Information Security News
by Sean Gallagher
Reeling from the bad press associated with an ongoing parade of data breaches caused by criminal infiltration of their payment systems, representatives of six retail industry associations signed a joint open letter that pushes back against a vocal critic of retailers' cyber-security practices—credit union associations.
In the letter addressed to the presidents of the Credit Union National Association (CUNA) and the National Association of Federal Credit Unions (NAFCU), retail industry representatives accused the associations of spreading “a number of misleading and factually inaccurate points… in the media and before Congress in regards to the cyber security in our country.” The industry group executives insisted that retailers already share the burden of dealing with the cost of lost data—at least to the degree that they are contractually obliged by credit card organizations. But given how much they actually do pay, the retailers may protest too much.
The letter is a direct response to comments made in a letter to House Homeland Security Committee chairman Rep. Michael McCaul (R-TX) by Carrie Hunt, the NAFCU’s senior vice president of government affairs, posted on October 28. In her letter, Hunt called out the retail industry for not carrying enough of the burden associated with the loss of customers' financial data.
The French Interior Minister told French public radio (Google Translate) on Thursday that the government has begun an investigation into who has been flying drones above as many as 10 nuclear power plants nationwide this month.
"There's a judicial investigation under way," French Interior Minister Bernard Cazeneuve said in an interview on France Info radio. “Measures are being taken to know what these drones are and neutralize them."
Le Monde reported this week that the drones have been variable in size, with some “a few dozen centimeters" in size, while others had a diameter of up to two meters.
Expert claims hacking Xiaomi server, firm calls it hoax
We have decided to withhold session till the time Xiaomi investigates data breach and accusations and works with the researcher to fix it," Indian Infosec Consortium CEO Jiten Jain said. The summit's website shows former chief of Indian Army and ...
Taiwanese consultant claims Xiaomi phone data compromised
Often the start of a problem and its solution is receiving a call from a manger, project manager or other non-technical decision maker. Youll know going in that the problem is absolutely real, but the information going in might be a total red herring.
Some classic examples are:
The network is slow I ran a speed test, we should being seeing 10x the speed.
This is almost always a math error. The speed was measured in Bytes (upper case B), instead of bits (lower case B). Multiply by 8 and things should look better.
the network is slow our new web server takes 30 seconds to load the lead page
As most of you know, in a modern gigabit network, even on a busy network there just isnt anything on the network that will add a 30 second delay. 30 seconds in particular would have me checking for DNS issues first, especially for a new host or service. However, in this case, the client was loading their entire Java application (including the business logic) before the login page. The appdev answer to this would be to load the login page first, then load the app asynchronously in the background. The security answer to this is to question why you would load the application logic to an untrusted workstation on a hostile network (public internet).
The network is slow it must be a broadcast storm.
Its exceedingly rare to see a broadcast storm. Plus if the switches are configured correctly, if a broadcast storms does occur, it should be contained to a single Ethernet port, and it should either be rate limited or the port should be shut down, depending on your configuration.
When a non-technical person says broadcast storm, it really could mean anything that affects performance. Almost always it will end up being something server side DNS misconfigurations are a common thing (10-30 second delays on the first request), but it could also be an oversubscribed virtual infrastructure, coding errors, out of memory conditions, errors in programming, anything really.
The firewall is blocking our traffic
In some cases, especially if there is an egress filter, this can be the case. However, in many other cases it could be something else entirely. We recently worked on an issue where an AS400 (iSeries now I guess) was not connecting to the server. It turned out that the certificate needed for the connection was incorrect - the vendor had sent us a cert for a different site entirely. Wireshark did a great job in this case of saying LOOK HERE- THE PROBLEM IS HERE by giving us a Bad Certificate error - in bright red - in the main view.
We need port 443 open, in both directions
This is NEVER the case, but is commonly seen in vendor documentation. Either you need an outbound port (possibly an update to the egress filter), or an inbound port open. There are very few in both directions requirements - special cases like IPSEC VPNs encapsulated in UDP (NAT-T) for instance will have both a source and destination port of udp/500. In most cases, when the requirement is in both directions or bidirectional, its a bit of a treasure hunt to figure out what they mean (usually its outbound).
The moral of the story? I guess the first one is that if somebody tells you that the problem is the network, 70% of the time its not the network. More importantly though, is that if you get a business problem from a business person, its not something to minimize. You might not be able to count on all the information you get going in, but if they tell you something is slow or not usable, its their system, they are usually correct in at least identifying that the problem is real.
Please, use our comment form and fill us in on any recent false positives from a non-technical source that youve seen. Extra points if it was a real problem, but the initial info started you off in the wrong direction.
=============== Rob VandenBrink Metafore(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Posted by InfoSec News on Oct 30http://www.bloomberg.com/politics/articles/2014-10-30/security-firms-tie-russian-government-to-utilities-hacks
Posted by InfoSec News on Oct 30http://www.forbes.com/sites/thomasbrewster/2014/10/30/did-drupal-drop-the-ball-users-who-didnt-update-within-7-hours-should-assume-theyve-been-hacked/
Posted by InfoSec News on Oct 30http://www.defenseone.com/threats/2014/10/cyber-attack-will-cause-significant-loss-life-2025-experts-predict/97688/
Posted by InfoSec News on Oct 30http://www.wired.com/2014/10/facebook-builder-osquery/