DDoS On The Rise And Security Breaches Left, Right And Googled

12th October, 2016 by

We are still hot on the tracks of DDoS attacks: Akamai had reported a doubled number of DDoS attacks since last year. In the last week it was reported that OVH were hit by the largest DDoS attack ever recorded at 990Gbps. The source of this attack was thought to be derived from over 152,000 compromised Internet-of-Things devices such as internet connected cameras. Want to learn more about the source code of the toll facilitating these attacks?

It’s believed to be the same source that hit security researcher Brian Krebs’ website the day before with a 620Gbps attack. Obviously this amounts to a major threat right now. It won’t be resolved until the networks these devices operate on can be secured or are patched to secure them from use in such attacks.

Compromised Internet of Things Sobers Analysts

The source code for the tool that ran these DDoSes has now been released and the analysis makes for sober reading. For the most part a lot of the Internet-of-Things devices used in these attacks have been compromised using telnet and a small number of common login credentials. The public release of this information is likely to, for the short term at least, increase the frequency of attacks coming from this source.

Another Giant Faces Security Breach

In news of security breaches, it has been discovered that Yahoo! has suffered a breach revealing user details of a half billion user accounts. The data was taken back in 2014 and has just come to light. How? It came up for sale on the dark web. This seems to be following a similar pattern that we’ve seen in data breach announcements over recent weeks where data was stolen some years back and has only just been acknowledged after coming up for sale online.

Google Launches CSP Evaluator Tool

Google have announced the release of their content security policy (CSP) evaluator tool. This tool is devised to analyze a website using a content security policy to protect against cross-site scripting (XSS) attacks and evaluate how effective it is. Cross-site scripting attacks occur when an attacker is able to place code into a website. This loads script from somewhere that isn’t a part of the website and executes for other users. This can be done in an attempt to infect browsers with malware or to gain access elsewhere on the site by gaining administrative privileges. Content security policy is a system designed to use the HTTP headers provided by the web server to the browser. This declares where valid sources of various content such as stylesheets, javascript and font files can be downloaded from and executed. Files linked from locations that aren’t listed in the CSP headers shouldn’t be used by the browser. All the major modern browsers support this facility, but Google has noticed that in a number of cases CSP administrators haven’t configured their web servers to provide sufficient protection from XSS attacks and so have created their CSP evaluator tool to help see if the protections have been well implemented.

WoSign Shunned By Apple

In a blow to the trustworthiness of the SSL certificate system, Apple has decided not to trust the intermediate certificates signed by the Chinese certificate authority, WoSign. The reason stems from a discovery by Mozilla engineers that the authority had been issuing backdated certificates using insecure SHA-1 cryptography. The use of SHA-1 was banned in January and now browsers will not accept a certificate using the SHA-1 that was issued after the ban was imposed. The backdating of certificates has been seen as a method to avoid the ban on SHA-1. Apple’s decision not to trust WoSign certificates will currently affect new certificates being issued, while certificates issued before September the 19th will still be valid for now. Mozilla are in discussions about what to do about the certificates.

(Visited 7 times, 1 visits today)