April 2013 – SWITCH Security-Blog

IT-Security-Links #21

The Cybercrime Coordination Unit Switzerland (CYCO/KOBIK) published their Annual Report 2012 (PDF). It’s also available in German.
Phishing: How the phishers perpetrated their attacks, and what defensive measures are and are not working: The Anti-Phishing Working Group (APWG) released the Global Phishing Survey for 2H2012.
DDoS Attacks: I’m under attack. What should I do? Whom should I call? Dave Piscitello wrote an interesting blog post about How to Report a DDoS Attack on behalf of the ICANN Security Team.
When it comes to enterprise security, is it better to focus on compliance or risk? A viewpoint from Christian Anschuetz and Dan Abdul at networkworld.com.
A new Android malware is targeting Polish e-banking users. The application is called “E-Security”. (CERT Polska)
Strong Twitter passwords are important! Here you can (let your colleagues) check, if your/their Twitter passwords are still secure. 😉

IT-Security-Links #20

Boston-Spam: Malicious actors are exploiting the Boston Marathon explosions to spread malicious code, the US-CERT warns. The Internet Storm Center provides some details and how the spam campaigns are now changing over to the Waco plant explosion.
WordPress: Securi.net blogged details about the massive brute force attacks against WordPress websites over the past days.
Waiting desperately for Android Security Updates from your carrier? The American Civil Liberties Union has filed a complaint with the US Federal Trade Commission (FTC) concerning this issue.
According to Reuters, China and the United States will set up a working group on cyber-security. “Cyberspace should be an area where the two countries can increase mutual trust and cooperation.”
Symantec published their 58-page Internet Security Threat Report 2013 (PDF). Reviews can be found here and here.

Jekyll or Hyde? Better browse securely

A Guest Article by Stefan Lüders.*

Surfing the web is like walking London in 1886. Usually you meet nice and lovely Dr. Jekyll, interact with him, and all fine, cosy and perfect. But in other circumstances, during the night, you might hit on evil and malicious Mr. Hyde. He just wants your money and your secrets, or abuse you. As in the novel by Stevenson, the good and the bad web pages can be very close together. Continue reading “Jekyll or Hyde? Better browse securely”

IT-Security-Links #19

Hosting companies worldwide are reporting an increase in brute force attacks on the administration interfaces of WordPress installations. If you’re running a WordPress site, now would be a good time to ensure you are using strong passwords, change the user-id ‘admin’ and limit the number of logins.
PlaneSploit: Plane hijacking via smartphone (PDF). A talk by Hugo Teso at Hack In The Box Security Conference. Read more here.
Aditya Balapure provides some insights on the recent DDoS Attack against Spamhaus.
SSH: “There are often a great many more SSH keys in existence in an organisation than there are users.” SSH an ill-managed mess says Tatu Ylonen, author of the SSH protocol.
Windows XP: The countdown begins – Support for Windows XP ends on April 8, 2014. Newer OS-Versions have more built-in security features like ASLR or SEHOP.
What is the difference between a Penetration Test, Vulnerability Assessment and a Security Audit? Some definitions to help define future security service requests.

IPv6 für (Security-)Manager – Teil 3: Treiber für eine IPv6-Integration

Im vorigen Teil dieser Reihe haben wir uns das Big Picture der IPv6-Integration angeschaut. In diesem dritten Teil geht es nun darum, welche Treiber für die Integration von IPv6 potenziell bestehen. Diese Übersicht kann Ihnen als Basis dienen, um sich ein Bild zu machen, wie die individuelle Situation in Ihrer Organisation aussieht.

Continue reading “IPv6 für (Security-)Manager – Teil 3: Treiber für eine IPv6-Integration”

IT-Security-Links #18

U.S. banking institutions are now in the fifth week of distributed-denial-of-service attacks. Read the Lessons learned on bankinfosecurity.com
A more or less new malware called “Darkleech” infected thousands of Apache servers. The attackers retain control of the servers they infect by replacing the SSH daemon with a modified one. Read in the sucuri.net blog how to identify the infection.
Advanced Persistent Threats get more advanced, persistent and threatening. At least according to John Leyden who reviewed FireEye’s latest advanced threat report.
Even security professionals have bad password security habits. That’s the result of a survey done at RSA Conference 2013.

German:

Der SWITCH-CERT Security- und Privacy-Report (PDF) für März ist zum kostenlosen Download verfügbar.
Wie man USB-Sticks mit TrueCrypt verschlüsselt, dazu gibt es auf botfrei.de eine neue Anleitung.

Deep Web – Das Netz unter dem Netz (Teil 6)

Dieser Artikel wurde von Katja Locker verfasst.

Und was bringt 2013? Verbieten, sperren – oder lieber doch nicht?

Eine akzeptable Lösung dafür zu finden, wie man illegale Aktivitäten im Deep Web stoppen könnte, ist nach Einschätzung von Freenet-Gründer Ian Clarke geradezu utopisch. Das erfordere in jedem Fall einen Eingriff „von oben“ und würde den gesamten Sinn und Zweck von Diensten wie Freenet zerstören: „Die kriminellen Aktivitäten Einzelner rechtfertige nicht das Ende der freien Meinungsäusserung im Internet.“

Continue reading “Deep Web – Das Netz unter dem Netz (Teil 6)”