, Kaspersky says that “In the future, [they] predict the number of small, focused APT-to-hire groups to grow, specializing in hit-and-run operations, a kind of ‘cyber mercenaries’ of the modern world.”

Dat Mai
277
13 Sep, 2013

Kimsuky is a Simple Computer Virus That Targets South Korea

On September 11, Kaspersky’s research team published a report showing attacks on South Korea’s think-tanks. This cyber-espionage campaign, named Kimsuky, seemed to only target 11 South Korean and 2 Chinese groups—some of these groups include: the Sejong Institute, KIDA (Korea Institute for Defense Analysis), South Korea’s Ministry of Unification, Hyundai Merchant Marine, and supporters of the Korean Unification.

The first instance of Kimsuky’s activity was on April 3, 2013 and the first Trojan samples were found on May 5, 2013. This virus is special in that it’s pretty unsophisticated and communicated with its master using a public email server. Apparently, this is commonplace with amateur virus coders and is usually ignored. What caught the attention of the researchers was that Kimsuky used a Bulgarian email server and the code contains Hangul (Korean characters), which actually translate to “attack” and “completion.”

 

Because Kimsuky is highly limited and targeted, it is uncertain how it is being distributed. The early Trojan samples collected were delivered by spear-phishing emails. These emails have been traced to “kim” names and 10 IP addresses. These IP addresses connect this virus to the Jilin and Liaoning Network Province in China. Interestingly enough, there are lines in these provinces that connect to North Korea. Another interesting attribute of Kimsuky is that it disables the security tools of a South Korean anti-malware company, AhnLab.

 

Looking at Kimsuky’s targets and the source of the IP addresses, it seems as though the source of the malware is North Korea. Though, Kaspersky researchers say that “it is not that hard to enter arbitrary registration information and misdirect investigators to an obvious North Korean origin.” In the end, there is no clear cut evidence to point any fingers.

 

Luckily, the code is, as previously mentioned, simple—Kaspersky products are able to detect and neutralize various Kimsuky threats.

Dat Mai
286
6 Sep, 2013

Top Startup and Tech News Today-7 Things You Missed Today

1. US and UK spy agencies defeat privacy and security on the internet

 

US and UK intelligence agencies have successfully cracked most of the online encryption people used to protect the privacy of their personal data according to a top-secret document revealed by Edward Snowden. The files show that the NSA and the GCHQ (the UK counterpart to the NSA) have broadly compromised and stretched the guarantees that internet companies tell their customers. Communication, online banking, and medical records are not as indecipherable to governments as consumers are being told.

 

The agencies, the document says, have launched an ongoing and systematic assault on what is viewed as one of their biggest threats to their ability to access huge amounts of internet traffic – “the use of ubiquitous encryption across the internet.” One method used by these agencies include using supercomputers to break through encryption with what is called “brute force” and collaboration with technology companies and internet service providers. Through these partnerships, agencies have managed to insert “backdoors” into commercial encryption software.

 

The agencies insist that this is all necessary to their mission of fighting terrorism and foreign intelligence gathering. But security experts accuse them of simply attacking the internet and endangering the privacy of all internet users. “By deliberately undermining online security in a short-sighted effort to eavesdrop,” Bruce Schneier, an encryption specialist says, “the NSA is undermining the very fabric of the internet.”

 

2. The Lessons Every Entrepreneur Must Learn: The Wisdom Of Tony Hsieh, Blake Mycoskie And Many Others

 

1. Experience wins out over graduate school.

2. Keep a strong network.

3. Think “outside the box” – this will always win out.

4. Keep your venture philanthropic – do good, feel good, and you’ll see good results.

5. Use more than one discipline when approaching a new market.

6. Time, knowledge, and effort are just as important measured of currency as money.

7. Use capitalism as a force for good by incorporating the act of giving into your everyday life.

8. Low-risk, high-reward opportunities are aplenty. Today a company can be started for a minimal price and education can be gained through your fingertips. Exploit this.

9. When are young, you start at zero. So you can’t fail. Don’t take the safe choice.

10. Embrace the idea that you may have more than one career and they may not be in the same fields.

11. Risk assessment and risk management are important to have throughout your life.

12. Follow your passion – you’ll never find a successful person who isn’t passionate about what they do.

13. Don’t be afraid to disrupt. This is where innovation comes from.

 

3. Hackers for Hire, Just in It for the Cash

 

From Anonymous to the Syrian Electronic Army, it seems as through high-profile hackers and their adventures and exploits of the internet are constantly making the news. Some are driven by political ideals and revenge; some are driven by nothing more than boredom. But we see these two ends of the spectrum so often and so frequently that we forget about the most powerful motivator of all: money.

 

Last week, 24-year old Andrew James Miller pleaded guilty to one count of conspiracy and two counts of computer intrusion. From the years of 2008 to 2011, Miller allegedly hacker into “various commercial, education, and government computer networks” in order to steal information and install “backdoors” that would allow him to sell access to these networks later. He was caught for trying to sell secret access to two US government supercomputers for $50,000 to an undercover FBI agent. Miller also sold the FBI access to the Domino’s Pizza Chain domain for a price of $1,000.

 

Miller is a prime example of the other type of computer hacker – not the one who has a political goal or is simply looking for something to do, but one that hacks for hire. Not everyone wants to bring down a government; most clients simply want access to someone’s Facebook or email account.

 

Go ahead and Google “hacker for hire” and see a wide array of price quotes and services. Hackers for hire is a new trend, a new occupation, and one that looks like it is going to last.

 

4. Hackers find weaknesses in car computer systems

 

There are now cars that can park and drive by themselves. As cars become more automated and more advanced, they become more and more like PCs on wheels – so, if a hacker can take over a PC easily, who’s to say he can’t take over a car?

 

Recent demonstrations have shown that hackers can slam a car’s brakes at freeway speeds, jerk the steering wheel, and shut down the engine all from their laptop computer. All cars and trucks are roughly 20-70% computer. This computer runs through an internal network that controls everything from the brakes to the acceleration to the windows; this network is one that many hackers have gained access to. To be fair, these “hackers” were computer security experts, and it took them months to hack into the acr. But, experts say that high-tech hijackings get easier as automakers add more computer-controlled devices. “The more technology they add to the vehicle, the more opportunities there are for that to be abused for nefarious purposes,” says rich Mogull, CEO of Securosis, a security research firm.

 

Chris Valasek, a hacker and director of intelligence and a computer security consulting firm, says that he could control “steering, braking, acceleration to a certain extent, seat belts, lights, horn, speedometer, gas gauge.” The information that he and his partner Miller found when hacking into the car was released publicly at a hacker convention. They choose to do this in hopes of drawing attention to the problem; however, they say that the automakers haven’t added security to the ports or addressed any of the issues they found.

 

Whether or not “car hackers” is a legitimate security threat is a question that is subjective and open to interpretation. What is not, however, is the fact that people can gain access to your cars through the technology installed within it – the threat is real, and it is more than likely simply going to increase as time passes.

 

5. The four stages of life every successful startup must go through

 

Stage One: Winning your first ten customers. So how do you go about getting them? Som companies like Dropbox use virality. But most achieve product/market fit and generate word of mouth referrals by creating lasting customer experiences. It’s important for early-stage startups to stay close to their customers and beta-testers.

Stage Two: Overcoming the Gap. There are often discrepancies between what early adopters expert from a product and what the market needs; this is the biggest reason behind startup “infanticide.” Many startups forget to create ways for users to provide feedback into their products. Make sure you have this, and make sure you listen.

Step Three: Listening and Responding. Passionate users will direct customers to an online community where the organization actually talks and engages with them. Create discussions and inspire early users.

Step Four: Build Trust. Your users need to trust you. Be responsive with them, elicit their feedback, and communicate with your earliest and most enthusiastic users. Constantly wow customers through their experience with you.

 

6. Life’s a pitch: The other reasons startups do competitions

 

Competitions and pitches are tiring. So why do startups choose to do them? The only pitch that should matter is the one before an investor or a customer, right?

 

Wrong.

 

Pitching at competitions is a great test for ideas, says Mark Briggs, creator of Fork, a mobile app that lets people take and share photos of their home-made food. It makes sure that the pitcher has a clear and concise vision and concept that they’re able to explain and share with others. It’s not so much about the competition itself as it is the process getting there, he continues. “ Also, you usually get great feedback from smart people on your idea. Or, at least, your ability to pitch that idea. That can be super helpful, too.”

 

7. Stanford Investing in Student Startups

 

Stanford is jumping headfirst into the venture capital world by investing in student and alumni tech startups. It’s starting an uncapped investment fund and giving a $3.6 million grant to StartX, a non-profit startup accelerator for companies with a Stanford affiliation. The university’s business affairs department will oversee the investments.

StartX only invest in companies that have raised half a million in funding and a percentage of that must come from VCs or professional investors.

 

Jessie Yen
249