Cisco Blogs


Cisco Blog > Security

Security Implications of Cheaper Storage

An advert from Byte magazine dating from July 1980 proudly offers a 10MB hard disk drive for only US$3495. Accounting for the effects of inflation, that equates to approximately US$10,000 in today’s prices. If data storage prices had remained constant, this would mean that the 1GB flash drive in my pocket would cost in excess of US$1,000,000, with possibly a price premium for small size and portability. In fact, it cost me about US$10, evidence of the continuing drop in the price of electronic storage media in terms of price by stored byte. The amount of storage that can be acquired for a given cost has roughly doubled every 14 months since 1980 [1]. There is nothing to suggest that this trend won’t continue for the foreseeable future. We can look forward to larger and larger data storage devices at cheaper cost. But what are the implications of this trend for security professionals? Read More »

Tags: , , , ,

July, a Busy Month for Breaches

This month has been particularly prevalent for the loss of personal information. At the beginning of the month it was reported that Club Nintendo had been breached with the personal data of up to 4 million stolen by attackers [1]. Subsequently, the forums of Ubuntu were hacked with the loss of 1.82 million usernames, passwords and email addresses [2]. Additionally, Apple have announced that their developer website has had an unknown amount of personal data stolen [3].
Read More »

Tags: , , , , , ,

Zeus Botnet Impersonating Trusteer Rapport Update

July 19, 2013 at 12:50 pm PST

Starting Friday, July 19, 2013 at 14:45 GMT, Cisco TRAC spotted a new spam campaign likely propagated by the Zeus botnet. The initial burst of spam was very short in duration and it’s possible this was intended to help hide the campaign, since it appears to be targeted towards users of a Trusteer product called Rapport. Within minutes of the campaign starting, we were seeing millions of messages.

spam3

This spam impersonated a security update from Trusteer. Attached to this file was the “RaportUpdate” file, which contained a trojan. We’ve identified this specific trojan as Fareit. This file is designed to impersonate an update to the legitimate Rapport product, which, as described by Trusteer, “Protects end users against Man-in-the-Browser malware and phishing attacks. By preventing attacks, such as Man-in-the-Browser and Man-in-the-Middle, Trusteer Rapport secures credentials and personal information and stops online fraud and account takeover.”

It’s important to note that while this end-point solution is designed to protect against browser-based threats, this specific attack is email-based. If the user downloads and executes the attachment via their mail client, it could bypass their browser and the protections of a legitimate Rapport client, entirely. If an end user is tricked into running malicious software for an attack via an avenue the attacker can reasonably predict, it becomes much easier to bypass network security devices and software.

 

Read More »

Tags: , , , , , , ,

Network Solutions Customer Site Compromises and DDoS

July 17, 2013 at 10:03 am PST

Network Solutions is a domain name registrar that manages over 6.6 million domains. As of July 16, 2013, the Network Solutions website is under a Distributed Denial of Service (DDoS) attack. Recently, Network Solutions has been a target for attackers; in a previous outage, domain name servers were redirected away from their proper IP addresses. This was reported to be a result of a server misconfiguration while Network Solutions was attempting to mitigate a DDoS attack. It is possible that the DDoS attacks are related.

According to isitdownrightnow.com, the Network Solutions site has been having issues for at least the last 24 hours.

response_time

Response time in ms (GMT -8:00)

Read More »

Tags: , , , , , ,

Expiring Albert: Recycling User IDs and the Impact on Privacy

Within many organisations offering online services to the public, there must be a great temptation to expire redundant user accounts that occupy desirable user IDs but which are never used by their users. Presumably the user IDs have been registered by someone, used on a couple of occasions, and then forgotten about. Expiring and recycling these user IDs and offering them to new users allows the organisation to better manage the quantity of unique User IDs, and also allows new users to potentially own the user ID that they desire.

On 20th June, Yahoo! announced that they will be expiring user IDs that have been unused for over 12 months in order to offer them to users.

you want a Yahoo! ID that’s short, sweet and memorable, like albert@yahoo.com instead of albert9330399@yahoo.com”, described Jay Rossiter, SVP of Platforms at Yahoo! [1].

Yahoo! is not the only webmail provider that expires inactive users and recycles their email addresses. Recently, researchers at Rutgers University identified that Hotmail also reissues email addresses that have been dormant for some time [2]. Yahoo! should be applauded for publicly raising the issue, describing their criteria for expiring accounts, and calling for users to access their accounts if they wish to prevent this happening. Read More »

Tags: ,