Search This Blog

Friday, January 25, 2013

(W) Browser Plug-Ins act as Malware launchers

Ever wonder about plug-ins that are forced on you, I mean included in the install of Java, Adobe or many other applications that annoy us asking "Do you want this toolbar which has NOTHING to do with the application you're installing, possibly installed without you knowing it cuz i'm sneaky?"

This particular Adware/Malware uses The Ask, Bing, Weather and other browser plug-ins to launch additional files to do nefarious things. These seemingly helpful utilities actually add additional risk by allowing an easy exploit entry point by adding a modify crafted support .DLL that points to additional malware files infecting your system, adding a backdoor or worse.

Similar to DLL injection, just dropping additional files could totally P0wn your system. Just avoid miscellaneous plug-ins you don't need and refuse them when installing ANY software offering an unrelated plug-in and PLEASE tell the vendors "I won't use your damn product (cough cough Java, Adobe) if you continue to do this". I've had enough and NOT going to take it anymore!!!!

SecureList Evaluation of AdWare/Malware Win32.Gamevance.hfti

#InfoSec #BadPlugIns

Thursday, January 24, 2013

(I) Hackin9 Magazines launches FREE Monthly Online Mag

Proud sponsors of BSidesAustin, Hackin9 Magazine announced today they are offering A FREE monthly InfoSec online magazine.

Check it out and sign up!

Sign up for the Magazine

Hackin9 website

#InfoSec #Hackin9

Tuesday, January 22, 2013

(I) Feb 1st - Change your password day - Gizmodo (snicker)

Hmmm a 'National Change your Password Day', would that really work?

First off, it's not your password that's bad, it's what you do with it, it's YOUR BEHAVIOR!!!!

If you have a crappy password aka short < 8 characters and use it everywhere, then changing it won't do you any good, it will still be a crappy password.

Now a 'National Manage your Credential Day' makes more sense. Really, October is Cyber Security Awareness month, but lets go with it... If you resolved to improve your credential management, that means the whole process of managing your usernames, passwords, accounts, sites you use, etc. then that would make sense.

We need to actually start managing our credentials before we change a password to really make a difference. How many of us in IT or InfoSec have a SmartPhone and use 2-factor Auth like The Google Authenticator App or a YubiKey? It's low I'm sure ;-(

Start by using a Password vault like LastPass or Password Safe (with YubiKey or Google Auth) and capture all the sites and credentials you use and start managing them. Then if some site you use gets popped (and it will) you can change your passwords quickly with a good long random password and be safer then you are now.

I guess Gizmodo didn't learn from being popped themselves.

Gizmodo article

#InfoSec #Passwords

Monday, January 21, 2013

(I) So what do we do about Java?

With the latest scare with Java and right after Java 7 release 11 yet another vulnerability announced - what do we do about Java?


No really - NOTHING!!!!

The Feds say remove it, articles say the Feds say to remove it... So when did a vulnerability in software require us to stop using it? We would have stopped using Windows years ago, but we can't. You can uninstall the runtime Java on your system (if you can), but it is built into browsers and the Internet.

Could you really remove Java? Have you ever visited a city, county, state, federal or local government website. Java is everywhere, can you really remove it? Apple solved it by flipping a switch that disables it across all Apple Macs.. How cool is that !?

Seriously though, the only thing that you need to do is CHANGE YOUR BEHAVIOR!

Oracle in release 10 allows you to disable Java directly in your browser. But I don't do this... In many a post I have stated Not Script for Chrome and NoScript for FireFox. If you stop using IE and start using Chrome and FireFox with the add-ons to block Java and Javascript (which has nothing to do with Java FYI) except when you know you need it and trust (in theory) the site, then you really do not need to do a darned thing other than change your behavior.

These Java exploits are going away and will come in email attachments and drive by surfing. If you block Ads with AdBlock+, use Web of Trust (WOT) when you search the InterWebbings to avoid known bad sites and NoScript and Not Script then you don't have to do anything except pay attention.

If you are an enterprise admin, then deploy the add-ons and train your users and of course 'Don't Click on That!'


Tuesday, January 1, 2013

(I) 2012 in review - Cybercrime and Malware

Another year has passed us by and we saw more Cybercrime and the discovery of malware that went undetected for years... WTF?

What did 2012 teach us? (More importantly will we and management learn from it?). Will history of 2012 repeat itself? You betcha!

Cybercrime is here to stay, passwords suck and advanced malware can't be detected by any Anti-Malware, I mean any and all.. For YEARS!!!

We need a new way to detect malware once it strikes so that we may respond to the threat. Stop relying on Anti-Malware would be a start, it's just one of many security tools you have to reduce risk, stop thinking you can prevent malware, you can't! Convert your mentality and processes to look for malware regularly, with new tools, like the Sniper Forensics Toolkit.

I read a recent SC Magazine article on how malware has made it to POS systems. Duh! They're Windows based with a browser, what do you think would happen? Give employees a browser to the Internet and they will infect your systems in no time flat.

SC Magazine article on Malware on POS systems

So I set out to find a Windows based POS system with a browser... It didn't take me but my first restaurant to find one. Seriously, it was open to employees to surf the web on the system that takes our credit cards, and our orders, why oh why would you do this POS company. And yes, I played with it... Just needed a little Social Engineering.

Windows based POS has a new meaning... Piece Of Sh!t

I am sure the Sniper Forensics Toolkit would work GREAT for these types of turn-key Windows based POS systems since we should have a gold image (the vendor) that we can baseline to run a scan against and then compare it to systems in the field, easy.

Have a speciality type of system you want to know for certain is malware free? Let me know.

2012 showed us malware is a significant concern since it can go years undetected if a little thought and engineering goes behind it. Isn't that ANY and ALL Cybercrime and advanced malware that I talk about and Brian Krebs blogs about? Yes it is and it IS far more common than you ever thought!!!

Good Luck in 2013!!!

V3 article on the year of security

The Sniper Forensics Toolkit

#InfoSec #malware #sniperforensicstoolkit

(W) Proof Anti-Malware is not enough - Flame, Ducu, Stuxnet

I have always said if you rely on Anti-Virus/Anti-Malware as your sole defense against the nefarious neer-do-wellers of the InterWebbings you will get p0wned! Most home users may have AV, hopefully also their local operating system firewall is enabled and have a DSL/Cable router with firewall capabilities, but is that enough?

We have learned over the past year that the analysis of The Flamer, Ducu and Stuxnet malware went undetected so long by Anti-Malware software, Intrusion Protection Solutions and other security solutions because they all use signature based analysis.

The moral? We only can detect what we know about and all these solutions are designed to monitor what we know, not what we don't know. This is why user behavior is so important when it comes to browsing the InterWebbings.

Only YOU can prevent Forest Fires... I mean Malware by your behavior. Use Extensions for Chrome, Plugins for FireFox to block unwanted scripting on sites you might just visit or 'drive by' as we say. Using Web of Trust (WOT) will give you an indication of links that may be bad on google searches and websites. NotScript and NoScript prevent auto loading of scripting and allows you to only enable the sites and content you actually need versus seeing all of it all the time. Using AdBlock, blocks those often malware distributing ads.

Browsers are also becoming more aware of blocking tracking as well, so utilize these features and avoid using Internet Explorer to browse as this is a great browser to catch malware from. Proof is the latest MS XML 0-Day that is currently out for all versions of IE.

Build your environment to protect users from themselves and make a more secure browser with extensions or plugins required for all users and get used to having them and using them all the time!

Oh yeah... It goes without saying... DON'T CLICK ON THAT... Dot com

Safe browsing in 2013