Information Security News
Why the war on VPNs is one Netflix can't win
Bad Password is a weekly hacking and security column examining infosec and our ever-eroding "privacy." See all articles. Latest in Entertainment. 'Gilmore Girls' is officially coming back to Netflix. 1h ago. View. Why the war on VPNs is one Netflix can ...
Morphisec plans to bring back endpoint security – with a twist
This blog covers topics across the spectrum of security, privacy and compliance, as well as the people and issues driving enterprise infosec today. Latest Blog Posts. How millennials can be the saviors -- not the scourge -- of the security staffing ...
Posted by InfoSec News on Jan 29http://www.theregister.co.uk/2016/01/28/blackenergy_tv_station_attack/
Posted by InfoSec News on Jan 29http://www.theguardian.com/uk-news/2016/jan/28/fraternal-order-of-police-hacked-fbi-investigation-data-servers
Make finding security solutions to Shadow IT a priority, CISOs warned
IT World Canada
CISOs have to be more open to new security solutions to meet the challenge of staff signing up for cloud services behind their backs, a business and IT audience has been warned. Most infosec pros are still trying to secure the perimeter of their ...
Posted by InfoSec News on Jan 29http://www.wired.com/2016/01/nsa-hacker-chief-explains-how-to-keep-him-out-of-your-system/
Posted by InfoSec News on Jan 29http://www.timesofisrael.com/israeli-generals-said-among-1600-global-targets-of-iran-cyber-attack/
by Kelly Fiveash
HSBC has been battling an apparent Distributed Denial of Service (DDoS) attack on its online banking system for the past few hours.
Many customers have been struggling to access HSBC online—via the bank's app or website—all morning.
HSBC blamed the outage on a DDoS attack, and attempted to spin the whole thing as a success story to mainstream news outlets. By way of example, witness this headline over at ITV News.
Tech Toys And Child Protection - The Internet Of Toys
And yet, when it comes to the tech toys, the protective sensibilities seem to be forgotten. We don't care. Nobody cares if a certain tech toy manufacturer does not employ experts in infosec. Experts that could raise possible issues with the new smart ...
VPN service providers in China may not have the same internet security like before; ExpressVPN, Astrill lacks ...
It is said that VPN service providers in China, such as ExpressVPN or Astrill, may not have the same security encryption anymore. According to a report from Tech in Asia, the infamous Great Firewall of China was accessed by an Infosec professional ...
Posted by InfoSec News on Jan 29http://www.networkworld.com/article/3027635/security/dhs-gao-feds-primary-network-security-weapon-needs-more-bang.html
Posted by InfoSec News on Jan 29http://www.healthcareitnews.com/news/cloud-security-roadmap-essential-healthcare-site-threats-persist-experts-say
Posted by InfoSec News on Jan 29https://www.washingtonpost.com/news/capital-business/wp/2016/01/28/heres-whats-changing-in-d-c-s-hacker-community/
When you are dealing with a huge amount of data, it can be very useful to enhance them by adding more valuable content. Example:
When you are processingmany URLs during a security incidentinvestigation or while extracting IOCs from a malware sample or logs, it can also be very interesting to categorize them. The process of categorization helps to tag an URL with a label like the classic Adult Content, Government, Forums, etc.Many commercial solutions offer this feature. It can be very powerful to configure your firewall to deny access to non-business categories. But, integrated in closed solutions, its not easy to re-use them to benefit of this information in your own scripts.For years, Bluecoat has a product called K9 that helps to protectkidssurfing the web. Its free, you just can get a license key and install the tool or... use the online API!I had to categorize a bunch of"> $ ./webcat.py isc.sans.orgisc.sans.org,Education
Multiple URLs can be passed on the same command line or the script can be fed via STDIN if you use -"> $ ./webcat.py isc.sans.org blog.rootshell.beisc.sans.edu,Educationblog.rootshell.be,Technology/Internet$ cat suspicious-urls.tmp | ./webcat.py -getmooresuccess.com,Business/Economyweddingme.net,Business/Economyriverbird.usa.cc,Malicious Outbound Data/Botnets1ntershipping.co,Malicious Outbound Data/Botnetssecureemail.bz,Malicious Sources/Malnetsvsreviewsa.com,Malicious Sources/Malnetsfelceconserve.com,Malicious Outbound Data/Botnetsflashsync.cf,Uncategorizedcy-m0ld.com,Malicious Outbound Data/Botnetsberettitdint.ru,Malicious Outbound Data/Botnetsvehanmace.ru,Malicious Outbound Data/Botnetsredderbest.gq,Uncategorizedgooglemails.ga,Uncategorizedmsportf1.com,Sports/Recreationwww.vai-t.com,Malicious Sources/Malnetsduotthenaning.ru,Malicious Sources/Malnetsduotthenaning.ru,Malicious Sources/Malnetslittrecdintoft.ru,Malicious Sources/Malnetsvsreviewsa.com,Malicious Sources/Malnetsdoncglobal.com,Malicious Outbound Data/Botnets
The API returns an hexadecimal code corresponding to the web category. That"> $ ./webcat.py -husage: webcat.py [-h] [-f CACHEFILE] [-F] [URL [URL ...]]Categorize URL using BlueCoat K9positional arguments: URL the URL(s) to check. Format: fqdn[:port]optional arguments: -h, --help show this help message and exit -f CACHEFILE, --file CACHEFILE Categories local cache file (default: /var/tmp/categories.txt) -F, --force force a fetch of categories
Before using the script, you have to register to get your K9 license, add it to the script (line 30).
Note: Im not aware of any rate-limit in place while querying the API. During my investigations,I was never blocked.
ISC Handler - Freelance Security Consultant