Blog

Blog

Habits Are Formed By Repetition, Not Reminders

There are five words today that, when coming from any adult relative with minimal technical chops, are the most terrifying you'll ever hear: I clicked on this link... I doubt any one of us at some point in our lives has managed to escape the inevitable cry for help from a technically challenged relative after they've managed to turn their computing...
Blog

Ransomware: Refusing to Negotiate with Attackers

Last week, the information security community was saddened to learn of Joseph Edwards, a 17-year-old secondary school student who committed suicide after his computer became infected with ransomware. Edwards’ computer was corrupted by Reveton (or Police Ransomware), a common type of malware that locks a victim’s computer, claims that the victim is...
Blog

How to Detect the GHOST glibc Vulnerability

The GHOST vulnerability (CVE-2015-0235), which was discovered by researchers in the GNU C Library (glibc), allows local and remote access to the gethostbyname*() functions in certain cases. Although the vulnerability was just recently disclosed, the vulnerability was introduced in glibx-2.2 on November 10, 2000. Fortunately, this was fixed on May 21...
Blog

Don’t be Shellshocked by GHOST

If you’re following threat feeds, you’ve probably heard about GHOST (CVE 2015-0235), the new critical vulnerability that Qualys disclosed yesterday. This vulnerability has been found in glibc, the GNU C library, and it affects all Linux systems dating back to 2000. Redhat listed it on their CVE database as ‘critical’ with a CVSS v2 score of 6.8....
Blog

GHOST Vulnerability and Its Patch History

There’s a lot of chatter going on right now related to the GHOST vulnerability that was announced yesterday. Lots of folks are talking about the vulnerability, particularly focused on the threat advisory published by Qualys. However, I thought I would spend a little time looking at the history of this vulnerability and how its underlying bug was...
Blog

GHOST in the Linux Machine – CVE-2015-0235

Researchers have discovered a critical vulnerability (CVE-2015-0235) in the Linux GNU C Library (glibc) that could potentially allow attackers to execute code on servers and gain remote control of Linux machines, without the necessary system credentials. This flaw is found in most versions of Linux, in which a buffer overflow can be exploited by...
Blog

Targeted Scam Cost Businesses $215 Million Using Fraudulent Wire Transfers

Last year, a scam using fraudulent wire transfers caused businesses $215 million in losses. According to a public service announcement by the Internet Crime Computer Center (IC3), the scam, which is known as the “Business E-mail Compromise” (BEC), claimed 1,198 unique victims in every U.S. state and 45 other countries between October 2013 and...
Blog

VERT Alert: GHOST - glibc overflow

Vulnerability Description A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user...
Blog

Thought Experiment: Mandatory Online Banking Security Standards

Banks are required by law to follow government regulations; these subject the banks to specific requirements, restrictions and guidelines. The end goal being, among other things, transparency. What about setting specific requirements for banking website security? Pew Research Center statistics reveal that 51% of U.S. adults bank online and 35% of...
Blog

Marriott Customers' Personal Details Exposed by Simple Web Flaw

Here's a piece of advice for anyone responsible for securing a corporation's data: If you discover security researcher Randy Westergren is using your app, you had best take a long hard look at whether you are protecting your users' information properly. Because, if you're not, there's a good chance that he might be about to tell you what you're...
Blog

10 Notorious Cyber Criminals Brought to Justice – No. 5

Five cyber criminals down; five to go. Last week, we learned about Lin Mun Poo, a Malaysian hacker who at one time infiltrated a prominent U.S. financial institution as well as a contractor for the Department of Defense. Tripwire now continues its series on some of the most notorious cyber criminals brought to justice with Vladislav Anatolievich...
Blog

Vulnerability Scoring 103

We’ve looked at the Tripwire IP360 Scoring System and how risk is commonly used in two different scenarios, so I figured it was worthwhile to dive into the other complex element of Tripwire’s scoring: skill. Skill is a term that, even within the IP360 Scoring System, has evolved over the years and it’s worth looking at the evolution of the word in...
Blog

Seven-Year-Old Hacks Public WiFi in Under 11 Minutes

As part of a security awareness campaign, a seven-year-old girl was able to successfully hack a public WiFi hotspot in 10 minutes and 54 seconds. Seven-year-old Betsy Davis entered into the ethical hacking demo, meaning that a security expert supervised the entirety of the experiment, with only her laptop. She was then able to find out how to hack...
Blog

Kim Dotcom Reveals His End-to-End Encrypted Video Chat Service, MegaChat

The ever-controversial hacker-turned-millionaire-entrepreneur Kim Dotcom has announced the public beta launch of an end-to-end encrypted audio and video chat service, which he calls MegaChat. Anyone with an account on Mega's file-sharing file-syncing service can now access what is claimed to be a more secure alternative to Skype, boasting end-to-end...
Blog

Why We Should Care About STIX & TAXII

I started getting involved in learning about the STIX (more here) and TAXII standards in earnest last year. These emerging standards enable effective sharing of cyber threat data in automated ways between different products, people and organizations. In many ways, that makes me a newcomer to these emerging standards; by that point in time The MITRE...
Blog

VERT Vuln School: XSS versus XSRF

Cross-site scripting, commonly referred to as XSS, is listed third in the OWASP Top 10 for 2013 Web Application Security risks. Unlike SQL injection attacks, which target data on the server, XSS provides a vector for attacking the users of a vulnerable web site. At a general level, XSS is when an attacker can cause a web site to render with...
Blog

Hacker Halted... What Is It?

Hacker Halted is an IT security conference with the intention of educating the attendees in security and ethics. Last year, the conference was held in Atlanta on October 16-17. What VERT Presented at Hacker Halted VERT presented an implementation of a protocol independent fuzzer, which was built using python. We developed a fuzzer because we...