Useful weblinks

ARIN – American registry for Internet Numbers

Whois database

SANS – (SysAdmin, Audit, Networking, Security) A private company teaching the ins and outs of security

DIG – an excellent utility to check DNS (Domain name service on the net at Kloth.net

Virustotal – An excellent online malware analysis tool (wondering if a file has malware? upload and check.

ISC – Internet Storm Center , a daily update on Security concerns on the net (run by SANS)

05/03/2014

 

More to come…

Cybersecurity Framework by NIST(National Institute of Standards and Technology)

NIST Cybersecurity framework pdf

The Framework Core consists of
five concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover.

This Framework is designed to protect critical infrastructure of the United States (utilities, police, fire, and other government functions)

Small business owners can learn some things as to what to do in the primary function of the framework: to Identify your risk and develop organizational understanding to handle this.

cyberframework-NIST

 

It seems that this framework is not very specific, and may be helpful to some companies which have not put the time into making Cybersecurity a priority.

New Internet Explorer vulnerability Microsoft confirms

This is considered  client side vulnerability.

Where the user on their computer can click on a webpage or link using Flash and then the system will be compromised (a malware would kick off and the system will do the master program bidding).

this is a good reason why I use Chrome  and firefox to reduce some exposure liability.

KrebsonSecurity has some more info.

Hackers – explaining what it is and some hacks

this blog is an interesting tips and tricks site:  http://tipstrickshack.blogspot.com/  (also explains hackers terminology a bit)

The author describes several hacks on vulnerabilities within wordpress 3.51 (today latest is 3.8).

So if you never upgrade your software (wordpress) then it will get hacked

wordpressbullets

that is how it is, one always needs to be aware of their software updates, where if a vulnerable software will get hacked if not updated.

what kind of attacks can come?

cleverattack-cli cleverattack-cli_turbo

 

attacks will come in all types and methods, some will be standard – and some turbo charged.

The reason a new vulnerability is such a big deal, is that any little problem vulnerability can cause a hacker to get a small connection with your systems. And unfortunately any small connection can led to larger ones, and pretty soon it is a tidal wave, or “turbo charged” and then soon enough you are on the headlines.

Denial of Service(DoS) attacks can seem innocuous, as the attack may just slow you down, or make you reboot, which is inconvenient, but not deadly.

But the problem is DoS attacks are a feint or are set to overload the system so a different attack can occur. And then the real attacks occur, we test attacks in our closed environments to review these items for ourselves.

 

this is a classic attack – actually Kevin Mitnick the famous hacker who got caught and the attack outlined on mcmaster.ca