Category: Cyber security

The impact of Generation Y

Born digital, the kids who grew up with the Internet are appearing in the workforce. It is important to attract and retain the best of this Generation Y, and unified communications and collaboration systems have a role to play.

It is clear from Fujitsu’s research that IT managers and CIOs recognise this. Forty percent of respondents to a recent survey conducted by IDG Connect on Fujitsu’s behalf saw the provision of a unified communication and collaboration (UCC) infrastructure as either very important or important today. In three years’ time, 43% said they expected it to be extremely important, up from today’s 15% figure. Only a tiny minority (4%) perceived it as not very important.

Further, 79% of the survey’s respondents said that their implementation of UCC had been accelerated either moderately or significantly as a consequence of the needs and expectations of Generation Y employees.

As well as the need to deliver a UCC to meet expectations, IT managers further reported that the work styles of a younger generation raised a number of challenges. Core among these is data security (77% said so) and individual IT requirements, such as new devices (54%). For example, the survey found that 82% of end users have a mobile phone or smartphones, and 76% have either a tablet or notebook. Phones and file sharing receive the most organisational support, the survey found.

Other research clearly demonstrates a shift of power away from the centre and towards the end user. This appears unstoppable. More than one survey result shows that many users will break corporate device usage and security policies if the company does not provide devices and adequate infrastructure support, leaving corporate data at risk on unprotected device storage. Not only is there a commercial risk here but the possibility exists that this may expose a company to becoming non-compliant with legislative requirements.

The trend of a growing number of personal devices containing increasing amounts of storage looks set only to continue, as hyper-connected wearable computers start to appear on the market from 2015 onwards.

It is clear that end-user devices are here to stay and there is little or nothing the IT department or the company as a whole can do to hold back the tide. Instead, the organisation must embrace and extend its security and communications systems to include those devices, and continue to educate users in best practices.

{{ source }}

Personal project : Kimsufi dedicated server

Hello,

Well, it’s been 2 weeks I have not posted anything and since I visited a friend yesterday who gave me a very knowledgeable security course, this is the perfect time for posting my improvements in building a secure server =)

Over the past 2 weeks, there were 1400 failed logins on ssh and 66 errors in the apache log. I manually banned more than 50 IPs. Hopefully noone broke in and these were more like ‘sympathetic’ knock-knocks from my fellow hackers =)
At least I’ve learned that ANY server (at the very least mine) is attacked on a daily basis (from 8 to 252 times a day). The security I implemented was quite enough but not as good as my friend, Matthias, told me.

Here’s what we had done for a couple of hours yesterday :

  • ssh access restricting : easiest way to protect ssh is A. to not allow root to be able to log in and B. to allow only some users who may ‘su -p’ (PermitRootLogin and AllowUsers parameters in /etc/ssh/sshd_config)
  • firewall configuring : Matthias used a set of optimized scripts from one of his previous projects; the firewall rules were finely tuned to match with my security requirements, i.e. he commented a lot of lines (some with bandwidth management, for instance)
  • administration reporting : he also installed quite a few softwares (especially Logwatch) plus more personal scripts and crontab’ed the report so I would at least get one report in my emailbox @ 7am from Logwatch and also what packages needed to be updated
  • overall optimization : 3 open sockets were removed by the firewall and also we removed unnecessary services, like bind and vsftp for instance.

I’m very happy of what we accomplished yesterday : the current security level is very high for the current non-production status of this server.
I still have some reporting tools to install like Munin and some more tuning to perform, but as it stands for now, we met my security requirements.

Next projects : web hosting and ownCloud.

Projet personnel : serveur dédié Kimsufi

Hello ^^

Bon alors, j’ai quelques nouvelles neuves!

J’ai fait une refonte complète de mon serveur : j’ai réinstallé une Debian Wheezy 64bits toute neuve ainsi qu’apache2, PHP et MySQL.

Pour l’instant je teste la sécurité du serveur et je commence à pas trop mal me débrouiller avec les services lancés et les ports associés (sshd et ceux du serveur web), les programmes de sécurité (iptables et fail2ban notamment) ainsi que leurs fichiers de log. D’ailleurs fail2ban, qui empêche les attaques par force brute, marche à merveille :

auth.log.20150208échecs d’autorisation des vilains =/

 fail2ban.log.20150208la réponse de fail2ban ^^

on remarque qu’au bout d’un certain nombres d’échecs dans un certain laps de temps, fail2ban banni l’ip du vilain temporairement <3

Ca ronronne! D’ailleurs je vais mettre en place des procédures de sécurité et écrire des scripts d’administration pour automatiser toutes les commandes de consultation des logs des différents programmes et aussi celles associées à netsat, nmap, iptables, etc.

Dans une semaine quand j’aurais un peu plus blindé mon cyberbunker, je continuerais sur mes autres projets :

  • hébergement web (pour moi essentiellement, mais j’ai déjà quelqu’un d’intéressé =)
  • cloud privé avec ownCloud
  • administration avec ISPconfig

OH! Cerise sur le gâteau, hier j’ai passé la nuit (ok j’éxagère !o) à configurer vsftpd et il est enfin fonctionnel =) Il me reste encore à tester la sécurité des échanges et gérer les utilisateurs, mais je suis pas mal fier de moi ^^

 

cybermaohi out!

 

Roundcube : new stable version 1.1.0 released

We’re proud to announce the arrival of the next major version 1.1.0 of Roundcube webmail which is now available for download. With this milestone we introduce new features since version 1.0 as well as some clean-up with the 3rd party libraries:

  • Allow searching across multiple folders
  • Improved support for screen readers and assistive technology using WCAG 2.0 and WAI ARIA standards
  • Update to TinyMCE 4.1 to support images in HTML signatures (copy & paste)
  • Added namespace filter and folder searching in folder manager
  • New config option to disable UI elements/actions
  • Stronger password encryption using OpenSSL
  • Support for the IMAP SPECIAL-USE extension
  • Support for Oracle as database backend
  • Manage 3rd party libs with Composer

In addition to that, we added some new features to improve protection against possible but yet unknown CSRF attacks – thanks to the help of Kolab Systems who supplied the concept and development resources for this.

Although the new security features are yet experimental and disabled by default, our wiki describes how to enable the Secure URLs and give it a try.

And of course, this new version also includes all patches for reported CSRF and XSS vulnerabilities previously released in the 1.0.x series.

IMPORTANT: with the 1.1.x series, we drop support for PHP < 5.3.7 and Internet Explorer < 9. IE7/IE8 support can be restored by enabling the ‘legacy_browser’ plugin.

See the complete Changelog at trac.roundcube.net/wiki/Changelog and download the new packages from roundcube.net/download.

{{ source }}

Un malware à retardement s’est glissé sur Google Play

Google Play a été purgé en urgence de trois applications qui hébergeaient un malware redirigeant vers des contenus malveillants via des messages d’alerte.

Tout est parti d’un message posté dans la soirée du 23 janvier sur les forums d’Avast. L’éditeur de sécurité IT d’origine tchèque a été informé, par l’un des utilisateurs de son antivirus mobile, de la probable présence d’un malware sur Google Play.

Il s’est écoulé dix jours avant qu’Avast ne communique l’information à Google… qui a réagi en retirant, ce mercredi 4 février, trois applications dans lesquelles l’agent malveillant en question s’était infiltré.

En tête de liste, le jeu de cartes Durak, téléchargé entre 5 et 10 millions de fois en quelques semaines, d’après les statistiques du Play Store.

Les deux autres applications touchées étaient également classées dans la catégorie « Divertissement ». La première consistait en un test de QI ; la deuxième proposait une approche ludique de l’histoire russe.

Ces trois applications – qui trouvent justement leurs racines en Russie (sans qu’on n’en connaisse précisément les créateurs) – auraient dû être bloquées selon la politique en vigueur sur le Play Store et à laquelle sont soumis les développeurs.

Un motif en particulier aurait dû motiver leur suspension : l’affichage de publicité à travers le système de notification d’Android, alors même qu’il ne s’agissait pas d’une « fonctionnalité à part entière » desdites applications. Et pour cause : c’est précisément le malware qui les déclenchait.

Alerte(s) à la pub

Plusieurs utilisateurs des forums Avast expliquent avoir signalé le problème à Google « début janvier » et déplorent l’absence de réaction du groupe Internet américain.

Ils ont tous détecté plus ou moins les mêmes symptômes : à chaque déverrouillage de leur appareil mobile (smartphone ou tablette), une page Web – ou une notification – s’ouvre pour afficher un message d’alerte.

Connexion Internet lente, infection virale, système d’exploitation pas à jour, fichiers illicites détectés en mémoire : quel que soit le désagrément, l’utilisateur est invité à prendre des mesures immédiates.

Mais s’il suit les conseils prodigués, il est redirigé vers des contenus malveillants. Aussi bien des sites Internet hébergeant des scripts malveillants que des applications volant des données personnelles ou envoyant des SMS surtaxés.

Pour ne pas éveiller les soupçons, le malware fait preuve de… patience. Il ne s’active qu’à deux conditions : que l’application infectée soit lancée au moins une fois et que l’appareil soit redémarré par la suite.

Dès lors, un compte à rebours s’enclenche. Les premiers comportements suspects ne sont généralement perceptibles qu’au bout d’une semaine. Il faut parfois même attendre jusqu’à un mois. Ce qui rend le malware d’autant plus difficile à détecter.

Trois réseaux publicitaires « légitimes » sont exploités pour afficher les messages d’alerte. Les instructions sont contenues au sein même du paquet d’installation (APK), dans un fichier nommé ads_settings.json.

Des commandes peuvent être reçues depuis un serveur distant via la composante mobi.dash.overapp.DisplayCheckService. La vérification du redémarrage de l’appareil est effectuée par mobi.dash.overapp.DisplayCheckRebootReceiver. Il est même possible de modifier la page d’accueil du navigateur avec mobi.dash.homepage.AdsHomepageUtils.

Ci-dessous, une démonstration du malware en vidéo par l’utilisateur qui a découvert le pot aux roses :

{{ source }}

New spyware targets iOS devices, steals pictures and data

A team of hackers that target governments, the military and journalists has turned its attention to the iPhone, according to Trend Micro.

The computer security company says it has discovered new spyware that infects iPhones, gathers large amounts of personal information and sends it to a remote server.

The spyware, called XAgent, is delivered via a phishing attack using a technique called island hopping. In that, the phones of friends and associates of the true target are first infected and then used to pass on the spyware link. It’s based on the assumption that the target is more likely to click on links from people they know than from strangers.

Once installed, XAgent will collect text messages, contact lists, pictures, geo-location data, a list of installed apps, a list of any software processes that are running and the WiFi status of the device. That information is packaged and sent to a server operated by the hackers. XAgent is also capable of switching on the phone’s microphone and recording everything it hears.

XAgent runs on both iOS 7 and iOS 8 phones, whether they’ve been jailbroken or not. It is most dangerous on iOS 7 since it hides its icon to evade detection.

On iOS 8 it isn’t hidden and needs to be manually launched each time the phone is rebooted—a process that would require the user to purposely reinfect their phone each time. For that reason, Trend Micro believes the spyware was written before iOS8 was launched last year.

While close to three quarters of Apple mobile devices are using iOS 8, a quarter are still running iOS7, according to data published by Apple this week.

“We’ve been monitoring the actors behind this for quite some time,” said Jon Clay, senior manager of Global Threat communication at Trend Micro, in a phone interview. “The criminals have introduced [the iOS app] as part of their campaign to move further into the [targeted] organization, using this rather than PC malware.”

While the identity of the hackers isn’t known, Trend Micro says it believes those behind what it calls “Operation Pawn Storm” to be a pro-Russian group. Past targets have included military organizations, defense contractors, embassies and media groups.

Clay says the group might have targeted iOS because it discovered or assumed that a lot of its targets use Apple devices, either as work phones or secondary personal devices.

Security software such as that offered by Trend Micro will detect XAgent, he said. Users can also look through phone logs, but manual detection of the spyware is quite difficult.

His best advice is the same that’s been offered for years: don’t click on links that appear to be suspicious, especially when they involve downloading software or entering passwords.

“The good thing for users is that this isn’t something that can be automatically done,” he said. “There are steps you have to do as a user to install this.”

{{ source }}

more on island hopping / leapfrogging

 

mobile device security

Security measures designed to protect the sensitive information stored on and transmitted by smartphones, tablets, laptops and other mobile devices. Mobile device security spans the gamut from user authentication measures and mobile security best practices for protecting against compromised data in the event of unauthorized access or accidental loss of the mobile device to combat malware, spyware and other mobile security threats that can expose a mobile device’s data to hackers.

Most mobile devices feature mobile operating systems with built-in mobile device security features, including iOS for iPhones and iPads, Google’s Android platform and Microsoft’s Windows Phone. Additionally, a variety of third-party mobile device security solutions are available for providing an additional layer of protection for mobile devices.

{{ source }}

10 Mobile Security Best Practices

Mobile security best practices are recommended guidelines and safeguards for protecting mobile devices and the sensitive data contained on them. Mobile security best practices apply to mobile devices used in business environments as well as for personal use, and the guidelines are largely the same in either scenario.

10 Mobile Security Best Practices

Some of the most common mobile security best practices include:

  • 1. User Authentication

    Restricting access to the device by requiring user authentication. Most mobile devices can be locked with a screen lock, password or personal identification number (PIN), but these measures are typically turned off by default.

    By requiring authentication before a mobile device can be accessed, the data on the device is protected in case of accidental loss or theft of the mobile device. Ensure the use of a powerful password in order to make it more difficult for a potential thief to access the device.

  • 2. Update Your Mobile OS with Security Patches

    Keep the mobile operating system and its apps up to date. Mobile operating systems like Apple’s iOS, Google’s Android platform and Microsoft’s Windows Phone provide regular updates to users that resolve security vulnerabilities and other mobile security threats, as well as provide additional security and performance options and features to users. These upgrades aren’t always updated automatically, so mobile devices users may need to turn on automatic updates or update their phones and apps manually on a regular basis.

  • 3. Regularly Back Up Your Mobile Device

    Ensure the mobile device’s data is regularly backed up. By backing up a device to another hard drive or to the cloud, the data can be restored in the event the device gets damaged or is lost or stolen. A backup utility or app that runs automatically on a specified schedule is recommended for keeping the backed-up data as current as possible.

  • 4. Utilize Encryption

    Utilize encryption for data stored on the phone as well as for data in transit with secure technologies such as VPN. It’s also a mobile security best practice to never transmit sensitive or personal information over a public Wi-Fi spot, especially one that is unsecured, without using a secure transmission option like VPN.

  • 5. Enable Remote Data Wipe as an Option

    Ensure a remote data wipe option is available on the device and that users know how to utilize it in case the device is stolen or lost. Apple’s Find My iPhone app, for example, offers a remote data wiping option in addition to the ability to find the iPhone if it’s lost.

  • 6. Disable Wi-Fi and Bluetooth When Not Needed

    Limit the potential for access by hackers through Wi-Fi or Bluetooth by disabling these connectivity options when not needed.

  • 7. Don’t Fall for Phishing Schemes

    Avoid potential phishing schemes and malware threats by avoiding clicking on links or opening e-mail attachments from untrusted sources, as they may be from a fraudulent source masquerading as a friend or legitimate company.

  • 8. Avoid All Jailbreaks

    Ensure that the phone remains locked down as opposed to being jailbroken. While jailbreaking a smartphone can enable the user to run unverified or unsupported apps, many of these apps carry security vulnerabilities. In fact, the majority of security exploits for Apple’s iOS only affect jailbroken iPhones.

  • 9. Add a Mobile Security App

    Research and select a reputable mobile security app that extends the built-in security features of the device’s mobile operating system. Well-known third-party security vendors such as Lookout, Avast, Kaspersky, Symantec and Qihu offer mobile security apps for iOS, Android and Windows Phone.

  • 10. Communicate Your Mobile Security Best Practices

    In enterprise and small business environments, it’s vital for IT staff to ensure the company’s policies and mobile security best practices are clearly communicated to employees so that they are aware of what to do and what not to do in terms of protecting the security of their mobile devices and their data. In addition to explaining best practices, this communication should also include which apps, BYOD and BYOC solutions are permitted in the work environment and which aren’t allowed for use.

{{ source }}

mobile security threats

Mobile security threats include both physical and software-based threats that can compromise the data on smartphones, tablets and similar mobile devices. Mobile security threats include everything from mobile forms of malware and spyware to the potential for unauthorized access to a device’s data, particularly in the case of accidental loss or theft of the device.

Mobile malware and spyware security threats can access a device’s private data without a user’s knowledge or consent and can also perform malicious actions without the user knowing, including transferring control of the device to a hacker, sending unsolicited messages to the device’s contacts, making expensive phone calls on smartphones, and more.

Physical Mobile Security Threats and Other Types of Threats

When it comes to physical mobile security threats, phones that lack passwords, screen locks or other forms of authentication are vulnerable to unauthorized access, which can compromise sensitive information stored on the mobile device. And if the device gets lost or stolen, hackers can bypass many forms of authentication in order to gain access to the device’s sensitive information.

Additional types of mobile security threats include applications that take advantage of vulnerabilities in the mobile operating system or a mobile application to gain access and/or control of the device, phishing scams, Web browser and network-based exploits, Wi-Fi packet sniffing for accessing mobile device data in transit, and more.

{{ source }}

mobile device management – MDM

MDM is short for mobile device management.

What is Mobile Device Management (MDM)?

Mobile device management (MDM) is a type of security software used by an IT department to monitor, manage and secure employees’ mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization. Mobile device management software is often combined with additional security services and tools to create a complete mobile device and security Enterprise Mobility Management solution.

The Gartner research firm defines mobile device management as “a range of products and services that enables organizations to deploy and support corporate applications to mobile devices, such as smartphones and tablets, possibly for personal use — enforcing policies and maintaining the desired level of IT control across multiple platforms.”

Mobile Device Management Solutions

Most mobile device management solutions provide organizations with end-to-end security — meaning the mobile apps, network and data used by the mobile device (in addition to the mobile device itself) are managed by an organization’s IT department with a single mobile device software product.

Some enterprise MDM solutions combine mobile security and expense management in a single product. Depending on the vendor and what specific features it supports, you can typically expect mobile device management software to contain some or all of the following features: management and support of mobile applications, mobile policy management, inventory management, security management and telecom service management.

BYOD and Mobile Device Management

The widespread proliferation of consumerization of IT means more personal consumer computing devices — such as smartphones, laptops and tablets — are brought to the workplace by employees for use and connectivity on the corporate network. The phrase BYOD (bring your own device) has become widely adopted to refer to these employees. Today’s category of mobile device management software is one way that an organization can deliver secure mobile solutions to its BYOD workforce.

Recommended Reading: Webopedia’s BYOD, consumerization of IT and security software definitions.

MDM is also short for master data management.

consumerization of IT

Consumerization of IT (“consumerization”) is a phrase used to describe the cycle of information technology (IT) emerging in the consumer market, then spreading to business and government organizations, largely because employees are using the popular “consumer market” technologies and devices at home and then introducing them in the workplace.

Consumerization of IT Security Concerns

Consumerization of IT not only refers to the use of personal consumer electronics at work — like iPhones and tablet PCs — but also online services, including online data storage, Web-based email services (“web mail“), and social media or social networking sites like Facebook and Twitter.

Consumerization of IT is driven by employees who buy their own devices, use their own personal online service accounts, install their own applications and then connect to the corporate network with the device, often without the organization’s knowledge or approval.

For small business, corporate and government organizations, the biggest challenge for IT is that employees using unapproved technologies and devices at work is a network security risk, but even with that understanding is the knowledge that these devices will still come in to the workplace and be used by employees, even if corporate security policies are in place.

Companies Embrace Consumerization of IT

Many companies today have realized that by embracing the consumerization of IT, this will not only save money and increase business agility, but also improve employee productivity.

One popular initiative is called BYOD (“bring your own device”). This phrase has become widely adopted to refer to mobile workers bringing their own mobile devices, such as smartphones, laptops and PDAs, into the workplace for use and connectivity on the corporate network.

Instead of fighting employees who want to BYOD to work, many corporations allow employees to use their own mobile devices at work and implement a “BYOD policy” to help IT better manage these devices and ensure network security is not compromised.

Learn How to Embrace the Consumerization of IT in this CIO Update article.

security software

A general phrase used to describe any software that provides security for a computer or network. There are many types of security software including antivirus software, encryption software, firewall software and spyware removal software. Additionally, many operating systems also come preloaded with security software and tools. The two most common types of security software used for personal computer security are antivirus software (virus protection software) and antispyware software (spyware removal software).

sources :