Tag Archive: Exploits



Welcome everyone. I hope all the information on this blog intrigues and informs all those out there trying to stay on top of our fast moving field of computing. One of the things i have been trying to stay on top of is what the latest is out in the hacker community. Good admins cannot be complacent and think their networks are secure and out of harms way. Hackers today are some of the most intelligent and innovative thinkers out there. They will find a way into anyones network if they desire to. Our job is to be up on the latest exploits so that we can readily identify a breach if and when it happens, and by doing this you mitigate your risk and exposure.

One of the new trends out there that i have talked about before is social engineering. The art of exploiting and convincing someone to do something that allows an attacker to have access to your PC or network. Now i know growing up i always thought hackers were socially inept people who stayed in their mothers basements, punching out code and playing video games. However i have been proven wrong, today some of the easiest ways into a system is by using the person who owns it. By preying on the ignorance of the owner of the PC or network, hackers can gain access and have a field day at your expense.

We all would like to think that we are smarter then just opening a door and letting a stranger in, but fact is a lot of us do just that. Obviously we would not just let someone in that calls up or emails and asks for access, but what if that call or email looked official or put a scare into you where you reacted quickly without thinking. This is what social engineering is about. Have you ever received an email from what looked like your bank, saying that your account will be closed down unless you click on the link and verify your information?. Many of us have received them and many of us have read it and gotten so scared that it would happen so you just clicked on the link and gave all your information away on how to get into your bank account. That is scary in and of itself. Now I have read these emails before and stepped back and laughed thinking “who would fall for this?”. Well believe me, many people do.

The latest out there now is starting to happen in Columbia where people are receiving emails from what claims to be the transportation authority. The email claims that the person has committed infractions and provides links for the user to click on. So it builds up the fear in the person to make an otherwise irrational decision and click on the links provided in the email in order to “view” the details of the infraction. In reality what they are clicking on are files that are attached, that once they are clicked on they will install themselves onto your PC then connect back to a botnet and provide information to the hacker. See the link provided here by ISC a leader in security on the web. https://secure.dshield.org/diary.html?storyid=13309

Gone are the days of the standard brute force attacks or attempting to get in to a system from the outside. Why do all that hard work when you can just get the person to open a door for you and let you in?. This is certainly a much easier thing to do sometimes. Especially when people do not know about these scams. Please protect yourselves, ask questions, get involved in the communities out there and educate yourselves. The information is free and extremely valuable. It could save you and your information.

Advertisements

Microsoft has released an advisory stating that an inside source has found vulnerabilities for 23 different areas within Microsoft applications.

I thought I would post this to give everyone a heads up out there, this appears to be a significant find. I give kudos to their staff for being diligent in trying to secure their application portfolios. This is not an easy thing to stay on top of and manage to enhance your portfolio in the process.. So finally this being a rare occurrence, but thank you Microsoft for getting this right.

Below is the link to the article in which you will find the story. Check it out!.

http://www.zdnet.com/blog/security/microsoft-patches-23-windows-flaws-warns-of-risk-of-code-execution-attacks/12001?tag=nl.e589


A good friend of mine today showed me that you can teach an old dog new tricks. When you have been in the game a while you would like to think that you know just about all there is to know about a programming language. Then someone comes along and shows you something that is amazing. How did I not know this?. The two things you can do is 1 deflect and act like you knew it all along or 2 you can accept the fact that someone out there might have a good idea that is useful and admit you don’t know everything. Well i digress, the point of this was to teach all of you that no matter how long you have been in the game, be open to learning something from someone, it is ok. Trust me they won’t think you are an idiot for not knowing, they may think better of you for admitting you don’t know everything.

So on to the point. What I learned today was that using CFHTTP which is the equlivalent of opening your browser and going to a URL, you can invoke a CFC method as long as the access=”remote” in your cffunction

EX:


<cfhttp url="http://192.168.0.0/test/test.cfc?wsdl" method="post">
   <cfhttpparam name="method" value="methodname" type="formfield">
   <cfhttpparam name="methodarg" value="#arg1#" type="formfield">
</cfhttp>

I am looking at this example amazed. Understnding the potential security implications this can have. Essentially anyone can open a web browser and pass the method name with the arguments to a CFC in your directory and this will execute your CFC from an unknown user.

ColdFusion has made it so easy for developers to implement code and make remote calls, that they opened up a can of worms that could lead to serious issues. These days many hackers have the patience to figure out the holes in our systems. It is our job to ensure that they are not the ones that test out and find exploits in our code. This means closing the gaps. Be thorough not complacent with making sure that your application from top to bottom is balanced between being secure and yet very easy to use. This proves to be a very valuable lesson. Be very careful with allowing remote access to your CFC’s. If you need to allow remote access, make sure you validate your data and authenticate it before allowing it to be executed.

I would like to open up the lines and ask for comments on this. Let me know your experiences with this.


Well I know that this blog has been centered around web development as well as infrastructure, but today I decided it was crucial to add a security category to our arsenal.  Security of your infrastructure is crucial not only to ensure the trust of your customers but it is also a necessity when designing your applications.

When it comes to your applications a good rule of thumb is to test all vulnerabilities and patch, because if you don’t, your intruders will. I know it seems tedious to test scenarios even when it seems impossible that it would ever happen, but believe me, there are people out there that will try anything to get into your systems.

As far as your servers and other hardware, it is extremely important to stay up to date with patches. When designing your production systems, try to think N + 2 at least. If uptime is critical look at clustering and virtualization for solutions. Yes it is very expensive but trust me when you need your applications up and available, this will show its worth very quickly. Make sure you have a reliable firewall and IPS system in place, and be as educated about your hardware as possible. Scanning packets and virus protection comes at a cost of cpu time and speed, however if you size your hardware according to what traffic peaks you get, then you should be able to ensure the safety of your network while keeping performance impact to a minimum.

We all would like to think that we are fairly aware when it comes to threats that are out there on the internet, but everyday we see new ways that hackers are attempting to exploit our systems. When dealing with large systems it is sometimes unnerving to know that even when we do our best to secure our networks, something can always make its way in. The only way to guarantee that no breach can occur is to have a closed loop network… well how many of us can do that when we need to be “connected”?

So with that in mind there are many precautions we can take to ensure that our network is fairly secure. One of the biggest exploits these days is what we call social engineering. Intruders know that most of us are fairly aware enough to not download unknown files or goto unknown sites. What if it was a site you knew was a trusted site, or so it appeared. This is where an intruder works there magic and convinces the victim they are attacking that they are from somewhere important i.e. government agency, a bank, or a trusted site. They convince the person that something is wrong and that the person needs to take immediate action to correct the problem. This is sometimes done through a seemingly authentic email, or website redirect. The person would not be able to tell the difference between the real site and the fake, except for some subtle differences that can protect you if you learn to look for them.

Being able to intrude a victim’s computer is sometimes not as beneficial to the intruder as much as the network it is connected to. When a victim falls for the con they end up opening a door on a protected network for the intruder to come in. This could happen to anyone, so what network admins need to do is to always segment their network. Don’t ever  give 1 login account access to everything. Among many other security measures, remember to NEVER share your password hackers know that most people reuse their passwords, so try to vary your passwords. I like to use different levels of passwords based on the amount of data that could be exposed if someone was able to get in.  These few things will help mitigate damage to the network if an intruder is able to get in. Believe me there are many other measures to take to ensure your security on a network, so try to gather a list and review your risks so that you can put all measures into place to keep your data safe.

A lot of programs these days need network access rights. If you make sure that your systems and applications have the correct policies that give them just enough access to what they need, then you can contain a breach fairly easy. I have learned that anything is possible, and even though your firewall can keep a lot out, it will have a hard time protecting you if the compromise comes from the inside.

Teach and make people using your network aware of exploits out there like this one https://isc.sans.edu/diary.html?storyid=12883. Not everyone watches security issues out there all the time. so when you become aware of something, make others aware also… trust me it will help keep your hair on your head!.

%d bloggers like this: