On this episode of the Imperva Security Podcast Eldad Chai -- Imperva Web Application Firewall Product Manager, is interviewed.

Eldad talks about adding reputation to an application security strategy, anti-automation, and adaptive response.

He goes into detail on Imperva's ThreatRadar solution- what it is, how it's used, and what customers can expect to gain from it. He covers specific threat examples such as automated attacks and business logic attacks and how they can be addressed beyond blocking and alerting with capabilities such as CAPTCHA, challenge-response, redirection and more.

Related information

Next Generation Web Application Firewalls

• NG-WAF Whitepaper
• NG-WAF Podcast

Industrialization of Hacking

• Industrialization of Hacking Whitepaper

RSA San Francisco 2010

On Thursday, March 04 08:00 AM Tall Beery (Imperva Web Research Team Leader) and I will be presenting the topic:  Tell Me Your IP and I’ll Tell You Who You Are.  The RSA ID is NMS-301 and it will be in Orange Room #306.

Abstract 

IP addresses are considered an unreliable method for attack detection. The session demonstrates how information derived from IP addresses can be used to improve attack detection capabilities. The presentation discusses attributes such as Geo Location, Anonymous Proxy lists etc. The presentation is supported by corroborative evidence derived from actual log data and demonstrates some analysis tools.

RSA San Francisco 2010

On Wednesday, March 03 08:00 AM Tall Beery (Imperva Web Research Team Leader) and I will be presenting the topic:  Staring at the Beast: Six-Months of Attack Vector Research.  The RSA ID is SIP-201 and it will be in Orange Room #307.

Abstract 

Security officers and vendors alike must look beyond traditional vulnerability information and become privy to the true activities of attackers. The intelligence gathered through such data collection efforts provides insight into the actual focus of hackers, current attack trends, behavioral patterns of attack, and attack tools. This session will examine data to enable us to create more effective security policies and tools in a timely manner.

 Stop by our booth at RSA

In addition to the Next Generation Web Application Firewall (NG-WAF) Whitepaper Imperva has released a podcast with CTO Amichai Shulman on NG-WAF.

Amichai discusses the Industrialization of Hacking (Whitepaper on that topic found here) and how that's creating a need for WAF solutions to evolve so they can address automated attacks, business logic attacks, and the existing and growing list of technical attacks such as SQL Injection, XSS, etc. He also discusses mechanism for combating automated attacks and business logic attacks, deployments within MSSP and Cloud-based environments, and other components of Imperva's NG-WAF vision. 

Downloads

• NG-WAF Whitepaper
• NG-WAF Podcast
• Industrialization of Hacking Whitepaper

 Stop by our booth at RSA San Francisco this week (March 1st 2010) to learn more.

Download Whitepaper

Stop by our booth at RSA San Francisco this week (March 1st 2010) to learn more

Download the Whitepaper

Today, hacking is a $1T industry — up from a few billion just three years ago. In 2007, professional hacking represented a multibillion-dollar industry. At present, this same industry posts — in stolen data, IP and financial gain — more than one trillion in value. What explains this rapid growth? Industrialization. Just as the Industrial Revolution advanced methods and accelerated assembly from single to mass production in the 19th century, today's cyber crime industry has similarly transformed and automated itself to achieve scalability and increase profits.

The industrialization of hacking coincides with a critical shift in what's considered today's prized commodity: data. This paper explores:

• The structure of industrialized hacking operations.
• Current technologies used by hackers.
• The most common attack methods and mitigation strategies.

Download the Whitepaper

Stop by our booth at RSA San Francisco this week (March 1st 2010) to learn more

OWASP just released episode number 59.  They discuss a number of topics, but during the last third of the podcast they focus on the 32 million clear text passwords that were stolen from RockYou and later posted on the Internet. They also explore Imperva's research paper that explores the strength of those passwords.

The report identifies the most commonly used passwords:

   1. 123456
   2. 12345
   3. 123456789
   4. Password
   5. iloveyou
   6. princess
   7. rockyou
   8. 1234567
   9. 12345678
  10. abc123

"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second—or 1000 accounts every 17 minutes," explained Imperva's CTO Amichai Shulman. "The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine."

Some key findings of the study include:

• The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as "brute force attacks."
• Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is "123456".
• Recommendations for users and administrators for choosing strong passwords.

Imperva has launched another resource:  Cookie Poisoning. This resource contains information about Cookie Poisoning as well as related White papers, Webcasts, and videos.

Cookie Poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user's computer) in order to bypass security mechanisms. Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal their identity.

Today The Los Angeles Times ran an article about China shutting down a hacking academy.Called Black Hawk Safety Net, their advertisement read:

Just a little training and you too could hack websites, earning thrills, power and, in many cases, money. "Guaranteed successful attack tools!"

Police in Hubei province announced to the Chinese media over the weekend that they had closed down the operation, which state media said was the largest training site for Chinese hackers, and arrested three of its ringleaders. Black Hawk is accused of collecting more than $1 million in tuition from 12,000 subscribers and 170,000 others who took its online courses, according to Chinese media.

With all the global scrutiny on China regarding IP theft - Ford, DuPont, CyberSitter, etc and attacks against government organizations and critical infrastructure, as well as recent events at Google, and pressure from the US Secretary of State, is this just a PR exercise?  Or, is China getting serious about mitigating cyber crime? If it is real, it seems like a small victory in a long and growing line of incidents.

Although Black Hawk's original website was taken down, it appears that a new one has been set up under a different address. And memberssay they don't believe the bust will make a dent in China's hacking culture.

China wouldn't be the first to try and create a false sense of security.

The NY Times published an article today about China's underworld.

The reporter - David Barboza - interviews a Chinese hacker that goes by the handle - Majia.

Internet security experts say China has legions of hackers just like Majia, and that they are behind an escalating number of global attacks to steal credit card numbers, commit corporate espionage and even wage online warfare on other nations, which in some cases have been traced back to China.

In addition to independent criminals like Majia, computer security specialists say there are so-called patriotic hackers who focus their attacks on political targets. Then there are the intelligence-oriented hackers inside the People’s Liberation Army, as well as more shadowy groups that are believed to work with the state government.

Just about every major country has at least one government-sponsored "cyber warfare" group - including the United States. In fact, there has been speculations that North Korea graduates about 500 "cyber warriors" every year from their training programs. 

Computer hacking is illegal in China. Last year, Beijing revised and stiffened a law that makes hacking a crime, with punishments of up to seven years in prison. Majia seems to disregard the law, largely because it is not strictly enforced. But he does take care to cover his tracks.

He even claims to know details of the Google attack. “That Trojan horse on Google was created by a foreign hacker,” he says, indicating that the virus was then altered in China. “A few weeks before Google was hijacked, there was a similar virus. If you opened a particular page on Google, you were infected.”

When asked whether hackers work for the government, or the military, he says “yes.”

Does he? No comment, he says.