Keep Your Eyes on This Adobe 0-Day

A new Adobe exploit is circulating via Flash movies in the last day or so. Looks like the vulnerability is present across many Adobe products and can be exploited on Android, Linux, Windows and OS X.

Here is a link to the Dark Reading article about the issue.

You can also find the Adobe official alert here.

As this matures and evolves and gets patched, it is a good time to double check your patching process for workstation and server 3rd party software. That should now be a regular patching process like your ongoing operating system patches at this point. If not, then it is time to make it so.

Users of HoneyPoint Wasp should be able to easily any systems compromised via this attack vector using the white listing detection mechanism. Keep a closer than usual eye out for suspicious new processes running on workstations until the organization has applied the patch across the workstation environment.

MSI Partner Syhunt Brings Source Code Scanning to ASP & JSP

Syhunt has launched a very nice and powerful new edition of their Sandcat web application security tool. Sandcat is an extremely thorough and very capable assessment engine for web servers, web applications and web application source code. MSI has been using the tool for many years and we enjoy a very close relationship with the team behind the tool.

In addition to adding new features to the PHP source code scanning, this new release gives users the new capability to do white box testing on web applications for XSS vulnerabilities beyond PHP. The new version now includes cross site scripting checks for classic ASP, ASP.NET and JSP (JavaServer Pages) code modules. Syhunt even plans to further extend the classes of checks in those languages in the coming months. As with PHP source code assessment, this is a very powerful tool for increasing the quality and security of web applications, both new and legacy, around the enterprise.

Check out the new release at http://www.syhunt.com and let them know you heard it about from MSI. The Syhunt team are nice folks and they work very hard to bring you one of the most flexible, powerful and easy to use web application tools on the planet. Give it a shot, we think you’ll become a huge fan too!

Wasp’s 0-Interface Design

A few people have asked me to elaborate on HoneyPoint Wasp’s (and HoneyPoint Agent’s) zero interface design. I’ll take a moment to explain what it is and how it works. Both Wasp and Agent are designed to be run on Windows systems as a “service”. Windows services run in the background on the system and usually do not have a graphical user interface.

With Wasp and Agent, we extended that concept to make them further transparent to the user by ensuring that no communication with the user of the system takes place. Unlike personal firewalls and most other information security, HoneyPoint does not have pop-up windows, user alerts or the like that occur on the Windows system. Instead, all alerts, security events and data are sent from the monitored system to the centralized Console. The Console then alerts the security team to incidents and security threats, without bothering the user at all.

The nicest thing about this design is that end users are never bothered with alerts and pop-ups that impact their work, cause help desk calls or interfere with their use of the system. In our experience, users usually don’t read the alerts or respond to the pop-ups anyway, so we spare them the noise. Instead, the security team can centrally monitor the Console and make decisions about when to act, contact the user or remove the computer from service based on what they see. This leads to better security choices overall, higher user productivity and vastly improved visibility for the security team.

The 0-interface design is a fantastic strength of HoneyPoint. It allows for the easy installation of a security tool that is all but invisible to the end-users of the system. It has no impact on user productivity, causes no spikes in help desk calls and requires no end-user training to deploy. Security teams get all of the positives of stronger visibility into the workstation world without any of these negatives, long associated with more traditional approaches.

Give HoneyPoint Wasp a try on your workstations and we think you’ll agree that 0-interface is the best way to go. Give us a call to discuss demo, schedule a pilot or to schedule a technical briefing. We look forward to showing you how HoneyPoint can help your organization have better security with far less hassle!

Better Detection on the Desktops is Now Available!

Gang, as we have been talking about for several months, MicroSolved is proud to announce the immediate availability of HoneyPoint Wasp. Version 1.00 of this new tool focused on detecting compromised workstations and Windows servers is now running full speed ahead. Clients and participants in the beta program have had some great things to say about the product, like:

“It’s a no-brainer!”, “…deeply extends visibility into the desktop world…” and “Immensely helpful!”

For more information about how Wasp can help you defend your desktops and workstations, plus play a critical role in identifying attacks against Windows servers, check out the press release, web page or give us a call at (614) 351-1237 to set up a briefing!

New Feature, Just In Time for Fall! Introducing Touchdown Tasks! #security

We started a new feature in our newsletter called “Touchdown Task.” Each month, we focus on a specific, measurable task you can use to firm up your own security strategy. This “Touchdown Task” focuses on authentication credentials. Here we go!

Goal: To identify and remove all network, system and application access that does not require secure authentication credentials or mechanisms.

What this task entails is finding all those systems and applications on your network that can be accessed without having to enter a user name or password; or that can be entered using a widely known default password. This is a very important task indeed! Our techs are often able to compromise the systems we test because of blank or poor passwords. This is especially dangerous since attackers of any skill level or even just the curious can take advantage of these blank or poor user credentials to poke around, access private information or even elevate their privileges and take control of the system!

There are a number of very common services and applications that come from the vendor with blank or well known default passwords. One of the most dangerous of these, and one we see all the time, is the SQL database. This software installs a blank SA administrator password and it is very easy to forget to change once the software is installed.

How do you find the blank and common vendor default passwords that may be present on your network? The best way is to perform an internal network vulnerability assessment (or have one performed for you by your security partner). There are a number of assessment tools available to carry out this task. Your organization most likely already has one in place. You can configure your assessment tool to perform these tests; isolating the data needed for this task from a more general security finding. Also make sure to check your FTP sites and file shares to ensure that they cannot be accessed anonymously.

To remedy the situation once suspicious access credentials have been found, simply change or install passwords that comply with your site’s information security password policy. Generally speaking, passwords should never be blank, widely known (default) or easily guessable. For example, your password should never be “password”, “admin”, “1234567”, “qwerty”, etc.

Passwords should also never be the same as the account name, the name of the organization, the name of the software package or other easily guessable possibilities. Good passwords should contain at least three of the four possible character types (upper and lower case letters, numbers, and special characters).
Undertaking this Touchdown Task is relatively easy and will prove to be truly valuable in protecting your network from attack! Give us a call if you’d like us to partner with you for security assessments.