Information Security News
by Peter Bright
Some organizations are apparently still using the venerable FTP protocol for moving files around. Credentials for more than 7,000 FTP servers are being traded between nefarious types and used to break into servers including those of the New York Times. The access has been used to plant malicious PHP files and HTML in a bid to backdoor servers and redirect people to malicious sites.
According to security firm Hold Security, the FTP servers and credentials range from small personal sites to large multinational corporations. Where the list came from, and who put it together, is unknown.
The credentials themselves are a mix of anonymous and default accounts, with passwords ranging from simple to complex. This is suggestive that some, at least, have been acquired through phishing or or client-side malware rather than guessing or brute-force password cracking. Given that FTP passes the credentials unencrypted, there are many exciting ways that the information could have been taken: passive sniffing of traffic at a café hotspot would do the trick, for example. This is one of the reasons that use of the protocol has largely fallen out of favor.
In a move designed to thwart wholesale eavesdropping by state-sponsored spies and sophisticated crime gangs, content delivery network CloudFlare has upgraded its Web-encryption capabilities to better protect data traveling between its own servers and those of its customers.
Known as full (strict) transport layer security (TLS), the newly added mode provides robust encryption and cryptographic authentication for backend traffic, which usually means data traveling over the Internet backbone. Under the new option, TLS traffic passing between CloudFlare and its customers is protected and authenticated using a chain of certificates signed by a handful of certificate authorities. Until now, backend encryption for CloudFlare customers used self-signed certificates, a measure that's better than no encryption but is still susceptible to "active" man-in-the-middle attacks. Such attacks involve the use of a separate, self-signed certificate by someone who places himself between the two servers sending the encrypted data. Because data is encrypted using the private key in the rogue certificate, the attacker has the ability to surreptitiously read any traffic passing through the connection.
The improved backend TLS accompanies front-end TLS that is already in place. This type of Web encryption protects data as it passes from an end-user's computer to CloudFlare's content delivery network. That includes traffic passing over a Wi-Fi network or from the end-user's ISP to CloudFlare servers.
Posted by InfoSec News on Feb 14Attend The INSS-CSFI Conference, Exhibition, Workshops & Trainings
Posted by InfoSec News on Feb 14http://www.lasvegassun.com/news/2014/feb/13/regulator-las-vegas-sands-hackers-didnt-steal-cred/
Posted by InfoSec News on Feb 14http://www.sfgate.com/news/article/Hackers-break-into-networks-of-3-big-medical-5217780.php
Posted by InfoSec News on Feb 14http://www.nextgov.com/cybersecurity/cybersecurity-report/2014/02/dhs-hires-booz-finish-cyberattack-drill-job/78833/
Posted by InfoSec News on Feb 14http://www.haaretz.com/news/middle-east/1.574043