Archive | Security RSS feed for this section

Security content from Leo Nelson

Shodan Search Shortcuts

Use Shodan to discover which of your devices are connected to the Internet, where they are located and who is using them.

Listed below are some popular search shortcuts/search keywords to help with narrowing your search results:

Keyword Values Description Example
port Any Numeric Value Specific Ports port:554
has_screenshot True/False Has Screenshot has_screenshot:true
org Organization Value Organization org:”Microsoft”
ssl Organization Value SSL Certificates for Organizatio ssl:edellroot
ssl:Some University
ssl.version SSL Version Value SSL Version ssl.version:sslv2 -ssl.version:sslv3,tlsv1,tlsv1.1,tlsv1.2

Search Examples

Example Search Query Used For
port:9100 product:”LaserJet” Finding HP LaserJet printers on the network
ssl:edellroot Finding devices with SSL certificates issued by eDellRoot

 

Security Websites

General Technology and Security trends:

Threat Intelligence

Microsoft Security Intelligence Report: http://www.microsoft.com/security/sir/default.aspx
Team Cymru (also has subscription service): www.team-cymru.org
FBI Cybercrime information: http://www.fbi.gov/about-us/investigate/cyber/cyber

Malware and threats:

Threat Expert: http://threatexpert.com
Microsoft Malware Protection Center: http://www.microsoft.com/security/portal/default.aspx
SANS Internet Storm Center: http://Isc.sans.edu
Symantec Threat Explorer: http://www.symantec.com/norton/security_response/threatexplorer/index.jsp
Symantec Internet Threat Report: http://www.symantec.com/business/theme.jsp?themeid=threatreport
McAfee Threat Center: http://www.mcafee.com/us/threat_center/
Metasploit Blog: https://community.rapid7.com/community/metasploit?view=blog
Security Focus: http://www.securityfocus.com/
Dshield: http://www.dshield.org/
Offensive Security’s Exploit Database: http://www.exploit-db.com/
Worldwide Observatory of Malicious Behaviors and Attack Threats (WOMBAT):
http://wombat-project.eu/246
Symantec’s Worldwide Intelligence Network Environment (WINE): http://www.
symantec.com/about/profile/universityresearch/sharing.jsp
Mandiant M-Trends: https://www.mandiant.com/resources/mandiant-reports/
Bad domains, IP addresses, and other indicators:
Malware Domain Blocklist: http://www.malwaredomains.com/
Malware Domain List: http://www.malwaredomainlist.com/
Unspam Technologies Project Honeypot: http://www.projecthoneypot.org/index.php
EXPOSURE (Exposing Malicious Domains): http://exposure.iseclab.org/
Shadowserver Foundation: http://www.shadowserver.org/wiki/

Automatic threat analyzers:

Anubis (Analyzing Unknown Binaries): http://anubis.iseclab.org/
Virustotal: http://www.virustotal.com/
Metascan online: http://www.metascan-online.com/

Threats with signatures:

IBM ISS X-Force: http://xforce.iss.net
BotHunter Internet Distribution Page: http://www.bothunter.net/
Latest Snort publicly available Snort rules (most recent rules require subscription):
http://www.snort.org/snort-rules/
Emerging Threats signature list: http://www.emergingthreats.net/
Latest Tenable Nessus plugins (requires subscription): http://www.nessus.org/
plugins/

Patches and vulnerabilities:

MITRE’s CVE: http://cve.mitre.org
NIST’s National Vulnerability Database: http://nvd.nist.gov/
US-CERT Technical Cyber Security Alerts: http://www.us-cert.gov/cas/techalerts
Microsoft Security TechCenter: http://technet.microsoft.com/en-us/security/default.aspx

HIPAA Settlement Underscores the Vulnerability of Unpatched and Unsupported Software

From HHS, a bulletin concerning a settlement following a malware incident in 2011 that might have been avoided had the covered entity updated and patched their software: Anchorage Community Mental Health Services (ACMHS) has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule with the Department of Health and Human Services (HHS), Office for Civil Rights (OCR). ACMHS will pay $150,000 and adopt a corrective action plan to correct deficiencies in its HIPAA compliance program. ACMHS is a five-facility, nonprofit organization providing behavioral health care services to children, adults, and families in Anchorage, Alaska.

Source: HIPAA Settlement Underscores the Vulnerability of Unpatched and Unsupported Software

Related: Resolution Agreement (PDF)