1 year, 10 months ago
It is known that at connection to open Wi-Fi to networks your traffic can be easily listened. Of course, now more and more websites use HTTPS. Nevertheless, it is yet not 100%. There is a natural desire to secure the traffic at connection to such open Wi-Fi to networks.
Popular solution of this problem — connection through VPN. In that case your traffic is transferred in encrypted form to the VPN server, and already from there goes to the Internet.
Such solution has a small shortcoming: until VPN connection is not set yet, all applications on your computer (including open tabs of the browser) get Internet access bypassing VPN connection.
In this article I will tell how it is possible to avoid it.
1 year, 10 months ago
The Microsoft company published at itself in the blog information on additional measures for safety of users. She will report to the users that their accounts Microsoft, including, Outlook.com and OneDrive were compromised with the person or a group of persons belonging to state-sponsored to cybergroup.
Microsoft specifies that the used state-sponsored cybergroups methods of a compromise of users differ in the complexity from those which are used by the simple malefactors acting from the personal and mercenary interests. The notification of the user on a compromise will unambiguously not say that the account was compromised, but indicates that the company recorded suspicious activity. Activity means that the user needs to take additional measures for the protection and protection of the accounts of Microsoft.
In our company we constantly conduct different researches (list), selecting a subject, interesting to us, and as — representing a result to PDF public with results.
This article article just from discharge of such researches. Carrying out works on the analysis of security we give usually very similar (the general for all) advice which follows a little, some best practices which or just raise the overall level of security of system (for example — application of CSP), or really allow to prevent attack.
It is known that the security level of system is defined by reliability of its most loose knot. On the practician, the ambassador of carrying out the analysis of security, based on the list of the found vulnerabilities, one gap or the whole chain is selected and the most problem link is defined. At once it is possible to tell that often correctly customized system can level risks of the existing vulnerability. During research we found out what potential vectors of attacks can be available to malefactors. For example, whether it is easy to steal session data of the user with vulnerability of a mezhsaytovy skripting. Also it was interesting to us to look, how simply to implement a phishing attack at users of bank. Having passed on these points and having conditionally put down "ticks", the malefactor can build vectors of further attacks to bank and its users.
To the surprise did not find articles on Habré on this subject and this article I would like to improve a situation. In it I will try to tell most intelligibly from attacking about Format String Attacks, however with some simplifications. In practice they are rather just permitted, but not really there are a wish to go in cycles in them. Besides, the most resistant, dolistavshy up to the end, in addition to invaluable knowledge the small bonus waits.
On Monday December 28 the Adobe company released the emergency security update closing 19 vulnerabilities in Flash Player product. The found errors of safety can be used by malefactors for execution of a malicious code on the computer of the victim, receiving over it complete control. In a zone of risk there are users of Flash Player for all existing OS.
The growing number of threats forces developers of means of the analysis of security to improve the solutions constantly. Now a wide choice of scanners of safety from different vendors who differ by the efficiency is presented at the market of IB. It makes impossible release of new versions of scanners without competitive analysis of similar products.
The Positive Technologies company developed own methodology of the competitive analysis for testing and comparison of scanners by objective criteria, it as types and amount of the found vulnerabilities, completeness of scanning of the different purposes. Besides, the database of the competitive analysis (DBCA — Database of Competitive Analysis) was created in which the unique vulnerabilities found in process of manual checks and automatic scanning of the synthetic purposes, real websites, CMS, web applications and other information systems safety scanners are collected (WebEngine – built in PT AF and PT AI, Acunetix, AppScan, etc.). DBCA is used for comparison of results of scanning by new versions of the Positive Technologies scanners with results of third-party scanners and eliminations of false drops (false positive).
However filling of DBCA demands months of manual skills of highly skilled test engineers. Processes of setup of environments and scanning take a lot of time, time of week. There is a process of validation of the found vulnerabilities even longer. So, three engineers of department of QA within a year worked on filling of the current base. In this regard there was a need of acceleration and automation of works.
The formal task of the DBCA conversion to the knowledge base, by use of NANOSECOND (as the decisive rule) and indistinct measuring scales was solved (for a linguistic assessment of results of classification in a form clear to the person). Practically DBCA was added with rules and mechanisms of elimination of the false drops which are in advance sorted by degree of confidence in their existence, estimated on an indistinct measuring scale. It allowed to accelerate work of test engineers on the analysis of results of scanning and elimination of false drops.
1 year, 10 months ago
DataBreaches.net reports about the found base of personal data of 191 million voters of the USA. The website at the moment lies under habraeffektam, google cache.
The researcher of Chris Vickery who was earlier already finding the multimillion bases of accounts which are not protected properly told about existence of unlimited access to 300-gigabyte base of the registered voters including: names/surname, postal and e-mail addresses, phones, dates of birth and so forth.
1 year, 10 months ago
Recent habrastatya about distinctions in byte by byte identical files caused from memory depths (and a mailbox) a small piece of my correspondence with one of the engineers who were responsible at that time for the line of the disks MPG in the Fujitsu company. For convenience of English nonspeaking readers, I give transfer from English under a cat.