Top Priority Sector: video_surveillance_cctv Extreme Networks, Inc. introduced on Sept. 24 an Ethernet-based physical security network solution designed to help reduce installation, operational costs and truck rolls, and simplify operations associated with networked physical security systems, including integrated alarms, IP surveillance cameras, door locks and related elements. Homepage position: 10 read more View full post [...]
View full post on The Cyber Wars
An audit of the IT systems and networks at the U……. View full post on SANS NewsBites
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
View full post on National Cyber Security
Top Priority Sector: communications Aviat Networks, Inc., a provider of microwave networking solutions, announced on August 6 that it has been named as the microwave subcontractor on the AT&T Government Solutions‘ team to compete for orders to provide tactical communications equipment to the U.S. Department of Homeland Security (DHS). Homepage position: 10 read more View [...]
View full post on The Cyber Wars
Earlier this week, I talked about malware threats. Today, we’ll address a new trend. Turns out the perpetrators of targeted attacks are pragmatic, and are happy to borrow techniques that are even a decade old.
Trend #2 in M-Trends: An Evolving Threat is titled “Everything Old Is New Again,” and talks …
View full post on National Cyber Security
In its smallest version, Kevin Bong’s “Mini Pwner” spy router can fit inside an Altoids tin.
The next time an unexpected “repairman” cruises past your company’s security desk, you might want to check inside his tin of mints or pack of cigarettes. Especially if he’s also carrying an ethernet cable.
Kevin Bong, a Wisconsin-based security researcher and penetration tester, has developed what he calls the Mini Pwner, a spy computer smaller than a smartphone designed to be inconspicuously plugged into an ethernet port to gain access to a corporate network, feeding information back to a nearby hacker over its wifi signal. Bong sells a kit for the mini spy node for $99, but he also explains on his website how to put one together independently with just a TP-Link router running the open source OpenWRT software, a USB thumb drive, and a battery pack–components that add up to less than $40.
The result is a network cracking tool that’s just two inches square by one inch thick. Or with a bit more hardware fiddling, the Mini Pwner can even be removed from the TP-Link router’s plastic case and reassembled small enough to fit in an Altoids tin–a variant that Bong calls the “Minty Pwner.” (He admits the metal case might interfere with the router’s signal if it’s left inside.)
Bong says he built the Mini Pwner, whose name refers to the hacker lingo “to pwn” meaning to hack or gain control of a target, to aid in his day-to-day work sussing out clients’ security vulnerabilities as a penetration tester for the Brookfield, Wisconsin consultancy Synercomm. “The easiest way to get into a company is still to walk in looking professional and talk your way into a wiring closet,” says Bong. “Once this thing is configured, you can plug it in to the network you’re attacking and connect back to the router itself from the parking lot.”
Once it’s plugged into an open ethernet port on a wall, in a server closet or even into one of a company’s IP phones, the Mini Pwner is designed to run simple scanning tools including Nmap and dSniff that allow a hacker to map out a company’s network and passively collect information. More importantly, it can create a VPN connection so that a nearby hacker can connect to the tiny router’s wifi signal, tunnel into the target network, and run hacking tools like Metasploit to gain further access. The battery pack offers at least four hours of hacking time, Bong says, but a USB port on the Pwner can also be hooked up to power the device indefinitely.
The full “Mini Pwner” kit. The version inside the TP-Link router case is shown at top right, with an iPhone at bottom right for comparison.
The Mini Pwner is hardly the only small, cheap spy computer available to digital intruders: Other slightly larger devices like the Pwnie Express or the F-BOMB are designed to be plugged into wall sockets, or in the latter case even thrown or dropped onto a target from a flying drone, tunneling out of the target’s own wifi network to reconnect to the hacker. The Wifi Pineapple, by contrast, creates a “honeypot” wireless signal that’s designed to tempt unsuspecting users, stealing their data when they connect to its network. And some penetration testing applications such as the Android Network Toolkit run on Android phones, allowing a hacker to merely walk into a building with a phone and run exploits targeting vulnerable machines.
All of those devices are marketed as penetration testing devices rather than tools for illegal hacking. But as with any penetration test, Bong says the intrusion tricks are designed to make potential victims aware of methods that are available to less ethical hackers, too.
“Hacking doesn’t just mean someone sitting on a laptop somewhere,” says Bong. “You have to protect your ports, watch the people who come in the front door, and look at what’s plugged into your network. This stuff is out there.”
Article source: http://www.forbes.com/sites/andygreenberg/2012/04/17/hackers-tiny-spy-computer-cracks-corporate-networks-fits-in-an-altoid-tin/
View full post on National Cyber Security » Computer Hacking
The tech industry’s biggest little company, firewall vendor Palo Alto Networks, filed last week for an Initial Public Offering (IPO) which will raise $175 million (£110 million).
Founded in 2005 by former NetScreen CTO Nir Zuk the year after that highly-rated company was bought by Juniper, Palo Alto has risen to prominence as a pioneer of what analysts call ‘next-generation firewalls.’
This is a technological movement that reinvents firewalls to monitor application traffic, relating this to department and users in real time.
Nothing travelling across the network should be invisible to a next-gen firewall. Established firewalls looked at protocols and packets, a form of defence that has looked increasingly obsolete thanks to the dawn of application-aware systems.
Traditional firewall vendors have since embraced this concept, but the USP of Palo Alto is supposed to be that its systems are designed to do this job ‘from the ground up’ rather than having it retro-fitted. That gives them advantages in terms of management, or at least that is one of the claims made.
The weakness of Pal Alto’s approach is that it requires high-performance hardware inspection, which makes its products expensive. In defence of that approach, enterprise firewalls can be hugely expensive system regardless of whether they boast advanced application inspection or not.
The company is also being sued by rival Juniper Networks, which alleges patent infringements dating back to founder Zuk’s days at NetScreen.
The company’s S-1 filing with the US Securities and Exchange Commission (SEC) revealed that at the end of its last financial year on 31 January 2012 the company had 6,650 customers in 80 countries, revenue of $118.6 million and losses of $12.5 million.
View full post on National Cyber Security » Computer Hacking
View full post on SANS Institute Security Awareness Tip of the Day
View full post on National Cyber Security
