Category: Alvosec

Secure/Multipurpose Internet Mail Extensions, or S/MIME, is an internet standard to digitally sign and encrypt email messages. It ensures the integrity of email messages remains intact while being received.

By using digital signatures, S/MIME provides for authentication, message integrity, and non-repudiation of origin. In addition, S/MIME includes encryption that strengthens privacy and data security for electronic messaging.

Signing Emails

S/MIME allows you to sign your emails to prove your identity as a legitimate business. Every time you create and sign an email, your private key applies your unique Digital Signature into your message. When your recipient opens your email, your public key is used to verify the signature. This ensures your recipient that the emails really came from you. Signing emails authenticates your identity in times where phishing attacks have already become so clever and it has become increasingly difficult to identify spoofed emails.

Free S/MIME Certificate

Actalis offers S/MIME certificates that are recognized on the most popular platforms and compatible with all the main S/MIME-compliant email applications, such as Microsoft Outlook, Mozilla Thunderbird, Exchange, Gmail, and many others.

Click here to validate your email and start a process to get free S/MIME certificate. Once you are done, you will get email with attachment and password for your newly generated certificate.

If you prefer to buy S/MIME certificate, then you can purchase from Sectigo.

Now it’s time to import into Thunderbird. Open Settings and then navigate to End-To-End Encryption, where you will be able to choose your S/MIME certificate for digital signing.

It’s time to test. Send email by choosing S/MIME tab where it says Digitally Sign. Once email is sent the recipient will be able to verify identity of sender.

If you click on Sender info, you will get more information about digital signature.

This means that message integrity and sender authenticity are verified.

S/MIME digital signatures safeguard against email spoofing by verifying the sender’s identity, ensuring the message contents have not been changed and confirming the sender actually sent the message.

ModSecurity is a free and open source web application that started out as an Apache module and grew to a fully-fledged web application firewall. It works by inspecting requests sent to the web server in real time against a predefined rule set, preventing typical web application attacks like XSS and SQL Injection.

Install ModSecurity

ModSecurity can be installed by running the following command in your terminal:

sudo apt install libapache2-mod-security2 -y

After installing ModSecurity, enable the Apache 2 headers module by running the following command:

sudo a2enmod headers

Restart apache2 service.

Configure ModSecurity

ModSecurity is a firewall and therefore requires rules to function. This section shows you how to implement the OWASP Core Rule Set. First, you must prepare the ModSecurity configuration file.

Remove the .recommended extension from the ModSecurity configuration file name with the following command:

sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

With a text editor such as vim, open /etc/modsecurity/modsecurity.conf and change the value for SecRuleEngine to On:

SecRuleEngine On

Also check if SecRequestBodyAccess is On.

Restart Apache to apply the changes.

Setting up the OWASP ModSecurity Core Rule Set

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including SQL Injection, Cross Site Scripting, and Local File Inclusion.

First, delete the current rule set that comes prepackaged with ModSecurity by running the following command:

sudo rm -rf /usr/share/modsecurity-crs

Clone the OWASP-CRS GitHub repository into the /etc/apache2/modsecurity.d/ directory:

sudo git clone https://github.com/coreruleset/coreruleset /etc/apache2/modsecurity.d

Rename the crs-setup.conf.example to crs-setup.conf:

sudo mv /usr/share/modsecurity-crs/crs-setup.conf.example /usr/share/modsecurity-crs/crs-setup.conf

Change module configuration

To begin using ModSecurity, enable it in the Apache configuration file by following the steps outlined below:

Using a text editor such as vim, edit the /etc/apache2/mods-available/security2.conf file to include the OWASP-CRS files you have downloaded:

Include /etc/apache2/modsecurity.d/owasp-modsecurity-crs/crs-setup.conf

In /etc/apache2/sites-enabled/website.com.conf file VirtualHost block, include the SecRuleEngine directive set to On.

SecRuleEngine On

Restart the apache2 service to apply the configuration.

Test ModSecurity

Test ModSecurity by performing a simple local file inclusion attack by running the following command:

curl http://website.com/index.php?exec=../../../etc/passwd

If ModSecurity has been configured correctly and is actively blocking attacks, the following error is returned:

403 Forbidden

If you have any questions or need help to setup ModSecurity feel free to contact us.

Keeping your system up-to-date with the latest packages and security updates can be a tedious task. Most users forget to do it, leaving them vulnerable to countless threats. Automate security (and other package) updates with the utility Unattended Upgrades on Debian or Ubuntu.

You can set up automated security updates on Linux by installing a helpful utility called unattended-upgrades.

Install it running the following command:

sudo apt install unattended-upgrades

After the installation completes, you can enable and start the unattended-upgrades service by running the following commands:

sudo systemctl enable unattended-upgrades

And this one:

sudo systemctl start unattended-upgrades

Configure unattended-upgrades file

The unattended-upgrades configuration file is found in the /etc/apt/apt.conf.d directory.

Access the configuration file with the following command:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

The unattended-upgrades package ignores lines that start with // as that line is considered to be a comment.

If you want a repository to update automatically, you need to remove // from that line.

For our purposes, we only need to remove // from the “security” line.

The Unattended-Upgrade::Package-Blacklist section of the config file allows you to block upgrades for specific packages.

You can also use hold option by running following command:

sudo apt-mark hold package-name

Enable Automatic Upgrades

The final step to enable automatic updates is to edit the auto-upgrades file with the command:

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-Lists “1”;
APT::Periodic::Unattended-Upgrade “1”;
APT::Periodic::AutocleanInterval “7”;

Testing automatic upgrades

To verify that the automatic upgrades are set up correctly perform a dry run. The dry run command ensures that the update is only a simulation and that no actual changes will take place. Use the command:

sudo unattended-upgrades –dry-run –debug

FOMO stands for Fear Of Missing Out. It is a common problem faced by both experienced and beginner traders alike. It is also one of the worst emotions to deal with in crypto trading and life in general. FOMO can cause you to make ill-advised decisions like investing in a suspicious projects.

In this article, we’ll unpack what FOMO means in crypto trading and how crypto traders can avoid it.

What is FOMO in Crypto Trading?

FOMO in cryptocurrency trading means the fear of losing a potentially profitable investment or trading opportunity. It’s the anxiety you get when that coin you didn’t buy starts shooting up in price value or when everyone (except you) seems to be investing in the next big DeFi/NFT/Blockchain project.

What causes Crypto FOMO?

According to behavioral economics, market price movements are significantly influenced by both overall market psychology and individual emotional states or trader psychology. The fear and greed index indicates general market psychology at a given period. The Crypto Fear and Greed Index combines multiple data sources gathered from market trends and social signals into a single figure that shows the general sentiment of the crypto market at any given time.

Investing and trading in cryptocurrency comes with a rollercoaster of emotions ranging from panic to hope. Trading FOMO in crypto is caused by a combination of these emotions, particularly panic, impatience, jealousy, fear and hope.

How to Avoid FOMO Trading

The first step to avoiding FOMO trading is to accept that Fear of Missing Out is a normal thing to feel. FOMO affects everyone, both in the crypto ecosystem and beyond. Nonetheless, FOMO trading in crypto can be avoided or at least reduced by implementing and taking the following steps seriously:

1. Set Up a Trading Plan

A crypto trading and investment plan should have all your long-term, short-term and exit plans, objectives and targets. It should also contain an outline of the coins in your portfolio and the coins you intend to buy. Traders who take the time out to set up their trading plans stand a better chance of effectively avoiding FOMO. Once you have a clear strategy and focused trading goals, you’re unlikely to fall for flimsy trading signals.

2. Analyse The Charts

“Facts over Feelings” is a good motto to follow when trading crypto. Learn to read and analyse cryptocurrency trading charts to understand the trends and trading patterns better. While your analysis may not always be spot on, it will provide you with a solid base to stand upon when FOMO shows up. Look at the charts from weeks or months, or years ago. There’s much to learn from looking at previous crypto trading and the price patterns that traders can apply to present and future trading.

3. Implement Risk management

In crypto trading, effective risk management involves various steps to reduce the impact of market dips and avoid total liquidation. The primary step to take before trading crypto is conducting comprehensive research that gives you all the necessary information you need to make your trade successful. Read more effective risk management methods for trading crypto here.

4. Focus on Your Trades

Comparison can inspire healthy competition in a person, but it can also make them lose sight of what’s important – their personal journey. As a trader, it can be disheartening to watch other traders make money and win big, especially from coins you missed out on buying. However, you must remember that you don’t know the full details of another trader’s journey to success. You’re better off focusing on your portfolio, trading strategies and goals.

5. Think long-term

Why are you buying a coin? What percentage of your income are you investing into the token? Are you ready for losses? What do you intend to gain from this crypto investment? What is your exit strategy? These are some critical questions any serious trader should ask themselves before investing. The answers will help you plan and work towards your goals without being bothered about FOMO. Long-term thinking always favors your finances more than short-term get-rich-quick thinking.

***

The fear of missing out in crypto trading is normal and can be managed. According to Warren Buffet, “The most important quality for an investor is temperament, not intellect. You need a temperament that neither derives great pleasure from being with the crowd or against the crowd.” This famous saying holds the key to managing FOMO. Pay attention to the market and the charts but stick to your trading plan while thinking long term.

Happy Trading!

Source: https://blog.obiex.finance/how-to-avoid-fomo-in-crypto-trading/

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. 

CVD (ClamAV Virus Database) is a digitally signed container that includes signature databases in various text formats.

Hash-based signatures

The easiest way to create signatures for ClamAV is to use MD5 checksums, however this method can be only used against static malware. To create a signature for test.exe use the –md5 option of sigtool:

sigtool –md5 test.exe > test.hdb

That’s it! The signature is ready to use:

clamscan -d test.hdb test.exe

You can change the name (by default sigtool uses the name of the file) and place it inside a *.hdb file. A single database file can include any number of signatures. To get them automatically loaded each time clamscan/clamd starts just copy the database file(s) into the local virus database directory (eg. /usr/local/share/clamav).

PE section based

You can create a hash signature for a specific section in a PE file. Such signatures shall be stored inside .mdb files in the following format:

PESectionSize:PESection:Malware

Body-based signatures

ClamAV stores all body-based signatures in a hexadecimal format. In this section by a hex-signature we mean a fragment of malware’s body converted into a hexadecimal string which can be additionally extended using various wildcards.

You can use sigtool –hex-dump to convert any data into a hex-string:

sigtool –hex-dump

We will be looking more into extended signature format.

The extended signature format allows for specification of additional information such as a target file type, virus offset or engine version, making the detection more reliable. The format is:

MalwareName:TargetType:Offset:Hex

Here is an example of one signature that we created:

alvosec_random175:3:*:6A6B656D70…

First is malware name (alvosec_random175), target type is 3 which stands for HTML files, 0 is for any, 10 is for PDF and so on. Next we have offset with value “*”.

Offset is an asterisk or a decimal number n possibly combined with a special modifier:

• * = any
• n = absolute offset
• EOF-n = end of file minus n bytes

Most of the time we are setting offset to any *.

Next we have hex signature (6A6B656D70313267406F322E706C), now if we convert that hex to text it will become: jkemp12g@o2.pl. Use this website to convert text to hex and vice versa.

Optional MinFL and MaxFL parameters can restrict the signature to specific engine releases. All signatures in the extended format must be placed inside *.ndb files.

Following exploit of the Nomad Bridge, Chainalysis estimates that $2 billion in cryptocurrency has been stolen across 13 separate cross-chain bridge hacks, the majority of which was stolen this year. Attacks on bridges account for 69% of total funds stolen in 2022 so far.

This represents a significant threat to building trust in blockchain technology. As more value flows through cross-chain bridges, they become more attractive victims for hackers. Even more troubling is that bridges are now a top target for North Korean-linked hackers, who – according to our estimates – have stolen approximately $1 billion worth of cryptocurrency so far this year, entirely from bridges and other DeFi protocols. For perspective, South Korea’s government-run statistical agency estimates the country earned $89 million from official exports in 2020.

The good news is that these services can take steps to protect themselves. And in the event of a hack, they can leverage the transparency of blockchain technology to investigate the flow of funds and ideally prevent attackers from cashing out their ill-gotten gains.

What are cross-chain bridge protocols?

Cross-chain bridges are designed to solve the challenge of interoperability between different blockchains. A cross-chain bridge is a protocol that lets a user port digital assets from one blockchain to another. For example, Wormhole is a cross-chain bridging protocol that allows users to move cryptocurrencies and NFTs between the various smart contract blockchains such as Solana and Ethereum.

While bridge designs vary, users typically interact with cross-chain bridges by sending funds in one asset to the bridge protocol, where those funds are then locked into the contract. The user is then issued equivalent funds of a parallel asset on the chain the protocol bridges to. In the case of Wormhole, users typically send Ether (ETH) to the protocol, where it is held as collateral, and are issued Wormhole-wrapped ETH on Solana, backed by that collateral locked in the Wormhole contract on Ethereum.

What makes cross-chain bridges so vulnerable?

Bridges are an attractive target because they often feature a central storage point of funds that back the “bridged” assets on the receiving blockchain. Regardless of how those funds are stored – locked up in a smart contract or with a centralized custodian – that storage point becomes a target. Additionally, effective bridge design is still an unresolved technical challenge, with many new models being developed and tested. These varying designs present novel attack vectors that may be exploited by bad actors as best practices are refined over time.

What can the industry do?

Just a few years ago, centralized exchanges were by far the most frequent targets of hacks in the industry. Today, successful hacks of centralized exchanges are rare. That’s because these organizations prioritized their security, and because hackers are always looking for the newest and most vulnerable services to attack.

While not foolproof, a valuable first step towards addressing issues like this could be for extremely rigorous code audits to become the gold standard of DeFi, both for those building protocols and for the investors evaluating them. Over time, the strongest, safest smart contracts can serve as templates for developers to build from.

Cryptocurrency services – including but not limited to bridges – should invest in security measures and training. For example, with North Korean-linked hackers in particular, sophisticated social engineering tactics that take advantage of the trusting and carelessness of human nature to gain access to corporate networks has long been a favored attack vector. Teams should be trained on these risks and warning signs.

Source: https://blog.chainalysis.com/reports/cross-chain-bridge-hacks-2022/