LoveMyTool.TV (LMTV)


Sharkfest.TV




Sharkfest




LMT Calendar


My Photo
Subscribe to this blog's feed

LMT Authors

Recent Comments

Recent Posts

27 posts categorized "Malware & Crimeware" Feed

February 09, 2015

LMTV HomeLAN Alerts | How Does Cyber Attacks Affect Our Real-Life Liberty? (with Tim O'Neill)



Live Event Time - Monday, February 9, 2015 - 9:30 AM PST


LMTV HomeLAN Banner How many of you remember attending NetWorld+Interop 2001 which was held at the Georgia World Congress Center between September 10 and 14?

How many of you remember watching the big screen TV when the second plane crashed into the South Tower?

How many of you were witness of both events?

Those of us who did have seen our lives changed profoundly.

OldcommguyWe might not have joined the army. But many of us, including our very own +Tim O'Neill, have become first responders, protecting our homeland with what we know and what we do best.

This week, as part of the LMTV Pro series, we are starting a new theme reporting on domestic and international cyber attacks and cyber crimes and how they affect our lives and our liberty.

All sacrifice some but some sacrifice all.


For more episodes of LMTV, Please visit LoveMyTool.TV.

Posted in Law Enforcement, LMTV, Malware & Crimeware, Oldcommguy, Technology and Society | | Comments (0) | TrackBack (0)

| |

May 08, 2014

Using Passive and Active Approaches to Manage the Heartbleed Issue (by Darragh Delaney)

 Using passive and active approaches to manage the Heartbleed issue/tragedy!

Have you changed your passwords?

We are now into week two/three of the Heartbleed issue and while many high profile sites were patched initially, a lot of servers still remain vulnerable. Some people have adopted a head in the sand type approach and that they think that only high profile servers will be targeted. My own research shows that SSL servers on networks of all sizes are being targeted

Heartbleed ssl
If you have not done so already you need to get an inventory of systems together so that you know what to monitor and patch. This is easier said than done. Many devices which have a web based management console will be running OpenSSL. Windows server running 3rd party applications may also be vulnerable as these applications may use OpenSSL for web services.

Continue reading "Using Passive and Active Approaches to Manage the Heartbleed Issue (by Darragh Delaney)" »

Posted in Cyber Attacks & Defenses, Malware & Crimeware | | Comments (0) | TrackBack (0)

| |

October 05, 2013

The Man'ority Show - Law Enforcement



Posted in Law Enforcement, Malware & Crimeware | | Comments (0) | TrackBack (0)

| |

August 28, 2013

The Strange History of Port 0 (by Jim MacLeod)

The Strange History of Port 0

While reading the latest report from Arbor Network on DDoS activity across the Internet in Q2 2013, a particular phrase jumped out at me:

“ TCP fragmentation attacks (port 0) are up from about 10% last year to nearly 25% this year. ”

There are three reasons I don’t understand that statement. First, TCP is a streaming protocol, not a datagram protocol, so there’s no concept of “fragmentation” within TCP. Second, googling “TCP fragmentation” results in an IDS evasion technique using overlapping SEQ numbers in retransmissions to replace the contents of the receive buffer on the recipient, but not the IDS (see here for an awesome example including Wireshark screenshots), but that has nothing to do with port 0. Third, and the one I will explore here, port 0 isn’t defined as a valid port.

DDOS attackKnow thy enemy!

Despite the fact that port 0 isn’t a valid port for traffic, network management tools will regularly report that you’ve got traffic headed there.  However, that’s not what the packets contain. 

Continue reading "The Strange History of Port 0 (by Jim MacLeod)" »

Posted in Cyber Crime, Data Visualization, Malware & Crimeware | | Comments (4) | TrackBack (0)

| |

February 15, 2013

Never Give Up While Freedom Is On The Line (by Casey Mullis)

I recently had the pleasure of assisting another Investigator from Carroll County with forensics on one of the new Macbook Pro 13 inch with a 128 GB SSD. The first thing you notice is there is no CD/DVD drive. There is also no Firewire port only a thunderbolt port and USB 3.0.

So now what? I first tried booting with Blackbag's  MacQuasition but it would not boot. I called Blackbag tech support and found out that the version I had did not support the new model of Macbook that we were working on. The hard drive in the Macbook was a SSD nonstandard drive. See image(s) below.

  Cybercrime

So what do you do? Do you give up on getting the forensic image of the hard drive or do you push forward and keep digging to find a solution?

Continue reading "Never Give Up While Freedom Is On The Line (by Casey Mullis)" »

Posted in Cyber Crime, Emory "Casey" Mullis, Forensics & Deep Packet Capture, Malware & Crimeware | | Comments (1) | TrackBack (0)

| |

July 06, 2012

Security Threats Continued: Why They Are Targeting Your Business? (by Jim MacLeod)

Over the last few posts, I’ve dissected the major security threats that are happening on your network today. The first piece dissected the “Who,” mainly how do you classify these perpetrators based on a set characteristics that they share. The next post took a look at the “How” hackers enter your network and what you can do to help safeguard it. For the final piece of this series we will look at the “Why.”

Cyber Terrorism attack level

Where is your Attack Level?

While there are lots of sociological theories and studies on why people vandalize and steal, this post will focus the “Why” on the current most common motives that drive hackers to penetrate your network.

  1. 1.    “Lulz”
  2. 2.    Profit
  3. 3.    Ideology

Continue reading "Security Threats Continued: Why They Are Targeting Your Business? (by Jim MacLeod)" »

Posted in Intrusion Detection, Law Enforcement, Malware & Crimeware, WildPackets | | Comments (0) | TrackBack (0)

| |

June 30, 2012

Who owns network history? (by Spencer Greene)

Network History a Key to network success!

The task of knowing exactly what has happened on a network isn’t always easy, but perhaps even more perplexing to IT organizations is determining who is actually responsible for culling this crucial information. Particularly, should network recording and flow collector tools be operated by the security team or by the networking operations team? 

The cop-out here would be to say, “It depends on the organization,” and then move on to the next question.  After all, both network and security groups need to use network history data, and both groups generally have the right skills to operate network recording equipment. Additionally, you could find examples of successful deployments from both directions. So to say there is a concrete answer that fits each and every situation would be presumptuous, however there are pretty compelling arguments that suggest the network operations side should likely own the task. Let’s take a closer look.

History

In point of fact, there is a clear trend here: Network history is becoming a core network service, and as such, the best practice in most organizations is for it to be owned by the network operations group.  Forward-looking network operations teams are keeping network history for their own purposes – to respond to difficult issues and understand network traffic patterns – and they are providing appropriate access to security teams and cooperating with them to deal with security incidents.  From the security side, we see more and more teams expecting and demanding network history to be provided by the network itself and deploying their own network history equipment only when the network operations team absolutely can’t be convinced.

 Why is this so?  Here are a few of the reasons we have encountered:

Continue reading " Who owns network history? (by Spencer Greene)" »

Posted in Forensics & Deep Packet Capture, Malware & Crimeware | | Comments (0) | TrackBack (0)

| |

June 01, 2012

Six Reasons to Enforce Your Organization’s Web Security (by Casper Manes)


Web-security


You know the Internet can be a dangerous place, full of threats to your systems and time sinks that users can spend hours in without even realizing it, but you may still be on the fence when it comes to whether or not you should do anything about it. Protecting your company and your users from the threats of unrestricted Internet access is a really easy thing to do, so if you are still trying to decide on this, here are six reasons why you should enforce your organization’s web security.

Technical issues

Technical issues usually come down to defending against malware. Whether the threats come from malware infected downloads, compromised websites serving infected media files, or phishing sites designed to steal your users’ credentials, you need to boost your organization’s web security.


Continue reading "Six Reasons to Enforce Your Organization’s Web Security (by Casper Manes)" »

Posted in Intrusion Detection, Malware & Crimeware | | Comments (2) | TrackBack (0)

| |

Next »

LMT Advertisers

  • Network Instruments

LMT Sponsors

Message From LMT Sponsors

  • SecurActive


  • Apposite Technologies


  • NetFort


  • Ixia


  • Fluke Networks


  • WildPackets


  • Interop Las Vegas


  • Garland Technology


  • NetScout


  • Datacom


  • Riverbed