Here is a super secret picture of the soon to be released HoneyPoint appliance. The worker bees are hovering all around the hive and making last minute adjustments to the initial release.
I managed to snap this quick pic with my camera before they began to sting me. I hope you enjoy the preview.
The HoneyPoint appliance will likely be available late summer. Stay tuned for more info the details settle.
Tiny isn’t it?!!!
I was taking a look at some P2P stuff for our Reputational Risk work when I bumped into the LimeWire safety page. This is a page that is (I suppose) intended to educate users on the risks associated with P2P file sharing networks and the use of LimeWire specifically. I really thought it was interesting.
The page is: http://www.limewire.com/legal/safety
Some of the items the page covers are: copyright infringement, careful shared content selection (to avoid leaking documents, spreadsheets, etc. and entire drives/folders), adult content, spyware/malware cautions and lots of language about default behaviors. Now to be sure, the authors of LimeWire have implemented new controls in their version 5 software to make it more difficult for users to make mistakes and share the wrong contents. Even given that, I still caution everyone to do their own risk/reward assessment before using such a tool.
The bottom line is this. Check out the page, because as infosec folks, we need to be aware of what topics we need to continue to talk about with others. Educating them in how to configure this type of tool, should they choose to use it, might be a powerful way to help them (and maybe your organization) remain safer online. At the very least, it seems that LimeWire has at least done a good job of trying to caution people about the problems with using their tool. That, at the very least, is quite admirable!
Here is a recent lesson from one of our new Reputational Risk Audits that we have begun performing. The client, a financial services company, hired us to check out how their brand was being used online. They were very interested in possible risks that extend from the use of their brand and their online reputation.
We offer this service in three levels of research focus:
1. Basic web research and profiling only.
2. Inclusion of blogs and social networks.
3. Inclusion of peer to peer networks for leaking documents, pirated code, etc.
Our services look at many facets of online reputation and many mechanisms that DLP tools and the like might miss.
In this particular case, the client wanted us to focus in on the 1st and 2nd levels of our service. After a couple of weeks, we met to present our findings. There were several. I am at liberty to share one, in particular, with the public.
The client had a customer service person, we will call Sheila. Sheila had been with their organization for a little over 5 years and was considered to be a senior level customer service representative. She was very helpful and had great rapport with their customers. Unfortunately, Sheila had also recently discovered social networks and took it upon herself to create a customer support profile on a well known social media network. Her profile was linked to the brand and site of our client financial services company. Sheila did what she thought was an admirable thing and established the profile as an interface (albeit unsanctioned) for working with her customers.
Sheila was trying to do the right thing. She really wanted to use social media to talk to her customers, help them resolve their problems and truly help progress the image of the company she worked for. There were just a few issues with this approach:
1. She was asking customers confidential questions and receiving their information on a public service. This exposed the personal information of the customers to search engines, attackers and other online crimes.
2. She failed to obtain permission to use the brand of the organization she worked for and in doing so, caused harm to her customers AND the very company she was trying to help.
There are other issues as well, but these are the primary ones. Needless to say, our client was not thrilled when we detailed this for them. Talks with Sheila ensued and much discussion with attorneys, HR, regulators and eventually the customers were required. In the end, Sheila kept her position and while her management applauded her initiative and attention to the customers, she was sharply rebuked for causing the disclosures. Many customers were also furious as they were notified of the issue.
The moral of the story is that reputational risk is real. How your brand, online presence and service organization presents itself online has a huge impact on your customers, reputation and bottom line. Have you checked out your security policies around blogs, social media and/or online brand use? Have you sifted through the Internet to see what your organization looks like to the public, your customers and your employees? If you want to discuss reputational risk and how to help manage it, give us a call. We would be happy to talk you through some of the ways that you can tackle this growing issue. In the meantime, have a talk with your employees, especially customer service folks. Help them to understand that while they may want to “go the extra mile” to help their customers, they have to remain well within the boundaries of security and safe interaction. Sheila was trying to do the right thing, just like the folks on your team!
That’s right! Send us your picture taken in a “security-related pose” with a stuffed, bee costume or bee-related item and we will pick the winner of a FREE license for HoneyPoint Security Server!
Just like in life, style counts, so get your ideas together and send us those pictures! Our judges will pick the winner on April 30th, so get your pics in before then. Imagination, security details and fun will be the key to your success. Three runners up will receive FREE licenses for HoneyPoint Personal Edition!
You can send your pictures via email to: hppics@microsolved.com
Remember, we reserve the right to publish all submissions, so make sure you are OK with that before you submit. 🙂 Contest closes and winners picked at noon on April 30th, 2009. Enter as often as you wish, odds of winning depends on number of people entering. Have fun!
My technical team has been training some new engineers and have been focusing on SQL injections for the last couple of days. They wanted me to share some great resources that they have found and have been told about to help with learning the basics of SQL syntax and such. They are currently working on compiling a set of vulnerable platforms and system images to create a deep lab environment with many examples and test scenarios in which to sharpen their skills and test new techniques and defenses.
The first site that they like is SQLZoo.Net which is a gentle online introduction to SQL. It is perfect for those who took a SQL course long ago, or who is in need of the basics. It is a quick refresher and instructor of SQL syntax, processes and command basics. This basic education mechanism lays the ground work for them to understand SQL queries and reverse engineer the instructions that are in place as they perform SQL injections. (Thanks to @tnicholson for the pointer to this site!)
Second, they have found the book Hacking Exposed: Web Applications Second Edition to be very helpful. The explanations about, and the examples of, SQL injections really helped them “get it”. Once they walked through this, side by side, with members of our penetration testing team, they really made huge strides and were able to immediately employ the examples in the lab. Thanks to the authors for their great work on this book. The entire Hacking Exposed series is simply fantastic for training up and coming security engineers!
Lastly, with special thanks to OWASP, the team found the use of the WebGoat tool to be amazing. This is an interactive web mechanism for stepping through a variety of basic attack patterns. While not complete, in and of itself, for real application penetration testing, it is a great educational tool and makes for great training examples. Our team spent a good deal of time learning to communicate and demonstrate the issues in WebGoat to a mock set of upper management folks who were role playing their parts. Our team members must be able to clearly, concisely and expertly communicate technical issues to non-technical folks, so this makes a great platform for training.
Thanks to all who helped by suggesting resources and thanks to the new techs for keeping their concentration so high. Our experienced engineers did a great job of bringing the new team members to the first floor, now they are showing them how to keep growing for the top. Great work!
If you would like to hear more about SQL injection, application security testing or would like to hear more about creating training/labs for SQL, please drop us a line.
Thanks for reading and I hope this gives you a pointer in the right direction to learn more about the basics of SQL injections!
While much improvement and awareness of SQL injections as an attack vector has been applied to Internet-facing applications, there remains a large set of vulnerable applications on internal networks. Our technical team often identifies large amounts of serious and easy to exploit SQL injection vulnerabilities on our internal assessments and penetration tests. While many organizations have begun to focus on network and OS threats for their business networks, application layer attacks remain unattended to in many cases.
“Our success level in obtaining customer sensitive data during internal tests remain very high.”, said Adam, penetration testing team leader of MSI. “Even as people have begun to patch their systems, finally, injections prove to be a critical weakness. To make matters worse, these internals web-apps often hold the keys to kingdom, so to speak, so they are a very attractive target for our testing team.”, Adam added.
“If it seems like a client is patched to current levels, then we know to check for injections.” claimed Nathan, penetration tester for MSI. “Throw a simple tick into forms and the vulnerable ones ‘shine like a crazy diamond’. From there, we are a few quick steps from compromise!”, Nathan exclaimed.
Adam and Nathan both agree that organizations really need to pay attention to injections and other web application vulnerabilities on their internal networks. Given the threats of insider attacks, this remains a significant risk. “Even applying the basic techniques that they have achieved success with outside on the Internet would help. They just have to teach developers that internal apps matter as much, if not more, than Internet apps.” added Adam.
At MSI, our teams go well beyond the “scan and report” that so many vendors call a “penetration test”. We perform active exploitation and leverage those vulnerabilities to identify the true depth of the security issues we find, in addition to the width that comes from vulnerability assessment. Our approach, experience and methodology create the clearest and most realistic view of your security issues available. From normal OS exploits to SQL injections and bleeding edge threat vectors, our team brings unique capabilities to the table and our award-winning reporting ensures that the clarity carries through to the board room.
To learn more about internal network assessments, or to receive some free technical training tools about SQL injections, please give us a call or drop us a line/comment. We look forward to helping your team better secure your own internal web apps and other attack targets against compromise.
This is no joke, or at least if it is, then the joke is on us. 🙂
For the entire month of April, we are offering a 25% discount off the retail prices for HoneyPoint Security Server for new customers. In addition to that, you can extend our 0% financing option to pay in monthly payments over the life of your support agreement up to 3 years! Plus, as promised in earlier posts, anyone who purchases HPSS by the end of April will receive 3 free licenses for HoneyBees once they are released!
The product is now licensed per server, in anticipation of the 3.0 release which is in lab testing as I write this announcement. All licenses include one console license on the platform of your choice (Linux, Windows, OS X). Licenses include one year of our acclaimed support and HoneyPoint upgrades. Maintenance year 2 and beyond is 20% of purchase price.
Here are some pricing examples for you to consider:
The base entry point is a 5 server license pack. The retail price for this pack is $4,995.00. During April, you can purchase the pack for just $3,746.25. Additional years of maintenance (up to 2 for a total of 3 years of support and maintenance) are just $749.25 per year. That means that if you buy a 5 server license with two years of maintenance, you can purchase it in April for $5,244.75. Furthermore, you could apply our 0% financing program and spread that amount over 36 months for a monthly payment of just $145.69!
For less than $150 per month, you can achieve incredible security visibility, additional protections against malware and the insider threat and enjoy the power of HoneyPoint’s “deploy and forget” (sm) approach to reducing the workload of your security team!
Here is another example. Our most popular HPSS package is our 25 server protection pack. The pack retail price is $15,975.00 and includes the same one year of support and upgrades. During the month of April, you can purchase this pack for just $11,981.25, while additional years of support/upgrades will run $2,396.25 per year. Using the same 0% financing approach as above you could purchase protection for 25 servers along with 2 additional years of support/upgrades for a total of $16,773.75 or $465.94 per month for 36 months!
In this common case, less than $500 per month can bring you the flexibility of HoneyPoint plugins, the self-defending mechanisms of HornetPoints and the insight that can only be achieved by knowing attacker frequency, capability and motivation.
And, of course, if you are an enterprise, we have the same deal for you too. You can leverage the power that we bring to integrate into existing security architectures and see the 90% savings we have brought to clients in terms of security resources as well. Give us a call and we would be happy to discuss your specific network size, implementations and HoneyPoint needs.
So, check out HoneyPoint. Give us a call to arrange a demo, or better yet, try out our HoneyPoint Personal Edition to see the technology in action. (Take a look at the included HPPE/HPSS document for ideas on how to test the product with HPSS in mind.) Then, give us a call or drop us a line and get the power of the Hive on your side. With HoneyPoint, attackers get stung instead of you.
Note: Purchase orders must be received by April 30, 2009 to qualify for this special offer.
MSI is proud to announce a new add-on tool for HoneyPoint Security Server that is designed to help organizations fight the threat of sniffers that might be in use on their networks. Dubbed HoneyBees, these special pieces of code are configured to work with deployed HoneyPoints and send simulated sessions to the HoneyPoints at intervals. These pseudo-sessions contain false credentials that appear to be real to sniffing software, especially attack tools and malware that may have infiltrated network defenses. When attackers try to use these captured credentials to authenticate to the HoneyPoint, they are immediately identified and the security administrator is notified.
“Given the recent events with data compromises stemming from sniffer-based attacks, we thought it was time to give organizations a new tool to help fight this threat. Detecting sniffers can be pretty tough in a complex network environment with traditional methods, but our approach is an easy, low resource, effective way to help level the playing field.” said Brent Huston, CEO of MicroSolved, Inc. “By adding HoneyBees to the power of HoneyPoint Security Server, we continue to erode the ability for attackers to believe what they see. Our aim has been, since the introduction of HoneyPoint, to introduce additional risk into the attacker’s perspective. We want to make each and every step that they take to steal data more dangerous for them in terms of getting caught.”, he explained.
HoneyBees will be available beginning in April and will be licensed separately. Existing HoneyPoint Security Server users (prior to the end of April) will receive three free HoneyBees to compliment their existing deployments.
“This is just one more way that MSI is working with our clients to help them find creative solutions to their security problems.”, Huston added.
For more information about HoneyBees or any of the HoneyPoint line of products, please give us a call at (614) 351-1237. We look forward to answering any questions you may have.
MSI is proud to announce the instant availability of a LINUX ONLY HoneyPoint GUI tool to capture Conflicker scans and probes.
Conflicker is a significant threat and is expected to wreak havok on April 1, 2009. You can find a ton of information about Conflicker here from various vendors via SANS.
The HoneyPoint Special Edition: Conflicker runs in Linux and is easy to use with just about any LiveCD distro (including Puppy/DSL/gOS, etc.) and should make it easy for organizations to monitor their network spaces with a scattersensing approach. We chose not to release an OS X version to avoid issues with root authentication and Windows was not possible, since the detection requires binding to port 445/TCP which Windows uses for CIFS.
This application is our attempt to help organizations around the world defend themselves and their assets against this bleeding edge threat using rational, safe and effective detection mechanisms at the network level.
You can download the zip file from here.
Please let us know your thoughts.
We caught some changed patterns from the Toata bot-net last night in the HITME. It appears that they have dropped RoundCube from their target probes and are now focusing on Mantis.
The scanning targets list is much smaller this time around, which should increase their speed and efficiency.
Current Toata scanning pattern 03/19/09:
GET HTTP/1.1 HTTP/1.1
GET /mantis/login_page.php HTTP/1.1
GET /misc/mantis/login_page.php HTTP/1.1
GET /php/mantis/login_page.php HTTP/1.1
GET /tracker/login_page.php HTTP/1.1
GET /bug/login_page.php HTTP/1.1
GET /bugs/login_page.php HTTP/1.1
Of course, the scans also contain the string:
“Toata dragostea mea pentru diavola”
You should check your own sites for these issues and investigate any findings as if they were potentially compromised hosts. This is a widely appearing set of probes.