XSS For Managers

What is Cross-Site Scripting (XSS)?

Cross-Site Scripting (XSS) is a type of vulnerability which is very widespread and allows an attacker to insert malicious code (JavaScript) into your web browser via the use of a vulnerable web application. The attacker can deliver their malicious code in a number of different ways.

They can trick you into clicking on a link (Reflected XSS), or wait for you to visit a page which already has the malicious code embedded into it (Stored or Persistent XSS).

That annoying pop-up box with the number 1 in it? That's just a way that some people visually prove that their JavaScript (XSS) has been run. But don't let that lousy pop-up box fool you, there is a lot more to XSS than that!

What can hackers do with XSS?

• A hacker may be able to steal your 'cookies' and login to the application as if they were you!
• They may be able to redirect you to a malicious web site without you knowing in an attempt to trick you into giving away sensitive information such as your bank details.
• They could add fake login pages to the vulnerable application to trick you into giving them your username and password.
• They could even use XSS to bypass other security measures which are built into the application and your web browser to protect you.
• The possibilities are almost limitless. Take over your webcam? Yep! Listen in on your computer's microphone?

For advanced attacks see the The Browser Exploitation Framework (BeEF) tool.

Who's been hacked using XSS?

• The Apache Foundation, the creators and maintainers of one of the most popular web server software on the Internet had their servers compromised by an initial XSS attack.
• An XSS attack on the official forum of the popular Linux Operating System, Ubuntu, allowed the attackers to download the usernames, email addresses and passwords for 1.82 million of their users.
• XSS attacks typically target the application's users and their local networks; however, as seen in the examples above, when those users are administrative users the application's web servers are also at risk.
• XSS vulnerabilities are discovered within Facebook, Yahoo, Google, Twitter and other high profile websites on a daily basis by independent security researchers participating in bug bounties.

Here is a list of other hacks using XSS -https://www.google.com/fusiontables/DataSource?snapid=S1158702BBoV

What can I do to protect myself against XSS?

• Make sure that your web browser is kept up to date and that it has all of its security features enabled, such as Cross-Site Scripting (XSS) filtering. If your particular browser does not have an XSS filter, like Firefox, then you can download an XSS filter add-on called NoScript.
• Be careful about what links you click on. A link may look harmless enough, but may contain malicious XSS payloads.
• Log out of web sites when you are finished with them, this makes it harder for hackers to steal your 'cookies'.

The technical bit! What can I do to protect my web application against XSS?

• Cross-Site Scripting occurs when untrusted input is output to a page without first being sanitised and/or properly encoded. For example, if a user supplies their username to login and then you display that username without sanitising and/or encoding it, what happens if the username contains HTML characters?
  
  The web browser will not be able to tell the difference between the user's username and what is the page's valid HTML. Data (the username) is being mixed with code (the HTML)! This could allow a user to login with a username that contains malicious JavaScript and have it execute in the browser within the context of your web application.
  
• Make sure that you sanitise the username before using it, for example, if users should only have alpha numeric characters in their usernames then enforce this with input sanitisation. Use a whitelist! Compare the username against known goods instead of known bads.
  
• Use the right encoding! If the username is going to be used within HTML, then HTML encode all of the username's characters.
  
  This way the browser will know what is meant to be rendered as HTML and what is not. It's not all about HTML encoding though! You must encode for the right output 'context'. See the links below for further information.
  
• Scan your applications for XSS issues. There are many automated web application security scanners which can detect XSS issues in web applications. You could try giving the Open Source OWASP ZAP a go.
  
• Set your session cookies with the HttpOnly flag. This tells the browser that the cookie should not be accessed by JavaScript, helping protect your users from having their sessions stolen.
  
• A HTTP header called Content Security Policy (CSP) can be set by the web server to tell the web browser what and where JavaScript is allowed to be executed from. It uses a whitelist!
  
• Finally, why not install a Web Application Firewall (WAF) such as the Open Source mod_security! A WAF will give your application that extra layer of defence to defend against those attackers but should be used in a defense in depth scenario and not as the only solution as bypasses are found often.

Where can I find further information?

The two types of XSS mentioned on this page (Reflected and Stored) are not the only two! We have only touched upon the subject here. Want to find out more?

The Open Web Application Security Project (OWASP) is a great resource for all things related to the security of web applications. Check out their wiki article on XSS or their XSS Prevention Cheat Sheet. For information on other types of web application vulnerabilities take a look at the OWASP Top 10.

Sandcat - Penetration Testing Oriented Browser for Pen-Testers

Sandcat Browser brings unique features that are useful for pen-testers and web developers

Sandcat is targeted at penetration testers - people who test websites for security holes - but could also be useful for developers, or anyone else who would like a little more low-level control over their browsing .. This is a capable security testing and developer-oriented browser.

Sandcat Browser is a freeware portable pen-test oriented multi-tabbed web-browser with extensions support developed by the Syhunt team. It is built on top of Chromium, the same engine that powers the Google Chrome browser and uses the LUA language to provide extensions and scripting support.

It has many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers such as: 

• Live HTTP Headers — built-in live headers with a dedicated cache per tab and support for preview extensions
• Sandcat Console — an extensible command line console; Allows you to easily run custom commands and scripts in a loaded page
• Resources tab — allows you to view the page resources, such as JavaScript files and other web files.
• Page Menu extensions — allows you to view details about a page and more.
• Pen-Tester Tools — Sandcat comes with a multitude of pen-test oriented extensions. This includes a Fuzzer, a Script Runner, HTTP & XHR Editors, Request Loader, Request Replay capabilities, Tor support and more.

Features inherited from Chromium include:

• Multi-Process Architecture — each tab is its own process
• Developer Tools — in addition to the Chromium Developer Tools, Sandcat comes with a Source Code Editor and its own JavaScript and Lua consoles.

Smart meter hacking tool released

Termineter, an open-source tool designed to assess the security of smart meters, has been released


SecureState, an information security firm, on Thursday announced the public release of Termineter, an open-source framework written in Python that allows users to assess the security of Smart Meter utility meters over the optical interface. The company is calling it the first framework designed to give authorized individuals access to manipulate and test the security of smart meters.


You can check it out, as well as download it for yourself, over on Google Code. For the uninitiated, smart meters measure the amount of power and water being used in a home or business as well as gather other data. They send periodic reports back to the utility company for analysis.


Smart meters have been criticized by privacy advocates for tracking consumer actions while security researchers have warned about their potential for being exploited.


Here's the tool's official description:

Termineter is a framework written in python to provide a platform for the security testing of smart meters. It implements the C12.18 and C12.19 protocols for communication. Currently supported are Meters using C12.19 with 7-bit character sets. Termineter communicates with Smart Meters via a connection using an ANSI type-2 optical probe with a serial interface.

SecureState says it is releasing Termineter publicly to promote security awareness for Smart Meters and to improve security overall by providing a tool that brings basic testing capabilities to the community and meter manufactures. 


While individual users will require general knowledge of the meter's internal workings in order to use Termineter proficiently, power companies can use the framework to identify and validate internal flaws that leave them susceptible to fraud and significant vulnerabilities.


As with any release of a hacking tool, there are two sides of the same coin. On the one hand, Termineter should help companies find vulnerabilities and test their products. On the other hand, Termineter can also be used maliciously to modify consumer data, inflicting financial loss on one or multiple victims.

Metasploit: The Penetration Tester’s Guide

Want a great book on Backtrack 5 and the Metasploit Framework?


Look no further than “Metasploit: The Penetration Tester’s Guide” written by the all star cast of David Kennedy (creator of the Social Engineering Toolkit), Jim O’Gorman (instructor at Offensive-Security), Devon Kearns (a BackTrack Linux developer), and Mati Aharoni (created BackTrack and founder of Offensive-Security). 


This is the most complete and comprehensive instruction book for Metasploit that I have seen so far. The authors walk you step by step, command by command through using the Metasploit Framework as a penetration tester. You move quickly from the basics of Penetration testing through using the platform to perform the different phases of intelligence gathering and exploitation. 


Excellent book for anyone interested in a hands on approach to computer security, the Metaslpoit pro who wants a great reference book and those new to Metasploit that want a step by step instruction manual.


Metasploit: The Penetration Tester’s Guide – Check it out!

Ernst & Young: Attacking the smart grid

Penetration testing techniques for industrial control systems and advanced metering infrastructure


The industrial control systems that provide automation for critical infrastructure have recently come under increased scrutiny, and the need to protect current infrastructure as well as integrate security into new system design is now a top priority. Penetration testing has become the latest trend in the ICS space; however, the cultural and technological differences between control systems and traditional IT systems have caused confusion around how to perform a penetration test safely and effectively. 


In this briefing, we will discuss the changing landscape in control system architecture, with special attention paid to smart grid infrastructure, and highlight the implications for security. A description of the lifecycle of a penetration test is followed by a breakdown of a typical ICS infrastructure. Specific penetration testing activities are explained for each component to provide insight for control system engineers and management into how penetration testing can benefit their organization.


Refer here to download the whitepaper.

Android Network Toolkit for Penetration Testing and Hacking

Zimperium have unveiled the Android Network Toolkit for easy hacking on the go!

ANTi is a smartphone, android based, penetration testing toolkit that can scan a network, find vulnerabilities, run exploits, produce reports and more.

There is a free version with limited functions and several paid versions that scale up in functionality. The videos linked at the bottom of this article are interesting.

ANTi – Android Network Toolkit – [zimperium.com]

What is Anti?

ZImperium LTD is proud to annonce Android Network Toolkit – Anti.
Anti consists of 2 parts: The Anti version itself and extendable plugins. Upcoming updates will add functionality, plugins or vulnerabilities/exploits to Anti

Using Anti is very intuitive – on each run, Anti will map your network, scan for active devices and vulnerabilities, and will display the information accordingly: Green led signals an ‘Active device’, Yellow led signals “Available ports”, and Red led signals “Vulnerability found”.

Also, each device will have an icon representing the type of the device. When finished scanning, Anti will produce an automatic report specifying which vulnerabilities you have or bad practices used, and how to fix each one of them.

Anti – Android Network Toolkit Capabilities Video/Demo by ZImperium LTD – [youtube.com]

Hacking a Mac using Android Network Toolkit CSE in ANTI3 by ZImperium LTD – [youtube.com]

WebCast: Hacking Web Servers and Countermeasures

Learn how to secure webserver!

In this on-demand IT security webcast, EC-Council Master Certified Instructor Eric Reed will address the subject of Hacking Webservers. The webcast will cover topics such as webserver architecture, webserver attack methodologies, footprinting tools, and many more critical concepts. The webcast also includes demonstrations on performing a directory traversal attack, fingerprinting a webserver with HTTPRecon, and web-based password cracking with Brutus.

This webcast is available on-demand at http://www.careeracademy.com/ceh-m12-infosec.aspx

Please feel free to forward to others in your organization who may be interested this type of training.

Details:

This free module is a part of CareerAcademy.com’s EC-Council Endorsed CEH Certification course, which gives each student in-depth knowledge and practical experience with current essential security systems.

When a student completes the course they will have hands on understanding and experience in Ethical Hacking and be fully prepared to pass EC-Council Certified Ethical Hacker Exam 312-50.

You can attend this complimentary webcast right now at:

http://www.careeracademy.com/ceh-m12-infosec.aspx

New free version of Metasploit tool released

New version of free Metasploit tool aimed at newbie penetration testers

Two years after Rapid7 acquired the Metasploit Project, the company has rolled out a free and more user-friendly version of the open-source tool that is aimed at less technical users.

The new Metasploit Community Edition is a combination of the popular open-source Metasploit Framework and a basic version of the user interface of Rapid7's Metasploit Pro commercial product.

HD Moore, Rapid7's CSO and chief architect for Metasploit, says the free pen-testing tool features a new user interface and automation of tasks to make penetration testing more approachable for organizations and users not necessarily versed in penetration testing. There's a growing number of organizations that want to get started with pen testing, either for compliance reasons or just to test it out, he says.

"There's a huge number who want to dip their toe into security and don't want a complex learning curve. They just want to test it, and some are scared to test it," says Moore, who is also the creator of Metasploit. "[Now] they can get familiar with Metasploit ... and make sure they can prioritize vulnerabilities" and other security issues, he says.

It was two years ago today that Rapid7 announced it had purchased Moore's open-source Metasploit pen-testing tool project, and that Moore had joined the company and was remaining in charge of the project.

Metasploit Community is available for download here.

The Seven-Step Information Gathering Process

Basic guide to perform information gathering including some useful tools

Footprinting is about information gathering and is both passive and active. Reviewing the company's website is an example of passive footprinting, whereas calling the help desk and attempting to social engineering them out of privileged information is an example of active information gathering.

Scanning entails pinging machines, determining network ranges and port scanning individual systems.

1. Information gathering
2. Determining the network range
3. Identifying active machines
4. Finding open ports and access points
5. OS fingerprinting
6. Fingerprinting services
7. Mapping the network

The Seven Steps Of The Pre-Attack Phase

Step	Title	Active/Passive	Common Tools
One	Information gathering	Passive	Sam Spade, ARIN, IANA, Whois, Nslookup
Two	Determining network range	Passive	RIPE, APNIC, ARIN
Three	Identify active machines	Active	Ping, traceroute, Superscan, Angry IP scanner
Four	Finding open ports and applications	Active	Nmap, Amap, SuperScan
Five	OS fingerprinting	Active/passive	Nmap, Winfigerprint, P0f, Xprobe2, ettercap
Six	Fingerprinting services	Active	Telnet, FTP, Netcat
Seven	Mapping the network	Active	Cheops, traceroute, NeoTrace

Free tool for penetration security testing

Automated Pen-Testing Tool

INSECT Pro is a new free tool for Penetration Testing and the ultimate resource to demonstrate the security or vulnerability of your network. It goes goes beyond simply detecting vulnerabilities to safely exploiting them. The first free integrated vulnerability and penetration testing tool.

This penetration security auditing and testing software solution is designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active security policies by performing penetration tests across their infrastructure and applications.



Research offers to evaluate the vulnerabilities on your network. Some features include:

• Run Faster: Because to make a good security testing is not enough
• Load Better: Major graphical interface and optimisation features were implemented
• Module Search: This version includes a new built-in search feature
• Improvements and Changes: Many more optimisations and updates were added
• Quality assurance: Reported bugs were patched

Download now your copy from http://www.insecurityresearch.com and try to defeat and test your network security

BackTrack 5 - Penetration Testing Distribution

BackTrack 5 R1 Released!

BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tools collection to-date. Our community of users range from skilled penetration testers in the information security field, government entities, information technology, security enthusiasts, and individuals new to the security community.

BackTrack 5 - Penetration Testing Distribution from Offensive Security on Vimeo.

Feedback from all industries and skill levels allows us to truly develop a solution that is tailored towards everyone and far exceeds anything ever developed both commercially and freely available. The project is funded by Offensive Security.

Whether you’re hacking wireless, exploiting servers, performing a web application assessment, learning, or social-engineering a client, BackTrack is the one-stop-shop for all of your security needs.

Hole in Google Chrome that granted unauthorised access to gmail accounts

Web extensions to become a new attack vector

A penetration tester has exploted a hole in Google Chrome that granted unauthorised access to gmail accounts.

WhiteHat Security researcher Matt Johansen identified the vulnerability in a Chrome OS note-taking application. He disclosed the hole to Google which patched it and gave him US$1000 as part of its Chromium security initiative.

Johansen told Reuters he intercepted data travelling between a Chrome browser extension and the Google cloud. Google has not yet revealed details of the security hole which Johansen plans to release at the Black Hat conference in Las Vegas this year.

Google extensions, written by third party software developers, were a ripe target for attack because they were granted more privileged access rights to Google cloud data than what the browser offered to web sites.

WhiteHat security detailed in a 2007 research paper a series of web application security vulnerabilities that could also be used to attack web browser extensions in Chrome and Mozilla FireFox.

Chrome OS director Caesar Sengupta said there are "significant benefits to security" by storing apps within the browser.

Metasploit 3.7 Released

Takes Aim at Apple IOS

The open source Metasploit vulnerability testing framework got a major overhaul this week with the release of Metasploit 3.7.

The Metasploit 3.7 release provides an enhanced session tracking backend that is intended to improve performance. Metasploit 3.7 also provides over 35 new exploit modules for security researchers to test, including new ones designed to test Apple's iOS mobile operating system security. The Apple iOS Backup File Extraction module however is not an attack vector for directly exploiting iOS. Rather it is what is known as a post-exploitation module.

The post-exploitation modules (post for short) are designed to run on systems that were compromised through another vector, whether its social engineering, a guessed password, or an unpatched vulnerability. This module requires iTunes to be installed and for a backend to be accessible that has not been encrypted.

Refer here to read more details

Pen Test Magazine - Publication from Hakin9 team

New Penetration Testing Magazine Released

A new magazine dedicated to Professional Penetration Testers has been released. The magazine subscription is to ensure that you do not get 80 pages of publicity and a few pages of content. The magazine will focus on thorough coverage of different aspects of Security Testing and Penetration Testing. You can get a teaser for free.

PenTest Magazine, the only magazine devoted to penetration testing, is launched. It features articles by penetration testing specialists and enthusiasts, experts in vulnerability assessment and management. We cover all aspects of pen testing, from theory to practice, from methodologies and standards to tools and real-life solutions.

You can download the “Edition #zero” which is the teaser issue from pentestmag.com for free.

Regular issues will be available by monthly subscription – subscribe now and download the next issue in May!

Visit pentestmag.com.

What is network Scanning?

Examine your Network With Nmap

Network scanning is an important part of network security that any system administrator must be comfortable with. Network scanning usally consists of a port scanner and vulnerability scanner.

Port scanner is a software that was designed to probe a server or host for open ports. This is
often used by administrators to verify security policies of their networks and can be used by an attacker to identify running services on a host with the view to compromise it. A port scan sends client requests to a server port addresses on a host for finding an active port. The design and operation of the Internet is based on TCP/IP. A port can have some behavior like below:

• Open or Accepted: The host sent a reply indicating that a service is listening on the port.
• Closed or Denied or Not Listening: The host sent a reply indicating that connections will be denied to the port.
• Filtered, Dropped or Blocked: There was no reply from the host.

Port scanning has several types such as: TCP scanning, SYN scanning, UDP scanning, ACK scanning, Window scanning, FIN scanning, X-mas, Protocol scan, Proxy scan, Idle scan, CatSCAN, ICMP scan.

TCP scanning

The simplest port scanners use the operating system’s network functions and is generally the next option to go to when SYN is not a feasible option.

SYN scanning

SYN scan is another form of TCP scanning. Rather than use the operating system’s network functions, the port scanner generates raw IP packets itself, and monitors for responses. This scan type is also known as halfopen scanning, because it never actually opens a full TCP connection.

UDP scanning

UDP is a connectionless protocol so there is no equivalent to a TCP SYN packet. If a UDP packet is sent to a port that is not open, the system will respond with an ICMP port unreachable message. If a port is blocked by a firewall, this method will falsely report that the port is open. If the port unreachable message is blocked, all ports will appear open.

ACK scanning

This kind of scan does not exactly determine whether the port is open or closed, but whether the port is filtered or unfiltered. This kind of scan can be good when attempting to probe for the existence of a firewall and its rule sets.

FIN scanning

Usually, firewalls are blocking packets in the form of SYN packets. FIN packets are able to pass by firewalls with no modification to its purpose. Closed ports reply to a FIN packet with the appropriate RST packet, whereas open ports ignore the packet on hand.

Nmap support large number of this scanning. A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. It is important that the network administrator is familiar with these methods.

There are many types of software for scanning networks, some of this software is free and some are not, at Sectools you can find list of this software. The significant point about Nmap (Network Mapper) is Free and Open Source. Nmap is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) for discover hosts and services on a computer network. Nmap runs on Linux, Microsoft Windows, Solaris, HP-UX and BSD variants (including Mac OS X), and also on AmigaOS and SGI IRIX.

Nmap includes the following features:

• Host Discovery
• Port Scanning
• Version Detection
• OS Detection
• Scriptable interaction with the target

Nmap Works in two modes, in command line mode and GUI mode. Graphic version of Nmap is known as Zenmap. Official GUI for Nmap versions 2.2 to 4.22 are known as NmapFE, originally written by Zach Smith. For Nmap 4.50, NmapFE was replaced with Zenmap, a new graphical user interface based on UMIT, developed by Adriano Monteiro Marques. Working with Zenmap is easy and have a good environment for work.

Pen-Testing: Learn your target, Understand your target, Develop your attack specifically around your target

Would it cripple the organization as a whole? What hurts them the most?

Since when did a penetration test primarily become automated tool driven? Scanners are an aid but not a full supplemental for us as penetration testers.

Handing a sixty page 'penetration test' report with five hundred vulnerabilities does absolutely nothing for a company aside from a check mark for whatever regulatory and compliance initiatives they have underway. It's time for a reality check:

• Good hackers don't need to utilize expensive vulnerability scanners.
  
  
• Good hackers don't use automated penetration testing.
  
  
• Attackers don't have a scope or timeframes.
  
  
• Attackers don't stop after they get root.
  
  
• Attackers don't have portions taken out of scope.

The reality of the current situation with pentests is that the true purpose of a testing is completely wasted. For one, your incident response team doesn't get a true attack against a focused attack. If you are at the point where you can't detect automated scans against your network then these traditional methods are right up your alley and your security program is still immature in nature which is fine, you'll get there. The most important element is there is no true representation of impact or financial loss due to a breach.

In simplistic terms there's no focus on business risk, but instead focused on the vulnerability and the exposure of the attack. We aren't hitting companies where it hurts, what makes their business run.

Penetration testing has to be something that measures the organizations business risk and impact if a breach were to occur. When attacking an organization you have to understand what is sensitive and what hurts the company the most. Intelligence gathering is one of the most important elements of a penetration test as well as understanding and learning the network.

Learn your target, understand your target, develop your attack specifically around your target, nothing is out of scope.

Where can I have the most impact on the organization and how do I represent that? WOW I GOT DOMAIN ADMIN!!!!!! OMG I GOT ROOT! That's fantastic buddy, I'm happy for you but that doesn't mean squat to me. Present them with their intellectual property, future projections, show the ability to change their product, confidential and trade secret information or whatever you identify as what hurts them the most. Some questions to answer in Pen-testing includes but not limited to: would that impact them in a negative manner? Would it cripple the organization as a whole? What hurts them the most?

We're also significantly challenged with the basic penetration tests, how do you go against a cheap vulnerability scan penetration test to something that will cost significantly more than that and be done right. Businesses don't understand the difference, they just go with the cheapest buyer, they don't know what they are about to purchase sucks.

We need to hire qualified people that get it, I will pay extra for a group that knows what they are doing vs. a super cheap scan. The industry is bleeding, let's step it up and do it the right way.

Mobile platform can also be the next Advanced Persistent Threats (APT) target?

OR part of the factor/contributor in the cyber ecosystem?

Mobile malware that affects Symbian Series 60 handsets is being used to create a botnet.

Pirated versions of 3D Anti-terrorist action, a first-person shooter developed by Beijing Huike Technology in China, and uploaded onto several Windows Mobile freeware download sites, come with a nasty add-on courtesy of Russian virus writers.

Compromised phones start attempting to silently make expensive international calls without user involvement, as reported in a thread on the XDA-Developers' forum, featuring the experience of a UK victim of the Trojan.

Read this interesting news here.

Maltego 3 - Quick and Effective Information Gathering Tool

Maltego is a one-stop resource for carrying out foot-printing and passive analysis

Maltego is a premier information gathering tool that allows you to visualize and understand common trust relationships between entities of your choosing.

Currently Maltego 3 is available for Windows and Linux. There is also an upcoming version for Apple users that has yet to be released.

Information gathering is a vital part of any penetration test or security audit, and it’s a process that demands patience, concentration and the right tool to be done correctly. In our case Maltego 3 is the tool for the job.

• Maltego can be used for the information gathering phase of all security related work. It will save you time and will allow you to work more accurately and smarter.
  
  
• Maltego aids you in your thinking process by visually demonstrating interconnected links between searched items.
  
  
• Maltego provide you with a much more powerful search, giving you smarter results.
  
  
• If access to "hidden" information determines your success, Maltego can help you discover it.
  
  

Please refer here for detailed explanation, here for its documentation and here to download.

IPS needs to have SSL inspection

The Next-Generation IPS


The network IPS isn't like the firewall -- it's not a must-have security device found in most every enterprise network. Even so, today's intrusion prevention system is still gaining new features and becoming more tightly integrated into the security infrastructure.

The IPS is sharing more traffic attack data with the firewall and gaining virtualization features, horsepower, and enhancements to become more application-aware, as well as to help secure client machines. Compliance has helped keep the IPS alive and well, despite predictions of its demise over the years.

And it could be the federal government that gives IPSes a big boost: The U.S. Department of Homeland Security is currently testing out an IPS system called EINSTEIN 3 that could eventually be deployed across all executive branch civilian networks. Even so, some security experts remain skeptical about the IPS finding a real home in the enterprise.

Refer here to read more details.

The virtue of security education is more important than vulnerability

Using Facebook to Social Engineer Your Way Around Security

The most important part of an attack isn't always a vulnerability; sometimes it's the end user's trust.

This was certainly the case during an authorized penetration test at an energy company conducted by security vendor Netragard. Looking for a way inside the customer's defenses, the vendor turned to Facebook. They built a profile, bolstered it with information on work experiences taken from actual employees and began 'friending.'

What the Facebook 'friends' did not know was that this was all part of a long con - a bit of social engineering to lull the employees into giving up their credentials more easily. The simulated attack underscores both the importance of enterprises having sound policies when it comes to employees using sites like Facebook, LinkedIn and MySpace and the challenges of authenticating users on the Web.

A penetration test by Netragard at an energy company highlights how hackers can use Facebook, LinkedIn and other social networking sites as part of phishing schemes. In the test, Netragard used social engineering to get its hands on information that could have been used to compromise critical systems at the company. Addressing this security issue means having smart policies about what employees can and cannot do on the Web.

Please click here to read full article. Worth and interesting read.