Information Security News
In follow up to yesterdays discussion re invoking OS commands with Rs system function, I wanted to show you just a bit of how straightforward it is to then use the resulting data.
After grabbing the Windowssecurity event log with a call to Log Parser and writing it out to CSV, you have numerous options driven by whats interesting to you.Perhaps youre interested in counts per Event ID to say what your Top 10 events are. The issue is, that Log Parser just grabbed all of the">secevt - read.columns(security.csv,c(EventID,TimeWritten,EventTypeName,Message), sep=,)">EventID, TimeWritten, EventTypeName, Message">columns into a new data frame, the contents of which are stored in">the other 11 columns are no longer cluttering to the in-memory data set. Want to count Event IDs?">ct "> x freq
1 1108 734
2 4611 4
3 4616 1
4 4624 159
5 4634 49
6 4648 272
7 4656 2653
8 4658 1900
9 ">srt ">top10 "> x freq
22 4703 81437
9 4662 27602
7 4656 2653
8 4658 1900
16 4690 931
1 1108 734
14 4688 618
15 4689 617
35 4957 400
11 4664 ">Bam, fast and flexible. My security event log has 81,437 Event ID 4703 (A user right was adjusted)entries, these parsed quickly from 118,154 total entries (147MB local file).How about visualizations of that same data? Yep, it all starts with something as simple as">Hopefully youre intrigued regarding options and available capabilities here. Feel free to comment or email me if youd like furtherinformation or resources with which">|">">
Computer scientists have devised an attack on the Tor privacy network that in certain cases allows them to deanonymize hidden service websites with 88 percent accuracy.
Such hidden services allow people to host websites without end users or anyone else knowing the true IP address of the service. The deanonymization requires the adversary to control the Tor entry point for the computer hosting the hidden service. It also requires the attacker to have previously collected unique network characteristics that can serve as a fingerprint for that particular service. Tor officials say the requirements reduce the effectiveness of the attack. Still, the new research underscores the limits to anonymity on Tor, which journalists, activists, and criminals alike rely on to evade online surveillance and monitoring.
"Our goal is to show that it is possible for a local passive adversary to deanonymize users with hidden service activities without the need to perform end-to-end traffic analysis," the researchers from the Massachusetts Institute of Technology and Qatar Computing Research Institute wrote in a research paper. "We assume that the attacker is able to monitor the traffic between the user and the Tor network. The attacker’s goal is to identify that a user is either operating or connected to a hidden service. In addition, the attacker then aims to identify the hidden service associated with the user."
The froxlor Server Management Panel islightweight server management software. Your Handler on Duty was unaware of foxlor, if diary readers are users, feel free to comment or email regarding your user experience and past security issues.
Per froxlor:">|">@holisticinfosec(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Posted by InfoSec News on Jul 31http://www.defenseone.com/technology/2015/07/hack-critical-infrastructure/118756/
SANS Announces Recruitment Fair for Top Infosec Candidates
Cybersecurity training organization the SANS Institute has announced its first ever recruitment fair, designed to bring employers and fully-trained information security candidates closer together. The SANS Cyber Academy Recruitment Fair will be held in ...
Posted by InfoSec News on Jul 31http://venturebeat.com/2015/07/30/researcher-says-can-hack-gms-onstar-app-open-vehicle-start-engine/
Posted by InfoSec News on Jul 31http://freebeacon.com/national-security/intel-assessment-obama-admin-response-to-cyber-encourages-more-attacks/
Posted by InfoSec News on Jul 31http://www.govexec.com/oversight/2015/07/fbi-and-congress-are-investigating-if-meth-lab-exploded-federal-building/118751/
Posted by InfoSec News on Jul 31http://www.computerworld.com/article/2955005/security/critical-bind-denialofservice-flaw-could-disrupt-large-portions-of-the-internet.html