MAAS History
Disclaimer
exocrine exocrine

All information Provided as is.

Entries by Sean OConnell Public (117)

Wednesday
Apr062011

Condition Remains GREEN

Researches have released a Proof of Concept (POC) which exploits a standard in IPv6's Stateless Address Auto Configuration (SLAAC) which allows host to find each other on a network. The POC demonstrates using an unauthorized access point within your network along with flaws in the implementation in various operating systems will result in routing traffic over the IPv6 network. This is due to the fact most operating systems will choose the newer protocol over the older. This creates a IPv6 network within your IPv4 network allowing an attacker to listen in over the wire.

We think that a rouge wireless access point or an adoc-hoc v host would be the most cost affective way to exploit this vulnerability. 

To mitigate this type of attack we recommend the following:

  • If you are not using IPv6 then make sure to turn it off in System Preferences>Network.
  • Make sure that access to these controls are protected, do not allow users administrator rights.
  • Sent you AirPort device to Local-Link Only. 
  • If you do use IPv6 make sure to turn on the firewall on your Airport Extreme.
  • Disable IPv6 on another devices on your network if you do not use it.
  • Block IPv6 at the boarder.

IPv6 is coming but we expect the shift to be very slow. For the foreseeable future we expect IPv4 and IPv6 to coexist. This will create a host of management failures resulting into these kinds of vulnerabilities. 

 

Sunday
Apr032011

Condition Remains GREEN

A massive breach has been reported at a internet marketing firm, Epsilon, which manages marketing for a host of brands. Various types of personal identifiers have be stolen including emails, addresses and phone numbers. This information we expect to be sold on the black market and used for various types of phishing. Below is a list of the brands currently listed. 

The major danger is that the information may be used in an attack that targets a select group of individuals. This impact of this breach going forward will be major with long lasting implications. This includes the organizations which are the brands and the users who shared their information knowingly or unknowingly. 

We recommend the follow for Organizations:

  • Find out if employees have used any of these brands and provided their work email employees should inform the responsibly parties for security (ISO) immediately. 
  • Offer employees amnesty from discipline for providing this information if using work email for this kind of activity is prohibited. 
  • Consider using extra proxing and filtering on accounts which may have been discovered used by users/employees.
  • Explain to employees that if they used their work emails for any of the brands listed below they need to be at a heightened state of awareness.
  • Be on a heighten state of alert for phishing using attachments that include Flash files.
  • For employees who do not need Flash to accomplish their jobs remove Flash.
  • For groups or departments that need Flash for business functions use stricter ingress and egress filtering.
  • Consider strict silo methods for departments that need Flash for business functions from internal systems. 

Additional recommendations for individuals:

  • Never share any personal information via email with credit card companies, phone companies, banks, grocery stores or retailers.
  • Make sure to change any passwords which may have been used on the sites associated with the brands listed below. 
  • If you received notice of this compromise from the brands in question notify your employer, especially if you used any information about your employment. 
  • Be aware of the kind of information that may have been compromised by reading below. 
  • Keep in mind that a email offering information that sounds too good to be true most likely is malware.

 

Brands that have been compromised:

  • Brookstone
  • Citi
  • Capital One
  • JP Morgan Chase
  • Tivo
  • HSN (Home Shopping Network)
  • McKinsey & Company
  • Ritz-Carlton Rewards
  • Walgreens
  • The College Board
  • New York and Company
  • Marriott Rewards

Some of the personally identifiable information Epsilon Sells:

  • Age
  • Childern
  • Email Address
  • Mail Order Addresses
  • Professions
  • Astrology
  • Computer Type
  • Ethnic Information
  • Religion
  • Business type
  • Insurance preferences
  • Pets
  • Residence
  • Buyer of household
  • Donor information to charities
  • Lifestyle
  • Political Affiliations
  • Senior information age

Epsilon's Product Data Cards (Types of Data):

  • American Smokers Registry
  • BusinessClass List Builder From Equifax
  • Epsilon TargetSource US - Ailments/Health
  • Epsilon TargetSource US - Avid Readers
  • Epsilon TargetSource US - Charitable Donors
  • Epsilon TargetSource US - Collectors
  • Epsilon TargetSource US - Computer and Internet Users
  • Epsilon TargetSource US - Cooking and Culinary
  • Epsilon TargetSource US - Financial Services Sector
  • Epsilon TargetSource US - Gardening Enthusiasts 
  • Epsilon TargetSource US - Higher Education
  • Epsilon TargetSource US - Hobbies and Interests
  • Epsilon TargetSource US - Home Electronics
  • Epsilon TargetSource US - Mail Order Buyers
  • Epsilon TargetSource US - Outdoor Enthusiasts
  • Epsilon TargetSource US - Scrapbooking and Crafts
  • Epsilon TargetSource US - Sports
  • Epsilon TargetSource US - Women at Home
  • High-Tech Connect Formerly From Equifax
  • ICOM Home Based Business Entrepreneurs
  • ICOM Self Employed Entrepreneurs
  • ICOM Target NewMover - PreMover Data
  • ICOM Target NewMovers
  • ICOM TargetPlus [formerly Advantage Choice] - Financial
  • ICOM TargetPlus [formerly Advantage Choice] - Masterfile
  • ICOM TargetPlus [formerly Advantage Choice] - New Parents
  • ICOM TargetPlus [formerly Advantage Choice] - Real Property
  • ICOM TargetPlus [formerly Advantage Choice] - Survey
  • ICOM TargetPlus [formerly Advantage Choice] -Transactional Mail Order
  • ICOM TargetSource Canada - Adults Ages
  • ICOM TargetSource Pet Owners 
  • ICOM TargetSource U.S. - Avid Readers
  • COM TargetSource U.S. Ailments and Health
  • ICOM TargetSource U.S. Charitable Donors
  • ICOM TargetSource U.S. Collectors
  • ICOM TargetSource U.S. Computer and Internet Users
  • ICOM TargetSource U.S. Education
  • ICOM TargetSource U.S. Finance and Investing
  • ICOM TargetSource U.S. Hobbies and Interests
  • ICOM TargetSource U.S. Household Items
  • ICOM TargetSource U.S. Sports 
  • ICOM TargetSource US - Diet and Health
  • ICOM Targetsource US - Grandparents
  • ICOM TargetSource US - Homeownership
  • ICOM Targetsource US - Masterfile
  • ICOM TargetSource US - Music Preferences
  • ICOM TargetSource US - Travelers
  • ICOM TargetSource US - Vehicle
  • ICOM Weekly New Movers
  • Permission! Formerly from Equifax
  • Residential Property Plus Formerly From Equifax
  • Rx Selector Formerly From Equifax
  • Small Area Characteristics Database
  • TargetPoint In-Market Formerly From Equifax
  • TargetPoint New Movers Formerly From Equifax
  • The Lifestyle Selector Formerly From Equifax
  • The Response Selector Formerly From Equifax 
  • The SOHO Selector Formerly From Equifax 
  • TotalSource XL Formerly From Equifax