• SIEM Solutions Overview (Security Information and Event Management)

    Modern corporate IT infrastructure consists of many systems and components. And monitoring their work individually can be quite difficult — the larger the enterprise is, the more burdensome these tasks are. But there are the tools, which collect reports on the work of the entire corporate infrastructure — SIEM (Security Information and Event Management) system in one place. Read the best of such products according to Gartner experts in our review, and learn about the main features from our comparison table.
    Read more →
  • Checking Clang 11 with PVS-Studio

      PVS-Studio: I'm still worthy

      Every now and then, we have to write articles about how we've checked another fresh version of some compiler. That's not really much fun. However, as practice shows, if we stop doing that for a while, folks start doubting whether PVS-Studio is worth its title of a good catcher of bugs and vulnerabilities. What if the new compiler can do that too? Sure, compilers evolve, but so does PVS-Studio – and it proves, again and again, its ability to catch bugs even in high-quality projects such as compilers.
      Read more →
    • Why code reviews are good, but not enough


        Code reviews are definitely necessary and useful. It's a way to impart knowledge, educate, control a task, improve code quality and formatting, fix bugs. Moreover, you can notice high-level errors related to the architecture and algorithms used. So it's a must-have practice, except that people get tired quickly. Therefore, static analysis perfectly complements reviews and helps to detect a variety of inconspicuous errors and typos. Let's look at a decent example on this topic.
        Read more →
      • Molto-2 — a USB programmable multi-profile TOTP hardware token

          About a year ago, we released Token2 Molto-1, the world's first programmable multi-profile hardware token. While Molto-1 is still the only solution of its kind currently available on the market, we will be soon releasing a new variation of a multi-profile hardware token, in a different form-factor and with a different set of features available.

          While Molto-1 has its advantages, there were some shortcomings that we wanted to address, for example, it can only hold up to ten TOTP profiles, which is not enough for many users. Also, using NFC to program the device does not look very convenient for some users. There were also requests to have a backlight for the screen of the token, so it can be used in the dark. With Molto-2 we tried to address this and a few other concerns. So, we hereby present our new device model, Token2 Molto-2 with the following specifications:

          TOKEN2 MOLTO-2 multi-profile programmable TOTP hardware token:

          ▣ RFC 6238 compliant

          ▣ supports up to 50 accounts/profiles

          ▣ USB-programmable with a Windows app

          ▣ RTC battery life: 8 years

          ▣ LCD screen battery: 3-4 months (rechargeable)

          The table below shows the comparison between Molto-1 and Molto-2

          Read more
        • The 2020 National Internet Segment Reliability Research

            The National Internet Segment Reliability Research explains how the outage of a single Autonomous System might affect the connectivity of the impacted region with the rest of the world. Most of the time, the most critical AS in the region is the dominant ISP on the market, but not always.

            As the number of alternate routes between AS’s increases (and do not forget that the Internet stands for “interconnected network” — and each network is an AS), so does the fault-tolerance and stability of the Internet across the globe. Although some paths are from the beginning more important than others, establishing as many alternate routes as possible is the only viable way to ensure an adequately robust network.

            The global connectivity of any given AS, regardless of whether it is an international giant or regional player, depends on the quantity and quality of its path to Tier-1 ISPs.

            Usually, Tier-1 implies an international company offering global IP transit service over connections with other Tier-1 providers. Nevertheless, there is no guarantee that such connectivity will be maintained all the time. For many ISPs at all “tiers”, losing connection to just one Tier-1 peer would likely render them unreachable from some parts of the world.
            Read more →
          • The hunt for vulnerability: executing arbitrary code on NVIDIA GeForce NOW virtual machines


              Against the backdrop of the coronavirus pandemic, the demand for cloud gaming services has noticeably increased. These services provide computing power to launch video games and stream gameplay to user devices in real-time. The most obvious advantage of this gaming type is that gamers do not need to have high-end hardware. An inexpensive computer is enough to run the client, spending time in self-isolation while the remote server carries out all calculations.

              NVIDIA GeForce NOW is one of these cloud-based game streaming services. According to Google Trends, worldwide search queries for GeForce NOW peaked in February 2020. This correlates with the beginning of quarantine restrictions in many Asian, European, and North and South American countries, as well as other world regions. At the same time in Russia, where the self-isolation regime began in March, we see a similar picture with a corresponding delay.

              Given the high interest in GeForce NOW, we decided to explore this service from an information security standpoint.
              Read more →
            • Ads
              AdBlock has stolen the banner, but banners are not teeth — they will be back

            • Static code analysis of the PMDK library collection by Intel and errors that are not actual errors

                PVS-Studio, PMDK

                We were asked to check a collection of open source PMDK libraries for developing and debugging applications with NVRAM support by PVS-Studio. Well, why not? Moreover, this is a small project in C and C++ with a total code base size of about 170 KLOC without comments. Which means, the results review won't take much energy and time. Let's go.
                Read more →
              • EVVIS-QR1 USB Programmable TOTP hardware token

                  imageToday, we are presenting a new type of TOTP hardware tokens — USB Programmable token that displays the OTP value as a QR code and also can send the current OTP value over USB as a part of its HID emulation feature.

                  What is EVVIS-QR1?

                  EVVIS-QR1 is a hardware device developed primarily for Electronic visit verification (EVV) information systems (hence the name). It is a standards-based TOTP hardware token that can also be programmed over USB. The OTP generated is shown on the display both as regular digits as well as a QR image. Both features (OTP shown as QR code and HID keyboard emulation) are intended to make it possible to minimize typos when entering the OTP.
                  Read more →
                • Y messenger Manifesto

                  Y messenger - decentralized end-2-end encrypted messenger

                  We are a team of independent developers. We have created a new messenger, the purpose of which is to solve the critical problems of the modern Internet and the modes of communication it provides. We see users become hostages to the services they have grown accustomed to and we see corporations exploiting their users and controlling them. And we don’t like it. We believe the Internet should be different.
                  In this Manifesto, we disclose our vision of the Internet and describe what we have done to make it better. If you share our ideas — join us. Together we can achieve more than each of us can alone.

                  Read more →
                • Looking back at 3 months of the global traffic shapeshifting

                    There would be no TL;DR in this article, sorry.

                    Those have been three months that genuinely changed the world. An entire lifeline passed from February, 1, when the coronavirus pandemics just started to spread outside of China and European countries were about to react, to April, 30, when nations were locked down in quarantine measures almost all over the entire world. We want to take a look at the repercussions, cyclic nature of the reaction and, of course, provide DDoS attacks and BGP incidents overview on a timeframe of three months.

                    In general, there seems to be an objective pattern in almost every country’s shift into the quarantine lockdown.
                    Read more →
                  • Safe-enough linux server, a quick security tuning

                    The case: You fire up a professionally prepared Linux image at a cloud platform provider (Amazon, DO, Google, Azure, etc.) and it will run a kind of production level service moderately exposed to hacking attacks (non-targeted, non-advanced threats).

                    What would be the standard quick security related tuning to configure before you install the meat?

                    release: 2005, Ubuntu + CentOS (supposed to work with Amazon Linux, Fedora, Debian, RHEL as well)


                    Read more →
                  • This is how you deal with route leaks

                      That, we must say, is the unique story so far.

                      Here’s the beginning: for approximately an hour, starting at 19:28 UTC on April 1, 2020, the largest Russian ISP — Rostelecom (AS12389) — was announcing prefixes belonging to prominent internet players: Akamai, Cloudflare, Hetzner, Digital Ocean, Amazon AWS, and other famous names.

                      Before the issue was resolved, paths between the largest cloud networks were somewhat disrupted — the Internet blinked. The route leak was distributed quite well through Rascom (AS20764), then Cogent (AS174) and in a couple of minutes through Level3 (AS3356) to the world. The issue suddenly became bad enough that it saturated the route decision-making process for a few Tier-1 ISPs.

                      It looked like this:


                      With that:

                      Read more →
                    • SLAE — SecurityTube Linux Assembly Exam

                        SecurityTube Linux Assembly Exam (SLAE) — is a final part of course:
                        This course focuses on teaching the basics of 32-bit assembly language for the Intel Architecture (IA-32) family of processors on the Linux platform and applying it to Infosec and can be useful for security engineers, penetrations testers and everyone who wants to understand how to write simple shellcodes.
                        This blog post have been created for completing requirements of the Security Tube Linux Assembly Expert certification.
                        Exam consists of 7 tasks:
                        1. TCP Bind Shell
                        2. Reverse TCP Shell
                        3. Egghunter
                        4. Custom encoder
                        5. Analysis of 3 msfvenom generated shellcodes with GDB/ndisasm/libemu
                        6. Modifying 3 shellcodes from shell-storm
                        7. Creating custom encryptor
                        Read more →
                      • New action to disrupt world’s largest online criminal network

                          Today, Microsoft and partners across 35 countries took coordinated legal and technical steps to disrupt one of the world’s most prolific botnets, called Necurs, which has infected more than nine million computers globally. This disruption is the result of eight years of tracking and planning and will help ensure the criminals behind this network are no longer able to use key elements of its infrastructure to execute cyberattacks.

                          A botnet is a network of computers that a cybercriminal has infected with malicious software, or malware. Once infected, criminals can control those computers remotely and use them to commit crimes. Microsoft’s Digital Crimes Unit, BitSight and others in the security community first observed the Necurs botnet in 2012 and have seen it distribute several forms of malware, including the GameOver Zeus banking trojan.
                          Read more →
                        • What would be the future of Android in 2020?

                            Android has always been on the top of the hustle when you think about mobile application development. Android’s smartphone OS Market Share now hovers around 85%. Furthermore, volumes are expected to grow at a five-year CAGR of 2.4%, with shipments approaching 1.41 billion in 2022.


                            Source: Google Images

                            But before you took the plunge in exploring and riding on the waves of changes or hire an android app developer to develop an app, it is important to understand the trends and its implications on the android application development ecosystem.
                            Read more →
                          • Developing and deploying Python for secured environments with Kushal Das

                              Here is the translated Russian version of this interview.

                              The company of speakers at Moscow Python Conf++ 2020 is great, and it's not a good luck but thorough Program Committee's work. But who cares about achievements, it's much more interesting what the speaker thinks about our own questions. Conferences suits good to find it out, get insider information or advice from an experienced developer. But I got an advantage of being in Program Committee so I already asked our speaker Kushal Das some questions.

                              A unique feature of Kushal's speeches is that he often unveils «secret» ways to break Python code and then shows how to write code so that the NSA can't hack it. At our conference Kushal will tell you how to safely develop and deploy Python code. Of course I asked him about security.

                              Read more →