Sunday, September 20, 2009

New SANS forensic certification

Rob Lee at SANS sent this email requesting security professionals to rate the requirements of a new Forensic certification GCFE
========
If you already hold forensics credentials such as the GCFA, your input will be valuable in shaping the future of the new GCFE credential. The survey requires you to identify yourself and list your qualifications. Your name may be listed in the validation report that is submitted for accreditation. This survey will take an estimated 15 minutes of your time. The JTA can be accessed at the link below. It will be available through September 30th.

https://www.surveymonkey.com/s.aspx?sm=vHDHw0aplAuk0elhyRc0fA_3d_3d

=======

Microsoft application assessment tools


As mentioned in the previous blog cybercriminals are increasingly attacking applications and hence it is critical to develop secure applications through standardized SDLC processes. Microsoft offers many tools to test and validate the security of the developed application and recently they released number of tools in this area


Risk Tracker tool that manages and tracks information security risk.

BinScope Binary Analyzer. Microsoft says that their developers and testers are required to use this tool as part of the SDL. It analyzes the binaries for a wide variety of security protections such as detecting stack-based buffer overflows and ensuring safe exception handling

CAT.NET v1 CTP is a binary analysis tool to identify XSS, SQL Injection and XPath Injection in the code.

Saturday, September 19, 2009

Cyber Security risks

Cyber criminals are increasingly attacking applications, this is the findings of a study published by SANS this week. The top cyber security risks report combines intelligence from TippingPoint, Qualys and SANS themselves. The two main risk areas are listed below.
"Waves of targeted email attacks, often called spear phishing, are exploiting client-side vulnerabilities in commonly used programs such as Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have Internet access."
"Attacks against web applications constitute more than 60% of the total attack attempts observed on the Internet. These vulnerabilities are being exploited widely to convert trusted web sites into malicious websites serving content that contains client-side exploits."
As you can see the two areas that cyber criminals look for are client side application vulnerabilities where there have been many 0-days and traditionally patch releases have been slow. The example they have shown is very real and something that we see on a daily basis, the latest example being the New York Times incident
If you combine this with the Verizon report, we can assume that client side applications and web application vulnerabilities are being increasingly used as entry points but cyber criminal's main target is getting sensitive information from organization's critical databases.
The SANS report also lists some of the mitigation steps

Friday, September 18, 2009

Attacks on BGP protocol

BGP is the protocol that runs on the Internet backbone, so DoS attacks against BGP could be devastating. Last month there was a targeted DoS against BGP protocol, Cisco corrected this issue, read the announcement. http://www.cisco.com/en/US/products/products_security_advisory09186a0080af150f.shtml