Security Related

Guy Mizrahi about Security and Technology.
Subscribe

Archive for the ‘Uncategorized’

IDS or IPS?

June 25, 2010 By: Guy Mizrahi Category: Security, Technology, Uncategorized No Comments →

Couple of days ago, during a lesson (There is a course in Israel called CISO and I am one of the Instructors) I talked about IDS and IPS systems.

For those of you who are not familiar with the systems:

IDS stands for Intrusion detection System and IPS stands for Intrusion Prevention System.

As you can understand from the name of the devices, they are very close one to each other.

In many cases when I does my consulting work I see an IPS device in an organizations and when I ask why did they choose and IPS system over IDS system there is no answer.

When you try to look closely you can see that the main instruction was to alert when there is an intrusion. There is no need to take action, just to alert so why would you choose an IPS over IDS? when you try to look even closer you can see that this was the recommendation from the previous consultant and no one said otherwise.

Is this a problem? Maybe. I’ll explain..

IPS is a Device that need to interfere with the network traffic. The ability to interfere will allow the attacker to identify that there is an IPS on the network because the attacker can identify the fact that some packets will not do what they was supposed to.

I think that the main problem with IDS is that you know that it is there.

If you do not need an active defense, you should consider an IDS.

It is not present on the network from the attacker point of view.

The monitor port where you can place IDS probe is completly silent and will not allow interference with the traffic.

From the attacker view there is nothing to worry about and from your place you can view all the alerts in your SIEM and instruct the SOC to react.

Another idea is that if the attacker knows about the IPS he can identify it and maybe will have a way to hurt the device itself. a 0-day for IPS.

So why use IPS? because there are places that need to respond when they are under attack. Some people will say it is most of the places.

All I am saying is don’t go to IPS because someone said it is better. You need to consider if you need the functionality of an active system by responding to an attack. If that is the case, IPS will be a good decision but otherwise? You need to think.

btw: I consider IPS that is not in the prevention mode as IDS for this article.

mitm for smartphones

November 18, 2009 By: Guy Mizrahi Category: Uncategorized No Comments →

I have read this article about Man-in-the-middle attacks demoed on 4 smartphones.

Lets see… are they really saying this?

Can you really hack and manipulate clients of a non secured wifi lan?

It has been discussed a lot of times and demo of this attack is everywhere, so what is new here?

A free public tool (SSLstrip), an unsecured wifi access point and some technical skills can give you the power to hack any client near you.

but what is newย  here that deserve an article?

the fact that they attacked a smartphone?

I see no news here.

Smartphones are small computers. you can hack them as easy as you can attack a pc.

(well, maybe it is easyer on the iPhone because you already knows that the root password is alpine ๐Ÿ™‚ ).

What need to be said is that:

The knowledge and the way of think of a hacker is not limited to computers, phones or even electornics.

The hacker charm will work on everything: a person will be manipulated using Social Engineering and your credential will be stolen wherever you keep them.

The attack of a hacker is not because of the technology can allow it. It is happening because you allow this.

So? you want to surf without being hacked?

click here to download this and youll be safe (Just kidding! ๐Ÿ™‚ ).

E-crime by the Mafia in israel

November 02, 2009 By: Guy Mizrahi Category: Uncategorized No Comments →

I read the other day a great story that involves Mafia and computer crimes.

The story begins with a manager of IT services in the computers department of the Israeli gambling commissionย  that criminals tried to push him to install their pre made dedicated software.

This software was supposed to give the criminals the names and details ofย  the winning “TOTO” prize. The details was supposed to be sent to the criminals as soon as the winners declared and then they can obtain the winning tickets and collect the prizes.

The story does not end there.

A year later they tried a different approach. The criminals built a web site for the same comity that could sent a winning “TOTO Winner” (daily toto gambling game) a half an hour after the end of the gabling time.

This time the Israeli police was informed and started an investigation that led to the Zeev Rosenshtein organization (a big mafia head that is currently serving time in the US jail).

The police wanted to open a new task force of 100 officers to fight this kind of things but the all idea didn’t succeed.

Well.. I thinks that the regualr police can not fight this kind of crime. they need a better researchers to do this kind of investigations.

How many users on dreamhost server?

July 03, 2009 By: Guy Mizrahi Category: Uncategorized No Comments →

so, you want to find out how many users hosting their site along yours on dreamhost server?
this command will give you the amount of users on the server.
awk -F: ‘$3 > 999 { print $0}’ /etc/passwd | wc -l
each user have at least one site.

I am using luigi.dreamhost.com:
[luigi]$ awk -F: ‘$3 > 999 { print $0}’ /etc/passwd | wc -l
797

there are at least 797 users on luigi and probably a lot more sites.

Some of the best security related feeds

June 09, 2008 By: Guy Mizrahi Category: Uncategorized No Comments →

I have created an agregator that has most of the security rss feeds that i read.

I think most of you will find it intresting.

Lett me know if you think something is missing ๐Ÿ™‚

http://securityfeed.info/

Isn’t it cool to see e-mule working like this ?

May 02, 2008 By: Guy Mizrahi Category: Uncategorized 4 Comments →

emule

The best discount for Dreamhost hosting plans.

April 16, 2008 By: Guy Mizrahi Category: Uncategorized No Comments →

Dreamhost is one of the most hated hosting company.

I use their services for more than 6 months now.

In the first weeks – I was suffering from sluggish connection, low speed and more problems.

In the past 3 or 4 month I am very happy with their servers and connection. Look like they solved many of their problems.

If you need a hosting service and you don’t want to be bothered with space, bandwith and domains restrictions – you can check their hosting.

If you want Dreamhost hosting with the best discount – I created a kickass coupon for it:

You’ll get 50$ discount and a free IP! It is the best deal you can get from them ๐Ÿ™‚

If you want it – just enter KICKASS as the Promo Code.

What you’ll get (beside the discount and the free IP)?

Find other sites on a specific IP

March 29, 2008 By: Guy Mizrahi Category: Uncategorized 2 Comments →

It can be very useful to see what other sites are sitting on your site’s IP.

When you are using a shared host for your site or blog, you basically risk your site.

If an attacker is targeting other sites on the same server, his attack can hit you as well as other sites on the server.

More other sites on the hosting server = More chances your site can be hit in their attack process.

So how can you check the sites on your hosting server?

You can do it using this tool:

http://www.yougetsignal.com/tools/web-sites-on-web-server/

Internet in hotels

March 14, 2008 By: Guy Mizrahi Category: Uncategorized No Comments →

Surprise surprise – we are in Eilat ๐Ÿ™‚

My mom placed an order for hotel and flights to Eilat but she and my dad couldn’t go.

My wife and me got the vacation.. thanks mom and dad ๐Ÿ™‚

When we arrived into the hotel, we upgraded our vacation to VIP and therefore we can get into the business lounge.

We enjoy free food and drinks, breakfast in the 12’th floor with an amazing view.

The business lounge has two computers in it with a (more or less) fast Internet connection.

When I got to the computers both had their Internet browsers open.

One quick look and I saw that one computer was on Google. The guy who surf there before me left his Gmail account logged on.. You don’t even need to hack into his Gmail ๐Ÿ™‚

The other computer was in stock’s site. A few clicks “back” in the browser’s toolbar and I was logged as him.

It didnโ€™t end there…

A quick review of the computer show that it is full with spywares, Trojan horses, and other malware. The computer had Spy Sweeper installed but it didnโ€™t help..

So how can you work safely?

1. Donโ€™t leave your account logged in when you finish using it. It is better if you will not get into sites that require User and Password.

2. Delete the browser history, temp files and cookies when you finish.

3. Close the Internet Browser. Restart the computer. (If the policies do not allow this you can disconnect the computer from the electricity โ€“ it works too ๐Ÿ™‚ )

4. Best if you disconnect the computer from the network and use your laptop.

5. Work with cellular modem and donโ€™t rely on the hotel.

In my Hebrew blog I wrote once how to bypass Captive Portals.

Got some fire when I wrote that..

killing using hacking skills?

March 12, 2008 By: Guy Mizrahi Category: Uncategorized No Comments →

Yes, It is possible.

Security researchers managed to hack to defibrillator and pacemaker using Wireless (Yes, it is possible to hack it when the stuff is in one’s chest).

When they made POC the researchers put a defibrillator in a bag full of meat and managed to make it give a strong electric shock.

Scary..

The research here:

http://www.secure-medicine.org/PervasiveIMDSecurity.pdf


Bad Behavior has blocked 41 access attempts in the last 7 days.

FireStats icon Powered by FireStats