There are lots of tools around to help people carry out ARP-related exploits and if a malicious, Wi-Fi enabled neighbour decided to find out more about your network, this could be an effective way to do it.

The good news is that there are some defences out there. The bad? They can be costly and don’t always deliver the protection you might expect.

ARPDefender is a good example. It’s a solid-state security appliance that you simply connect to your network, then leave to look out for ARP poisoning attacks. It would be excellent if not for the fact that it costs almost £300 and, even if it does detect an attack, will do little more than make an entry in your system logs.

>>Permalink

Hundreds of webpages in a section of BusinessWeek’s website which offers information about where MBA students might find future employers have been affected. According to Sophos, hackers used an SQL injection attack - where a vulnerability is exploited in order to insert malicious code into the site’s underlying database - to pepper pages with code that tries to download malware from a Russian web server.

>>Permalink

Microsoft this week is continuing its ongoing investigation into what it calls “new public reports” of a vulnerability that could allow hackers to gain superuser privileges through LocalSystem in Windows XP, Windows Server 2003, Windows Vista and Windows Server 2008.

Redmond late last week issued a Security Advisory adding Windows XP Professional Service Pack 3 to the list of affected software. The advisory provides IT pros with some guidance and workarounds to help avoid a vulnerability that may allow elevation-of-privilege attacks. The software giant said it is considering other actions, including the provision of a “security update” via its monthly Patch Tuesday security rollout.

>>Permalink

Attacks in the wild are under way against Linux systems with compromised SSH keys, the US Computer Emergency Readiness Team is warning.

The attacks appear to use stolen SSH keys to take hold of a targeted machine and then gain root access by exploiting weaknesses in the kernel. The attacks then install a rootkit known as Phalanx2, which scours the newly infected system for additional SSH keys. There’s a viral aspect to this attack. As new SSH keys are stolen, new machines are potentially vulnerable to attack.

>>Permalink

The latest security patches designed to prevent DNS spoofing, don’t work. Effective attacks against DNS are still possible. This document summarizes the DNS name server attack and the client’s resolver (the stub),as related to: BIND9, PowerDNS, DJBDNS, MS XP/Server 2003/Server 2008. Kris Kaspersky has analyzed the patches and discovered that they’re almost useless and do not fix the real attack vector. In short the patched systems perform two things:

1.) They randomize the transaction ID (TXID) and the source port number (SP#) as best as they can. Unfortunately, they can’t! Most systems use extremely weak and predictable pseudo-random algorithms;

>>Permalink

Every day, millions of Americans access the Internet from Wi-Fi hot spots, including more than 50 restaurants and coffee shops in Columbus.

Several months ago, WBNS-TV (Channel 10) set up an experiment at Cafe Brioso, 14 E. Gay St., to determine how easy it is intercept the information that Wi-Fi users send and receive. Those who took part in the test found out that digital-security experts armed with laptops and readily available software had no trouble eavesdropping on their transactions.

>>Permalink

HD Moore has been owned. That’s hacker talk, meaning that Moore, the creator of the popular Metasploit hacking toolkit, has become the victim of a computer attack.

It happened on Tuesday morning, when Moore’s company, BreakingPoint, had some of its Internet traffic redirected to a fake Google page that was being run by a scammer. According to Moore, the hacker was able to do this by launching what’s known as a cache poisoning attack on a DNS server on AT&T’s network that was serving the Austin, Texas, area. One of BreakingPoint’s servers was forwarding DNS traffic to the AT&T server, so when it was compromised, so was HD Moore’s company. (Listen to a podcast about a recent DNS attack.)

>>Permalink

In the olden days us security folks used to point to two kinds of attacks, targeted and random. Because targeted attacks were deemed to be the subject of Clancy and leCarre novels we quickly focused on so-called random attacks, ie. viruses and worms. Unfortunately the threatscape has evolved while the technologies we deploy have not. This can lead to problems.

There is still some security in obscurity. If you are a lawn care or construction company without a website you are pretty safe from targeting other than from your employees, who, come to think of it are a big concern as well. Let me put it this way - there is a spectrum of risk. Everyone has to deal with targeting from employees, contractors, customers, and competitors. On one end of that spectrum is the local Italian eatery. On the other end is…oh, let’s see… the British Government.


Full Story

>>Permalink