Skype is Open to Social Engineering !!!

I still believe the easiest way to attack a network is by social engineering. A threat never taken so seriously by organizations. In fact they think it’s too trivial and does not need to be paid so much attention to. The bad news is that social engineering is still one of the most effective ways for hackers to get in to a network. They need no tools and no Trojans and they can only use their soft skills to talk the employees of an organization into doing something to the hacker’s benefits. I read on the news yesterday that Skype is one of the companies open to social engineering. As a matter of fact, their support team is so novice that can change a user’s password only by making a phone call. Yes, it is as easy as it sounds. You can also try it. All it takes is to call Skype support desk and request for a new password. Then you will need to prove the ownership of the account by giving them 5 contacts connected to that account. Now the question is, how difficult do you think it is to guess those 5 contacts? Let’s say you want to request to change your friend’s account’s password and you are trying to social engineer the Skype support desk. I think all of you probably know 5 contacts on your friend’s Skype account. You probably have a lot of common friends. Once you let the support desk know about the connections, they will change the password for you to whatever you wish. That is what social engineering sounds like. Scary… huh? Were there any tools involved? Absolutely not. All it took was a phone call and pretending to be someone else. There are a lot of these examples here and there in every organization that should be addressed more seriously by top management. The first thing companies should do is educating the users about such threats and having strict policies and workflows for sensitive processes within organizations. I had a talk about a year ago which part of it was about social engineering. I thought you might want to have a look at the slides deck: http://www.slideshare.net/esarabadani/hey-you-get-off-my-network Cheers

Writting a book: My new adventure…

It’s been quite a long time I’ve been thinking of authoring a book as a new experience. In fact that’s been something I always wanted to do but was never able to make enough time for it. I think the situation is pretty much the same now when it comes to my time and schedule but finally I’ve made up my mind and I’d have to probably cut down the time I spend on my outdoor activities and put it more on this new adventure.

Well to be more specific about my book, recently I signed a contract with Microsoft and Arvato which is a third party company now taking care of Microsoft courseware library. Based on this contract I will write a complete course including a book and all the other course materials such as Powerpoint slides and etc. and Arvato works along with me through the authoring process. They are now hosting an online store for Microsoft selling all the different Microsoft Official Courses (MOC). Microsoft will also take care of all the marketing and promotion for the courses authors publish. To me it sounded like a great collaboration and I’d really want to go for it. That for sure is a great market since my book will be marketed all around the world and all the training centers located anywhere in the world will be able to purchase it.

Well, coming back to the main topic of this post which is the book, I want to author a complete course on Security in Windows Server 2012 from a complete technical point of view. I have not yet chosen a title for it but I am now working together with Microsoft on the modules and lessons to be included in the book. For the time being I cannot reveal any more secrets about it but hopefully in the very near future when I am on the track with writing, I will let you know more.

At the end I’d really love to know your thoughts on my book. What chapters and modules do you think I need to add to it? Do you have any specific topic in mind that you think has never been paid enough attention to in any other courses published so far by Microsoft? I’d be glad to know your feedback. You can also send me emails and share your thoughts with me.

Cheers

Forefront TMG 2010 has been Discontinued !!!

Finally it was announced and Microsoft has decided to discontinue some of its very popular products such as Forefront Threat Management Gateway 2010 together with some others listed below:

  • Forefront Protection 2010 for Exchange Server (FPE)
  • Forefront Protection 2010 for SharePoint (FPSP)
  • Forefront Security for Office Communications Server (FSOCS)
  • Forefront Threat Management Gateway 2010 (TMG)
  • Forefront Threat Management Gateway Web Protection Services (TMG WPS)

It also should be mentioned that among all of these, Forefront Protection 2010 for Exchange Server (FPE) will still be there but will be bound to Office365 and will be called Exchange Online Protection.

I still remember the rumor about a year ago about this decision but it was not confirmed then. Now that is is confirmed, there are still questions left on why Microsoft has made this strategic decision especially the decision to discontinue TMG which is a very popular product. It is now being used by a lot of companies as a gateway software for so many different purposes. It was the successor of popular Microsoft ISA Server 2006 and now all have been discontinued to be any further developed.

Continue reading

How to Patch the Internet Explorer 9 Security Vulnerability…

After the big security issue on Java 6, a few days ago we heard of a very serious security vulnerability discovered in Windows Internet Explorer 9 and below. This security problem would allow remote code execution on an infected machine by an attacker. This will be possible when the user clicks on a link and is redirected to a website that has malicious code inside that will exploit the vulnerability on the user’s machine.

Here is a link that will give you more information about the nature of the vulnerability: CVE-2012-4969

Microsoft reacted on this pretty critical issue, even thought not super fast, it took them only a couple of days (If I am not mistaken) to release a patch for it. It deserves a mention that some hours after the discovery of the issue, they introduced a workaround for the problem that could keep the machine safe but was not the best solution anyways and I don’t think any organization went through the hassle of implementing it on a big number of machines.

Anyways, Microsoft came up with the patch today and here is the link for you to get more information about it:

Microsoft Security Bulletin MS12-063

It will be automatically downloaded to your machines if you have enabled automatic update in Windows but if not, you can go directly to this link and download it:

Cumulative Security Update for Internet Explorer

Of course this was the link to the patch for a Windows 7 32-Bit version but if you are using other versions of Windows, you can go to the first link and get the right version of the update.

Please leave me a comment in case you have any more questions or concerns.

Cheers,

Esmaeil

Talk to me about your interests…

Hey everyone…

I hope every one of you is doing great…

I was thinking to myself today about my blog and its visitors. You know over the past months and especially in the past three months, the number of my blog’s visitors has been doubled which is a really good thing and let’s not discuss the reasons… So today I just thought it might be a really good idea to ask you to talk to me more and give me your opinions on what you want me to write about…

Is there any specific security technology that you want me to write about?

Any specific post in my blog that you want me to extend?

Do you have any general comment about my posts that you think I should know?

Please let me know what you think in the comments because I would really love to hear from you… I have a lot of visitors every day on my blog but rarely do I hear from them. So that’s what I am doing… Yes, asking you to talk to me and let me know about what you think and want…

Please also feel free to subscribe to my blog or even directly contact me on e-mail. The more you show interest to talk to me, the more motivated I get and the more energy I have in writing…

Have a great weekend 🙂

Esmaeil

Microsoft MCT Summit 2012… A great event not to miss…

Hi everyone…

Every year at about this time I come with this news about a great event. You might guess what I am talking about… Yes, that is Microsoft MCT Summit 2012 held in Warsaw, Poland this year…

There is a difference in this year though.. At least for me… This year I will be one of the speakers speaking on Security topics, just like any other events… I am not sure about the details yet and sorry for not giving you detailed information but if you want to know more about the event, you can visit their website.

Hope you can get there for this great conference.

Cheers…

Centralized Security in Windows Server 2012

Trying to control file security on enterprise servers is like herding extremely fertile cats; without clamping down on breeding, they’re soon too numerous to control. Microsoft (NSDQ:MSFT) addresses this problem with Dynamic Access Control, a feature in the forthcoming Windows Server 8 that introduces centralized, domain-level security for file and folder access that layers atop any existing file system permissions.

According to Microsoft, upwards of 80 percent of corporate data is found on company servers, often will little or no content documentation, custody auditing or departmental ownership metadata.

Delivered via a new version of Active Directory, Dynamic Access Control works by layering Kerberos security and an enhanced file-level auditing and authentication system that can automatically tag sensitive data based on content and creator.

Dynamic Access Control introduces claimsinto the Windows Server security lexicon, a concept long present in the broader realm of federated Internet security, but in Microsoft parlance refers to object assertions issued by Active Directory.

Active Directory 8 defines claims for files, folders and shares; all of which can be sent and applied to other Windows Sever 8 servers across an organization along with file property definitions and access policies.

The four-pillar Dynamic Access Control system begins with identification of high-impact data with manual, automatic or application-based tagging. For instance, administrations might choose to tag all Excel documents as sensitive, and search Word docs for certain words such as “confidential” for additional tagging.

Central access policies are created based on these file tags using a new expression-based tool in Active Directory Administrative Center that sets up access conditions for users and device claims and file tags and handles access-denied remediation.

By applying centralized policies automatically (or manually), access to such files can be restricted by multiple criteria, including user, device and department.

Part three of DAC is auditing, for which Microsoft provides centralized policies applicable across multiple servers using the same expression-based tool and claim support, plus a staging area that permits policy-change simulations.

The final pillar of Windows Server 8’s access security platform is data protection, which automatically applies Microsoft’s RMS security model to Office documents with near-real time protection immediately after documents are tagged and is extensible to non-Office documents.

Windows 8 Security Mechanisms

We live in a world of information where all our data is maintained in a digital format.

What would be your reaction if you found out that an unknown person has accessed your profile information? How would you react if you found out that your credit card details and passwords stored in your computer have been compromised?

Microsoft has ensured that it leaves no stone unturned to ensure that its new billion-dollar venture is equipped with adequate levels of protection.

Viruses, worms and Trojans that corrupted the previous versions of Windows will not be able to tamper with Windows 8 operating system easily. Windows president Steven Sinofsky has mentioned some security features of Windows 8 at the recent Microsoft build conference and how they are derived from their predecessor operating system Windows 7.

In this article, we present an overview of the new security features of Windows 8.

Security Features of Windows 8

  • Address space layout randomization (ASLR)

It involves random arrangement of base addresses of executable, libraries, heap and stack addresses in a process’s address space. The user’s code and data locations on hard drive are shuffled randomly to avoid revealing addresses to hackers. This feature was existent in Windows 7 but has been enhanced in Windows 8.

  • Heap Randomization (HR)

Attackers can corrupt or cause abnormal execution of programs by overwriting data pointers located in the heap. Randomization attempts to prevent this by adding guard pages in between so that data pointers are not altered.

  • Kernel mode security:

Kernel mode processes run in a special section of memory reserved for them. Microsoft has tweaked the user mode processes in Windows 8 so that they cannot access the kernel address space which means the lower 64k of process memory is not accessible by user processes.

  • UEFI Secure Boot:

Drivers and applications that start along with the operating system are assigned keys by Microsoft that is verified by the operating system at startup. If the driver or application does not possess the proper key, it is not allowed to start with the operating system processes. This ensures that malware does not interfere with antivirus programs.

  • Windows Defender:

Windows defender has been enhanced to identify all types of malware, virus and worm signatures from Microsoft malware protection center. Previously, the database only stored spyware and adware signatures.

Microsoft continues its support for third party antivirus and antimalware vendors while revamping their Widows defender with the help of their security development team.

Microsoft is following a security development lifecycle to ensure they do not encounter problems like those that the Windows XP users experienced in the past. Microsoft has noted the main cause of inadequate malware protection on 75% of the computers.

According to Microsoft, users fail to revamp their trial version after expiry and most of them do not update their security components regularly. Stay tuned for more security related news from Microsoft.

Manage the Network Security from the Cloud using Windows Intune

While everything is moving to the cloud, you may wonder if it would be possible to manage the computers in the network from the cloud? The answer is yes, using Microsoft Windows Intune, you can protect your PCs from network threats and malware, manage security policies and firewalls, easily deploy the latest Microsoft security updates and help safeguard data with Bitlocker and Bitlocker to Go in Windows 7 Enterprise.

Microsoft believes Windows Intune, their web-based PC management service, is well-suited for companies and businesses with around 500 PCs. InTune bypasses (but respects) Active Directory (AD) and Group Policy (GP), offering instead a pretty simpler set of management capabilities that should be welcome to overtaxed IT departments in mid-sized businesses.

InTune hits a nice balance. It consists of a Silverlight-based web console that looks and feels a lot like Microsoft’s on-premise consoles as well as a set of client agents. From the web console, you can view details about the connected computers (alert statuses, update statuses, and malware protection statuses); view, manage, and configure how updates will be applied to your managed computers; view the anti-malware status for managed computers; view alerts, survey the software and software versions that are installed across your managed computers; optionally manage volume licenses to ensure that the software in your environment is correctly licensed; create and manage (non-GP) policies, view and create reports, and perform other administrative tasks.

Managed clients can include PCs running Windows XP SP2+, Vista, or 7 and requires a software agent install. For those environments using GP, Microsoft provides instructions for properly configuring the client (to avoid policy conflicts) and rollout the agent. Smaller outfits can deploy the client manually.

Windows Intune also does not support mobile devices like smartphones and tablets; it supports only Windows PCs. But Main says Microsoft plans to extend the support to mobile devices in future versions.

Microsoft also plans to integrate Windows Intune with Office 365 so that IT pros can use Intune to deploy Office in the cloud. But right now, that integration is not in place for Windows Intune 2.0.

Threat Modeling of the Cloud

If there’s one problem in cloud computing you have to revisit regularly, it’s security. Security concerns, real or imagined, must be squarely addressed in order to convince an organization to use cloud computing. One highly useful technique for analyzing security issues and designing defenses is threat modeling, a security analysis technique long used at Microsoft. Threat modeling is useful in any software context, but is particularly valuable in cloud computing due to the widespread preoccupation with security. It’s also useful because technical and non-technical people alike can follow the diagrams easily. At some level this modeling is useful for general cloud scenarios, but as you start to get specific you will need to have your cloud platform in view, which in my case is Windows Azure.

To illustrate how threat modeling works in a cloud computing context, let’s address a specific threat. A common concern is that the use of shared resources in the cloud might compromise the security of your data by allowing it to fall into the wrong hands—what we call Data Isolation Failure. A data isolation failure is one of the primary risks organizations considering cloud computing worry about.

To create our threat model, we’ll start with the end result we’re trying to avoid: data in the wrong hands.

Next we need to think about what can lead to this end result that we don’t want. How could data of yours in the cloud end up in the wrong hands? It seems this could happen deliberately or by accident. We can draw two nodes, one for deliberate compromise and one for accidental compromise; we number the nodes so that we can reference them in discussions. Either one of these conditions is sufficient to cause data to be in the wrong hands, so this is an OR condition. We’ll see later on how to show an AND condition.

Continue reading