Thursday, November 26

Today's Security Variety

I've recently come across a few security related items of interest that I thought might be useful to everyone.

1. Shodan - a fairly robust internet search engine that can be used to identify specific products and interfaces. From the site:
"SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well. Let me know which services interest you the most and I'll prioritize them in my scanning."
2. Social Media Governance - a site with resources targeted at organization's use of social media. This includes a list of companies such as Walmart, BBC and U.S. Airforce and their social media policies.

3. Wired Story on 9/11 Pager Texts - Looks like Wired is following the wikileaks break of millions of pager messages supposedly captured during the 9/11 terrorist attacks. This will be interesting to follow.

Friday, November 13

TLS Renegotiation Vulnerability

As many of you have already heard, there was a very serious vulnerability discovered in the TLS protocol that is used across the general internet to secure many many forms of communication, from the browser used to access banking online, to the protocols used to secure messaging servers.

The vulnerability itself is a design weakness found in the protocol's ability to renegotiate the encryption used in a session after a long-standing connection.

Here is a good write-up and links to some other information regarding the issue.

Stay tuned on this though - and expect many many patches and work-arounds to be issued by vendors.

Wednesday, November 11

RBS Worldpay Reading

Here are a few links from a few of the sites that are discussing the details of the RBS Worldpay hack.

Veracode
SOURCE Conference
Cybercrime and Doing Time
Helpnet Security News

I'm going to try to find out more and maybe provide some additional analysis of how this hack seems to follow the same MO as the other credit/debit hacks.