Tag Archives: Hacking

High Profile Hacks of 2014

Time and time again, the hacking and ex-filtration of corporate data is still going unabated with the latest victim being one of the most important organizations for the internet infrastructure.  ICANN has just announced the hackers were able to infiltrate its systems via email phishing and were able to gain access to some of its systems including systems that contained its root zone information.

Prior to ICANN hacking incident, Sony suffered one of the worst breaches of the year and terabytes of data were ex-filtrated and posted online.  Below are some of the most prominent hacking incidents of the year 2014 in my opinion.  It goes without saying that these are just the ones who made it to the headlines and being reported on.  Most likely the number of unreported or undetected incidents will be far more than the ones which made news.

High Profile Hacks of 2014

  • ICANN Hacking – ICANN’s announcement of the incident.
  • Sony Hacking – An excellent Analysis of the event from the beginning.
  • Home Depot – Over 100 Million records stolen.
  • JP Morgan – Over 80 million customer and small business accounts compromised.
  • EBay – Over 145 million users affected.
  • Target – Over 100 million records stolen.
  • Apple’s iCloud Hacking – Many celebrities lost their personal files.
Advertisements
Tagged , , ,

Enabling remote access to PostgreSQL database server

This post is taken from Nixcraft website. I was trying to find out how to access the PostgresSQL DB used in Kali the penetration testing tool.

By default, PostgreSQL database server remote access disabled for security reasons. However, some time you need to provide the remote access to database server from home computer or from web server.

Step # 1: Login over ssh if server is outside your IDC

Login over ssh to remote PostgreSQL database server:
$ ssh user@remote.pgsql.server.com

Step # 2: Enable client authentication

Once connected, you need edit the PostgreSQL configuration file, edit the PostgreSQL configuration file /var/lib/pgsql/data/pg_hba.conf (or/etc/postgresql/8.2/main/pg_hba.conf for latest 8.2 version) using a text editor such as vi.

Login as postgres user using su / sudo command, enter:
$ su - postgres
Edit the file:
$ vi /var/lib/pgsql/data/pg_hba.conf
OR
$ vi /etc/postgresql/8.2/main/pg_hba.conf
Append the following configuration lines to give access to 10.10.29.0/24 network:
host all all 10.10.29.0/24 trust
Save and close the file. Make sure you replace 10.10.29.0/24 with actual network IP address range of the clients system in your own network.

Step # 2: Enable networking for PostgreSQL

You need to enable TCP / IP networking. Use either step #3 or #3a as per your PostgreSQL database server version.

Step # 3: Allow TCP/IP socket

If you are using PostgreSQL version 8.x or newer use the following instructions or skip toStep # 3a for older version (7.x or older).

You need to open PostgreSQL configuration file /var/lib/pgsql/data/postgresql.conf or /etc/postgresql/8.2/main/postgresql.conf.
# vi /etc/postgresql/8.2/main/postgresql.conf
OR
# vi /var/lib/pgsql/data/postgresql.conf
Find configuration line that read as follows:
listen_addresses='localhost'
Next set IP address(es) to listen on; you can use comma-separated list of addresses; defaults to ‘localhost’, and ‘*’ is all ip address:
listen_addresses='*'
Or just bind to 202.54.1.2 and 202.54.1.3 IP address
listen_addresses='202.54.1.2 202.54.1.3'
Save and close the file. Skip to step # 4.

Step #3a – Information for old version 7.x or older

Following configuration only required for PostgreSQL version 7.x or older. Open config file, enter:
# vi /var/lib/pgsql/data/postgresql.conf
Bind and open TCP/IP port by setting tcpip_socket to true. Set / modify tcpip_socket to true:
tcpip_socket = true
Save and close the file.

Step # 4: Restart PostgreSQL Server

Type the following command:
# /etc/init.d/postgresql restart

Step # 5: Iptables firewall rules

Make sure iptables is not blocking communication, open port 5432 (append rules to your iptables scripts or file /etc/sysconfig/iptables):

iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 10.10.29.50  --dport 5432 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -s 10.10.29.50 --sport 5432 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

Restart firewall:
# /etc/init.d/iptables restart

Step # 6: Test your setup

Use psql command from client system. Connect to remote server using IP address 10.10.29.50 and login using vivek username and sales database, enter:
$ psql -h 10.10.29.50 -U vivek -d sales

Tagged ,

Regin (In Registry) Malware

Regin – In Reg

Security researchers are talking about a newly discovered malware with a possibility of being created years ago and with sophisticated capabilities of spying on its victims.  According to Symantec, the vicitms are spread across many countries, with most infections coming from Russia and Saudi Arabia.  Most researchers agree that the level of sophistication that has gone into developing this malware indicates that a nation state or states are behind it and the most likely suspects are the western intelligence agencies.

Encryption is used throughout the entire process starting from infecting the victim all the way to extracting sensitive information making the detection of this malware so far almost impossible.

Below are detailed analysis of this malware posted by Symantec and Kaspersky Lab.

Regin: Top-tier espionage tool enables stealthy surveillance

Regin: Nation-state ownage of GSM networks

Tagged , , ,

Survey shows users still unaware of online threats

A survey released by G-Data Security titled “Security Survey 200 – How do users assess threats on the internet” show users are misinformed by the type of threats that are online and the type of protection required to mitigate to the risks emanating from those risks.

As i blogged yesterday, this survey just reinforces that user education should be a paramount objective in any security program since end-users are now the prime objective of hackers as opposed to the well protected server network.

Tagged , , , , , , ,

2011 – The year of breaches

If you are in the information security industry these days, the events of this year show that the battle against the bad guys is increasingly becoming harder and difficult to win.  Security incidents at big security product/service vendors, huge multi-national companies as well as government agencies throughout the world show we are still very far off from achieving the ideal security within our organizations.  The question which poses itself is how these incidents are becoming so frequent while we have so many cutting edge technologies available to detect and prevent these incidents?  Technologies such as IDS/IPS, SIEM, WAF, DLP, EPS and many others that the security industry has produced are capable of at least detecting sophisticated attacks, attacks that are termed as advanced persistent threats.   So why are we still seeing huge data leaks and compromises at prestigious companies and military organizations left and right?

Back to the basics

I think the answer in my own little opinion is although we have made great strides in the technology side, we are still lacking a lot in the people and processes side.  I think we need to go back to the age old Security = People + Process + Technology formula.  Security can not be achieved by relying solely in technology or by thinking it the sole responsibility of IT departments.  If we go back and analyze most of the breaches of 2011, we see a trend of targeted attacks against end users via social engineering attacks.    I think people are the weakest link in this game and need to be educated or made aware of the importance of security in their day to day activity.  Like not opening suspicious emails as was the case with the RSA employee.  We need to invest heavily in user education and awareness and create the appropriate processes to control our information resources.

In order to do that information security efforts needs to be properly governed at the highest level of an organization to have a meaningful security program which protects information assets.  I was amazed to hear that a company as big as Sony did not have the position of CIO or CSO.  It shows that proper governance of security was not part of Sony.  Yet i believe Sony is not the only company in this and most likely the majority of organizations are still on the mind set of security belongs to IT.

Unfortunately until companies and organizations wake up as did Sony and realize that security needs to be governed at the highest levels, we are going to hear more and more of these breaches in the future.

Tagged , , , , , , ,