Skip to content

Month: May 2014

Published on Leave a comment on National Institute of Standards and Technology (NIST) has new standards

NIST has a computer Security division and they have revamped their

The On-line Database: Access and Control policy and procedures

There are many good areas to review in this website, including:

Don't forget the home workers:

An important part of telework and remote access security is applying security measures to the personal computers (PC) and consumer devices using the same wired and wireless home networks to which the telework device normally connects. If any of these other devices become infected with malware or are otherwise compromised, they could attack the telework device or eavesdrop on its communications. Teleworkers should also be cautious about allowing others to place devices on the teleworkers’ home networks, in case one of these devices is compromised.

Teleworkers should also apply security measures to the home networks to which their telework devices normally connect. One example of a security measure is using a broadband router or firewall appliance to prevent computers outside the home network from initiating communications with telework devices on the home network. Another example is ensuring that sensitive information transmitted over a wireless home network is adequately protected through strong encryption
 
Anybody that connects to your network can cause unforeseen mayhem.
 
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
In Computer Security  there is a method we use to get better security.
 
After a security policy or method is instituted it must be tested using an independent thought (red team- versus blue team). This methodology is used to create a stronger and more effective defense of network assets.
 
Contact Us to discuss this in depth. OversiteSentry.com is a fixvirus.com website.
 

Published on Leave a comment on Experian – one of the credit reporting agencies was duped

KrebsonSecurity  has the story (a good security blog)

a 24 year old Viet-Nam (Ngo) national helped create a situation where data from Experian was sold to online identity theft rings.

The company Court Ventures helped cause the situation.

but this is the important sentence: " According to a transcript of Ngo’s guilty plea proceedings obtained by KrebsOnSecurity, Ngo’s ID theft business attracted more than 1,300 customers who paid at least $1.9 million between 2007 and Feb. 2013 to look up Social Security numbers, dates of birth, addresses, previous addresses, phone numbers, email addresses and other sensitive data."

 

This is how it works, once your data is online and in digital format, it is easy for people to steal/borrow/buy it and then sell it on the open market.

 

Published on Leave a comment on SQL Injection is a common hacker method to attack

As noted by us-cert.gov  there are many methods of taking advantage of SQL injection opening in a website.

The real problem is when companies don't admit to the breaches occuring.

At Security magazine they did a survey189,650 respondents:

15% of respondents said that there was a data breach, and 20% from servers.

 

15% of 189650 = 28447 breaches.

So there were plenty of problems in corporate America in the security area. and 89% think they have handled the issue.

 

Obviously there is a disconnect. this is assuming the other 160,000 are being truthful.

 

Published on Leave a comment on National Vulnerability Database (NVD)

NVD  or at the http://nvd.nist.gov/home.cfm

 

NIST is the National Institute of Standards and Technology.

NVD contains:

10286
OVAL Queries
89128
CPE Names
As you can see the patching and protecting of your computers has to be automated, because it can get out of hand very quickly

Published on Leave a comment on Drupal vulnerability – patch your software

Yes Drupal version 7.x - 3.5 now has a remote command injection vulnerability.  Packetstormsecurity has a page on it.

patch to the latest software (May 3rd or newer) to prevent this.

 

Drupal is a popular Content management System software for websites.  The newest version 8 is coming soon. but until then please update and patch.

Published on Leave a comment on Wardriving: when a hacker checks wifi signals

Have you checked wifi signals as to their effectiveness?

Is your wifi router/ access point using good encryption technology?

Wardriving: Peter Shipley coined the term "wardriving" the practice of deliberately searching a local area looking for wifi networking signals.

You do know that some wifi(WEP) encryption is easier to hack and break into than others(WPA2)

There are also other ways that people attack you and your information and resources.

Hackers use fake wifi access points to steal peoples logins. be careful where you accept a wifi connection, as unencrypted wifi can be very dangerous, at lest assume that all your network traffic can be stolen and analyzed.  I.e. do not enter userids and passwords on unencrypted wifi connections.

 

we can help you test and audit your wifi, including for PCI auditing purposes (has to be done quarterly