Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

To Crypt or Not to Crypt

If you're not careful, you can be sniffed almost anywhere

12:25 PM -- These days, there are potential places to sniff traffic literally everywhere. On your desktop there are browser and network shims, used by security software and tools like Google desktop, that watch traffic in transit. Switches and hubs can be monitored. Wireless access points do MAC address filtering and logging. Firewalls are essentially computers that can log. Proxy servers do content filtering and logging, too.

You can't turn your back for a moment without finding some other system or software logging your data. So why is it that companies still use insecure protocols? Just this week, a client asked me if I could open up FTP access for them. Absolutely not!

FTP is vulnerable to man in the middle attacks, because there is no cryptography used in the communication between the client and the host. Some users also employ HTTP instead of HTTPS for transactions that should be secure. Is this a smart choice?

Studies have shown that 70 percent of all hacks come from the inside. That means that 70 percent of your attacks will come from people who already have access to many of the systems you are attempting to protect. These individuals also have physical access to machines, which means potential tampering and local subnet access to sniff connections.

Man in the middle attacks may not be a big problem on the Internet at large, but within the corporation, on the wireless net, or in a hotel, this type of attack is a very real threat. Use VPNs when you're remote, and secure protocols whenever sensitive information is involved.

— RSnake is a red-blooded lumberjack whose rants can also be found at Ha.ckers and F*the.net. Special to Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-10696
PUBLISHED: 2020-03-31
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
CVE-2020-5344
PUBLISHED: 2020-03-31
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially cr...
CVE-2020-5292
PUBLISHED: 2020-03-31
Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability. The impact is high. Malicious users/attackers can execute arbitrary SQL queries negatively affecting the confidentiality, integrity, and availability of the site. Attackers can exfiltrate data like the users' and admini...
CVE-2020-7009
PUBLISHED: 2020-03-31
Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
CVE-2019-13495
PUBLISHED: 2020-03-31
In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field.