2010 October

October 2010

Firesheep and Side-Jacking

If you are are not aware of the term “side-jacking” let me bring you up to speed.

“When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a “cookie” which is used by your browser for all subsequent requests.

It’s extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called “sidejacking”) is when an attacker gets a hold of a user’s cookie, allowing them to do anything the user can do on a particular website. On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.” http://codebutler.github.com/firesheep

The automation of this process now has a easy to use Firefox plugin (for simple transfer to a new browser) with a tool called “Firesheep“.

This has many security implications on both Infrastructure and Personnel. The ability to compromise sessions inprogress and to be able to view active sessions is a significant issues that needs to addressed. Encrypted HTTP sessions that remain secure, from initiation to termination is essential.



Red Tiger in the Community

Since the BlackHat conference in Vegas, we have hardly had the chance to sleep. Time has passed like a blur, and in the past three months we have managed to:

– root out APT threats in two major petrochemical companies

– redesign the Active Directory architecture for a large manufacturing company to protect their DCS systems

– train over 40 students in Maidestone and London in the UK with our SCADA Security Advanced course

– train over 20 students in Malaysia with our methodology for conducting SCADA Vulnerability Assessments

– participate in the SANS SCADA EU Conference and Remote SCADA conferences

– write a SCADA APT white paper for DHS ICSJWG

– headline a SCADA APT discussion on a SANS SCADA webcast

– design a secure remote access solution for an oil and gas exploration and production company

– participate in an International Committee addressing the Stuxnet virus

The threats against our critical infrastructure are increasing, and our response to the Advanced Persistent Threat is Advanced Persistent Diligence, which requires a highened sense of situational awareness. As you continue to defend your systems against ever changing and evolving threats, stay tuned to our site for tips, techniques, new posted presentations, white papers, and resources. Get involved in the community by posting comments here, or discretely asking us questions: info@redtigersecurity.com  – Check out the latest news and events on our News and Events RSS feed to find out what is coming up next.

Keep up the fight!


Government of Canada: Cyber Security Strategy

Today marks the release of the Canadian Government’s latest developments surrounding public and private cyber-security. The Minister outlines his offices mandate to Critical Infrastructure Protection and notes the continued use by foreign states to leverage this avenue for attack.

More details, including the PDF of the document can be found here.


Stuxnet Round-up

There has been a great many details coming out of the media relating to the iconoclastic Stuxnet Malware that has spurred the conversation surrounding SCADA and DCS security. This being said, alot of “Security Imposters” have been making statements that are inacurate and pushing technologies that will not prevent this style of attack on your system.

I have pulled together some of the best material that, in my opinon, reflects truly the Stuxnet event, and discects the true motivations and intent of its creator(s).

Threat Post: Stuxnet Analysis

F-Secure: Stuxnet Q&A

Symantec: Stuxnet Dosier

Enjoy the reading.


Leave a Reply