Stealing ATM PINs Using Thermal Imaging

Residual heat signatures detected by a thermal imaging camera

At the USENIX Security Symposium in San Francisco, researchers from the University of California at San Diego presented a paper on using thermal imaging to steal ATM PINs. In their paper, entitled Heat of the Moment: Characterizing the Efficacy of Thermal Camera-Based Attacks, Keaton Mowery, Sarah Meiklejohn, and Stefan Savage describe how thermal cameras can be used to detect which keys have been recently pressed on a numeric keypad based on residual heat left from key presses.

Read more »

Got a security question? Ask an expert!

Do you ever wish you could get your information security questions answered without the hassle of searching the Internet, posting to an online forum, or visiting the book store? Well, look no further. Get your questions answered now using our Ask a Security Expert service. It’s a free service for IT professionals and small business owners. Systems administrators, software developers, and IT managers alike will benefit from this no-strings-attached service.

Ask a question now >

Enterprise Security Tip #2: Strengthen the Weakest Security Link First

When performing penetration testing, we consistently gain access to hosts and applications using educated password guessing attacks. This is especially true of web applications which often 1) maintain their own database of user accounts and 2) lack adequate password policy enforcement. One of the most successful techniques involves sweeping a list of usernames for weak passwords. You begin by compiling a list of valid usernames (see 8 Ways Your Website Could Be Leaking Login IDs for more information on how this might be done in the wild). Once you’ve collected a sizable list of usernames, you attempt to authenticate to each account using a very small set of weak passwords (e.g. password, password1, password123, Password1, 123456, 654321, etc.). By keeping the number of passwords small , this technique avoids triggering account lockouts, and it’s highly effective against relatively large lists (100 or more usernames). It even works against applications that require complex passwords, but that fail to filter out weak combinations, such as Password1, Password2, Password123.

We bring up this attack, because it highlights one of the primary weaknesses in many systems – poorly chosen passwords. How do you eliminate this weakness? By preventing users from choosing weak passwords in the first place. This is accomplished through a combination of password policy definition and enforcement within your applications.

Read more »

8 Ways Your Website Could Be Leaking Login IDs

Hackers frequently gain access to computers and applications using compromised usernames and passwords. While phishing attacks account for a large percentage of compromised accounts, there are other techniques employed by attackers to identify valid login IDs for use in password guessing attacks. Here are eight ways that your website could be leaking login IDs…

Read more »

Enterprise Security Tip #1: Keep a Watchful Eye on Web Traffic

Welcome to the first post in the SML Enterprise Security Tips series. In this post, we’re going to discuss a danger present in many enterprise networks: HTTP port and protocol abuse.

Let’s start with a scenario. Like all good security administrators, you have installed a firewall between your internal network and the Internet, and you’ve configured the firewall to allow only those services required by your employees, customers, and partners. One day, you notice an unusually large amount of traffic originating from a desktop on your internal network to a host on the Internet. You inquire with the user of the computer, but he knows nothing about what’s going on. Fearing that the computer has been compromised, you removing it from the network. You later hear about a large, distributed denial of services (DDoS) attack against a high-profile U.S. government agency. After further inspection of your firewall logs, you realize that your host was likely involved in the attack.

Read more »

The “SML Enterprise Security Tips” Series is Here

As information security professionals, we invest considerable time, effort, and money into staying just one step behind crackers and cyber criminals (yes, you read that correctly, one step behind). No sooner do we implement a cool new security technology to combat an existing threat than the hacker community devises a new type of attack. Keeping up with the growing list of possible threats and attack vectors is a daunting task. It’s a never-ending battle that requires vigilance, insight, and persistence. To keep you abreast of existing and emerging security threats and technologies, we’re launching SML Enterprise Security Tips – a collection of practical tips, tricks, and security insight for enterprise security administrators, architects, developers, and managers. So, stay tuned!

The Secure Mind Labs Team

Do You Need a Web Application Security Assessments?

“My web server was tested in our last network vulnerability assessment. Do I need a separate web application security assessment?”

We get asked this question often. The (not so) simple answer is… it depends. Network vulnerability assessments typically identify vulnerabilities in the host operating system and web server software. Web application security assessments, on the other hand, identify coding and logic flaws within the security framework of web applications. A comprehensive web application testing methodology takes into account user roles, business logic, and application context – three things that automated vulnerability scanners don’t do well. Consequently, your network vulnerability assessment probably won’t provide much feedback in these areas.

Read more »

Metadata Extraction – Is Your Website Leaking Information?

If you’re reading this post, chances are you’re concerned about website security. As a responsible website owner or systems administrator, you have considered the obvious security precautions. You’ve placed your web server behind a firewall, you keep your web server software updated and patched, you use strong passwords, and you encrypt sensitive traffic sent between web browsers and your server. However, if your website hosts Microsoft Office, Open Office, Word Perfect, or PDF files (among others), you may be leaking more information than you think.

Read more »

Secure Mind Labs Blog Goes Live

Welcome to the official blog of Secure Mind Labs! Stayed tuned for security insight, tips, tricks, and tools to improve your security knowledge and awareness.