background preloader

Strategic Re-Tweet(s)

Facebook Twitter

Ticking Time-Bombs: Production Data in Non-Production Systems. This is a little touch of irony... but almost exactly 2 years ago I wrote on this very blog about the dangers of using real data as test data in a post titled "What we're all forgetting". A few weeks ago we got news via the Twittersphere that a certain fast-food company was SQL Injected and the output dumped to the Internet.

It's on pastebin, so you can find it if you really want, but I picked up on a small subtlety while reading down through the dump (which comes from a tool call Havij, which is a SQL injection tool) which I wanted to share: Host IP: n.n.n.nWeb Server: Microsoft-IIS/6.0Powered-by: PHP/5.2.5Powered-by: ASP.NETDB Server: MySQLCurrent DB: COMPANY_stgData Bases: information_schema COMPANY_stg DATABASE_data Does anything strike you about that snip? The tables dumped out were all called COMPANYNAME_stg.TABLENAME, so unless I'm reading this wrong this is consistent with a staging database... aka - non-production.

Metasploitable 2.0 Tutorial: Checking for Open Ports with Nmap. I mentioned recently that we would take a closer look at Metasploitable 2.0, the purposefully vulnerable Linux virtual machine used for learning security tactics and techniques. In this intro, we will quickly cover obtaining Metasploitable and scanning it for open ports and services. (No you do not want Metasploitable running on a open or production machine, it’s vulnerable for Pete’s sake!) For this series of tutorials you will need: Backtrack 5 r2 – I used the Gnome, 32 Bit version, available here. Metasploitable 2.0 – Available here. You can setup a test network using VMware or Virualbox.

I will not cover this in the article, there are many tutorials out there for setting this up The Rapid7 website references a great Metasploitable setup tutorial on webpwnized’s YouTube Channel. Okay, let’s take a look at Metasploitable from our Backtrack box. Open a Terminal window on your Backtrack system and type: nmap -v -A 192.168.12.20 (metasploitable’s IP address) (click image to enlarge) South Korea, another data breach. How is changing the hacking world?

Browsing the internet is easy to find information regarding date breach by hackers against large companies that fail to protect their facilities exposing the information of their customers and employees. Yesterday Anonymous group has released more than 400K record of the Australian AAPT company stolen during a recent attack, meanwhile this morning I read about another clamorous attack against KT Corp., South Korea’s No. 2 wireless service provider. The South Korean provider has announced that millions of mobile phone subscribers data were hacked, according the law enforcement the responsible of the attack are two hackers that stolen about 8.7 million KT customers, more that 50% of total clients of the KT company, but it’s not first time that company is attacked because it declared that had blocked many further illegal access to data starting from February. The official communication of the company states: “We deeply apologize for worrying you,” KT said in a statement. Pierluigi Paganini.

Japanese government uncovers a two-year long Trojan attack. Who are 'Information Security '? - Defining one su. It's clear to me that from discussions in real life, and on the social media that the role of "Information Security" is far from clearly defined. Yesterday I found myself attempting to explain my thoughts on the role of Information Security in yet another BYOD discussion - only to find that my thinking had changed over time and is perhaps misaligned with some of my peers.

This wasn't possible to explain in 140 characters (actually we were down to 91 due to the number of @ replies) so I thought it makes sense to explain my position here, in the hopes that we can have a more clear dialogue, on the record, to define what and who Information Security is as an entity with the enterprise environment. Let's take a look at this pragmatically. First and foremost I believe, as I've said before, that the Information Security function is actually two separate groups lumped into one.

So what is the role of Information Security within the enterprise? Japan institutions victim of cyber espionage, is it cyber warfare? One of the biggest cyber threat is cyber espionage, it’s the sign of the technological era in which every devices surround has an intelligence component that could be exploited. Governments first, cyber criminal after, have discovered the great efficiency of malware used to steal sensible information to the victims, no matter if we are speaking of intellectual property or user’s personal data. In the last couple of year the use of malware as cyber weapon has represented a great innovation in the warfare, Duqu and Flame represent the most important agents detected that have been developed with the intent to spy on foreign governments such as Iran.

Use of malware as spy tools has two great advantage: it allow to conduct covert operations in a long time stealing a great quantity of information from the victim’s host.similar agents are not so simple to link their creators differently from a military option that could be subject to penalty applied by worldwide community. Pierluigi Paganini. RobDemandt : The age of #cyberwarfare, great... Stuxnet: Anatomy of a Computer Virus. US Experts say: Government Networks constantly hacked. For years, we have discussed the importance of appropriate cyber strategy and the necessity to preside over the main critical infrastructures to defend them from cyber threats of any kind and in our imagination we have always considered the US as a country at the forefront.

While the cyber security experts analyze the progress made ​​in countries like Russia and China and emerging realities like India and Iran, they alert us regarding the vulnerabilities of the main U.S. structures. This time to worry U.S. security experts is the state of its computer networks that have been penetrated by foreign spies several times exposing sensible information. The success of the cyber attacks, according the declarations of the network experts, is due the US infrastructure status that are protected by obsolete defense systems unable to fight against continuos incursions. Very meaningful the worlds pronounced by Senator Rob Portman member of the Emerging Threats and Capabilities subcommittee: References. Air Force prepares to open cyberwarfare simulation center to outside users. Securityaffairs : ICS-CERT report, a worrying... Fake AT&T Emails Using Blackhole Exploit Kit to Install Malware.

New Madi instance and “AC/DC” virus, Middle East as shooting range. The Middle East has always been considered an area of the planet’s turbulent for the continuing conflict and political tensions among the states that inhabit it. In the last two years, the tensions seem to have intensified and with it has grown the diffusion of malware for cyber espionage and for offensive purposes. In the eyes of the world time zero is represented by the spread of the virus Stuxnet developed by U.S. and widespread in Iran with the intent to interfere with the country’s nuclear program. In the following months there were findings of new malicious agents of unknown paternity that have hit the same area, we cannot forget the Duqu and the theory of the Tilded platform and also the Flame malware.

But every place in the world is attacked daily by malware, why we are discussing of Middle East? Well, in this area the number of malware that have been developed for state sponsored projects represent surely an anomaly. What’s new in the last version detected? Pierluigi Paganini. Securityaffairs : New Madi instance and AC/DC... Max Keiser - Financial War Reports - 12345. IT Security News and Security Product Reviews - SC Magazine.