Wednesday, October 15, 2014

SSL 3.0 vulnerability found! "POODLE"


Researchers from Google found a vulnerability in SSL v3.0 this week, which allows for a man-in-the-middle attack (MITM). This type of MITM attack is called a POODLE (Padding Oracle On Downgraded Legacy Encryption), and allows the cybercriminal to access and steal information by changing how the SSL client and the server communicate with each other.

It is always a big deal when security protocols (especially encryption-based ones) are found to be vulnerable, and although SSL 3.0 is almost 18 years old, many still use it on their browsers, VPNs and e-mail clients.

Although the exploitation takes some work to execute (the attack can gain about one byte of clear text for every 256 requests), it could result in your confidential data being exposed, so it is best to deal with this as soon as possible.

The best approach for businesses is to get their IT department to disable SSL v3.0 on all clients and servers company-wide. Start with your most business-critical and/or financially-centered IT resources such as PCI websites, point-of-sale systems, and VPNs. Also remember your STARTTLS-compliant services like IMAP, POP3 and SMTP.

Keep in mind that disabling this protocol on clients and servers will impact the business, its systems and employees, so it may need to be staged over time to ensure the least amount of downtime. If you have external customers, make sure they understand the implications as well.

Pulling up a log summary of the encryption ciphers used by your clients and the browsers they are using will help you understand how many people will be affected by disabling SSL v3.0. It might also give you insight as to whether this attack is happening over time.

Google recommends using TLS_FALLBACK_SCSV as a solution. You can also check out more information at http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html .

It is quite a challenge for consumers unfortunately to protect themselves against a POODLE attack. It is possible to turn off SSL 3.0 off in Firefox and Chrome, but this has to be set up manually. This makes it even more important for service providers and IT vendors to take the lead on this and help protect their customers. Customers should also be able to feel secure in that their selected vendors and service providers have taken adequate steps to protect themselves from this attack.

The result is another major vulnerability for SSL. Do you think this could signify the beginning of the end for SSL?


Tuesday, September 23, 2014

August tops attack list

The number of hacks, breaches and threats worldwide last month was record-breaking - and a clear indication that businesses are still not doing enough to safeguard themselves against cybercriminals.

itgovernance.co.uk published a list of attacks on their website and claimed August’s list of cyberattacks to be the most lengthy it has seen in a long time.

According to Dimitri Fousekis, Security Analyst and Team Lead at Telspace Systems, “We at Telspace are not surprised at the surge of cyberattacks in August. Cybercrime is increasing exponentially, and even though a large majority of the attacks culminated overseas, South Africa is far from immune.”

Fousekis says the escalating number of cyberthreats will only start to decrease once there is enough awareness. “Sure, people know what cybercrime is, and have read about the devastating effects it may have on a company. But it is only after business decision-makers understand how cybercrime can cripple the very foundation of their own operations, and realise that security is a business enabler, will they start to see the urgency of having a strong security framework in place.” 

According to the website, some of the more prominent cyberattacks for August, included:

Data Breaches:


Payment Information:


Social Media:


DDoS:


Other:


From the above list it is evident that cybercrime is a reality and only set to increase - if businesses let it. It is the responsibility of every organisation to ensure that they are well protected from threats and cybercriminal activity. Practicing ignorance and maintaining a “it won’t happen to me” attitude is no longer acceptable in today’s ever-increasing threat landscape. 

Monday, September 8, 2014

Telspace to present at Alligator Security Conference - Brazil

Telspace Systems is happy to announce that we will be presenting at the 5th edition of Alligator Security Conference [1] on the 19th and 20th of September 2014. 

AlligatorCon is an independent and "invite only" Information Security Conference held in Recife, Brazil [2]. 

Our analyst Marcos Álvares (Head Of Research) will be talking about relations between Source Code Complexity and historical vulnerability data. Marcos will be performing a live demonstration of the proposed technique over the whole Linux Device Drivers source code database! 

Not much more can be disclosed about the talk as it is a invite only conference, so you'll have to be invited to see the full talk.


Good luck Marcos!

Thursday, August 28, 2014

Hacker Halted 2014 - Atlanta, USA

Telspace Systems’ will offer Wireless Hacking 101 as a certification class to teach information security professionals how to ensure their wireless infrastructures are secure. Hacker Halted will be taking place during October 2014 in Atlanta, USA.

Due to the explosion of “always-connected” devices, sensitive and classified information have become lucrative targets for exploitation. Wherever you look, people are using laptops, tablets and smartphones, both for personal and business reasons. This opens up massive opportunities for wireless hackers and other types of cybercrime.

Among these threats, is a rise in ransomware infecting mobile phones, as a recent claim by McAfee reiterates. The interception of data between a wireless device and the website or application the user is using is also lucrative for farming usernames and passwords or attempting to hijack user sessions. Additionally, simply “grabbing” whatever comes through the air to look for interesting files, photos and data is increasingly common.

Telspace Systems’ Wireless Hacking 101 will be offered as a certification class to teach information security professionals how to ensure their wireless infrastructures are secure. The course will run from 14th-15th October 2014, and will be taking place at the Georgia World Congress Center.  Telspace Systems will be running a two-day course addressing wireless hacking issues ahead of, and in conjunction with, the Hacker Halted IT Security conference.

The new culture of Bring Your Own Device (BYOD) brings additional security issues to the fore, as businesses have to protect their critical company information on user-controlled devices. Companies are now faced with the problem of personnel bringing in personal cellular access points, often bypassing company security policies and transmitting sensitive data over an unsecured, out-of-band channels. This adds to the list of vectors an attacker could pursue. Since BYOD hardware often contains company sensitive information, it is too a target for attackers either directly or via Wi-Fi attacks.

This course covers one of the most widely used forms of data transmission available to mankind today – wireless. Wireless Hacking 101 will provide real world, hands-on instruction on not only how to attach wireless, but also how to defend against attacks.

Students will leave equipped with the knowledge of how to analyze wireless networks, enumerate them, and then attack them. The course is not all theory. After covering the basics and fundamentals of how Wi-Fi works, how encryption works and how clients associate with wireless access points, the course will then examine how to attack them. With in-depth and hands-on instruction, the students will learn to competently hack their way through a wireless network. Challenging assessments, and a “capture-the-flag” examination will ensure students are immersed in this highly technical, but highly rewarding course. Subjects covered will include; Wi-Fi enumeration, WEP and WPA1/2 hacking, obtaining passwords, spoofing and attacking wireless clients and defending against wireless attacks.


Saturday, August 2, 2014

Telspace Systems will be speaking at PasswordsCon 14 in Las Vegas, USA

This year, Telspace Systems will be speaking at PasswordsCon 14 in Las Vegas, USA.

PasswordsCon is a place where people from all backgrounds including researchers, specialists, password crackers and security experts gather to discuss and learn about all things Password related. A simple term; “Password” carries a very large impact to humans in today’s world. We use a password to access a wide variety of systems, communication, documents, email and more. With so much advancement in technology and user education one would think that the humble “Password” is now a perfected art amongst people. However it is not as can be seen repeatedly by the breaches occurring throughout the world. When password crackers obtain the plain text to the hashed passwords leaked from websites, it becomes apparent that passwords like “12345”, “Password”, “Password123” and others like it are still very much in use. Raising the questions; Why is it like that? How can we get more secure passwords? Why do people choose insecure passwords? 

Telspace Systems’s talk at PasswordsCon will answer those questions in the context of one of the most critical areas of impact – The Enterprise. How do large corporates ensure their passwords are secure? How do they ensure their staff choose strong passwords? What about SOA Architecture and Cloud Computing? A large enterprise and corporate IT environment is not only critical but highly complex. We will show you what challenges are faced, how to overcome them and how some companies have both succeeded and failed to do so. We will additionally also cover technical aspects such as what algorithms should corporates use for their systems, and why choosing certain ones can be highly secure but also a pitfall of note. 

The presentation outline is as follows:

1. Introduction to Presentation, Speaker BIO and Purpose of the
Presentation. 
2. Why is an Enterprise an entirely different scenario to other
entities that use Passwords? 
3. Top 5 points of failure - Where do Enterprises make the biggest
mistakes with their Password usage? 
4. SOA (Server Oriented Architecture) - When good ideas get bad
passwords. Discussion into why and what happens? 
5. Server Administrators in the Enterprise - Friend or Foe? 
6. Doing it the right way - Simple points to make Passwords in your
Enterprise a positive security aspect. Is your password policy
working? 
7. Q&A & Concluding Comments. 


Don’t miss this talk on a critical aspect of your company’s security. Presented by our in-house password specialist Dimitri Fousekis. Stick around for the Q&A to ask your questions to both Dimitri and other industry password experts. Additionally look out for us at the Vegas 2.0 gathering where you will have more time to engage in high-level, technical and specific information about passwords and security. 

Thursday, July 10, 2014

CTF - SkyTower 1




During the ITWeb Security Summit 2014 and BSides Cape Town 2014 we decided to host a CTF competition whereby the winner could win a pebble watch if they grabbed the correct flag.

It was a popular challenge during the conferences with many groups of people collaborating to try solve the CTF. At the end of the ITWeb Security Summit we had no winners of the CTF and we therefore rolled it over to BSides in Cape Town. We were lucky enough to have a winner of the CTF in Cape Town (Todor). 



We were then asked to upload it to VulnHub, so that attendees could look at it at a later date and gain something from the CTF long term.

Therefore we have released SkyTower 1, you can download it and give it a try at:

http://vulnhub.com/entry/skytower-1,96/

If you need some assistance or help getting through the CTF, there are multiple walkthroughs available by the community already - they are in great detail and we are grateful that everyone is enjoying the challenge and interacting with one another to solve problems.

Please enjoy the CTF and happy hacking!

You can view walkthroughs by various people at:

Tuesday, May 20, 2014

We are hiring! Again!

Telspace Systems is expanding rapidly and looking to hire an additional security analyst in South Africa, preferably Gauteng as the office is based in JHB. The analyst should be competent in a combination of the following skills:

- Web application security,
- Attack and penetration testing,
- Network security,
- Source code reviews,
- Mobile security.

Along with these penetration tests and security assessments, you'll be conducting regular security audits from both a logical/theoretical standpoint and a technical/hands-on standpoint.

If you are interested applying, email us your cv(admin[at]telspace.co.za) or get in touch via www.telspace.co.za ! 


Tasks include:

· Performing application penetration testing and application source code review against software applications

· Conduct vulnerability assessments and penetration testing on Internet-facing and internal client systems
· Exploit known and unknown vulnerabilities and discover logic flaws.
· Document technical issues identified during security assessments.
· Assist with building recommendations for hardening, and maintaining systems used for penetration testing
· Research cutting edge security topics and new attack vectors

Desired Skills & Experience:


· At least 1-2 years experience as a security analyst or relevant experience as a penetration tester.
- Bsc, Bcom or B degree, preferably MSC.
· Good technical, analytical, interpersonal, communication and writing skills.
· Good understanding of attack and defence techniques
· Excellent self management skills
· Ability to work both independently and as team lead on individual assessments.
- Additional information security certifications beneficial (CREST/CISSP/ETC).