WIRELESS ENCRYPTION

Wireless networks are an easy way to connect our laptop, tablet or phone to the internet. Instead of using the traditional RJ45 cabling , the devices just needs to have a wireless card. There are three main types of encryption in wireless network:

Wired Equivalent Privacy(WEP) which is available in 64-bit and 128-bit . It uses RC4 encryption (stream cypher) with 40-bit key and 24-bit initialization vector for encryption. It supports the Open authentication method with the MAC address and the shared authentication method with pre-shared keys.

Wifi Protected Access (WPA) : It uses Temporal Key Integrity Protocol (TKIP) for encryption. It supports pre-shared key (WPA personal) and 802.1x (WPA Enterprise) authentication.

Wifi Protected Access 2 (WPA2) or 802.11i: It uses Advanced Encryption Standard with either TKIP or counter mode with cipher block chaining message authentication code (CBC-MAC). It also supports pre-shared key (WPA2 personal) and 802.1x (WPA2 Enterprise) authentication.

Advertisements

HOME DEPOT BREACH

homedepot
Home depot logo

HOME DEPOT is a big box retailer in the USA. It suffered from a security breach that affected 56 millions payment cards.

The malware used in the attack is most likely to have been used in others attack. Briankrebs who reported the attack suggests that the BlackPOS malware which was used againt  TARGET  was also used in this case. The hackers started by compromising a third-party supplier workstation  and manage to install the malware in the point-of-sale terminal. At this point the collection of credit card entry data was automated and sent to an offsite collection system.The malware was present between April and September 2014, though the incident was first reported in September 02, 2014.

By now, the malware elimination and enhanced encryption of  Payment data in all US stores have been completed.

Lesson learned: In this recent POS attack, Payment Card Industry (PCI) regime could improve this. Home Depot should look to UPSStore example to learn how to report a breach. Online merchants need to resist fraudulent use of credit cards : Verified by VISA, MASTERCARD SecureCode, Paypal, Apple Pay. Finally, Home Depot Customers must demand new account numbers.  Why on this earth aren’t you using white listing on PCs attached to payment devices?.



			
					

CNET Hacked, Remote Servers accessed

CNET the most popular review technology websites has been hacked. A twitter user going by the name of worm and the handle @rev-priv8 posted a photo of a remote access to CNET.com server . The exploit was done through a vulnerability in the content management system probably WordPress or Joomla. CNET is not saying much about the attack but claims that username and password were not accessed.According to Forbes, Worm has even sold a database of CNET.com at a price of one Bitcoin.
http://www.forbes.com/sites/thomasbrewster/2014/07/14/russian-hacker-breaches-cnet-servers/
http://betanews.com/2014/07/15/1-million-users-affected-by-cnet-com-hack/

Malware Sample Sources

Malware researchers need to test their skills and develop defense with real specimen. They can collect malwares sample from honeypot or download those from URL sources. The following sites can be resourceful:

  1. Contagio Malware Dump (Mobile Malware)
  2. Kernelmode.info
  3. Malshare
  4. Malware.lu AVcaesar
  5. MalwareBlacklist
  6. Malwr
  7. Open Malware
  8. SecuBox Labs
  9. Virusign
  10. VirusShare
  11. TheZoo /Malware DB
  12. ZeuS Tracker

French manufacturer LaCie admits data breah

LaCie is a french manufacturer of  hard drive. It was a victim of a security breach and obviously sent notifications to customers about the incident . The breach was detected by the FBI on March 19,2014 which forwarded the alarm. A malware was used to gain access to customer’s transactions made between March 27,2013 and March 10,2014. Names, addresses,email addresses,payment card numbers and cards expiration dates belonging to customers  have been accessed by the unauthorized party. LaCie urged everyone to change their password believing that customers’ usernames and passwords  on LaCie’s website could have also been accessed.