Loading....

Stunnel Vulnerability | Remove or Patch Immediately

Bug

Stunnel, an application that provides secure ‘tunneling’ for commonly used, insecure protocols (e.g. SMTP, POP3, etc.) has issued a security bulletin.  There is a known flaw that could be utilized to inject arbitrary code and ultimately control where the connection goes.  Imagine the emails you’re trying to send to consignors and/or customers being intercepted.

That wouldn't be good...

If you think this is being hyper-sensitive, you don’t internets enough.

Any applications installed on your systems must be justified, as per the PCI DSS v2.0:

[hr size=’big’]

2.2.2 Enable only necessary and secure services, protocols, daemons, etc., as required for the function of the system.

2.2.2.b Identify any enabled insecure services, daemons, or protocols. Verify they are justified and that security features are documented and implemented.

2.2.3.a Interview system administrators and/or security managers to verify that they have knowledge of common security parameter settings for system components.

2.2.4 Remove all unnecessary functionality, such as scripts, drivers, features, subsystems, file systems, and unnecessary web servers.  Examples of insecure services, protocols, or ports include but are not limited to FTP, Telnet, POP3, IMAP, and SNMP.

[hr size=’big’]

If someone is going to install 3rd party software on your computer, be sure to ask them if they are going to maintain and patch that software on a daily basis.  As a business bound by PCI DSS, applications must be patched on at least a monthly basis.  For systems storing/processing/connected-to sensitive data, applications should be patched more-frequently – i.e. daily.

Without even considering PCI DSS, it’s common sense.  An application installed with good intentions, can easily backfire on you if not properly maintained.

Days Since Last Known Java 0-day Exploit

Days Since Last Known Java Exploit

A handy website to let you know how many days its been since the last-known Java 0-day exploit.

[hr size=’big’]

[button link=”http://java-0day.com/” size=”bigger” open_new_tab=”true”]java-0day.com[/button]

[hr size=’big’]

With Java 0-day exploits appearing at the rate of one per day, it will probably come in handy.  🙂

Evernote Hacked, Change Your Password Immediately

Evernote Hacked

Heads-up, Evernote users.  Evernote is reporting they have been hacked and have issued a Security Notice.  As a safety measure, they have initiated password resets for all accounts.  Evernote has stated that no user content appears to have been compromised.

I know it’s a very common thing for people to use the same password and email address across multiple sites.  Do not do that.  Think about it, if your Evernote account was compromised and your email + password were the same for Gmail, Amazon, eBay, iTunes, etc. you would risk losing access to everything and even incurring some real expenses or data loss.

Stay safe and if you have any questions or comments, feel free to post below!

Dropbox User Emails Apparently Leaked

Dropbox Spam

Is there an echo in here?  On Dropbox’s user support forum, multiple users have reported that email addresses completely unique and intentionally obfuscated, received spam email.

Dropbox User Post
Dropbox User Post | Click to Enlarge

As users have pointed out, spammers would have to get very lucky to guess such an email address, or the user email list was compromised.

Dropbox and users have suggested this might be part of last year’s breach, but users who registered after said breach have reported receiving messages.

This is as good a time as ever to mention security and online awareness.  If you were utilizing an email address that you use for your consignment store and you signed-up for Dropbox with it, a spam email with a phishing link or other attack could find its way into your business systems.

Just be vigilant when it comes to the messages you receive and always think twice before opening messages or clicking links.

What’s Rubbing-Up Against YOUR Website?

CloudFlare IDS

Or who, for that matter.  If you think your website just sits there and serves pages to friendly visitors, you’re missing out on all the fun that’s going on behind the scenes.  Properly securing a website + ongoing maintenance are critical to preventing your site from being “hacked”.

Websites are not a “set it and forget it” sort of thing.  Server logs should be inspected on a regular basis.  An Intrusion Detection System should be in place.  Updates for software should be installed on a regular basis.  WordPress must be updated and maintained and if you ignore this maintenance, you’ll have some friends coming to visit you…

CloudFlare IDS
CloudFlare IDS | Click to Enlarge

And what are these “friends” doing on your website?  Just running some friendly Dictionary Attacks, that’s all…

Dictionary Attacks
Dictionary Attacks | Click to Enlarge

Attempting to log in as ‘admin’…

Admin Login Attempts
Admin Login Attempts

If you have a WordPress site, unsuccessful login attempts are not blocked, so someone can try to log in to your admin page over and over again without you ever knowing.  That is, unless you have the right tools in place.  At the very least, make sure you install the Limit Login Attempts plugin.

Security is a multi-layer approach, so don’t think there is just one simple solution to secure your website.  Make sure you or someone is maintaining your website, installing the latest updates, pruning as many attack vectors as possible, checking your logs, etc.

If you have any questions, feel free to comment below or Contact Us!

[Critical] Vulnerabilities In Adobe Reader and Acrobat | Affects Linux, Macintosh, and Windows

Acrobat Vulnerability

Critical security vulnerabilities in Adobe Acrobat and Adobe Reader have been identified and Adobe has issued a security advisory.  These are being actively exploited in the wild by sending users malicious PDF files.

This affects users of Linux systems, Macs, or Windows.

Told You So

Adobe is recommending users enable Protected View  via Edit > Preferences > Security (Enhanced).

Reader/Acrobat Protected View
Protected View | Click to Enlarge

Unfortunately, this security feature is not enabled by default.  Thanks, Adobe.

This is one of the many reasons we recommend using SumatraPDF (via Ninite.com).  It is lightweight, functional, and it’s one additional layer of protection against attacks.

For clients on our System Monitoring w/ Patch Management service, we will be addressing this issue for you.

How To Install AdBlock Plus for Firefox [Video]

AdBlock Plus

Here is a quick video tutorial on how to download the free AdBlock Plus add-on for Firefox…

You can install the AdBlock Plus add-on, or any add-on, via your Firefox Button, then Add-ons

Firefox Add-on

The very first result is for AdBlock Plus – click Install

AdBlock Plus Add-on
AdBlock Plus Add-on | Click to Enlarge

We strongly recommend utilizing ABP not just to hide annoying ads, but as another layer of security for your system.  Many legitimate websites can have their 3rd party ads compromised, so just by using ABP, you are reducing some of the potential attack vectors you may encounter.

Speedtest.net Recently Compromised

Speedtest.net

The most popular internet speedtest site, Speedtest.net, was recently compromised.  They have since fixed the issue and the site is no longer infected, but if you visited the site within the last few days and if you have Java installed, lookout.

Invincea has a fantastic dissection of the payload the infected site was delivering.  This is a great opportunity to discuss how completely legitimate websites – e.g. Speedtest.net – can infect your system.  It doesn’t have to be a *questionable* website or suspicious email that leads to infection.  Websites can be compromised in any number of ways and commonly, 3rd party ads on websites are how malicious activity can sneak-in.

There is no single solution to security.  Security is a multi-layered approach.  With AdBlock and NoScript installed, you’re knocking off a good chunk of attacks before they even get a chance to start.  By running ESET Nod32 antivirus and Malwarebytes’ Anti-Malware Pro, you’re giving your system the best chance at fighting off anything that makes its way onto your system.  Changing your DNS to a faster and more-secure service, such as Google Public DNS, Comodo, or OpenDNS, helps keep the pool of sites you bump into, as safe as possible.  A hardware firewall, updated applications (and only essential applications installed), and user-awareness add to the security sandwich.

So keep your wits about ya, folks.  Don’t think that just because you’re browsing legitimate sites, you’re not vulnerable to attack.

For those interested in an alternative to Speedtest.net, there is an HTML5/no Java/no Flash service provided by SpeedOf.Me.

Back To Top