dhs - backoff

Driving a Stake through Backoff and other PoS Malware

Despite a US CERT warning and several well-publicized hacking incidents over the summer, Backoff malware continues to add new corporate victims. Krebs has been on the case and has more details on the most recent attacks against two well-known brands. The government warning pointed out that anti-virus vendors may not have the latest signatures for…

creepometer

How to Avoid Being Known as a Creepy Company

While data breaches have been driving news headlines this year, privacy concerns have been riding shotgun. Unfortunately, for lack of a better word, “creepy” has been the word often used to describe the way companies have been leveraging our personal data, whether it is with passive location tracking, apps secretly absorbing your personal address book,…

money

What’s Your Reputation Worth?

During this past year, we’ve been reminded (too) many times that data breaches are costly and damaging to a company’s reputation. According to the Ponemon Institute’s 2014 Cost of Data Breach Study, the average total cost of a data breach—which can include credit monitoring, legal fees, remediation, and customer loss—for the companies who participated in…

privacy ftc

FTC Says Do the Reasonable Security Thing

Metadata Era readers know the FTC has become the de facto enforcer of data privacy and security protection. When there aren’t specific laws to apply, it uses the broad powers given to it by Congress—back in the earlier part of the last century—to prohibit “unfair or deceptive acts or practices” in the digital realm.  A…

399px-Golden_North_Samon_Derby_Winner_1955_Meyer

Phishing Attacks Classified: Big Phish vs. Little Phishes

The CMU CERT team I referred to in my last post also has some interesting analysis on the actual mechanics of these phishing attacks. Based on reviewing their incident database, the CERT team was able to categorize phishing attacks into two broader types: single- versus multi-stage. What’s the difference? Think of single-stage as catching lots of…

pos attack

Point-of-Sale Cyber Attacks Are Back With Backoff

Point-of-Sale attacks are back in the news. But they never really left us. In the wake of the Target attack, the FBI issued a bulletin in January warning about future incidents. They identified the malware type (RAM scrapers) and the infection vector (phish mails, and compromised websites or “watering holes”). And they even pointed out…

Ticket_example

In Search of Kerberos’s Golden Ticket

In a Kerberos environment, all users get tickets, or more specifically TGTs (Ticketing Granting Tickets). It’s the starting point for gaining access to services—network files, email, apps, etc.  In Windows, there’s one user who stands out, the all-powerful domain administrator. They have access to the keys of the kingdom, literally—the Domain Controller on which the…

Cerberus_(PSF)

Kerberos Weaknesses: Pass the Ticket Is a Real Threat

August is always a good time to check up on the dark side.  Black Hat had its annual conference earlier this month, and there’s always presentations worth looking at.  I’ve been writing about Kerberos recently, and while it’s a big improvement over Microsoft’s NLTM, nothing is ever perfect.  I came across a presentation that looks…

DisneyTicketBook_wbelf

Authentication Lessons From the Magic Kingdom: A Closer Look at Kerberos, Part II

Let’s continue our journey into the Magic Kingdom as a way to explore Kerberos. Sure the comparison doesn’t completely track, but it’s close and easy enough to grasp that I think you won’t mind missing—trust me on this—the standard Kerberos protocol diagrams. Back to Disney World: you’re now in the park with your passport booklet…

800px-Syringe_and_hypodermic

Top Five Most Dangerous Software Errors

Over the years, Mitre, the MIT research group, has been analyzing software bugs and missteps that hackers have been able to exploit. Their Common Vulnerabilities and Exposures (CVE) classifications are something of a de-facto standard used for describing the root software causes in an attack.  Working with SANS, the Mitre CVE team has come up…