Application Security News for September 2016
Google Chrome to explicitly identify sites that do not use HTTPS
Google has been at the forefront of securing the web and users. Starting a few years back, Google started improving the search rankings of sites that use HTTPS, in an attempt to convince website owners to start securing their sites with HTTPS. Now, it is pushing this even further with a new change to the Chrome Browser.
Starting with Version 56, the Google Chrome browser will start explicitly identifying sites that do not use HTTPS with a warning. The change will look like this:
DDoS-as-a-service site ‘vDOS’ hacked, brought down
vDOS — a “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline — has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets.The vDOS database, obtained by KrebsOnSecurity.com at the end of July 2016, points to two young men in Israel as the principal owners and masterminds of the attack service, with support services coming from several young hackers in the United States.
To say that vDOS has been responsible for a majority of the DDoS attacks clogging up the Internet over the past few years would be an understatement. The various subscription packages to the service are sold based in part on how many seconds the denial-of-service attack will last. And in just four months between April and July 2016, vDOS was responsible for launching more than 277 million seconds of attack time, or approximately 8.81 years worth of attack traffic.
More on KrebsOnSecurity.
Indonesia experiences "drastic increase" in cyber attacks, especially on e-commerce sites
Indonesia President Joko “Jokowi” Widodo stated that the country had seen a drastic increase in cyber crime, according to a report.
Speaking in a limited Cabinet meeting at the State Palace on Tuesday, President Jokowi cited that the number of cases has grown by 389 per cent in 2014 to 2015. He also mentioned that most of the cases occurred in the e-commerce sector.
Supporting his statement, this July the Office of the Coordinating Political, Legal and Security Affairs Minister had stated that cyber attacks in Indonesia rose by 33 per cent in 2015 from the previous year.
Of all these attacks, 54.5 per cent were aimed at e-commerce-related websites, causing the system to stop working.
More on e27…
White House names retired Air Force general as first cyber security chief
The White House on Thursday named a retired U.S. Air Force brigadier general as the government’s first federal cyber security chief, a position announced eight months ago that is intended to improve defenses against hackers.
Gregory Touhill's job will be to protect government networks and critical infrastructure from cyber threats as federal chief information security officer, according to a statement.
More on Reuters…
Things Twitter Said on CyberSecurity
Yo dawg I heard you like exploits, so I put an exploit framework exploit in your exploit frameworkhttps://t.co/cFXxbI8EzD
— ＧＮＵ／ＪＵＳＴＩＮ ✖️ (@justinsteven) September 19, 2016
Give a man an 0day and he'll have access for a day, teach a man to phish and he'll have access for life.
— the grugq (@thegrugq) February 7, 2015
— Traversal (@haydnjohnson) September 23, 2016
financial industry lobby group thinks we shouldn't make TLS 1.3 too secure and keep crappy RSA based key exchange https://t.co/z5s3WeEB9b
— hanno (@hanno) September 22, 2016
Securing your applications with Barracuda Web Application Firewall
Securing your web application need not be difficult. The Barracuda Web Application Firewall exists to secure your web applications easily and provide you with peace of mind. Once you deploy the Barracuda Web Application Firewall in front of your web application, it is trivially easy to setup a HTTPS front end and enable complete application security. The Barracuda Web Application Firewall provides complete security against all web attacks (pdf), including application DDoS and Web Scraping. We offer several deployment options, including physical and virtual appliances, and Azure, AWS, and vCloud Air. Try it in your environment for 30 days, risk-free.
Tushar Richabadas is a Product Manager for the Barracuda Web Application Firewall team in our India office. You can connect with him on LinkedIn here.