Archive for the "Events" Category

Yahoo sub-domain compromised – 456k passwords dumped

 

Rumors are running around in a few places that a Yahoo! web property was hacked via SQL injection. Looking at the dump file there are a few clues that it is in fact from Yahoo. This will, no doubt cause many users headaches. Here are some statistics of interest that use culled from the dump with Pipal:

Top 10 passwords
123456 = 1667 (0.38%)
password = 780 (0.18%)
welcome = 437 (0.1%)
ninja = 333 (0.08%)
abc123 = 250 (0.06%)
123456789 = 222 (0.05%)
12345678 = 208 (0.05%)
sunshine = 205 (0.05%)
princess = 202 (0.05%)
qwerty = 172 (0.04%)

Password length (count ordered)
8 = 119135 (26.88%)
6 = 79629 (17.97%)
9 = 65964 (14.88%)
7 = 65611 (14.81%)
10 = 54762 (12.36%)
12 = 21733 (4.9%)
11 = 21224 (4.79%)
5 = 5325 (1.2%)
4 = 2749 (0.62%)
13 = 2663 (0.6%)
14 = 1502 (0.34%)
15 = 844 (0.19%)
16 = 575 (0.13%)
3 = 303 (0.07%)
17 = 267 (0.06%)
20 = 187 (0.04%)
18 = 133 (0.03%)
1 = 118 (0.03%)
19 = 99 (0.02%)
2 = 72 (0.02%)
21 = 23 (0.01%)
28 = 23 (0.01%)

Single digit on the end = 47445 (10.71%)
Two digits on the end = 73663 (16.62%)
Three digits on the end = 31106 (7.02%)

Last number
0 = 17608 (3.97%)
1 = 46705 (10.54%)
2 = 24635 (5.56%)
3 = 29233 (6.6%)
4 = 17712 (4.0%)
5 = 17413 (3.93%)
6 = 17899 (4.04%)
7 = 20403 (4.6%)
8 = 17863 (4.03%)
9 = 19922 (4.5%)

Other interesting stats:
.gov: 158
.mil 446
gmail.com: 106,909
yahoo.com: 138,837
hotmail.com: 55,178
aol.com: 24,731

No word yet on if the passwords were hashed or sitting in the DB in plain text.

I feel like 2012 is becoming the year of the high-profile password dump. I’ve had more and more non-security people ask me how I store my passwords. First, just about every web site and service I use has a different password. Second, I am big fan of KeePassX. It’s easy, open source (and well scrutinized), and available on any platform that I need it to be on. I also use two-factor on those sites that offer it (e.g. Google, Facebook, etc.)

-Trevor
@packetwerks

Follow us: @stratumsecurity

Analyzing DNS Logs Using Splunk

 

Back in December of 2011 I wrote a post on the ThreatSim blog called “Fighting The Advanced Attacker: 9 Security Controls You Should Add To Your Network Right Now“. One of the controls we recommended that folks implement was to log all DNS queries and the client that requested it:

Log DNS queries and the client that requested it: It’s been said that DNS is the linchpin of the Internet. It’s arguably the most basic and under appreciated human-to-technology interface. It’s no different for malware. When you suspect that a device has been compromised on your network, it’s important to be able to see what the suspected device has been up to. The DNS logs of a compromised machine will quickly allow responders to identify other machines that may also be infected.

Telling people to log DNS requests is super easy. Logging DNS queries is pretty easy too. Understanding how to ingest, analyze, process the data is where you need to bring in some tools. We love Splunk (as do many of our customers).  Splunk is the perfect tool for the job of figuring out what your clients are up to and who they are talking to. You can also set up real-time alerts if Splunk sees a DNS lookup for a known bad domain name.

Let’s implement our recommendation in real life. Here is what we did:

Read More

Stratum Sponsoring First OWASP Tampa Day

 

Stratum is proud to be sponsoring the first OWASP Tampa Day this Monday, June 20th. The free event will feature presentations aimed at providing developers and Information Security professionals with an introduction to application security. The event features 4 presentations from application security experts and ‘sold-out’ in less than 48 hours with 76 registered attendees. You can visit the event’s Eventbrite page for more information.

Stratum’s own Trevor Hawthorn will be presenting PCI for Developers: Lessons from the Real World,

Any organization that stores, processes, or transmits credit card data must comply with the Payment Card Industry’s (PCI) Data Security Standards (DSS). PCI can be daunting even for compliance and security experts. If you are a developer, it can be a major headache. Sooner or later the day will come when you (or your developers) will need to integrate PCI into your Software Development Lifecycle (SDLC). During this talk Trevor will discuss what is required to meet PCI compliance, and examine how a wide variety of organizations tackle their compliance obligations.

Stratum is also a sponsor of the OWASP Tampa chapter.