×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Ask Slashdot: Where To Report Script Kiddies and Other System Attacks?

UnderAttack Report it to DShield.org (241 comments)

"Random" attacks can be reported to DShield.org . They have a number of scripts to automatically submit firewall logs (including from Linux firewalls). See http://www.dshield.org/howto.html . Once set up, it just "runs" and DShield aggregates the data, uses it for research and reports worst offenders to ISPs and other contacts.

about a year and a half ago

Submissions

top

DVRs Used to Attack Synology Disk Stations and Mine Bitcoin

UnderAttack UnderAttack writes  |  about three weeks ago

UnderAttack (311872) writes "The SANS Internet Storm Center got an interesting story about how some of the devices scanning its honeypot turned out to be infected DVRs. These DVRs are commonly used to record footage from security cameras, and likely got infected themselves due to weak default passwords (12345). Now they are being turned into bots (but weren't they bots before that?) and are used to scan for Synology Disk Stations who are vulnerable. In addition, these DVRs now also run a copy of a bitcoin miner. Interestingly, all of this malware is compiled for ARM CPUs, so this is not a case of standard x86 exploits that happen to hit an embedded system/device."
Link to Original Source
top

Linksys Routers Exploited by "TheMoon"

UnderAttack UnderAttack writes  |  about 2 months ago

UnderAttack (311872) writes "A vulnerability in many Linksys routers, allowing for unauthenticated code execution, is used to mass-exploit various Linksys routers right now. Infected routers will start scanning for vulnerable systems themselves, leading to a very fast spread of this "worm"."
Link to Original Source
top

Scammers Intercept E-Mail in Targeted Attacks

UnderAttack UnderAttack writes  |  about 3 months ago

UnderAttack (311872) writes "In the old days, financial fraud usually relied on banking malware like Zeus. But as organizations become more aware of these threats, scammers bypass all the fancy anti-malware tools by going straight to the person with the money. In this case document by the Internet Storm Center, a scammer was able to view/intercept an e-mail exchange about a payment, and slipped in a note requesting the account number for the payment to be updated. These scams become more common as miscreants look for new ways to a get to a companies money"
Link to Original Source
top

Why you should wipe the drive after a compromise

UnderAttack UnderAttack writes  |  about a year ago

UnderAttack writes "After a malware infection, or a compromise of the system in a more targeted attack, there is always a push to get "back into business" as quickly as possible. The malware artifact is quickly removed and the system is put back into service without too much scrutiny. Sadly, this way backdoors and other hidden gifts the attacker left behind are frequently overlooked. The result is that the system is compromised again quickly. The only real solution is wiping the drive and starting from scratch (and hoping that you have decent backups). This two part series by Mark Bagget makes this point by outlining some of the tricks an attacker may use to hide backdoors and to have them automatically executed on a system. Part 1 talks about how to usurp the windows update process to reinstall malware, and Part 2 shows how to use the unescaped space bug and the service restart tool to get the malware to start."
Link to Original Source
top

Is your network managed by a "Slumlord"?

UnderAttack UnderAttack writes  |  about a year and a half ago

UnderAttack writes "The “Section 8 Bible”, a must read book for aspiring landlords, introduces a simple rule to deal with broken equipment in the apartment: If law does not require it, remove it. Don’t fix it. For example, interior doors are not necessarily required and can be removed. Network security professionals frequently follow similar guidance: If there is no business requirement, disable it. The rule assumes that minimizing features minimizes exposure. The fewer lines of code we run, the less likely are we going to be vulnerable to a bug.

How valid is slumlord network security? Can it really protect a network? Does it do more harm then good?"

Link to Original Source
top

Is Your Network Security Guy a "Slumlord"?

UnderAttack UnderAttack writes  |  about a year and a half ago

UnderAttack writes "The “Section 8 Bible”, a must read book for aspiring landlords, introduces a simple rule to deal with broken equipment in the apartment: If law does not require it, remove it. Don’t fix it. For example, interior doors are not necessarily required and can be removed. Network security professionals frequently follow similar guidance: If there is no business requirement, disable it. The rule assumes that minimizing features minimizes exposure. The fewer lines of code we run, the less likely are we going to be vulnerable to a bug. Is your network like that? Does it work for or against security?"
Link to Original Source
top

IPMI: Hack a server that is turned "off"

UnderAttack UnderAttack writes  |  about 2 years ago

UnderAttack writes "A common joke in infosec is that you can't hack a server that is turned off. You better make sure that the power cord is unplugged too. Otherwise, you may be exposed via IPMI, a component present on many servers for remote management that can be used to flash firmware, get a remote console and power cycle the server even after the normal power button has been pressed to turn the server off."
Link to Original Source
top

Cyber Attacks against Tibetan Communities

UnderAttack UnderAttack writes  |  about 6 years ago

UnderAttack writes "The SANS Internet Storm Center reports about an increasing number of sophisticated and targeted cyber attacks against Tibetan NGOs. These attacks appear to be related to attacks against other anti-chinese groups like Falun Gong. From the article:

"There is lots of media coverage on the protests in Tibet. Something that lies under the surface, and rarely gets a blip in the press, are the various targeted cyber attacks that have been taking place against these various communities recently.
These attacks are not limited to various Tibetan NGOs and support groups. They have been reported dating back to 2002, and even somewhat before that, and have affected several other communities, including Falun Gong and the Uyghurs.""

Link to Original Source
top

UnderAttack UnderAttack writes  |  about 7 years ago

UnderAttack writes "The SANS Internet Strom Center (ISC) setup a web page listing about 500 domains that use keywords related to the Virginia Tech shooting. Turns out that most of them got registered just the last 2 days. While some are used for innocent purposes, others are used for fraud. The page allows everybody with an ISC or DShield account to help categorize the pages. The ISC did the same after Hurricane Katrina, which spurred a lot of these scum-domains."
top

UnderAttack UnderAttack writes  |  about 7 years ago

UnderAttack writes "The SANS Secure Software Institute went public today with a couple of free sample tests. The goal of the institute will be to offer assessment tests for developers. Right now, most certifications like ISO9001 and such focus on process vs. skill. The SANS SSI tests on the other hand are highly technical, focus on secure coding skills, and will be offered for various languages.

Given all the focus on security these days, tests like this may soon be required for y'all. SANS, the company behind SANS-SSI, offers vendor neutral testing. I am sure we will soon see more software developer training from them."
top

UnderAttack UnderAttack writes  |  more than 7 years ago

UnderAttack writes "The SANS Institue and the FBI published a new version of their "Top 20 Vulnerability" list. This is the 7th version of the list which was published first in 2000.
With this version, the list has been re-organized quite a bit. No longer does it focus on OS specific issues. There are now sections for cross-platform problems (like web applications), network devices and policy.
Kind of interesting that Mac OS X got mentioned as well. But on the other hand, Windows Internet Exploder made the top of the list all on its own."
top

UnderAttack UnderAttack writes  |  more than 7 years ago

UnderAttack writes "Spam submitte dto web contact forms and forums has become a huge problem. The standard way out is the use of captchas. However, captchas can be hard to read even for humans. And if implemented wrong, they will be read by the bots. The SANS Internet Storm Center covers a nice set of alternatives to captchas. For example, the use of style sheets to hide certain form fields from humans, but make them "attractive" to bots. The idea of these methods is to increase the work a spammer has to do to spam the form without inconviniencing regular users."

Journals

UnderAttack has no journal entries.

Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...