Information Security News
BBX Capital Corporation Reports Financial Results for the Third Quarter, 2014
Marketwired (press release)
Copies of the documents filed with the SEC by BFC are available free of charge on BFC's website at www.bfcfinancial.com under the tab "Investor Relations - Regulatory Info - SEC Filings" or by directing a request by mail to BFC Financial Corporation ...
This is a guest diary submitted by Chris Sanders. We will gladly forward any responses or please use our comment/forum section to comment publicly.">">If you work with any type of IDS, IPS, or other">detection technology then you have to deal with false positives. One">common">mistake I see people make when managing their indicators and rules is">relying">solely on the rate of false positives that are observed. While false">positive">rate is an important data point, it doesnt encompass everything you">should">consider when evaluating the effectiveness of a rule or indicator. For">instance, consider a scenario where you have a rule that looks for a">specific">">alert tcp $HOME_NET any - $EXTERNAL_NET any">(msg:Random Malware content:|AB BF 09">B7|">">You can see that this rule isnt incredibly">specific as it examines all TCP traffic for four specific outbound bytes.">As a">result, there might be potential for false positives here. In this case, I">ran">this rule on a large network over the course of a month, and it generated">58">false positive alerts. Using that data point alone, it sounds like this">rule">might not be too effective. As a matter of fact, I had a few people who">asked">me if I could disable the rule. However, I didnt because I also">considered the">number of true positive alerts generated from this rule. Over the same">period of time this rule generated 112 true positive alerts. This means">that the rule was effective at catching what it was looking for, but it">still">wasn">">I mention the word precise, because the false">positive">and true positive data points can be combined to form a precision">statistic">using the formula P = TP + (TP + FP). This value, expressed as a">percentage,">can be used to describe exactly how precise a rule is, with higher values">being">more desirable. In the case of our example rule, the rule has 65.9%">precision,">meaning that it successfully detected what it was looking for 65.9% of the">time. That doesnt sound like a rule that should be disabled to me.">Instead, I">was able to conduct more research and further tune the rule by looking for">the">">When examining rules and indicators for their effectiveness, be sure">to consider both true and false positives. You might miss out on favorable">detection if you don">">Blogs:">">http://www.chrissanders.org (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
by Robert Lemos
Hidden services running on the Tor network got major support on Friday when Facebook began offering Tor users a way to connect to its services and not run afoul of the social network’s algorithms for detecting fraudulent usage of accounts.
On Friday, the company added a hidden service address with a .onion top-level domain, facebookcorewwwi.onion [updated to fix address], which allows Tor users to protect their data and identity all the way to Facebook’s datacenters. Hidden services accessed through the Tor network allow both the Web user and website to remain anonymous.
“Facebook’s onion address provides a way to access Facebook through Tor without losing the cryptographic protections provided by the Tor cloud,” Alec Muffett, a software engineer with Facebook’s security infrastructure group, said in a blog post. “It provides end-to-end communication, from your browser directly into a Facebook datacenter.”
by Robert Lemos
Nearly a million websites running the popular Drupal content management system had only hours to update their software before attacks likely compromised the systems, thanks to a widespread vulnerability, the Drupal security team warned this week.
On October 15, the security team for the Drupal content management system announced the discovery of a critical security flaw that could allow attackers to steal data or compromise vulnerable sites. Within seven hours of the announcement, attackers had begun broadly scanning for and attacking Drupal sites, according to the project’s security team, which provided the details in an October 29 public service announcement.
“Systematic attacks were launched against a wide variety of Drupal websites in an attempt to exploit this vulnerability,” the group stated in its update. “If you did not update your site within < 7 hours of the bug being announced, we consider it likely your site was already compromised.”
Welcome To My Cyber Security Nightmare
Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night. This past year, we have seen some pretty scary stuff happen in cyber security. Since Halloween is almost here, I thought I would ...
Posted by InfoSec News on Oct 31http://www.darkreading.com/attacks-breaches/retailers-now-actively-sharing-cyberthreat-intelligence/d/d-id/1317086
Posted by InfoSec News on Oct 31http://www.nytimes.com/2014/10/31/world/europe/new-russian-boldness-revives-a-cold-war-tradition-testing-the-other-side-.html
Posted by InfoSec News on Oct 31http://www.csoonline.com/article/2840953/social-engineering/social-engineers-work-in-teams-to-harness-the-power-of-information.html
Posted by InfoSec News on Oct 31http://arstechnica.com/security/2014/10/retailers-accuse-credit-unions-of-talking-smack-about-card-breaches/
Posted by InfoSec News on Oct 31http://www.bankinfosecurity.com/banks-concerns-about-cyberthreats-grow-a-7486