Comparing Different Tools for Threat Sharing

I had a guest-posting published at IBM Security Intelligence : Comparing Different Tools for Threat Sharing.

DNSSEC in Europe

The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS) used in IP networks.

It does not solve every security problem related to DNS but it will protect users from cache poisoning and other malicious DNS attacks. See DNSSEC FAQs for more info. And implementing DNSSEC is also a great excuse to finally clean up your DNS zones …

AsRead more.

Sync a github.com forked repository

I have a couple of forked git repositories. When I want to add custom code it’s useful to get the latest available code from the “original” repository. Before I can do that I have to sync my fork with the latest available code.

The steps to do this are explained extensively in the Github help, this is merely a placeholder for my own documentation.

Some online resources

https://help.github.com/articles/syncing-a-fork/ https://help.github.com/articles/configuring-a-remote-for-a-fork/

The first step that you willRead more.

Client side certificate authentication

TLS (Transport Layer Security) and its predecessor SSL provide secure communication over a computer network. The most common use for TLS/SSL is for establishing an encrypted link between a web server and a browser. This allows you to guarantee that all data passed between the browser and the web server is private and not tampered with.

You can use certificates on both sides, the server side and the client side.

Web site certificates, or serverRead more.

Logjam vulnerable websites in Belgium

Recently a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published an analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. They reported on a downgrade attack against the TLS protocol which would allow attackers to read and possibly alter your supposedly secure communication with a website or VPN connection.

The issue is located in the EXPORT cryptography, similar to the FREAK attack (althoughRead more.

Getting started with MISP, Malware Information Sharing Platform & Threat Sharing – part 3

In the two previous posts on MISP

Getting started with MISP – part 1 – Configuration Getting started with MISP – part 2 – Usage

I covered the basic installation, configuration and usage of MISP, Malware Information Sharing Platform & Threat Sharing.

Visit the page from CIRCL.lu to get a good overview of the possibilities of MISP and a description of a practical use case.

If you need (commercial) support you should visit http://www.misp-project.org/.

Read more.

Check your site for Logjam

The Logjam Attack basically allows an attacker to downgrade a secure connection to a VPN or secure website so that the attacker is able to read or modify your communication. The issue was found in the way how Diffie-Hellman key exchange has been deployed. It has been extensively described at https://weakdh.org/.

You can test if your server is vulnerable via the Qualys SSLServer test or via a form on the weakdh.org website.

The output fromRead more.

Protect yourself against Dridex

The Dridex banking malware (and Bartalex) is one of the cyber security threats that organizations face today. The malware attempts to steal credentials for banking websites and acquire personal information entered into websites that are of interest to the attackers.

It uses HTML injections and changes often, making it harder for antivirus solutions to detect it.

Dridex is delivered in three stages.

A spam campaign delivering an e-mail with an attachment; A Word documentRead more.

Who accessed your personal data in Belgium?

In May the Belgian media reported that civil servants were accused of violating people’s right to privacy. The civil servants stand accused of consulting the state register that contains personal data on all citizens, without a proper reason to do so.

Who accessed your personal data in Belgium? You can check for yourself with an e-id and a card reader.

First close all your browser windows; Insert your card reader; Insert your e-id; Open aRead more.

Analyzing spam e-mail headers

I analysed a couple of malware samples in the past that arrived via e-mail. I always found the setting of the X-Mailer header of these e-mails something unusual.

The X-Mailer header is set by the sending program and describes the mail client (mail program) that was used to send the message. Note that spammers can insert whatever value they deem necessary. There’s nothing that prevents them to insert bogus data. Also note that someRead more.