Protecting Infrastructure With TLS Client Authentication

Here at Threat Stack we really like Yubikeys — and they’re a critical part of our security program. Many folks know Yubikeys for their ability to generate one-time codes for use as a second factor. Did you also know you can store certificates on them and use them in your operating system? I’ve written about using the Personal Identity Verification applet on the Yubikey in the past, but now I’d like to take that one step further and use it to identify yourself to a web application. We’ll cover how to do this with a Mac OS X Mojave client — which works nicely with the OpenSC library and an HAProxy reverse proxy. Read more “Protecting Infrastructure With TLS Client Authentication”

Access Management Lessons From Timehop’s Cloud Security Breach

Over the past couple of weeks, both Macy’s and Timehop experienced breaches as a result of authentication weaknesses. On July 4, social media startup Timehop experienced a data breach that affected 21 million customers and included information such as names, emails, and phone numbers. According to a preliminary investigation conducted by the Timehop team, the attacker gained unauthorized access to the company’s cloud service provider using stolen administrative credentials back in December 2017. For months, the hacker conducted reconnaissance on the system before launching an attack against the company’s production database on the July 4 holiday.

Unfortunately, credential theft attacks like these happen all too often: According to the 2018 Verizon Data Breach Investigation Report, credential theft was the top cause of data breaches. Attackers can gain privileged access to a system using administrative credentials, remaining undetected (sometimes for months as in the Timehop incident) as they move laterally across a system, conducting reconnaissance, and waiting for the right opportunity to exfiltrate data.

Timehop’s breach is an example of the security risk that employees, both current and former, can pose to any organization that practices poor cloud security hygiene. Given the sheer scope of security incidents involving some form of credential theft, it’s important for IT staff and engineers to understand not only where data is stored but also who is accessing and exporting it.

Businesses issue thousands of credentials to employees and contractors, making it more important than ever for them to improve access management. Not doing so could cause an organization’s most sensitive data to be stolen.

Here are a few tips on where to start. Read more “Access Management Lessons From Timehop’s Cloud Security Breach”