Category Archives: (J) Security Focus

How to avoid being one of the “80%” of WordPress sites vulnerable to attack

10 ways to keep your WordPress site secure

If you are running a website that uses WordPress here are 10 suggestions to help you avoid ending up in the 80% (or whatever large number it is) of vulnerable sites.

  • Always run the very latest version of WordPress
  • Always run the very latest versions of your plugins and themes
  • Be conservative in your selection of plugins and themes
  • Delete the admin user and remove unused plugins, themes and users
  • Make sure every user has their own strong password
  • Enable two factor authentication for all your users
  • Force both logins and admin access to use HTTPS
  • Generate complex secret keys for your wp-config.php file
  • Consider hosting with a dedicated WordPress hosting company
  • Put a Web Application Firewall in front of your website

Detect Sudden Increase In Your Network Traffic : Prevent Attack

Be it a Ping Flood or SYN Flood or any other DoS attack, the first step towards detecting a DoS attack is detecting an anomaly in network traffic in your system. That is the first ever sign that can indicate your system may be having a DoS attack.

If you can monitor the network traffic in your system, and get informed about an anomaly well in advance, you can take action and probably, you still can prevent the attack.

In this article, I will show you, how to make your own tool of monitoring network traffic in your system that can alert you when there is a sudden increase in abnormal traffic.

Again, my system is a Ubuntu one, and here I will use, a simple utility called tcpstat along with shell script. Please note that, my intention is to show you a basic tool, based on which you can make your own IDS or IPS.

Firstly, you need to install tcpstat in your system.

# sudo apt-get install tcpstat

Now, run this simple command in your terminal :

# sudo tcpstat -i eth1

You may have to select appropriate network interface for your system.

You will see, in every 5 second tcpstat will give you few information like, number of network packets, bps etc.

This tcpstat has an option ‘-o’ through which you can specify the output formatting.

Here, I will use the format “%n” which will give me number of packets in each 5 seconds.

Next, I will redirect the output in a file and in a while loop I will see the last line in the file, which gives, number of packets in last 5 seconds. And then, I will compare the number with a threshold.

I have experimented with few attacks, and determined the threshold to be 20,000 in my system.

Next, the job is simple. If the traffic goes beyond the threshold, set a flag. And if the increased traffic continues for a time, say, 15 seconds, I know, it is time for action to be taken. The action may be, setting a temporary new iptables rules or analyzing the traffic further.

So, how does the script look like? Please find it below.

#!/bin/bash

INTERVAL=0
sudo tcpstat -i eth1 -o “%n\n” > ofile &
while :
do
    sleep 5;
    THRESHOLD=`tail -1 ofile`
#echo “THRESHOLD is: $THRESHOLD”
    if [ $THRESHOLD -gt 20000 ]
    then
         flag=1
         ((INTERVAL=INTERVAL+1))
        if [ $INTERVAL -gt 3 ]
        then
            echo -e “Take Action!\n”
        else
            echo “Excess traffic”
        fi
    else
        flag=0
        INTERVAL=0
    fi

 

done

This was a very simple script, but you can use it for further improvement.
Hope you found it useful!

Why hackers hack: Is it all about the money?

You get what you pay for in the cybersecurity industry, but bug bounty programs are not just about the money, according to new research.

In today’s world, where data breaches and information leaks have come close to a daily occurrence, it is too easy to merge the terms “cybercriminal” and “hacker.” However, they are not one and the same — someone who breaks into networks without consent, for example, is a criminal, while hackers tackle problems, may work with companies to shore up their defenses, investigate malware and find product vulnerabilities so vendors can improve the security of their products.

This is why bug bounties are becoming more and more popular. By offering security researchers financial incentives, companies ranging from Apple to United Airlines are able to tap into a pool of external experts rather than rely purely on in-house staff to find every security flaw in networks and software which could place the corporation — and customers — at risk.

However, is it all about the money? The answer is a resounding no, according to platform HackerOne’s 2016 Bug Bounty hacker report.

The bug bounty program says that out of 617 researchers surveyed, all of which have submitted valid security flaws to various programs, 72 percent say they do it purely for the money — but 70 percent said they also hacked for the fun of it, and 66 percent enjoy the challenge bug bounty programs offer.

In addition, 51 percent said they hack “to do good in the world.”

screen-shot-2016-09-14-at-08-27-52.jpg
HackerOne

While bug bounty schemes can be lucrative, with almost 11 percent of respondents making over $50,000 per year and six percent making more than $100,000 per year, over half of hackers — 57 percent — have participated in programs in the last six months which offer no financial reward at all.

In total, 17 percent of respondents said they rely solely on bug bounty program to stay afloat, and 26 percent said that between 76 percent and 100 percent of their income comes from bug bounty rewards. (However, it is worth noting that 27 percent of respondents were not willing to share their income levels.)

screen-shot-2016-09-14-at-08-28-21.jpg
HackerOne

It also seems that company loyalty comes into play. In total, over 30 percent of respondents claims they participate in particular bug bounty programs because they like a company and want to help out.

Hackers can be found worldwide. On the HackerOne platform, contributors come from over 100 countries, with the majority in India — 21 percent — followed by the US at 19 percent. The majority of hackers report themselves to be under 34 years old.

Cyberthreats are not going away anytime soon. For as long as cybercriminals ranging from script kiddies to state-sponsored threat actors exist, security experts are going to be needed — and while you get what you pay for, it is also good to know that many researchers do it for the love of the job.

Linux kernel.org Hacker Arrested After Traffic Stop

Linux kernel.org Hacker Arrested After Traffic Stop
So it seems the alleged kernel.org hacker has finally been caught, kinda by accident after being stopped for a traffic violation. It was quite a high profile hack, especially in the open source community as anyone downloading kernel files during that period could have theoretically been compromised. It’s unlikely the kernel code was actually…

Read the full post at darknet.org.uk


New feed

DBPwAudit – Database Password Auditing Tool

DBPwAudit – Database Password Auditing Tool
DBPwAudit is a Java database password auditing tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used…

Read the full post at darknet.org.uk


New feed

Dropbox Hacked – 68 Million User Accounts Compromised

Dropbox Hacked – 68 Million User Accounts Compromised
So was Dropbox Hacked? There was some rumours going around last week after it sent out a password reset e-mail warning to all users. It seems like it’s limited to users who were active in 2012 and the only ones who would be in trouble are as usual, those who haven’t changed their password since […]

The post Dropbox Hacked – 68 Million…

Read the full post at darknet.org.uk


New feed

Emerging Threats ETOpen – Anti-malware IDS/IPS Ruleset

Emerging Threats ETOpen – Anti-malware IDS/IPS Ruleset
The ETOpen Ruleset is an excellent anti-malware IDS/IPS ruleset that enables users with cost constraints to significantly enhance their existing network-based malware detection. The ETOpen Ruleset is not a full coverage ruleset, and may not be sufficient for many regulated environments and should not be used as a standalone ruleset. The ET Open…

Read the full post at darknet.org.uk


New feed

Securing The Future Of Your Small Business- Tips And Tricks

Securing The Future Of Your Small Business- Tips And Tricks

using_mobile_in_the_office

When it comes to small businesses, there are so many things that you need to consider, sometimes even more than you do for big businesses. For one thing, if a big business like Home Depot can get hacked and shopper’s info might get stolen, this can surely happen to a small business as well. Also, your small business may not have as much product or money behind it as a big corporation, meaning you have less far to fall when it comes to business failure.

The thing is, you don’t want your business to fail. If people went into business with the idea it would fail, they’d probably think twice about starting in the first place. You can do things to help protect your business from the potential of failure though. Here are some things that all small businesses should consider when it comes to starting a secure business with staying power.

Consider Your Funds And Assets

Starting a business isn’t cheap, and neither is keeping one going. You may need to consider getting a loan to keep your business afloat, at some point. There are many reasons a small business might need a loan, from getting started to upgrading to better equipment.

Yes, even your equipment, and other assets, are important when it comes to securing your business’s future. You need to make sure that the stuff you has works and is allowing you to put out the best possible products and services. This can mean having great office equipment or the right company vehicle.

Protect Your Clients

Securing your business also means making sure that your clients and customers are secure as well. That means using security measures when it comes to protecting their information, whether it’s credit card numbers or their home addresses. Make sure to invest in good internet security that you can trust.

Always Be Expanding

If your business gets stagnant, it could start to fail. Find ways to always be expanding, whether it’s new products and services, or new advertising and event planning. Have a clearance event, and then introduce a new and improved product line.

Invest In Your Future

Events, like open houses, are a great way to invest in the future of your business. So is investing in advertising. If you aren’t getting the name and intentions of your business out there to people, no one will be shopping with you. Advertise both online and off to reach the most potential customers.

Investing in the future of your business also means making sure that you are offering the best of products and services, If that means purchasing new equipment, then do it. Make sure that you have your businesses best in mind, as well as the best intentions when it comes to what you are offering to your customers.

secutiry

Bearded – Security Automation Platform

Bearded – Security Automation Platform
Bearded is an open source Security Automation platform. The platform allows Development, QA, and Security team members to perform automated web security scans with a set of tools, and re-execute those scans as needed. All tools can be executed in the cloud in docker containers. Bearded has a default web interface which integrates all core…

Read the full post at darknet.org.uk


New feed

An Introduction To Web Application Security Systems

An Introduction To Web Application Security Systems
In the world of web application security systems, there exists a myriad of systems to protect public-facing services in any number of ways. They come packed with all the elements necessary to play an action-packed round of buzzword bingo, but they often overlap in some ways that may make them sometimes seem similar. After the second […]

The…

Read the full post at darknet.org.uk


New feed