ARTICLES

You are safe! ROPEMAKER is nothing but a ruse

In last couple of days my security feed exploded with mention of ROPEMAKER (Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky) and my first reaction was "wow! someone broke the email, and that too post delivery. #WTF". I immediately opened the source i.e. the blogpost that Mimecast has posted explaining the issue. Frankly on first read, it was a disappointment! I think most of the people that are talking about it like a new, big fancy issue to panic about, do not understand the complete picture. Disclaimer: This post is not to offense Mimecast, or in...
Read More

Tools tools everywhere, not a single one they look

The Rime of the Ancient Mariner, a poem by Samuel Taylor Coleridge about an old sailor who is compelled to tell strangers about the supernatural adventures that befell him at sea after he killed an albatross, a friendly sea bird. Water water everywhere, not any drop to drink. This metaphor was so apt in the middle of the sea; so it is in the middle of thousands of logging events. Most of the security articles we read, talk about the tools, products and how attacks can be prevented. A few mention of detection; and a handful on monitoring. So, here's...
Read More

Satellite beams 'unbreakable' cipher from space

If you are closely following the Quantum advancements, you would have come across the news of Chinese satellite "Mozi" launch in August, 2016. With this successful launch, Chinese proved they are way ahead (atleast per the public information) and are taking quantum-communication seriously. Mozi is dedicated to understand and test the phenomenon of Quantum entanglement. Mozi, a 500Kg satellite derived it's name from the 5th century BC chinese scientist and is motivated to perform Quantum Experiments at Space Scale (QUESS). It constitutes, Quantum Key communicator Quantum Entanglement emitter Entanglement source Processing Unit Laser Communicator Today, August 10th 2017,...
Read More

Wake up call. Apache Struts is being exploited

Dislaimer: It's a tale of incident response for a vulnerability dated March 2017, that wasn't patched on the server. And, someone exploited it naively. It was in the night that I received a message - "We have been hacked". As with most of the hacks, people tend to overreact (or sometimes under) and the 1st message delivers the least amount of information. It started a chain of events, and forensics to identify what happened, and how? Around 23:00h there was a trigger that some packet was knocking on the firewall port to go out of the internal...
Read More

Need for WAF in the world of Secure SDLC

You have a secure development lifecycle, and you do perform a pen-test before going live, or rolling out an application in production; then why do you need a Web Application Firewall? At the end, it is one more security product where ROI is difficult to prove. This is one of the most common question I have been asked when talking about application security. People are still conservative when it comes to buying a good WAF and implementing it across all applications. Common queries that are receive are, What's the use of WAF when my application is secure? What if the...
Read More

Jump Air-gap, Low Level C&C

The threat landscape is very dynamic, and new threat vectors are exploiting vulnerabilities for fun and profit. The whitehat security community is having a race against time with their counterparts. And, often the companies are becoming a target to spear phishing, APT and bots. Some institutions like financial sector, insurance sector, defense etc. have strong regulations to protect the perimeter. But, often these sectors have people working on their modern laptops with different adaptors - Wifi and Bluetooth. Now, the focus of this article is to demonstrate how to send data without connecting to any network; therefore, making it tough...
Read More

Revamp of OWASP Top 10 for 2017

Yes, the OWASP 2017 is coming but that doesn't mean it's your bible. Finally OWASP is performing a revamp of the Top 10 web-vulnerabilities as per the inputs received from the community. For the first time the OWASP community have also shared the inputs received from different Security consulting/ services firms. Reading through the list, it gives a good idea on what kind of vulnerabilities are more common in the industry, and the ones where the attacks have declined! The key changes released with the current release candidate (2017 rc1) version of OWASP Top 10 are, Merging of categories: A4/...
Read More

Are you using SIEM as a service?

SIEM as a service; in the cloud - Is it possible? Is it a fad? Or, is it yet to evolve? While we are catching up on cloud transformations, and moving generously in someone's data center, someone's VM or container; SIEM as well joined the cloud market. And, out emerged the companies who offer such SIEM as a Service model[1]. These companies promise to provide SIEM in the cloud, and you gather your logs; and send it to them. Now, a critical question is - does it have the features of a classic cloud model or is it just...
Read More