Information Security News
Encryption canary or insecure app? TrueCrypt warning says use Microsoft's ...
Network World (blog)
I've long suspected that a government was behind TrueCrypt," stated Jake Williams, SANS Instructor and Principle at Rendition InfoSec. "The code base is hugely complicated with lots of dependencies and is anything but easy to build, particularly for ...
TrueCrypt Shut Down; What to Use Now to Encrypt Your Data
TrueCrypt is Dead, Long Live BitLocker
Open Source Crypto TrueCrypt Disappears With Suspicious Cloud Of Mystery
Developers at Google have released an experimental tool—for Gmail and other Web-based services—that's designed to streamline the highly cumbersome task of sending and receiving strongly encrypted e-mail.
On Tuesday, the company unveiled highly unstable "alpha" code that in theory allows people to use the Google Chrome browser to generate encryption keys, encrypt e-mails sent to others, and decrypt received e-mails. Dubbed End-to-End, the Chrome extension also allows Chrome users to digitally sign and verify digital signatures of e-mails sent through Gmail and other services. The code implements a fully compliant version of the OpenPGP standard, which is widely regarded as providing virtually uncrackable encryption when carried out correctly.
As Ars documented last year, the problem with just about every e-mail encryption software available today is they require much more time and effort than sending plain-text mail. Microsoft's Outlook application, for instance, frequently crashes when working with the open-source GnuPG encryption suite. Some Outlook users, including this reporter, also experience problems when receiving encrypted e-mail from Mac users, since the encrypted messages are included in an attachment, rather in the body. End-to-End is intended to ease such burdens.
In many cases using Wireshark to do a network forensics is a very difficult task especially if you need to extract files from a pcap file.
Using tools such as RSA Netwitness Investigator can make network forensics much easier. RSA Netwitness Investigator is available as freeware.
1-Go to http://www.emc.com/security/security-analytics/security-analytics.htm#!freeware to obtain the latest version of RSA Netwitness Investigator.
3- Read the license agreement and accept it (if you wish).
4- Choose users
5-Choose the Install location and click install.
Once you finished your installation you have to register freeware user account. You have to activate your version before you can use it.
1-Create New local collection
2-Enter the new collection name:
3-Select the collection
4-Select Import Packets from Collection menu and select the pcap file that you would like to investigate
5-Select Navigate Collection From Collection Menu
6-Now you should have something similar to this screen :
As you can see everything is clear and can browse it by Service Type (protocol) ,hostname ,source IP â¦.. etc.
Let say for example you want to explore the name of the exe files that contained in the pcap file you do that by clicking on extension->exe and you will see all the exe files in the pcap file and you will see all the details of the file such as where itâs come from (IP Address and hostname ) and how itâs come (protocol) .
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
A recently discovered bug in the GnuTLS cryptographic code library puts users of Linux and hundreds of other open source packages at risk of surreptitious malware attacks until they incorporate a fix developers quietly pushed out late last week.
Maliciously configured servers can exploit the bug by sending malformed data to devices as they establish encrypted HTTPS connections. Devices that rely on an unpatched version of GnuTLS can then be remotely hijacked by malicious code of the attacker's choosing, security researchers who examined the fix warned. The bug wasn't patched until Friday, with the release of GnuTLS versions 3.1.25, 3.2.15, and 3.3.4. While the patch has been available for three days, it will protect people only when the GnuTLS-dependent software they use has incorporated it. With
literally hundreds of packages dependent on the library multiple operating systems dependent on the library, that may take time.
"A flaw was found in the way GnuTLS parsed session IDs from ServerHello messages of the TLS/SSL handshake," an entry posted Monday on the Red Hat Bug Tracker explained. "A malicious server could use this flaw to send an excessively long session ID value, which would trigger a buffer overflow in a connecting TLS/SSL client application using GnuTLS, causing the client application to crash or possibly execute arbitrary code."
Posted by InfoSec News on Jun 03http://www.csoonline.com/article/2304654/hacktivism/american-express-issues-alert-after-anonymous-dumps-cardholder-data.html
Posted by InfoSec News on Jun 03http://www.bankinfosecurity.com/interviews/keeping-up-cybersecurity-framework-i-2329
Posted by InfoSec News on Jun 03http://arstechnica.com/security/2014/06/meet-cupid-the-heartbleed-attack-spawns-evil-wi-fi-networks/
Posted by InfoSec News on Jun 03http://www.darkreading.com/operations/flash-poll-the-hunt-for-cyber-talent-/a/d-id/1269272
Posted by InfoSec News on Jun 03http://krebsonsecurity.com/2014/06/operation-tovar-targets-gameover-zeus-botnet-cryptolocker-scourge/