Security Trends Forecast 2025

The IT technologies are changing from closed on premise infrastructure to cloud platform. Security is no longer segregated trusted zone but more zero trust approach. What will happen in 2025 of Information Security industry? Any focusing areas and new opportunities? Here’s my point of view.

Continue reading “Security Trends Forecast 2025”

Force kids device to Google SafeSearch and Safe Youtube

Leveraging Pi-Hole, you can force kids to redirect google search traffic to google safesearch, safe youtube and etc.

Here’s the script I use in Pi-Hole dnsmasq configuration.

Continue reading “Force kids device to Google SafeSearch and Safe Youtube”

Mikrotik RouterOS Dynamic Update Script for OpenDNS

There is a need to provide some level of parent control and kids safe Internet access at home. Using OpenDNS is a easy and cost free solution.

To customize the web security filtering policies for your own case, you need to update home Internet public IP to OpenDNS so that the customized your policy will be applied. In a dynamic IP situation, it is essential to keep telling OpenDNS the latest correct Internet IP. Instead of install OpenDNS updater client on MAC/WIN/LINUX, we can use Mikrotik RouterOS scripts to update the IP directly.

Continue reading “Mikrotik RouterOS Dynamic Update Script for OpenDNS”

Mikrotik RouterOS work with Cisco Aironet AP

Background:

I have a spare Cisco Aironet 3702i but I do not have Cisco Wireless Controller to manage it. But I do like its wireless capability and I want it to replace ASUS RT-AC68U as home main wireless access point.

I also have a Mikrotik hex POE 960PGS router to provide both connectivity and power to surveillance camera.

I want to fully utilize the gears I have and just use a cost effective solution to achieve secure home wireless network.

Target:

  • Multiple SSIDs with different VLANs, different encryption and authentication methods
  • Each SSID network needs to be segregated with others
  • One SSID needs to be in the same subnet of local wired network

Continue reading “Mikrotik RouterOS work with Cisco Aironet AP”

Some Cyber Security tips

Trust Is Tops

  • Only use trusted apps or software.Download apps directly from trusted app stores such as iTunes and software from well-known sites. Be especially careful of apps or software you’ve never heard of or malware posing as legitimate apps. If you’re unsure if an app is legitimate, check the ratings and reviews in the app store. If it’s a major retailer and it only has one review or a low rating, it might be a copycat.
  • Don’t trust every search result.Just because you get dozens of search results for “free golf handicap spreadsheet calculator” doesn’t mean you should download each one to try them all.
  • Office documents and spreadsheets are notorious for hosting malware within embedded macros. If you frequent forums or communities of interest, ask what software others have used.
  • Beware of extras when installing software.Even legitimate software or browser add-ons can be accompanied by malware. Remember that every new app or software you install is a new potential entry point for cybercriminals. Be sure to uncheck extra software options unless you really need them.

Don’t Click That

  • Beware of unexpected emails. IBM X-Force has observed scammers using fraudulent package tracking emails, for example, to spread malware such as Locky ransomware. Be cautious and wary of unsolicited emails.
  • Double-check links. Scrutinise links in emails and social media posts. Hover over the URL to make sure a link directs to a legitimate website before clicking it.

Protect Your Passwords

  • Don’t save your info. Yes, it’s a pain to retype your info every time you want to order something online, but you should never save your password or credit card information in retail or bill payment sites, especially those you don’t frequent.
  • Use a special shopping email address and password. Have a separate email address just for retail websites and create unique passwords for each account. Use a password wallet to store your login credentials.
  • Get creative with password reset questions.When filling out account information, opt for the password reset question that doesn’t involve public information. For example, don’t use your high school mascot, since that could be found online. Instead, pick a subjective question (favourite dessert, favourite song, etc.) and enter answers that only you would know.
  • You can also create unique answers to each question and store them securely in a password wallet.

Control Your Credit Cards

  • Opt for credit over debit cards. Use credit cards instead of debit cards whenever possible. Credit card providers offer protection if your card is compromised and won’t dock your checking account if there’s an issue.
  • Use one-time credit cards. You may want to consider a one-time credit card when buying from a nontrusted or entirely new retailer. That way, you can avoid putting your personal card data at risk.

Some Security Links

SSL / TLS / HTTPS

  1. Is TLS fast yet – A great site debunking the myths of SSL/TLS speed cost
  2. Firesheep – A watershed moment for SSL by demonstrating the ease with which unprotected traffic can be intercepted and sessions hijacked
  3. Qualys SSL Labs – Tests a variety of attributes of the SSL implementation by pointing it at any URL
  4. CloudFlare – Get SSL for free on any website
  5. Let’s Encrypt – It’s coming, and it promises to fix the current mess that is CAs and configuring certs
  6. Betsy’s free wifi – Shows a young girl standing up a rogue wifi hot spot
  7. Chromium HSTS preload list – All the sites submitted for HTTP strict transport security preload (a depressingly small number of them)
  8. HTTP Shaming – Sensitive data sent insecurely? Name and shame!

Continue reading “Some Security Links”

警惕Nokia S60V3平台短信息功能假死漏洞

According to this post at
F-Secure’s site (http://www.f-secure.com/weblog/archives/00001569.html), at the 25th Chaos Communication Congress in Berlin, a
presentation titled ‘Security Nightmares 2009′ showed a demonstration
of a ‘Curse of Silence‘ exploit that reportedly affects S60 2nd Edition
phones, and even S60 3rd Edition, up to Feature Pack 1 (Feature Pack 2
phones are reportedly immune, as is S60 5th Edition). The exploit
apparently involves sending a specially formatted SMS to the recipient,
and renders the messaging capabilities of the phone completely useless.

This ‘attack’ cannot be achieved via an application, or over Bluetooth.
Only by receiving an SMS. With the Nokia N95, the attacker must send a
multitude of messages before the critical limit is reached, and the
user is presented with a ‘Not enough memory to receive message(s).
Delete some data first.’ and a blinking envelope in the top corner of
the screen.

If you get attacked with this, you’ll need to hard reset your phone.
You cannot use any backup/restore features, as that will reportedly
only restore the offending messages, recreating the problem.

漏洞利用步骤:
用N95 8G给N73发送一条能激活该漏洞的短信
发送报告提示“已送达
N73上却没有任何显示,已经中招。

是的,仅仅这么简单!

这诡异的信息就是
33字符的邮件地址……123*@321*.098
请勿随意找朋友做测试!!!

中招后的现象:

  1. 重新启动中招手机,问题依旧。
  2. S60 2.8/3.1系统的诺基亚手机,在收到十余条该短信时会出现“内存不足,请先删除一些短信”类似提示,并且无法收到新短信。
  3. 其他上述提及系统的诺基亚手机,收到一条该短信后便无法收到新短信,且无任何提示。

临时解决办法:
1.预防:装来电防火墙类的手机软件,拒绝接受未知号码的短消息。推荐信安易安全助手,过滤所有陌生号码,如果可能的话设置关键词过滤(过滤123*@321*.098字段),避免有朋友发这样的短信来开玩笑。
2.临时补丁。下载FortiCleanUp(已签名)

http://cid-d59b37022d2e4714.skydrive.live.com/embedrowdetail.aspx/Public/FortiCleanup|_CurseSMS|_v|_1|_0|_3|_signed.sis

安装后请重新启动手机
然后打开该补丁进行扫描,短信接收既可恢复正常
如果系统内已装有短信过滤程序,该补丁会自动停止扫描以免造成系统混乱。

3.手动清除办法(仅限于已破解过的手机):N82受到攻击后(11条短信)出现短信无法接收的问题,提示存储空间不足^ ^攻击成功.接下来就是手动修复,方法很简单,先把短信存储改成E盘,之后关闭权限验证,进入c:private 删除1000484B然后再把短信存储改回C盘。记住,在转存的时候,不要复制原先的内容。(我忘记什么提示,好象是选择2个否)之后重新启动手机,短信功能恢复正常。(转自opda)
4.希望中国移动、联通等运行商可以及时在短信网关处设置同样的关键词过滤,以最大限度的保证Nokia用户的手机安全。

以上内容为网上资料整理及个人安全观点,希望及时告诉您周围使用nokia手机的朋友提高警惕,切勿尝试此类攻击行为。

德国信息安全部警告:网民忌用Google Chrome上网!

9月8日消息,据国外媒体报道,德国信息安全办公室(BSI)在对谷歌新推的Chrome浏览器进行测试后建议网民:除尝试外,尽量避免使用Chrome测试版。
据悉,BSI对Chrome十分不满,认为Chrome在使用过程中多次想获得用户的信息。目前,BSI已经在《柏林日报》、电视新闻联盟Tagesschau等受众率高的媒体上发出了警告。
据一位Philipp Lensen的博客透露到:BSI的一位发言人在《柏林日报》上称,网民在使用Chrome时要十分小心,最好不要使用Chrome上网。这位发言人指出,谷歌现在覆盖了搜索引擎、电子邮件,现如今又加上浏览器等领域,这样将造成用户数据过多地集中在一家企业,这是十分危险的。

 
另据cnBeta报道

实验:居心叵测的Chrome?

感谢080909的投递
新闻来源:nsnail

最近发现硬盘读写很频繁,用任务管理器仔细检查了一下进程,发现Chrome的磁盘I/O高的惊人,怀疑有什么猫腻,于是专门做了一下测试:
用Chrome和IE分别打开百度,然后放置不动,任务管理器监视大约10分钟后结果如下:
 

Chrome的读写居然都达到了两三百兆字节,这时候仅仅是打开了一个百度静态页,资源和缓存应该都已读写完毕,但I/O还在不断增加,可以确定的是Chrome一定在做与浏览器无关的事情,干什么会占用这么高的I/O使用率呢, 这让人不得不联想到Chorme正在扫描硬盘,分析数据。

那么偷了东西,肯定得想办法运送回家吧。于是立即打开连接管理工具,事实证明了我的猜测是对的。

可以看到除了220.181.37.55为百度的Host,其他几个连接都连到了Google的主机上,尤其可疑的是最下面一个,使用了SSL加密,Google到底想要干什么,只是按照一贯风格收集用户隐私资料,还是另有企图,欢迎大家讨论。

The conflict between Business and Security

The main purpose of business dpt. is to develop business and earn money.

The main purpose of Security dpt. is to secure the core business by spending money.

Every time business hopes low cost and easy use, while the security hopes secure enough no matter how trouble it takes.

Business always breaks rules while the security defines strict rules.

Business is the core of the company which earn money. Security is just the internal supporting which spend endless money without obvious profit.

So the high level managers like business and hate security. Without high level support, security lacks the power to fight with business. Without good security protection, business get affected in several security incidents. Company’s reputation becomes worse and the business goes down. So that less incoming money makes even worse security protection. Security incidents again and again… That’s the bad loop.

It is quite clear, the conflict or the gap can be fixed.

Business should understand the important of security and accept security’s advice.

Security should balance the security requirement VS. cost effect and try to make security methods easy to use.

Update your Adobe Flash Player to 9.0.124 now!!!

Critical vulnerabilities have been identified in Adobe Flash Player
that could allow an attacker who successfully exploits these potential
vulnerabilities to take control of the affected system. A malicious SWF
must be loaded in Flash Player by the user for an attacker to exploit
these potential vulnerabilities. It is recommended users update to the
most current version of Flash Player available for their operating
system.

Affected software versions:

Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier

It has been reported Malicious SMF files found spreading over the malicious websites.

Update the Adobe Flash Player to latest version 9.0.124 now!!!
IE:
http://fpdownload.macromedia.com/get…r_active_x.msi

Firefox and Opera:
http://fpdownload.macromedia.com/get…yer_plugin.msi