Catch Attackers Attempting to Shellshock You

Posted by Oliver Tavakoli, CTO, Vectra Networks on Sep 29, 2014 10:48:00 AM

The recent discovery of Shellshock, the bash shell bug, has something in common with the discovery of Heartbleed earlier this year. Both vulnerabilities existed for many years before they were discovered – over two years for Heartbleed and over 22 years for Shellshock. Both affect a very large number of computer and communications systems. Both have induced a gut-wrenching panic.

There will always be two periods during which you are vulnerable to such exploits. The first is the period before the vulnerability is reported and may have been exploited by a few attackers. The second is the span of time between when the vulnerability is publicly reported and before you patch the affected systems. During this second period, every attacker imaginable will attempt to exploit the vulnerability. Predicting when new vulnerabilities will appear and what ways creative attackers will come up with to exploit them is generally a losing battle. That doesn’t mean there is nothing you can do to catch them.

Read More »

Topics: Heartbleed, Shellshock

Detecting Future Heartbleed Security Exploits

Posted by Oliver Tavakoli, CTO, Vectra Networks on Aug 22, 2014 2:47:00 PM

Reading Steve Ragan's write-up on the recent Community Health Systems breach in CSO online took me back to my blog post on Heartbleed from the Inside from May 1, 2014 that included this cautionary note.

"It's only a matter of time – actually, it's probably already happening – before we see targeted attacks that utilize Heartbleed as one of the weapons in the attackers' arsenal to acquire key account credentials and use those credentials to get to the crown jewels."

Read More »

Topics: Malware Attacks, Heartbleed

Are We Secure?

Posted by Dain Perkins, Senior System Engineer, Vectra Networks on May 28, 2014 2:45:00 PM

Meaningful information security metrics seem to come in as many shapes and sizes as there are CISAs, CISMs, and CISSPs brave enough to weigh in on the subject. There are plenty of risk and security frameworks available to help guide a security team to a reasonable answer to nearly any question posed regarding the appropriate allocation of resources required to reduce a given business risk to a specific level.

Read More »

Topics: Targeted Attacks, Heartbleed

Heartbleed on the Inside

Posted by Oliver Tavakoli, CTO, Vectra Networks on May 1, 2014 5:00:00 PM

A lot has been said about the global impact of Heartbleed. First, we had all the descriptions of Heartbleed – my favorite one was on xkcd. Then we saw warnings that we would need to change our password on public websites. That was followed by a warning that, since the private keys of certificates could be retrieved by exploiting Heartbleed, we should change our passwords now, wait for Web sites to change their certificates and then change our passwords again.

What has received far less attention is the fact that many of our common enterprise products (e.g., routers, firewalls, web proxies) inside our infrastructure are also susceptible to Heartbleed. Bulletins from Cisco, Juniper Networks and Blue Coat indicate widespread use of OpenSSL, the software in which the Heartbleed bug exists, in these products. Even industrial control systems from companies like Siemens have this vulnerability, which Arik Hesseldahl wrote about recently on Re/ And, unlike public-facing web sites, many of which have already undergone updates to fix the bug, the availability and deployment of patches for all your infrastructure systems hits you in unexpected ways, including the need to upgrade to the newer versions of software than you are probably running, necessitating testing cycles before you can deploy it.

Read More »

Topics: Heartbleed

Subscribe to the Vectra Blog

Recent Posts

Posts by Topic

Follow us