I’m sure many of you will have already read about the massive database breach at LivingSocial, a daily-deal company second only to Groupon. If not, then you aren’t one of the “lucky” 50 million people chosen for that day’s “special deal”.
LivingSocial reported a breach of their systems which resulted in the names, email addresses, dates of birth and hashed and salted password values being stolen. Although LivingSocial passwords were hashed and salted, unfortunately the cryptographic algorithm used was not a particularly strong one (SHA-1) this means that while cracking that password database is not trivial, it is certainly not impossible. Continue reading →
Much of the focus on Advanced Persistent Threat and targeted attack prevention methodology can be related to the Lockheed Martin Cyber Kill Chain, which is itself based on the conventional US military targeting doctrine — find, fix, track, target, engage, assess (F2T2EA) methodology. The Cyber Kill Chain comprises seven phases: Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control (C2) and Actions on Objectives.
It is important to remember that the Cyber Kill Chain does not describe a defence methodology, rather it breaks down the steps an attacker will take in order to compromise a target. This view of an attack as a chain of related actions, rather than discrete incidents is key to understanding how to frustrate, disrupt or evade persistent attempts at intrusion. Offense must inform defence, where the goal is to terminate an attackers ability to continue or complete the assault. Continue reading →
Time was when one of the key things that a security technology had to avoid, was initiating an avalanche of event notifications. Tuning technologies to only alert when something Very Certain™ and Very Bad™ had happened was the order of the day. Your firewall had to be absolutely certain that those inbound packets were not part of an established network flow or your Intrusion Prevention System needed to be able to state categorically that those packets contained an exploit attempt, before they raised an alert.
In the twentieth century and even into the beginning of the twenty-first we were in the habit of consulting our defences in isolation; the firewall tells me everything is ok, the IPS tells me everything is ok, the anti-malware tells me everything is clean; so everything is ok, right? Wrong. This myopic approach to security is one of the factors currently contributing to the success of targeted attacks around the world.