Information Security News
If you are at SANSFIRE 2015 in Hilton Baltimore, dont forget to join us today at 7:15 PM EDT for the SANS Internet Storm Center state of the internet panel!
RFC 7540 has been out for a month now. What should we expect with this new version?
1. New frame: HTTP/2 implements a binary protocol with the following frame structure:
LastPass officials warned Monday that attackers have compromised servers that run the company's password management service and made off with cryptographically protected passwords and other sensitive user data. It was the second breach notification regarding the service in the past four years.
In all, the unknown attackers obtained hashed user passwords, cryptographic salts, password reminders, and e-mail addresses, LastPass CEO Joe Siegrist wrote in a blog post. It emphasized that there was no evidence the attackers were able to open cryptographically locked user vaults where plain-text passwords are stored. That's because the master passwords that unlock those vaults were protected using an extremely slow hashing mechanism that requires large amounts of computing power to work.
"We are confident that our encryption measures are sufficient to protect the vast majority of users," Siegrist wrote. "LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed."
Some of the malware that infected the corporate network of antivirus provider Kaspersky Lab concealed itself using digital certificates belonging to Foxconn, the electronics manufacturing giant and maker of the iPhone, Xbox, and other well-known products.
Cryptographically generated credentials are required to install drivers on newer, 64-bit versions of Windows. Foxconn used one such certificate when installing several legitimate drivers on Dell laptop computers in 2013. Somehow, the attackers who infected the Kaspersky Lab network appropriated the digital seal and used it to sign their own malicious drivers. As Ars explained last week, the drivers were the sole part of the entire Duqu 2.0 malware platform that resided on local hard drives. These drivers were on Kaspersky firewalls, gateways, or other servers that had direct Internet access and were used to surreptitiously marshal sensitive information in and out of the Kaspersky network.
The Foxconn certificate is the third one used to sign malware that has been linked to the same advanced persistent threat (APT) attackers. The Stuxnet malware, which reportedly was developed by the US and Israel to sabotage Iran's nuclear program, used a digital certificate from Realtek, a hardware manufacturer in the Asia Pacific region. A second driver from Jmicron, another hardware maker in the Asia Pacific, was used several years ago to sign Stuxnet-related malware developed by some of the same engineers. Like the previous two certificates, the one belonging to Foxconn had never been found signing any other malicious software.
Infosecurity Magazine (blog)
Li-Fi fantastic – Quocirca's Report from Infosec 2015
Infosecurity Magazine (blog)
As with any trade show, Infosecurity Europe (the continent's biggest IT security bash) can get a bit mind-numbing, with one vendor after another going on about the big issues of the day – advanced threat detection, threat intelligence networks, the ...