Cisco Blogs

Cisco Blog > Security

Seeing The Big Picture With Global Correlation

In a previous post I provided an overview of the Cisco Global Correlation (GC) capability that was recently added to Cisco Intrusion Prevention Systems (IPS). The information sent to SensorBase includes signatures that generated alerts and other relevant data.

I thought it would be interesting to highlight what we can learn from this growing data set. I intend to focus my analysis around FTP-related signatures. Because FTP security issues are relatively well understood, I will be able to highlight the correlation capability we have at our disposal and focus less on the specific threat that is driving my analysis.

Read More »

Hurry Up, Already!

About a month ago, there was a coordinated disclosure on a flaw in TCP which affected a number of vendors, including Cisco. As is often the case when a vulnerability is disclosed in a widely-deployed technology such as TCP, it’s in the best interests of customers and the industry alike that everyone agrees on a common solution to the issue, as well as a date and time of disclosure. In this most recent event, the issue was first reported over a year ago — so what took vendors so long to formally address the flaw?

Read More »

Spotting Phishers In Three Easy Steps

With the recent deluge of phishing attacks (see 1, 2, 3, 4 and 5) it’s time once again to review some of the more common phishing methods and what you can do to spot and defeat them. Below I go over three you’re likely to see: Phishers getting to know you, complimenting, and befriending you. You’ll notice the tactics used by phishers build on each other. Unfortunately, as users have become more sophisticated, so have phishers.


[Before we go further you might be wondering… What the heck is phishing? Is it fun? Does it go well with lemon and dill? Answer: Phishing is the term used for the attempt at getting usernames/passwords/other credentials out of someone through subterfuge. It is only fun if you do it to your siblings or friends in jest. I wouldn’t recommend lemon near your computer.]

Read More »

Trojan Seeks to Exploit, Create Blindspot in Online Banking

Recent reports from security firm Finjan have highlighted an emerging capability for malicious code. The URLZone Trojan has the ability to alter HTML pages for certain German banks when viewed through a browser on an infected system. As a result, the attacker employing the trojan can make large transfers to the accounts of “mules”, who are often duped accomplices that launder transactions, without alerting the user of the infected system. The end result is that customers who trust only the information that their computer displays from their bank’s web site might not know that they have been defrauded. It might take an account overdraw or some other out-of-band event to make them aware of the shortfall.

Read More »

Here, Have the Keys to My Whole Life

October 1, 2009 at 12:00 pm PST

The web was all in a ruckus in late August, 2009.  Embarrassing screenshots of many Facebook accounts echoed, prompting questions of veracity and user adherence to basic security principles.  In fact, everything actually happened last February.  According to Jimmy Ruska’s detailed analysis of the incident, a Christian singles website accidentally allowed the email addresses and passwords of their entire 35000-strong userbase to be exposed.  Many of the users of this singles website used the same password for all of their online accounts.  This enabled the infamously malicious users of 4chan, an online forum that offers and encourages anonymous posting, to access the email, social networking, e-commerce and online payment processing accounts of the members of the site.  The Register has coverage of the attacks, although they neglect to mention when the attacks actually occurred.

This incident highlights how much risk you are taking whenever you use the same credentials at multiple websites.  With many websites using either your email address as your login name or offering password resets via email, it only takes one unintended exposure of its database of login credentials by one website for a potentially significant portion of your life and identity to be stolen and used by miscreants.  Read on for more details about the risks of re-using passwords or using passwords that are easily guessable, and for helpful advice on how you can reduce the risk to you and your business by managing unique passwords or using two-factor authentication.

Read More »