Information Security News
A recent uptick in Port 14566 shows some activity over the past month, as shown in our DShield Report(1), however we have little information about what exactly is happening. Some activity, then a lag near the end of August, followed by a large spike at the end, and the top port the past 24 hours, is curious. A search of that port using Google and other security and traffic sites has yielded little, so if anybody has log files or activity of this port, we'd love to have a look.
tony d0t carothers --gmail
A security startup has unveiled a wearable device that's designed to replace the hassle of passwords by using a person's unique heartbeat signature to log on to computers and unlock car doors. While the device is intriguing, the dearth of key technical details makes it impossible to assess the marketers' promise that it provides "complete security without compromising convenience."
The Nymi is a small bracelet equipped with a sensor that reads the electrocardiogram (ECG) of the person wearing it. Once it has verified that the heart signature belongs to the person who registered it, it provides a means of authentication that can in theory be used to access a virtually endless supply of electronic devices, including airport kiosks, hotel room doors, and sensitive computer networks. It relies on three factors of authentication—that is, two things the user has in the form of the bracelet and a paired mobile device, and one thing the user has in the form of a verified ECG. A slick promotional video shows someone gliding from bed to airports to hotels to cafes, effortlessly logging into devices and unlocking doors without once having to enter a password or procure a key. Sure sounds tempting.
Alas, there's not enough information available about the Nymi's inner workings to know if it is truly groundbreaking or another dose of the kind of snake oil that's all too common in the security circuit. Karl Martin, CEO of the Nymi creator Bionym, said the device hasn't yet undergone a formal security audit. That means even he can't say just how impervious it is to the kinds of sophisticated attacks that would inevitably target a universal sign-on gizmo, although he gave some high-level details that are encouraging. That said, there are several classes of hacks that might be used to compromise the security assurances of the device.
I recently migrated a client from a 10mbps internet uplink to a new 100mbps uplink with a wireless 10mbps backup. As part of this, they of course got new IP addresses.
Like the thorough, some would say compulsive person I am, before we migrated I did all the right things:
As expected, the migration went smoothly. Until the next morning. My client called me bright and early, with the news "Our users can't send email to company XYZ". After some wrangling and some time, I got the NDR (Non Delivery Report). By then, we had identifed 3 other organizations that would not receive our emails.
The key line in the NDR was:
#< #5.7.1 smtp; 550 5.7.1 Service unavailable; Client host [x.x.x.x] blocked using Blocklist 1; To request removal from this list please forward this message to [email protected]> #SMTP#
How could this be? These IP addresses hadn't been used in at least 6 months!
After a bit of digging (Google really does know all), we found that this is the blacklist service employed by Microsoft Office 365. This service is unique amongst email blacklist services in that there is no way to check your status online, so me checking in advance with MXTOOLS, Solarwinds EE or any of the other usual tools had not done me a bit of good.
Anyway, we emailed the indicated address with our problem, and asked to be removed from the list.
It soon became apparant that this blacklist service was unique in another important way. The users of the system of course thought that this email problem was our problem. From our perspective, the solution to the problem had to be implemented by their mail provider. The roadblock we had was that, as far as they blacklist was concerned, *they* were the Microosft customer, not us. So as far as the blacklist admins were concerned, we were nobody.
So, like every other blacklist service under the sun, 6 hours went by, then 12, then 18, and still no word. We ended up having to open a paid support ticket to get ourselves off a list we never should have been on in the first place.
What did I learn? That cloud services aren't all sunshine and lolipops? Umm, no, I already knew that. That Murphy (as in Murphy's Law) is great at exploiting new features and services? I thought I knew that too, I just though I had it covered (that'll teach me !! )
The important lesson I learned (aside from the "Murphy lesson") was to add one more check in any migrations that affect email - send a test note to anyone of Office 365.
Have you had similar experiences with email migrations? Or other gotcha's you though you had 100% covered, but not so much? Use our comment form to let us know what problems you ran into, and how you resolved them.
SANS offers critical core InfoSec skills in Dubai this October
AME Info (press release)
SANS Gulf Region 2013, one of the region's largest InfoSec training events will offering a quartet of courses aimed at providing InfoSec professionals with the core set of skills to meet growing demand from across the region. The annual event returns ...
Posted by InfoSec News on Sep 03http://www.nytimes.com/2013/09/01/world/americas/documents-detail-cyberoperations-by-us.html
Posted by InfoSec News on Sep 03http://www.startribune.com/politics/statelocal/221881331.html
Posted by InfoSec News on Sep 03http://www.chinapost.com.tw/taiwan/national/national-news/2013/08/31/387803/Bureau-storms.htm
Posted by InfoSec News on Sep 03Forwarded from: nullcon (at) nullcon.net
Posted by InfoSec News on Sep 03http://www.jpost.com/Enviro-Tech/Israeli-cyber-security-businesses-poised-to-gain-from-Syrian-crisis-324893
Posted by InfoSec News on Sep 03http://www.buzzfeed.com/justinesharrock/exclusive-army-admits-to-major-computer-security-flaw
Posted by InfoSec News on Sep 03Just a quick note.