Watering hole attack prevention

Watering hole attack prevention

A watering hole attack is an indirect attack on a victim. Rather than directly attacking the victim’s network, the attacker attacks a web site that the victim’s employees are likely to visit. Then the attacker attacks the victim’s network, via its own workstations, from that web site. A former colleague asked me how you protect against watering hole attacks, and I thought this was a good exercise. So here are some strategies for watering hole attack prevention.

Read more

Whitelist Java to provide better security and a better user experience

One of the best things you can do to improve your security in a corporate environment is to limit the use of Java, or whitelist Java. Undoubtedly there will be one or more legacy web applications your company uses that require Java, and it’s almost inevitable that at least two of them will be certified for one and only one version of the JRE, and it won’t be the same one.

Believe it or not there’s a solution to the problem of conflicting JREs, but it took me years to find it, because I had no idea that Oracle called it “Deployment Rule Set.” The secret’s out now. If you run Java, and you want security, you need Deployment Rule Set.

Read more

Easier application whitelisting in Windows with App Locker

Application whitelisting is the holy grail of security, but it’s always at the top of the list of things people should do but haven’t yet. The reason is because it breaks stuff and it’s almost as impossible to anticipate ahead of time what it’s going to break as it is to fix whatever breaks.

I know. I wanted to do application whitelisting way back in 1997 and failed miserably.

I found a good-enough approach recently, though.

Read more

Mechbgon’s guide to safe computing on Windows

Mechbgon.com, the same place that published the outstanding guide to application whitelisting I mentioned last week, also has a guide to general security when building Windows PCs.

I think he overvalues UEFI and Internet Explorer 10, but if everyone followed his advice, there’s no doubt in my mind we’d be much more secure than we are right now. Although I mildly disagree on a couple of points, he has some outstanding advice in there.

The guide hasn’t been updated for Windows 10 yet, but most of what he says, if not all of it, will still apply and won’t be all that different to set up.

Application whitelisting on Windows, even home editions

One of the very best things security measures you can take is application whitelisting–limiting the apps that are allowed to run on your computer.

The Australian Signals Directorate–the Australian counterpart to the NSA–says doing four things cuts security incidents by a whopping 85 percent. You probably do three of the things. The fourth is application whitelisting.

  • use application whitelisting to help prevent malicious software and unapproved programs from running
  • patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office
  • patch operating system vulnerabilities
  • restrict administrative privileges to operating systems and applications based on user duties.

Read more

How to mitigate MS15-078 or future Microsoft font driver vulnerabilities

Microsoft rushed out an out-of-band patch, MS15-078, to deal with active exploits in their font driver yesterday. Since pushing out patches takes time, my boss asked me what we could do to mitigate the issue in the meantime.

The biggest threat, by far, is exploit-bearing fonts being downloaded from web sites. Ideally you only install trusted fonts from trusted sources locally on your workstations, right? If not, I suggest you start that practice as well.

You have a couple of options when it comes to blocking fonts in browsers.

Read more

Webcam spying gets more attention

So, apparently Miss Teen USA’s computer got infected with a webcam-spying remote access trojan. So someone got some sneaky pictures of her, and tried to blackmail her. Fortunately, instead, she decided to talk about it.

This is good. The majority of people don’t take computer security seriously enough. This could get some people talking, finally.

Unfortunately, the one effective technique against something like this–application whitelisting–isn’t available for the home versions of Windows. Most people think of application whitelisting is a corporate thing, but a signature-based whitelist would keep this kind of software from running on a home PC, which is the target for webcam snooping. Home users need it too. And unfortunately, it’s the people who are most likely to buy the cheaper home version who need it the most. Are you listening, Microsoft?

In the meantime, keep a piece of tape on your webcams, I guess.

But maybe now that Miss Teen USA is running around the talk show circuit talking about this stuff, people will start thinking that maybe, just maybe, bad stuff doesn’t always just happen to other people’s computers. Because it doesn’t.

As a security professional, I’m glad for anything that raises awareness. Because security awareness is one of the DSD Top 35 migitations–it’s #20. And of the 35, it’s the hardest to buy.

And if you’re not scared enough yet, it’s possible to do webcam spying not only with a laptop, but also with a smart TV. It’s a little harder with smart TVs because they’re all a little different, but nobody thinks about their smart TV, and the manufacturers rarely, if ever update them to fix security bugs. Fortunately, TV hacking is, as far as we know, more in the realm of theory right now than active exploitation, but it’s only a matter of time before that changes. The time to pressure manufacturers–or just stop buying smart TVs–is now.

WordPress Appliance - Powered by TurnKey Linux