Måjðr Mïkê

DNS Rebinding with Robert RSnake Hansen

A DNS Rebinding exploit how to. This exploit has caused much confusion, so this video explains how hackers can take advantage of this attack and why the security world will probably not be fixing it any time in the near future.

It is my hope that you will learn the mechanics so that you can better protect yourself and hopefully know what you are facing so you don’t become complacent and fall into the groove of false sense of security.

Most medium to large European companies plan to consolidate network security on a single hardware appliance in the next year, but cost is not the only driver.

Ninety per cent of IT directors polled in the UK, France and Germany say they will consolidate their networks in the coming months.

Reducing cost is one of the main reasons for the move, but simplified network security management is the biggest driver overall.

Rick Cole, IT manager at financial services firm B&CE, says the move to a single appliance for all network security is a "no-brainer".

The switch was prompted by B&CE’s need to upgrade its firewall security and capacity to support new e-commerce projects.

"I could not see the sense in getting to grips with several software products, when it could be done all in one package," says Cole.

B&CE plans to run its new firewall on a single Fortinet unified threat management (UTM) appliance and then gradually add all other network security applications.

Organizations are typically able to put e-mail filtering, web filtering, intrusion prevention, network gateway anti-virus, and access control applications on a UTM appliance.

IT staff will only have one network security management console to learn how to use, there will be improved visibility of network activity, and better reporting through consolidation.

Cole says administrative benefits include having a single point of contact for support and not having to manage several separate software licenses and service contracts.

Andy Hamilton, network manager at University College Oxford, says having only one set of skills to learn is a great time saver.

"Simplified training and quicker support from one company are definite benefits," he says.

Hamilton says improved security is another big benefit of having a single appliance from a single supplier.

"This means there are no interoperability issues. It is also easier to secure one box than multiple boxes," he says.

Improved security is one of the top three reasons survey respondents cite for network security consolidation, but it is the top reason given by UK respondents, ahead of improved management and lower operating costs.

Tony Dyhouse, director at Cyber Security Knowledge Transfer Network, says UTM means systems are combined, making security a simpler process.

"This means there is less reliance on experts because the product is simpler and more manageable. This is particularly useful for smaller companies that cannot afford the same level of security expertise as larger companies," he says.

Overall, lower costs is the second most important reason given for consolidating network security.

B&CE expects to cut operating costs by about half, and University College estimates that costs have dropped by a third.

Dyhouse says the recession has put great pressure on security managers to justify their expenditure.

"Moving to products which can offer multiple functions is a good way to show cost saving to the board," he says.

Richard Brain, technical director at security firm Procheckup, which operatives five UTMs, says advantages also include savings in power consumption and rack space.

Romain Foucherou, an analyst at IDC, says the recession has taught most organizations the value of a consolidated approach to network security, which frees businesses from rigid per-user licensing models.

"Once companies have invested in a single hardware appliance, new capabilities can be added with a simple hardware upgrade," says Foucherou.

This means organizations can be assured of future scalability as the business grows and the threat environment changes, without buying additional hardware.

However, Brain warns that consolidation carries the risk of having a single point of failure for all network security applications.

He also cautions against potential hidden costs. "Watch out for extras like support and 24-hour call out. This can be expensive," he says.

Foucherou says UTM appliances have come a long way in the past three years. Technological advances have enabled the security, reliability and throughput that enterprises demand.

This has been one of the main reasons UTM solutions have graduated from branch offices to enterprises, backed by a strong focus of suppliers on the higher end of the market.

Link

Mozilla is working on a fix for a "highly critical" vulnerability in is Firefox browser.

The vulnerability, which puts users at risk of remote code execution attacks, affects Firefox 3.5, but other versions may also be at risk.

Mozilla said an attacker can exploit the vulnerability by luring Firefox users to a malicious web page containing the exploit code.

The security hole is due to an error in the way JavaScript code is processed, according to the US Computer Emergency Readiness Team (US-CERT).

"Exploitation of this vulnerability may allow an attacker to execute arbitrary code. Additionally, exploit code is publicly available for this vulnerability," US-CERT warned.

Proof-of-concept exploit code was posted on Milw0rm.com, an exploit code aggregation site.

US-CERT said Firefox users should disable JavaScript. The organisation has also posted instructions on other ways of mitigating the risk until a fix is released.

Link

IPS marketing

The Identity and Passport Service (IPS) is to embark on a marketing campaign to persuade businesses to check staff passports and national identity cards.

It announced today that it has contracted advertising agency Proximity, part of the BBDO network, to develop below the line promotional campaigns for ID cards, passports and the General Register Office (GRO) for the next three to four years.

The contract supplements an earlier contract with Abbot Mead Vickers BBDO for above the line work to promote passport applications for first-time applicants and renewals, the Passport Validation Service (PVS), the National Identity Service, including validation services based upon data held on the national register; and genealogical services from GRO.

The Central Office of Information (COI) was unable to say how much the contracts were worth.

The latest estimated cost of the IPS for the next 10 years is £4.95bn. This includes the issue of both passports and identity cards for UK citizens. About 70% of it will go to implement secure biometric passports.

Since 2005, accredited government departments and law enforcement agencies, such as UK Border Agency, Security Industry Authority (SIA), and the DVLA, have had direct web access to the passport database.

PVS is the first business to business identity service offered by IPS, and is part of the IPS mission to be the "trusted and preferred provider of identity services", the COI said.

Link

Computer programmer arrested for Goldman Sachs theft

A former computer programmer at investment bank Goldman Sachs has been charged with stealing computer codes used in the bank’s algorithmic trading systems.

The programmer, Sergey Aleynikov, a 39-year-old originally from Russia, was arrested on Friday.

He is accused of uploading the 32MB of code to a server in Germany.

Goldman Sachs would not comment.

Automatic trading software is increasingly important to investment firms as the number of trading venues increases and the volume of electronic trading grows.

PJ Di Giammarino, CEO at financial services think-tank JWG-IT, said: "Because of the data war out there, it is more and more down to IT systems and what messages you send them to tell them what to do and how the messages instruct them to do it."

"These codes, which have allegedly been stolen are fundamental to how Goldman makes money in electronic trading," added Di Giammarino.

The heavy reliance on computer systems to control trades at investment banks makes security a massive challenge.

In January last year French bank Societe Generale lost £3.6bn following unauthorised activity of a rogue trader who covered up fraudulent activity as a result of his understanding of the bank’s fraud control systems. Paris-based Jerome Kerviel used his knowledge of automatic checks, which are carried out on trades to check they are legitimate, to avoid being found out. He risked billions by betting on future trends in the stock market.

Karl Flinders