Cisco Blogs


Cisco Blog > Security

DEFCON 21 Wrapup

My first DEFCON was DEFCON Three, held at the Tropicana Hotel in Las Vegas.  The computer security conference scene was much, much smaller back then, but DEFCON had already become THE security conference of the year. Since that time I’ve continued to regularly attend DEFCON, and over the years I have collected some very fond memories of summer computer security conventions past.  I remember vividly when the Cult of the Dead Cow celebrated their release of Back Orifice.  I recall battling the Las Vegas heat in the large, “air-conditioned” tents at the Alexis Park Hotel.  I remember when the NBC Dateline journalist was outed at DEFCON after planning to surreptitiously record attendees confessing to hacking crimes.  I remember seeing the authorities hauling away a fake Automated Teller Machine (ATM) that had been installed in the Riviera.  Fun times…

defcon

Read More »

Tags: ,

DNS Compromise Distributing Malware

DNS records are an attractive target for distributors of malware. By compromising the DNS servers for legitimate domains, attackers are able to redirect visitors to trusted domains to malicious servers under attacker control. DNS requests are served from dedicated servers that may service many thousands of domains. Compromising these servers allows attackers to take over domains as a wholesale attack, serving malware from any domain that uses the DNS service.
Read More »

Tags: , ,

Attend the 2013 PCI Community Meeting for the Latest Core PCI Standards

The Payment Card Industry (PCI) Security Standards Council (SSC) is an open global forum for the ongoing development, enhancement, storage, dissemination, and implementation of security standards for account data protection. The 2013 meeting will focus on the updates to core PCI standards: PCI DSS, PTS PA-DSS.

Getting the latest information about the PCI Data Security Standard (DSS) is vital as products and technologies continue to change at a rapid pace. Being part of the conversations, networking with like-minded professionals, and interacting directly with payment card brands are just a few of the benefits of attending the seventh annual PCI SSC North American Community Meeting. The meeting runs September 24–26, 2013, at the Mandalay Bay Convention Center in Las Vegas, Nevada.

Read More »

Tags: , , ,

BREACH, CRIME and Black Hat

During the last three years, the security research community has been having a lot of fun with SSL/TLS uncovering a few nifty attacks. First, in 2011, Juliano Rizzo and Thai Duong released the details about the BEAST attack on Transport Layer Security (TLS) at the ekoparty Security Conference in Buenos Aires, Argentina. I wrote a brief overview of the attack at the following blog post:
http://blogs.cisco.com/security/beat-the-beast-with-tls

In 2012, again at the ekoparty Security Conference in Buenos Aires, Rizzo and Duong revealed a compression side-channel attack against HTTPS called CRIME. This year at Black Hat USA, Angelo Prado, Neal Harris, and Yoel Gluck uncovered a new attack and a tool they called BREACH, which is based on some of the previous research by the folks behind CRIME.

Read More »

Tags: , , ,

Error Correction Using Response Policy Zones: Eliminating the Problem of Bitsquatting

A memory error is a condition that occurs any time one or more bits being read from memory have changed state from what was previously written.  By even the most conservative of estimates Internet devices experience more than 600,000 memory errors per day.  Cosmic radiation, operating a device outside its recommended environmental conditions, and defects in manufacturing can all cause a “1” in memory to become a “0” or vice-versa.  Most of these bit errors are harmless, but occasionally the bit error occurs inside a domain name or URL, and this can affect where Internet traffic is directed.  The term “bitsquatting”, which refers to the practice of registering a domain name one binary digit different than another, is a term coined after a similar term, “cybersquatting” –the practice of registering an unofficial domain which could be confused for a legitimate one.

For example, the fully qualified domain name “www.cisco.com” could by changing only a single binary digit become the bitsquat domain name “wwwncisco.com”.  In this example, the dot separating the second and third level domain names has experienced a bit error, and changed to become the letter “n”.

Binary representation of a dot versus the character "n"

Binary representation of a dot versus the character “n”

Read More »

Tags: , , ,