Korea to train 3,000 ‘cyber sheriffs’

Korea seems quite ahead in the security game.

The government will train 3,000 “cyber sheriffs” by next year to protect the country from future cyber attacks, officials said yesterday.
Cyber sheriffs are trained experts capable of maintaining cyber security for businesses from cyber attacks and malicious hackers. The government plans to encourage colleges to open intensive courses to train cyber experts. Graduates of the courses will be hired by government offices and businesses in the future, officials said.
According to the plan, the National Intelligence Service is to take a leading role when cyber attacks are launched. They will cooperate with other government offices and businesses to minimize damage from the possible “cyber terrorists.”

Posted by Niranjan on September 16th, 2009 in News |
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

WordPress blogs hacked – Upgrade your WordPress NOW!

wordpress-logo-stacked-bg-1Older versions of wordpress have security holes and are under attack. Scooble’s Scoble’s wordpress blog was hacked, after which he isn’t feeling very safe. The worst part – he didn’t have a backup!

I use wordpress form my blogs (including this one) and have upgraded all of them to 2.8.4. I urge everyone using wordpress to upgrade to the latest release.

Here’s how you can check if you’re already being attacked:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

Here’s a blog post from wordpress on How to Keep Your WordPress Secure:

A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an upgrade now saves a lot of work fixing something later.

Posted by Niranjan on September 7th, 2009 in News |
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

(IN)SECURE Magazine Issue 22 is out

(IN)SECURE Magazine (a free digital security publication discussing some of the hottest information security topics) Issue 22 is out.

Articles in this issue include:

– Using real-time events to drive your network scans
– Review: Data Locker
– The Nmap project: Open source with style
– Enterprise effectiveness of digital certificates: Are they ready for prime-time?
– A look at geolocation, URL shortening and top Twitter threats
– How “fake stuff” can make you more secure
– Making clouds secure
– Q&A: Dr. Herbert Thompson on security ROI and RSA Conference
– Book review – Cyber Crime Fighters: Tales from the Trenches
– Top 5 myths about wireless protection
– Securing the foundation of IT systems
– A layered approach to making your Web application a safer environment
– In mashups we trust?
– Adopting the security best practice of least privilege
– Is your data recovery provider a data security problem?
– New strategies for establishing a comprehensive lifetime data protection program
– Security for multi-enterprise applications
– EU data breach notification proposals: How will your business be affected?
– Book review – 97 Things Every Software Architect Should Know
– Safety in the cloud: How CIOs can ensure the safety of their data as they migrate to cloud applications
– Vulnerability management

Posted by Niranjan on September 1st, 2009 in Freeware,News,Tips |
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Amazon Virtual Private Cloud (VPC)

Amazon has introduced a new service (limited beta) for it’s Elastic Compute Cloud (EC2) called Amazon Virtual Private Cloud (VPC). This is an excellent news for many enterprises who’re thinking of cloud but were worried about it’s security. This new service basically allows you to extend your existing IT Infrastructure to the cloud via secure IPSec tunnel.

Vpc Diagram

Here’s all you need to do to get started:

1. Create a VPC. You define your VPC’s private IP address space, which can range from a /28 (16 IPs) up to a /18 (16,384 IPs). You can use any IPv4 address range, including Private Address Spaces identified in RFC 1918 and any other routable IP address block.
2. Partition your VPC’s IP address space into one or more subnets. Multiple subnets in a VPC are arranged in a star topology and enable you to create logically isolated collections of instances. You can create up to 20 Subnets per VPC (you can request more using this form). You can also use this form to request a VPC larger than a /18 or additional EC2 instances for use within your VPC.
3. Create a customer gateway to represent the device (typically a router or a software VPN appliance) anchoring the VPN connection from your network.
4. Create a VPN gateway to represent the AWS end of the VPN connection.
5. Attach the VPN gateway to your VPC.
6. Create a VPN connection between the VPN gateway and the customer gateway.
7. Launch EC2 instances within your VPC using an enhanced form of the Amazon EC2 RunInstances API call or the ec2-run-instances command to specify the VPC and the desired subnet.

Posted by Niranjan on August 26th, 2009 in Network,News,VPN |
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Hacker Attacks: 6 Things You Must Know

Where is your computer vulnerable? Computer security consultants Izaac Falken and Brett Scudder answer critical questions most often asked about hacker threats.

Via: Digg

Posted by Niranjan on August 20th, 2009 in News,Tips |
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

Dreamhost leaks 3,500 FTP passwords

Many web sites at Dreamhost have been hacked, they say: approximately 3,500 FTP passwords have been compromised.

We’re still working to determine how this occurred, but it appears that a 3rd party found a way to obtain the password information associated with approximately 3,500 separate FTP accounts and has used that information to append data to the index files of customer sites using automated scripts (primarily for search engine optimization purposes).

Posted by Niranjan on June 7th, 2007 in News |
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 3.00 out of 5)

Quick Links for 5 June 2007

Report: Security Certifications Boost Pay – “IT professionals with security certifications—including all versions of the CISSP, CISA, GSE, CISM, SSCP and GCFA—earned 10 percent to 14 percent premiums on their base pay over their non-certified counterparts.”

New vulnerabilities hit Firefox and Internet Explorer – There are no patches yet available from either vendor. The most serious is MSIE page update race condition, and next most severe is Firefox Cross-site IFRAME hijacking.

Encrypt and sign Gmail messages with FireGPG – “It integrates nicely into Gmail’s interface and allows you to sign and encrypt not only email messages but also text snippets from any Web page.”

Google Desktop vulnerable to attack – RSnake has discovered a man-in-the-middle attack on Google Desktop.

Posted by Niranjan on June 5th, 2007 in News,Tips |
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

A Remote Vulnerability in Firefox Extensions

Christopher Soghoian is reporting that many popular Firefox extensions like Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker and a number of others, mainly commercial have vulnerability in the upgrade mechanism.

Users are vulnerable and are at risk of an attacker silently installing malicious software on their computers. This possibility exists whenever the user cannot trust their domain name server (DNS) or network connection. Examples of this include public wireless networks, and users connected to compromised home routers.

Here’s a video demo of the attack against Google Browser Sync. It is recommended to disable or delete insecure extensions from your browser until there’s a fix.

Posted by Niranjan on May 31st, 2007 in News |
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Quick Links for 30 May 2007

Apple Plugs QuickTime Security Holes – The patch is available for both Mac and Windows, which plugs two holes that could trick users to visit a malicious website and may lead to arbitrary code execution.

Google buys GreenBorder – Google gets deeper into Net security after buying GreenBorder, a browser virtualization software company that creates a sandboxed environment for your existing Firefox or Internet Explorer.

Phony BBB email dupes more than 1,400 execs – “a highly sophisticated phishing scheme that has already duped at least 1,400 US executives. They were fooled into sending sensitive information in response to an email purporting to come from officials at the Better Business Bureau.”

Posted by Niranjan on May 30th, 2007 in News |
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

China Crafts Cyberweapons

US Defense Department reports that China is preparing for cyberwarfare by developing viruses and training more seriously for computer attacks. The main target is of course Taiwan, but since US would intervene in case of such attack, so US is a potential target too.

“The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks,” the annual DOD report on China’s military warned. At the same, Chinese armed forces are developing ways to protect its own systems from an enemy attack, it said, echoing similar warnings made in previous years.

Posted by Niranjan on May 30th, 2007 in News |
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Next Page »