Tag: TIP

Posted on

Two factor authentication & how to check unusual twitter activity?

Recently my Twitter account was hacked. That teaches me to use simple passwords. This account was quite old and unused for a while. When i started to use it again it got a bit more visibility and was take over. I got it recovered quite quickly, but cleaning-up takes a while.

Just a few minor tips:

  • Do not re-use passwords (this was my luck, i never do. Multi-level protection password managers help me here).
  • Check past likes you have not made yourself and look “off-beat” – do this FREQUENTLY.
  • Many services provide “recent user activity/logon” info (sometimes difficult for me, since i use VPN’s of many types with different countries as target).
  • Verify profile changes and email notifications regarding your accounts (never click on those email links, always go to the page directly to take action).
  • Change password periodically (every year, when using 2factor?).
  • Use multi factor authentication (with few trusted devices) where possible.
Posted on

Threat summary

Simple chart with classification of different InfoSec threats.

Misdirection:

  • Spoofing,
  • Pharming,
  • XSS,
  • poisoning (arp,dns)
Social trust:

  • Phishing,
  • Social engineering,
  • Social network attacks,
 Vulnerability:

  • SQl inject,
  • code injection,
  • path traversal,
  • buffer overflow,
Snooping:

  • Replay attacks,
  • Sniffing,
  • Keylogging,
  • Session Hijacking,
  • TEMPEST
Password attacks:

  • Dictionary,
  • Brute force,
  • Rainbow(hash) tables,
  • Shoulder surfing
 Escalation:

  • Authentication
  • Bypass,
  • Pivoting,
  • Heuristic commits
Malware:

  • Rootkits,
  • Trojans,
  • Worms,
  • Spyware
Malicious actions:

  • DoS,
  • DDoS,
  • Virus,
  • Scare/Ransomware
Mitigations:

  • Hardening,
  • Secure boot,
  • threat Scanning
Posted on

What control activities to verify?

During the validation of control activities you should attempt to make security easier on users and more difficult for attackers. 

Activities to verify may include (not limited to):

  • Prevention (2FA, least privilege, reduce deniability, …)
  • Delay (strong encryption, layering, …)
  • Detect (monitor, detect change, audit, automate, …)
  • Compliance (implementation of corporate policy and standards, including configuration best practices)
  • Recover (verify the ability to reset to the last known good state)

NOTE: validation of control activities is not considered an audit. Auditors should also be evaluated by watching the watcher & comply with segregation of duties. Example: auditors should NOT define the governing policy or have the ability to implement change.