Three-Layer Encryption Method Awarded Patent

Eruces Data Security has secured a patent for its three-step encryption and key management scheme, which is designed to lock down data through its lifecycle.

The security firm’s so-called Tricryption technology first encrypts the data itself with symmetric keys, and then encrypts the keys and stores them in a central key repository. It also encrypts the links between the data and the keys.

“It stores the keys separately from the data items and encrypts the links between them,” says Oggy Vasic, senior vice president of software development for Eruces.

Vasic says Tricryption is different in that it centralizes key management for different types of encrypted data, including file, database, and storage, and it applies individual access control lists for each key to determine how a key is used, who can use it, when they can use it, and how often, for example. So when a client requests a key, it’s then authenticated using LDAP, PKI, Active Directory, or other authentication methods, as well as authorized based on its access rights, he says.

The authentication and authorization part of the key process is aimed at protecting data from outside attacks as well as for preventing insider attacks, such as a malicious employee snooping into the database or siphoning information off of a storage device, he says.

Other encryption vendors offer key servers, of course, but Vasic says the main difference with Tricryption is that it’s based on symmetric cryptography, with a unique key for each data item. “Hence the Tricryption key server manages session keys — stored away from data,” he says. It runs on Windows, Linux, Solaris, AIX, and HPUX.

Read the rest of the story…

Posted in Internet, Privacy, Security | No Comments

Top 10 Popular Passwords

If you want to be stylish and liked, go with what’s popular. But if you want security, using the most popular passwords are a sure way to leave hackers an easy way into your accounts. Apparently, a whopping 20% of people use some variant of the following 10 password choices, according to this blog post:

• Your partner, child, or pet’s name, possibly followed by a 0 or 1 (because they’re always making you use a number, aren’t they?)
• The last 4 digits of your social security number.
• 123 or 1234 or 123456.
• “password”
• Your city, or college, football team name.
• Date of birth – yours, your partner’s or your child’s.
• “god”
• “letmein”
• “money”
• “love”

Of course, password crackers can hack a lot more types of passwords than just the top 10 variants–read the full article to learn more.

Source: IT Security

Posted in General BS, Internet, Privacy, Security | No Comments

Hacker writes rootkit for Cisco’s routers

A security researcher has developed malicious rootkit software for Cisco’s routers, a development that has placed increasing scrutiny on the routers that carry the majority of the Internet’s traffic.

Sebastian Muniz, a researcher with Core Security Technologies, developed the software, which he will unveil on May 22 at the EuSecWest conference in London.

Rootkits are stealthy programs that cover up their tracks on a computer, making them extremely hard to detect. To date, the vast majority of rootkits have been written for the Windows operating system, but this will mark the first time that someone has discussed a rootkit written for IOS, the Internetwork Operating System used by Cisco’s routers. “An IOS rootkit is able to perform the tasks that any other rootkit would do on desktop computer operating systems,” Muniz said in an e-mail interview.

Rootkits are typically used to install keylogging software as well as programs that allow attackers to remotely connect with the infected system. However, the most notorious rootkit of all, distributed by Sony BMG Music, stopped unauthorized CD copying.

A Cisco rootkit is particularly worrisome because, like Microsoft’s Windows, Cisco’s routers are very widely used. Cisco owned nearly two-thirds of the router market in the fourth quarter of 2007, according to IDC.

Read the rest of the story…

Posted in Hardware, Internet, Networking, Security, Software | No Comments

Admins warned of brute-force SSH attacks

Over the weekend, a number of network administrators issued warnings over an order-of-magnitude increase in the number of attempts to guess the username and password of systems running secure shell (SSH), the encrypted access method that replaced the common telnet service. System administrators at universities and some companies have reported login attempts coming from hundreds and thousands of Internet addresses over the past week, a stark increase from the handful of attacks the administrators saw previously.

The Internet Storm Center, a network monitoring team supported by the SANS Institute, warned system administrators on Monday to take steps to protect their systems, noting the sharp spike in attacks.

“From the most recent reports I have seen, the attackers have been using either ‘low and slow’ style attacks to avoid locking out accounts and/or being detected … (or) using botnets to do a distributed style attack which also is not likely to exceed thresholds common on the network,” Scott Fendley, a handler at the SANS Internet Storm Center and university network administrator, wrote in an ISC advisory.

Secure shell — the replacement for unencrypted telnet sessions — allows command line access to remote servers using encrypted and authenticated communications. Universities frequently have SSH enabled to allow researchers to remotely access their systems. In 2004, unknown attackers broke into many of the SSH accounts that allowed access to academic supercomputing centers.

Read the rest of this story…

Posted in Internet, Linux, Networking, Security, Software | No Comments

Bots Use SQL Injection Tool in New Web Attack

A little-known botnet has put a different spin on the recent wave of SQL injection attacks on thousands of Websites: It’s outfitting its bots with its own tool to launch SQL injection attacks on vulnerable sites.

The Asprox botnet, a relatively small botnet known mainly for sending phishing emails, has been spotted in the last few days installing an SQL injection attack tool on its bots. The bots then Google for .asp pages with specific terms — and then hit the sites found in the search return with SQL injection attacks, says Joe Stewart, director of malware research for SecureWorks, who has documented his findings on the attack.

Stewart says the Asprox botnet’s SQL injection attack is likely a copycat of the recent SQL injection Website attacks from China, which deliver a Trojan that steals online gaming passwords. But this is the first SQL injection attack Stewart has seen using a botnet and a toolkit to do the dirty work. Asprox so far has infected over 1,000 Websites this way, he says.

“I’ve seen bots get other types of infection tools, but not SQL injection” tools, Stewart says. “It’s almost like they noticed the Chinese[-based] attack and copied their code into their own binary for their own attack… The hacks are so similar to the way the other SQL injection attacks are going.”

The attack injects an iFrame into the Website, which then infects visitors with a malicious JavaScript file from the “direct84.com” domain.

Read the rest of this story…

Posted in Coding, Internet, Privacy, Security | No Comments