Reading an article, I discovered that there is a router vulnerability that put approx. 12 million home network users at risk for theft of personal information, home security, and even control of devices on the network. This vulnerability resides in the firmware of the wireless router, typically in the web server "ROMpager".The HTTP server provides the web-based user-friendly interface for configuring the products.
This vulnerability effects versions prior to 4.34 and makes them susceptible to a bug called the "Misfortune cookie". It is called this because it allows attackers to control the HTTP request by manipulating cookies. The vulnerability, tracked as CVE-2014-9222 in the Common Vulnerabilities and Exposures database, can be exploited by sending a single specifically crafted request to the affected RomPager server that would corrupt the gateway device's memory. This allows an attacker to target any device connected to the network.
This is critical because once the attacker gains control of the network they can monitor webcams, read text messages, steal data, or control any platform connected(including home security devices).At least 200 different models of gateway devices, or small office/home office (SOHO) routers from various manufacturers and brands are vulnerable to Misfortune Cookie, including kit from D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL.
Ideally, if you own one of these routers, it is probably best to upgrade your home network security protocols by either updating the firmware or changing the router out for a newer system. Although this vulnerability was first exposed in 2002, over 12 million home networks still exist with this vulnerability. Here why- some vendor firmware patches that have been installed to correct this vulnerability, just removed the version number on the firmware, making it appear to have fixed the issue when in reality it did not.
To learn more read at: http://thehackernews.com/2014/12/router-vulnerability-puts-12-million.html#sthash.SPN8gPqa.dpuf
A CISOs Guide on Cybersecurity
Modern CISO Network: Board Book
Sunday, December 21, 2014
Sunday, December 14, 2014
Smart watch hacked- vulnerability in devices
Today's devices seem to link to just about every kind of Bluetooth device on the market. They range from headsets, watches, speakers, and even other IOSs. This expansion of technology has allowed people to stay connected in no matter what environment they are in. This is beneficial but there are vulnerabilities that need to be compensated for.
Let's look at the smart watch by Samsung. Current research done showed that this device is susceptible to brute force attacks intercepting and decoding user's data, including text messages and Facebook conversations. This is accomplished by the six-digit pin used to transfer information over Bluetooth.
This pin only allows about a million possible key combinations so it is fairly easy for attackers to conduct a brute force attack to gain access. The pairing of the device allows attackers the ability to gain complete access to the information.
So, it poses the question, How do we protect ourselves from this vulnerability? One way would be to use Near Field Communications (NFC) to safely transmit the pin to Bluetooth devices or to create stronger password encryption techniques. Either way both are costly and make the process of using the technique more tedious.
To find out more read:
http://thehackernews.com/2014/12/Android-Smartwatch-Hacked.html
http://securityaffairs.co/wordpress/31007/intelligence/smartwatch-hacked.html
Let's look at the smart watch by Samsung. Current research done showed that this device is susceptible to brute force attacks intercepting and decoding user's data, including text messages and Facebook conversations. This is accomplished by the six-digit pin used to transfer information over Bluetooth.
This pin only allows about a million possible key combinations so it is fairly easy for attackers to conduct a brute force attack to gain access. The pairing of the device allows attackers the ability to gain complete access to the information.
So, it poses the question, How do we protect ourselves from this vulnerability? One way would be to use Near Field Communications (NFC) to safely transmit the pin to Bluetooth devices or to create stronger password encryption techniques. Either way both are costly and make the process of using the technique more tedious.
To find out more read:
http://thehackernews.com/2014/12/Android-Smartwatch-Hacked.html
http://securityaffairs.co/wordpress/31007/intelligence/smartwatch-hacked.html
Tuesday, December 2, 2014
Current Trends in CyberSecurity- CERT approach
Cyber Security is a continuous growing field that requires a myriad of skills to master. The types of cyber attacks are continuing to evolve daily. This requires managers and cyber security professionals to stay current on types of attacks, new technologies, and continue to hone their skills. One way to do this is to use the CERT approach to Cyber Security Workforce development.
This is accomplished by three phases- knowledge building, skill building, and experience building. Knowledge building is accomplished by increasing knowledge in fundamentals and basic concepts of cyber security. Skill building is investing in the technical skills needed to stay current and advance skills. Finally, experience building is the ability to adapt and apply knowledge and skills in unfamiliar environments.
Overall, a Cyber Security professional must be proactive, adaptive, and flexible. The ability to continuously learn new concepts and apply them in the organization is the difference between a current, protected framework and an obsolete, outdated system. Although the organization must find ways to keep their Cyber Security personnel current and qualified, a true professional continues to be proactive in learning.
For more information on the CERT approach to Cyber Security Workforce development read below:
http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA537055 PDF Url : ADA537055
This is accomplished by three phases- knowledge building, skill building, and experience building. Knowledge building is accomplished by increasing knowledge in fundamentals and basic concepts of cyber security. Skill building is investing in the technical skills needed to stay current and advance skills. Finally, experience building is the ability to adapt and apply knowledge and skills in unfamiliar environments.
Overall, a Cyber Security professional must be proactive, adaptive, and flexible. The ability to continuously learn new concepts and apply them in the organization is the difference between a current, protected framework and an obsolete, outdated system. Although the organization must find ways to keep their Cyber Security personnel current and qualified, a true professional continues to be proactive in learning.
For more information on the CERT approach to Cyber Security Workforce development read below:
http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier=ADA537055 PDF Url : ADA537055
Subscribe to:
Comments (Atom)