Stop Sending Sensitive Data with Cleartext Protocols

Cleartext protocols, like Hyper Text Transfer Protocol (HTTP), Telnet, and File Transfer Protocol (FTP) do not use any sort of encryption to protect the data being sent over them. For the most part, this is ok, as not every web page or file that is shared needs to be protected in that manner. If you are looking at a page on Wikipedia, then it is understandable that there is no encryption on that page, as the information is readily available for everyone to look at. But logging into the admin console of your website is definitely not something you want to share with everyone else. Cleartext protocols allow threat actors to sniff network traffic and see everything in plain writing. If that network packet happens to be you logging into your web admin portal, then that means your username and password are more visible to the threat actor then they…

Comments Off on Stop Sending Sensitive Data with Cleartext Protocols

SNMP GetBulk Reflected Distributed Denial of Service Attack

Understanding SNMP and GetBulk SNMP (Simple Network Management Protocol) is a widely used protocol for network management and monitoring. It allows administrators to access and manage network devices, such as routers, switches, and servers. SNMP GetBulk requests allow the retrieval of a large amount of data from multiple network devices in a single request, resulting in increased efficiency and reduced network traffic. This is a boon for network administrators, making their jobs easier. But it is a boon for threat actors, as well. SNMP GetBulk Reflected DDoS Attack Threat actors can take advantage of the SNMP GetBulk command's ability to retrieve a large volume of data from multiple devices simultaneously. They exploit this capability by reflecting and amplifying the attack traffic off SNMP enabled devices, creating significantly larger traffic volumes than the attacker's resources alone could generate. This is commonly known as a Reflected Distributed Denial of Service (Reflected DDoS)…

Comments Off on SNMP GetBulk Reflected Distributed Denial of Service Attack

Patrick Kelley interviewed by 11Alive/NBC regarding NameDrop

Last evening, Patrick Kelley was interviewed by 11Alive/NBC News on the topic of Apple's new feature "NameDrop". Watch the interview here. Here are the short notes: Functionality: NameDrop, introduced with iOS 17, allows iPhone users to share contact details by holding their iPhones close to each other. An animation appears, followed by the option to share or receive contact information​​. Safety and Privacy Concerns: Viral Facebook posts have inaccurately claimed NameDrop poses a safety threat, especially to children. However, these concerns are largely unfounded. The feature includes several safeguards: it requires explicit confirmation to share or receive contact details, and the iPhone must be unlocked using Face ID, Touch ID, or a passcode​​. Disabling the Feature: Users who wish to disable NameDrop can do so through the Settings app. The process involves navigating to General > AirDrop and toggling off the "Bringing Devices Together" feature. However, disabling this also impacts…

0 Comments

Holiday Turkey With A Side Of Scam

Holiday fishing trips take on a new meaning when scammers try to phish you instead. Between getting the turkey thawed and the potatoes mashed before your family arrives, cybersecurity is probably the last thing on your mind… creating the ideal environment for scammers to take advantage of an inattentive click on a link. With the prevalence of technology, we have become desensitized to the vigilant scrutiny necessary to avoid becoming part of the ever-growing populace of the scammed. (https://www.aarp.org/pri/topics/work-finances-retirement/fraud-consumer-protection/2022-holiday-shopping-scams-report.html) To keep your holidays full of merriment and free from fraud, keep these best practices in mind: Remember that scams can come in many forms, including phone calls, texts, and emails. Scrutinize the phone number, name, or email address. Do you know it? Are you expecting it? Does it pertain to something you're aware of (E.g., a purchase, vendor, meeting, etc.)? Before clicking on any links, mouse over them - does…

Comments Off on Holiday Turkey With A Side Of Scam