Security

24K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Say that you have a company foo.com with a division yoo.foo.com. The file
that gets uploaded to authenticate traffic to vServer my.yoo.foo.com..
should that be just the server certificate (the .star.yoo.hoo.foo.cer) ?
Or should you load the star.yoo.hoo.CA.Chain.cer? Or the star.yoo.hoo.Intermediate.cer?
Or the star.yoo.hoo.CA.Root.cer?

The issue is one of our partners is seeing this error:

Verify return code: 21 (unable to verify the first certificate)

The environment is VMWare NSX Load Balancer. Thank you.

The certificate directory has all these difference parts of the cert chain
and I don't want to load up too many or too few - and I want the errors
to go away.

When running a test against our web site. Thank you.
0
Will You Be GDPR Compliant by 5/28/2018?
LVL 1
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Recent update to UPS WorldShip 2018 version has raise a security question.  After Installation I called UPS technical support to resolve error messages that come up when you run program after installation with elevated privileges in our Windows AD environment.

I was informed by the UPS Tech Support Representative that I needed to increase the permission to “Full” on the ”C:\Program Files\UPS” directory level, “C:\UPS” level for computers that have older installations of UPS WorldShip. Worldship does not relocate from C:\UPS directory if older version is being updated.

While I’m no expert, I do understand that this in not the preferred setting for directories in the “C:\Program Files\” directory level.  I’ve always believed that the highest level of permission for these directories should have is “Read Execute” level, no "write" to maintain proper Window Operating System security.

One, I need to understand how to mitigate this issues, we have a PCI (Payment Card Industry) environment and PCI Certifications requires high attention to workstation and network level security.

Two, I seem really broken that everyone who installs UPS Worldship 2018 version will be breaking their workstation security settings to allow UPS Worldship 2018 to update it's self.

Other applications manage this, Chrome, Firefox, etc.first error, when permission not at "Full" on C:\Program Files\UPSsecond error, when permission not at "Full" on C:\Program Files\UPS
Could you offer a second opinion, am I over reacting ?
0
We would like to know if we can create keyfiles of an existing volume in order to use the keyfiles to open the volume if the user forgets the password.  Some time back an EE commented on keyfiles with similar topic bit haven't been able to find it.   Can this be done? (trying to safeguard access to the volume if the users forget)
0
Are there any standard risks (by this I mean those that could affect any VM regardless of its purpose) that can be used for risk assesment purposes for virtual servers above and beyond security related risks/common issues. We need to assess all common technical risks be those performance availability security for all virtual servers which process critical services. And some insight into common causes which make the aforementioned issues happen and occur.
0
A local account was created and changed on a Windows 2008 R2 member server by a hacker. I have auditing on. Normally when an account is added or changed, the user account that made the change is listed under Subject / Security  ID.

In this case event logs show:
Security ID:  System
Account name: Servername$
Account Domain:  WindowsDomain
login ID:  0x3ef

I have reason to believe they got the password for the local administrator account but am not 100% sure. Based on the event log, how do I know who created it?
0
When I enable HTTPS Content Filtering in our SonicWall CFS, connectivity to Office 365 breaks very slowly. It might be fine for awhile, but randomly some users start to have Outlook issues where it says "trying to connect" at bottom of Outlook but eventually it says "disconnected", and then no mail comes down.

I have added all domain names listed here and here to the Allowed Domains list, in every permutation like https://, *., and just as shown on those links, but Outlook still slowly fails. To get everybody back up running, I have to go back into the CFS and disable HTTPS Content Filtering.

Ideas?
0
How Vulnerable are query string parameters and their values?

I am curious how vulnerable a website is to hacking that has little validation on the query string params.

Some argue that:
1) an unrecognized query string parameter can do no harm
2) it's too much work, since the program is always in flux, so the "poor stepchild" would not keep up
3) the code to block this (locally at least) is fragile and will always delay a solid release
4) there will be many more failed log-ins than blocked hackers

What are your thoughts on this topic?

And how does using a Web Application Firewall change the discussion?

It seems that if the benefits to security were small or non-existent, the Security Industry would not waste its time closing this vulnerability.
0
Hi guys,

We've found a Key Logger on someone's PC in our U.S offices. The trojan is Trojan.Boaxxe and it has indeed spotted 'Spyware.Ursnif' all over the place. We had some fraudulent activities occur in November 2017.

I've even included the snapshot for you of the findings. When I go to the .txt files you can see, it definitely has November dates which is when the frauds occurred. However, if I go to the 'Tojan.boaxxe' location which is in the Appdata\Local\YJPack location, the date for that is 2015. I'm trying to work out when the actual keylogger was installed.

Is there anyway of finding that out? And how on earth would a keylogger have been installed? Would it usually be through a manual installation or a possible script via phishing etc?

Thank for helping
Yashy
Spyware.jpg
0
We have a mix of Office 365 Business Premium (BP) 65 and E3 175 licenses and I need to justify why I would like to have all users on E3. I believe there are many enhancements in E3 that will assist with GDPR and general data security, is that the case and if so what are they?

I understand there is a 300 user limit with BP does this kick in when the total users in the tenancy hits 300 or only the BP licenses?
0
I am in search of a simple PD encryption app, with the following features:
1. Can generate a private/public key pair.
2. Can encrypt and decrypt, using these keys.
3. It needs to be VERY simple, preferable with minimal bells and whistles.
4. Free, or cheap.
5. Runs on at least Windows 7 and above, 32 and 64 bit.

This is to be used to securely transfer files via email, dropbox, or USB keys. This has been prompted by some companies we deal with who insist on a high level of security, but are not all technically literate, hence it needs to be something that I can write up usage instructions for that an average computer user can interpret and action.

Any ideas?
0
Managing Security Policy in a Changing Environment
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Need a utility or script to password protect 300 excel files which are located in 300 separate folders on a network drive.
The reason being if someone accidentally emails any of these files they would be protected.

We do have email encryption already, but this would be for the case when a file is accidentally thought to be non-sensitive and emailed in the clear, but actually it is sensitive.
This way we have peace of mind that those files are protected.

Someone can sit and do all 300 using Excel, but I was thinking somebody out there had to make a utility by now for this... like Folder Guard (which didn't work).
The protection has to stay with the file and the files are stored on a Microsoft 2012 server.

Thanks!
M.
0
I Install my product using SageKey which produces an executable install file.  It is often rejected as potentially harmful.  Would a digital certificate prevent this?

Digital certificates are expensive so I don't want to waste money.

If you have any experience, please share it.

Thanks in advance.
0
I need a good book to learn Python.

My immediate goal is to be able to update Katoolin for Ubuntu 18.04 and maintain that software as I'm Cyber Security student. (You know I need to know Python if I'm Cyber Security).

I also want to create an open source version of the software neckdiagrams.com, using either Python or Java. Would recommend thoughts on this and also recommend a good book for my goals.
0
My Os is win 10 prof 64 bit and I recently underwent a hacking and I am uncertain if the hacker had left any malware to come to live whenever the pc is booted on.  Hope if the Experts please take a look at the list of processes that are running and flag for me any potential threat that is still running.  Thank u. regards
3-List-of-Processes-running.JPG
4-List-of-Processes-runniing.JPG
1-List-of-processes-running.JPG
2---List-of-Prtocesses-running.JPG
0
I have a client that continues to get a popup on her desktop -
Red Screen, White Script with Windows logo from "Windows Technical Support" with a security alert indicating that there were issues with your computer and to call Microsoft at a number and not shut down your computer. Her computer freezes and she has to do a hard shutdown to use her computer again. She has not allowed anyone on her computer as she is aware that this is a scam.

She has the newest Windows 10 and this is a laptop.

She has Malwarebytes Pro along with Windows Defender. Malwarebytes has quarantined the PUP spigot.generic google chrome on three different occasion but it has not reappeared since major scans in early December. I ran the full gamut at the end of January after she got the Security alert popup once again.

The scans I have run...some multiple times
Malwarebytes, SUPERAnitSpyware, Rkill, AdwCleaner, JRT, RogueKiller, Hitman Pro, Eset, Emsisoft, Dr.Web Cureit and Sophos and finally CCleaner.

She received the popup again today simply working in an Excel Spreadsheet.

My thought is to do a Refresh...if not that a Clean install. What do you suggest?
Thanks,
Mags
0
Where is the PCI DSS compliance does it say I need to do regular internal scans of my network?
0
Hi guys

We've had a major possible breach over at our side.

One of our accountants ended up sending an email to a client with our bank details etc. Few days passed and our accountant asked where the money was and was told the client had wired it to them.

Anyway after checking, the client showed a screenshot of the account details that they were sent by our accountant. When we looked, the account details had been manipulated!! They were totally different.
 
I am trying to investigate whether it was our emails that were intercepted or the client.

I have some tools which I can install, but we are within a guarded firewall environment. The firewalls are Watchguard's and we have got all of the APT and IP intrusion selected. We are in a domain environment. We use Messagelabs to protect our perimeter from spam emails etc.

In terms of intercepting the email, is it possible that our account has had some sort of keylogger or malware installed that feeds information back to the criminals?

Thanks for helping
Yashy
0
Looking for the security of a Web Application Firewall, with the least amount of work.

I have been told I needed a Web Application Firewall (WAF) and wonder if it's smarter to use a Web Cloud based WAF? It's for a .NET MVC App. running on IIS.

It sounds like it's a smart way to get security, without first needing to become an expert in it. And to know they are always on the lookout, making their system more secure, would let me rest easier.

Any good names you can recommend?

Also, how difficult is it to "build our own?" What kinds of customization capabilities would we lose, if we went with a Cloud based version?

How long might it take to deploy a cloud version of the WAF?

If I wanted to use AWS, for example, must I also host my website with AWS?

Thanks
0
Assessing Vulnerability from URL parameters

I am in the processing of helping secure a .NET website against URL hacking. So I have spent some time adding a whitelist of valid domains and sub-domains. But what about query parameters?

My instincts are to add a second whitelist of valid query string parameters, but does that do anything to protect me?

I suppose a determined hacker could, with time and experimentation, find a query string param that has some exploitation value.

What do you think?

My worry is that whitelist of query string params may be difficult to generate, as this website is quite large. And there is always a risk of rejecting a legitimate request. The query string exposure is about revealing key data in the URL, but I am asking whether there is value in asserting that each query string param is in a whitelist of such params?

So, this is a customer service versus hack risk, threat assessment. And if there is little or no measurable reduction in threat, then this parameter whitelist could cause more harm than good.

Thoughts?

Thanks.


Thanks.
0
Free Tool: Port Scanner
LVL 12
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Looking for Test URL's to try against my Anti-XSS code

Can you post some URL's or a link to a site where I can get dozens of various URL's that I can use to test against my Anti-XSS URL Hack code?

I need domains in the return URL, query string parameters, to see what my code can do.

Thanks
0
Very suspicious Windows Defender Scan.

I sent my Lenovo Desktop in for repair to Lenovo's Depot in Louisville, KY via FedEx.
I shipped it from Gunnison, CO on Tuesday, January 30th.
It was received in Louisville, KY on Friday, February 2nd stating it was on the vehicle for delivery.
It was received by Lenovo on Monday, February 5th.

This is were it gets strange. I received my computer back from Lenovo Monday, February 12th. Last night I was reviewing a Windows Defender scan and see it had quarantined Trojan:Win32/Fuerboos.B!cl 3 times on February 2nd. My computer should have been in a box with no electricity. How would Windows Defender be able to run a scan? The same Trojan was detected and quarantined on February 12th the day I reconnected it in my office.

WD Security Scan
Does anyone have any explanation for this?
Thanks,
Mags
0
Hi

After installing the manually KB4056897 ( for Spectre/meltdown Intel) patch for windows 2008 server R2 std

the latest Feb 2018 does not show in the windows update and below patches does not show

2018-02 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB4074598)
Cumulative Security Update for Internet Explorer 11 for Windows Server 2008 R2 for x64-based Systems (KB4074736)



and some of the servers, we have not installed, the  KB4056897, the above the updates will be shown in windows update..

it is confusing..any idea?
0
What steps need to be followed to decrypt or remove Mac OS File Vault from a Mac operating system?
0
What steps do I need to take to determine if Mac OS File Vault is enabled?
0
how do I change internet explorer settings so I can download files?  See screenshot.
Screen-Shot-2018-02-13-at-8.59.09-AM.png
0

Security

24K

Solutions

24K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.