In the next release of Turris OS, we would like to give our users the possibility to play a more active part in detection of network attacks. The first of the new functions is SSH honeypot which lures the attacker into a virtual environment where we can then observe his activity. This method will be more thoroughly described in a separate blog post planned for the near future. The second addition is less ambitious, but much simpler and still very useful. It is stripped down version of a honeypot which we internally call a “minipot”. In contrast to the normal honeypot which lets any attacker in with any password, our minipot just pretends that there is the possibility of logging in, and collects the supplied user names and passwords.
What does The Honeynet Project do and what is our connection to it
The Honeynet Project is a nonprofit organization established by Lance Spitzner, which brings together researchers and programmers from around the world. It is engaged in investigating attacks, their monitoring and the development of open-source tools in the field of information security.
Successful termination of the exercise Cyber Europe 2014
The CSIRT.CZ team has since summer of the year 2013 actively participated in the preparation and later also in the realization of the so far biggest European cybernetic exercise Cyber Europe 2014 which was already for the third time organized by the European Network and Information Security Agency – ENISA.
My African mission: CZ.NIC pairs delight as well as help Ethiopia
In the last year, CZ.NIC prepared for children pairs which include 32 themes connected with computers. While pictures are in every pair the same, their names are at one card in Czech and at the other in English. After the experience when these pairs were of use e.g. within the frame of a leisure-time club of English organized by the House of Youth and Children of Prague 9, I took the purely English variant to the Ethiopian school Halaba where I, as volunteer, teach children to work with computer within the frame of project supported by the Czech development agency.
Kleptography – a renovated method of how to get to your data is on the increase
We would considerably enjoy it if the cryptography crises limited themselves to one per day. We know, however, that it is only a wishful thinking.
Unintentional exfiltration of keys
The Chinese manufacturer of electronics Lenovo went in his greed so far that he not only pre-installs the display of advertisement on newly installed notegooks but the installed adware of third parties called Superfish even injects javascript into the code of the page being browsed; the goal is to analyze the page and to target the advertisement better. While doing this it does not limit itself only on non-coded HTTP connection.
Cyber attacks against handicapped
Window-Eyes is the so-called screen reader (reader of screen) for Microsoft Windows which is used by visually handicapped users, above all by totally blind and seriously visually handicapped users. Such software converts the content of the screen, e.g. of web pages, into the form of alternative output, most frequently as voice or Braille.
Looking back at interesting incidents of CSIRT.CZ in the year 2014
In the last year we noticed several interesting incidents and events which are certainly worth for use to come back to them in this way again. By the way, only the amount of incidents being solved increased from 495 for the year 2013 to 939 incidents in the last year. And these were often not only negligent events.
Project Turris: Majordomo enables a view over the happening in the local network
In a household, router is a central point through which a household is connected to the Internet. That is why the router is offered as a suitable place for various interesting analyses and statistics. The project Turris, that is true, offers a fairly big amount of analyses, statistics and tests, Majordomo, however, is the first tool which is intended purely for users and data are not sent from it for further processing.
Vulnerability of “rom-0“ after half year
In the previous blogposts about the error “rom-0“ I was engaged in the procedure of how to “mend“ a vulnerable router, I analysed the spreading of this error and above all I referred to the web test which we in Laboratories CZ.NIC activated at the address http://rom-0.cz. The last blogpost on this topic attended to the development of number of vulnerable boxes in the Czech Republic and in Slovakia during the first four months from the beginning of our measurings.
Attacks on the web honeypot
Honeynet operated by the CZ.NIC association certainly does not have to be particularly introduced to the readers of this blog. Besides articles on this blog there are also accessible source codes of operated honeypots which you can see on our GitLab. In today´s article we will focus on attacks caught on the web honeypot Glastopf.