21
Oct
2014
Deprecating SHA-1 Hash Algorithm. Why, What and When.

As some of you may already know, in September Incapsula began the process of replacing all SHA-1 SSL certificates with the more secure SHA-2 version. This transition is on schedule and will be completed within the following week. In addition, all new SSL certificates issued by Incapsula will use the SHA-2 algorithm.

Our decision to discontinue SHA-1 support is in line with the industry trend, which acknowledges the potential weakness of the SHA-1 cryptographic algorithm.

In November 2013 Microsoft was the first to announce its timetable for phasing out SHA-1 certificates. According to this timetable, MSN platforms will stop supporting SHA-1 as of January 1, 2017.

More recently, Google and Mozilla announced that their browsers will no longer trust SHA-1 encrypted SSL certificates with expiration dates past December 31, 2016...

Read more »

15
Oct
2014
 What You Need to Know About POODLE SSLv3 Vulnerability

With Google disclosing the POODLE vulnerability in SSL v3, we are now witnessing version 3’s last days. Unlike other SSL vulnerabilities, such as BEAST and LUCKY 13, POODLE has no patch or workaround—the v3 protocol itself is broken. Connections using CBC ciphers are insecure, enabling attackers to extract sensitive data from them.

In Google’s paper, their vulnerability researchers reveal how an attacker can extract data, ostensibly encrypted from SSL v3 connections using CBC ciphers. They also provide an example of how a real-world attack might take place, resulting in session cookies being stolen.

The bottom line is that attackers with access to client or server environments can manipulate clients to use insecure SSL v3 connections. They then use v3 weaknesses to extract sensitive data from the stream...

Read more »

09
Oct
2014
Cyber Security Awareness Month

The month of October is Cyber Security Awareness Month, when we review threats that attempted to catch us off guard, as well as consider those looming on the horizon. To add to the discussion, Incapsula will highlight some of the incidents we’ve covered this year and make a few predictions based on our research.

Over the past five years, Incapsula’s content distribution network has expanded to every corner of the world, enabling our team to provide you with insights into the latest attacks and tactics. We’ve witnessed just about every trick in the book. These range from attacks originated by collectives such as Lizard Squad and Anonymous, upstart hackers working out their basement, and criminal syndicates attempting to disrupt legitimate organizations...

Read more »

06
Oct
2014
IncapRules – Closing the Door on Brute Force Attacks

During the recent wave of large “credential dumps”—where lists of usernames and passwords have been posted on the web—Incapsula has proven to deliver impenetrable protection from attempts to match exposed username/password combinations across various Internet resources.

Such matching attempts are executed as automated brute force attacks. One way to deal with them is to activate Incapsula’s Suspicious bots mode, , which employs <progressive challenges to sift through unidentified inhuman visitors.

However, a much more elegant solution can be achieved with a simple IncapRules syntax that leverages Incapsula’s request-inspection capabilities.

Read more »

02
Oct
2014
Did Shellshock Hit One Billion Servers?

It’s been nearly a week since the discovery of what has become known as Shellshock. Incapsula Labs has been tracking the vulnerability and its variants from almost the beginning.

The impact is big. The question I keep getting asked is, How big? There are two ways of looking at the magnitude of the attack: 1) the number of sites attacked, and 2) the damage it has caused to each site.

We’ll dig into both, as well as what we see as a potential aftershock caused by malware and exploits planted on vulnerable machines.

Read more »

29
Sep
2014
The Shellshock Aftermath – How Hackers Are Bashing Servers

The Internet is currently abuzz with talk about Shellshock, the new “mega vulnerability” discovered in Bash (a.k.a. the Bourne-Again Shell), the most common command-line shell used in Linux/UNIX systems. This morning we released a quick blog post to let our customers know that we have already modified our WAF to protect against this vulnerability.

Now that the dust has settled, we are following up with some of the details we garnered through analyzing attack attempts against Incapsula-protected websites and servers.

Read more »

25
Sep
2014

Yesterday, a security researcher released the details of a major security vulnerability in Bash, a.k.a. Bourne-Again Shell, a popular software utility.

The vulnerability, known as Shellshock, will be a serious problem for many Linux, Unix, and Mac OS X users.

In order to protect our customers from being affected by Shellshock, Incapsula has proactively updated its WAF rules to block the vulnerability.

Read more »

16
Sep
2014
Breaking down Our New Weekly Report

Today Incapsula is releasing a revamped version of our weekly email report. With it we address two popular requests by our clients:

  • Consolidated view – In the past we would provide a separate email report for each domain running on Incapsula’s service. summary:
    Today, with most of our clients hosting multiple domains under the same account, and with some accounts having grown to hundreds or even thousands of domains, this method has outgrown its usefulness.
  • High-level insights – As the scope of Incapsula-monitored data continued to grow, we received numerous requests for a “Top Stories” report—one that would automatically highlight the most recent and most interesting activities. summary:
    Our new report does exactly this—both by providing aggregated account information, and by introducing a new ”Insight” section, which helps you keep of the most noteworthy traffic and security trends.

Incapsula’s new report also lets you better assess your bandwidth consumption. At the same time it enables you to easily monitor your security postures—from WAF alerts to the effectiveness of your own custom security rules.

Read more »

11
Sep
2014
CMS Security Tips

What do WordPress, Joomla, and Drupal all have in common? They are all among the most common hacking targets on the Internet.

A recent WP White Security study found that a staggering 73% of all WordPress installations had known vulnerabilities that could easily be detected using automated tools.

Cyber criminals have long discovered these security holes, with over 170,000 WordPress sites being hacked last year.

Read more »

03
Sep
2014
Semalt Hijacks Hundreds of Thousands of Computers to Launch a Referrer Spam Campaign

Chances are by now you’ve heard about “Semalt,” a dubious, self-proclaimed SEO tool, its unscrupulous behavior already having caused concern to many website owners. In what appears to be a large-scale, referrer spam campaign, Semalt is most commonly accused of ignoring 'robots.txt' directives and overbearing servers with a slew of suspicious-looking requests.

In this post, we shed light on Semalt’s suspicious activity and explains our rationale in preventing this bot from accessing any Incapsula-protected websites—unless manually permitted to do so by webmasters.

Read more »