Skip to main content

Posts

Showing posts from February, 2010

Web Application Vulnerability Scanners Compared

Web Application Vulnerability Scanning and Identification is a hot topic for many customers, and there a number of excellent products which can help with the identification process. Larry Suto has produced the second of his independent evaluations of these products and posted the results.

In addition the guys over at NTO have posted their response to the report which identifies some interesting debates and responses from the vendors based on the results.

This kind of transparency on the effectiveness of these tools is excellent and really highlights the challenges that ALL web application vulnerability scanners have - especially those tools that can't automatically find the vulnerabilities in their own test sites!

Advanced Persistent Threats APTs

APTs or Advanced Persistent Threats are threats in which the threat agent (person or persons responsible) is highly motivated, well resourced, and highly skilled. This modis operendi of these people is to identify high-value target profiles (senior management, financially responsible, and influential) and gain persistent access to sensitive information.

Over the last few months, there has been an increasing number of public reports related to APT incidents:

Wall Street Journal

Business Week



Athough it has been widely reported in the past that malware writers and the criminal elements funding their research were moving in the direction of smaller, more targeted attacks, it appears that this trend has been accelerated and is catching many organizations and people off-guard in the process.

There are a couple of difficult challenges associated with countering these types of threats:

1) Threat information - with a few exceptions (government and private intelligence) most people and organizati…

ScanSafe 56%-80% of 2009 Malware Infections Related to Adobe Acrobat

In a new report released by CISCO's ScanSafe they claim that 2009 started off with 56% of malware infections occurring by way of flaws found in Adobe Acrobat products. This seems to be very high to me, I would think that some of the drive-by browser flash infections are still a larger percentage of this total.

Chip and PIN Vulnerabilities Documented

There is a significant research document that's been published publicly on some issues related to the new Chip and PIN standard. Looks like the vulnerability is associated with a lack of coordination between each of the organizations involved.
The attack although sophisticated is easily used by individual's with no technical understanding of the attack simply a "wedge" inserted between the card and the POS device.
Considering that these cards are all being migrated to by Canada's largest card issuers, this is a big issue. I have not yet confirmed that this affects chip and pin cards issued in Canada.
Link to press release-http://www.cl.cam.ac.uk/research/security/banking/nopin/press-release.html
Link to technical paper-http://www.cl.cam.ac.uk/research/security/projects/banking/nopin/oakland10chipbroken.pdf