For an example of the insider threat in action, check out this story[foxnews.com]. I’ll bet she feels stupid!

Think the insider threat isn’t a big deal? You’re wrong[cert.org]. In 1999, NIPC estimated that 55% of attacks were perpetrated by an insider. Some groups put the current totals as high as 85%. Whatever the case, if your organization is going to be attacked, the most malicious actions will likely come from an insider–destruction of company information, exfiltration of proprietary data, etc. Why? Because an insider knows exactly where to look for data, what data is most valuable, and what is most important to business continuity. Joe Hacker on the Internet is looking for big, juicy targets with lots of personal data (for identity theft) or bandwidth (so he can set up the biggest botnet and get the most money for renting it out).

Brett Edgar

Brett is a Founder and the Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

GNUCitizen[gnucitizen.org] has released details of a new attack[gnucitizen.org] on UPnP-enabled home routers that can be perpetrated by a Flash object running on the browser of any user. I haven’t tested this, but it looks like it should work even if executed under a non-privileged account. (You do use non-privileged accounts, right?) It should work because this attack vector doesn’t do anything particularly suspicious, and certainly not something that would require administrator privileges. There are several very bad results from this attack, but a worst-case scenario is described in the details published on GNUCitizen’s website:

The most malicious of all malicious things is to change the primary DNS server. That will effectively turn the router and the network it controls into a zombie which the attacker can take advantage of whenever they feel like it. It is also possible to reset the admin credentials and create the sort of onion routing network all the bad guys want.

That would suck.

What’s interesting here is that this is not a vulnerability in UPnP itself. A pre-existing web session with the home router is a prerequisite for this attack to occur. However, GNUCitizen has several other discussions which show that a simple XSS attack is all that is needed to establish the prerequisite. So this is an attack vector that is opened by another exploit entirely!

Brett Edgar

Brett is a Founder and the Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

The AP has released a story [FOXNews.com] detailing that a New Jersey company which provides accounting software to the adult-entertainment industry has been hacked. The software apparently tracks referrals from one website to another and determines how much each website owner is supposed to be paid based on those referrals. The breach allowed the attackers to obtain the subscriber lists of several adult websites. Those subscribers are now being spammed with targeted adult advertisements from competitor websites. The greatest quote from the article from the owner of several adult websites: “There’s a loss, in my opinion, of user confidence.”

Brett Edgar

Brett is a Founder and the Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

Comcast is unveiling a new cable Internet standard today at CES. The new standard is DOCSIS 3.0, and promises to allow download speeds of 150Mbps. That’s faster than the 100Mbps most home-user network interface cards currently support. Comcast believes they will have the technology available to millions of homes in 2009.

In other news, dozens of RIAA and MPAA execs have been found cowering in the fetal position in the corner of their offices…

Brett Edgar

Brett is a Founder and the Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter