Tuesday, March 3, 2009

Around The Horn vol.1,53

Alerts

Mar 2, 2009 (14 hours ago)

SB09-061: Vulnerability Summary for the Week of February 23, 2009

from US-CERT Cyber Security Bulletins

Vulnerability Summary for the Week of February 23, 2009

Mar 2, 2009 (13 hours ago)

Cisco Security Advisory, (Fri, Feb 27th)

from SANS Internet Storm Center, InfoCON: green

Yesterday Cisco released a Security Advisory forMultiple Vulnerabilities in the Cisco ACE Appl ...(more)...

Security News

Mar 2, 2009 (18 hours ago)

Protecting Your Web Apps: Two Big Mistakes and 12 Practical Tips to Avoid Them

from SANS Information Security Reading Room

Category: Application/Database Sec

Paper Added: March 2, 2009

Mar 2, 2009 (yesterday)

Caching bugs exposed in second biggest DNS server

from CGISecurity - Website and Application Security News by Robert A.

"For years, cryptographer Daniel J. Bernstein has touted his djbdns as so secure he promised a $1,000 bounty to anyone who can poke holes in the domain name resolution software. Now it could be time to pay up, as researchers said they've uncovered several vulnerabilities in the package that could lead...

Feb 28, 2009 (3 days ago)

Google Bucking the Trend?

from McAfee Avert Labs by Craig Schmugar

The other day I blogged about Google Trends being abused to serve malware.  The attackers were not only targeting the most popular search terms, but also manipulating Google’s page rankings to appear high up on search results.  It appears that Google may have squashed those attacks, at least at the moment.

The pages that were coming up while searching Google seem to be purged from Google’s index.  The pages may still be found on other search engines, though not ranked as high.  This is also visible in stats I started gathering yesterday.

I took the top 100 search terms for each day of this week and ran a Google search on each term.  I then considered the top 10 search results for each term, looking for poisoned links with high rankings.  Admittedly it would have been better to gather the search results on each day, rather then running the test several days after the fact, but none the less the limited results do suggest that Google took some recent actions.

The following graph shows significant activity prior to mid-day yesterday.

Mar 2, 2009 (14 hours ago)

Prime Minister's health records breached in database attack

from The Register - Security

Scottish rich and powerful victimized

Personal medical records belonging to Scotland's rich and powerful - including Prime Minister Gordon Brown and Holyrood's First Minister Alex Salmond - have been illegally accessed in a breach of a national database that holds details of 2.5 million people.…

Mar 2, 2009 (16 hours ago)

Convicted Romanian hacker is hot commodity in Italy

from The Register - Security

Companies, authorities fawn over informatics whiz

Software companies and government officials in Italy are falling over themselves to recruit a 22-year-old hacker serving a three-year prison sentence for electronic fraud.…

Mar 2, 2009 (18 hours ago)

Koobface variant worms across social networking sites

from The Register - Security

Facebook reject 'martial law' app vetting idea

A new strain of the Koobface worm is spreading across social networking sites including Facebook, MySpace and Bebo.…

Mar 2, 2009 (19 hours ago)

AVG finally bothers with behaviour-based defences

from The Register - Security

And what time do you call this?

AVG has belatedly introduced behaviour-based anti-malware protection to its line of paid-for security products.…

Mar 2, 2009 (21 hours ago)

Conficker call-backs threaten to swamp legit domains

from The Register - Security

Southwest Airlines faces Friday the 13th horror

The infamous Conficker worm is set to disrupt the operation of at least four legitimate websites this month.…

Mar 2, 2009 (yesterday)

Phishers automate attacks using 'Google hacking'

from The Register - Security

Why pay when you can pwn?

Three in four phishing sites are hosted on compromised servers, according to a new survey.…

7:26 PM (11 hours ago)

Second rogue Facebook app bewilders users

from The Register - Security

Poisoned mushrooms and spam

Scoundrels have created another rogue Facebook application, the second to hit the social networking site in less than a week.…

4:36 AM (2 hours ago)

NAC-as-a-service

from Network World on Security by Tim Greene

The recent purchase of Mirage Networks by service provider Trustwave raises questions about whether NAC-as-a-service is a viable business.

Mar 2, 2009 (17 hours ago)

Survey: Most Oracle Shops Don't Mandate Security Patches

from Network World on Security by Jaikumar Vijayan

A lack of corporate mandates to quickly install Oracle Corp.'s security patches may be leaving many Oracle database installations exposed to vulnerabilities for extended periods of time, according to survey results released last week.

Mar 2, 2009 (17 hours ago)

Protecting a business from angry ex-employees

from Network World on Security by Julia King

A senior corporate executive leaves the company, taking with him his framed family photographs, his prized gold pen-and-pencil set -- and the passwords of several hundred employees.

Mar 2, 2009 (17 hours ago)

Surf Anonymously - And More Safely - With IP Privacy

from Network World on Security by Preston Gralla

The Web is full of snoopers, spyware, and people who want to steal your private information. IP Privacy ($40, 3-day free trial) can help protect you against them by helping you surf anonymously--that is, hiding your IP address and other personal information that Web sites can gather about you.

Mar 2, 2009 (17 hours ago)

Downadup worm may hammer Southwest Airlines URL March 13

from Network World on Security by Gregg Keizer

Computers infected by the Downadup worm will "phone home" to several legitimate URLs this month, including one owned by Southwest Airlines , potentially disrupting those sites, a security researcher said Sunday.

Mar 2, 2009 (yesterday)

The other federation technology

from Network World on Security by Dave Kearns

While we've seen, over the past few issues, that federated provisioning still has a long way to go there's another technology, an older technology, which might bear another look.

Feb 28, 2009 (3 days ago)

Hope for a New Cybersecurity Administration

from Network World on Security by Bob Bragdon

Politically, it seems to be a time to be full of hope. Despite the slumping economy and the challenges that lie before us, hope takes on two forms for me this year:

Feb 28, 2009 (3 days ago)

Exposed Web site a reminder for use of multiple passwords

from Network World on Security by Darren Pauli

A Christian singles Web site called Singles.org was infiltrated by hackers last weekend, reportedly absconding with the secret passwords of over 9,000 of its users.

Feb 28, 2009 (3 days ago)

Adventures in data recovery

from Network World on Security by Jennifer Kavur

Russian hackers hold a casino site hostage, a Venezuelan town mistakes disk drives for organ transfers and a Toronto hospital needs ER for RAID array. Three adventure tales from CBL Data Recovery.

Feb 28, 2009 (3 days ago)

Visa: New payment-processor data breach not so new after all

from Network World on Security by Jaikumar Vijayan

Days after Visa Inc. seemingly confirmed that a data breach had taken place at a third payment processor , following on the recent breach disclosures by Heartland Payment Systems Inc. and RBS WorldPay Inc., the credit card company now is saying that there was no new security incident after all.

4:01 AM (2 hours ago)

Koobface Worm Variant Hits Facebook

from Darknet - The Darkside by Darknet

Koobface is computer worm that targets the users of the social networking websites Facebook and Myspace. Koobface ultimately attempts, upon successful infection, to gather sensitive information from the victims such as credit card numbers. A new variation of Koobface has popped up aggressively on Facebook and is attempting to steal login...
Read the full post at darknet.org.uk

4:05 AM (2 hours ago)

SSLstrip - HTTPS Stripping Attack Tool

from Darknet - The Darkside by Darknet

This tool provides a demonstration of the HTTPS stripping attacks that was presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which [...]
Read the full post at darknet.org.uk

Mar 2, 2009 (13 hours ago)

Obama's leaked chopper blueprints: anything we can learn?, (Mon, Mar 2nd)

from SANS Internet Storm Center, InfoCON: green

We've been sent all day long pointers to various media outlets regarding the leak of some blueprint ...(more)...

Mar 1, 2009 (2 days ago)

Cool combination of tools, (Sun, Mar 1st)

from SANS Internet Storm Center, InfoCON: green

I've mentioned here before that I'm a big fan of Volatility for analyzing memory images. In fa ...(more)...

Feb 28, 2009 (3 days ago)

OSSEC Version 2 available!, (Sat, Feb 28th)

from SANS Internet Storm Center, InfoCON: green

A reader wrote in to inform us that OSSEC version 2.0 has been released ...(more)...

Mar 2, 2009 (15 hours ago)

Brief: Spy agency gains support for key cyber role

from SecurityFocus News

Spy agency gains support for key cyber role

Mar 2, 2009 (12 hours ago)

Conficker-created connections could confound consumers

from Ars Technica - Front page content by jhruska@arstechnica.com (Joel Hruska)

The Conficker worm has yet to eclipse Storm in terms of the total amount of chaos it created at any one time, but the botnet is proving annoyingly hard to kill. What began as an infection that took advantage of a handful of businesses with extremely slow patch validation cycles has become (and maintained itself) as a significant threat.

This has undoubtedly caused much wailing and gnashing of teeth within the halls of Microsoft itself; the company released a security update to resolve the flaw Conficker relies upon (MS08-67) in October, well before Conficker itself appeared. security researchers have examined how Conficker phones home for updates and have determined that at least four legitimate domains are going to be targeted by thousands of botnet systems requesting instructions in the weeks ahead.

Rogue apps raise concerns over Facebook's reactive policies

from Ars Technica - Front page content by david@arstechnica.com (David Chartier)

It's all fun and games in social networking—until Facebook users' personal data start getting ripped off. A couple of malicious applications in the last week were briefly able to dupe users into helping them to spread virally, bringing Facebook's low barriers for development entry and reactive vetting policies into question.

Two applications, "F a c e b o o k—closing down!!!" and "Error Check System," spread virally through Facebook profiles by tricking users into adding them to their accounts. Once users grant the applications access to their profiles, these apps would then scrape their contact lists, rinse, and repeat. There is no word on how many users were affected by these applications or who their developers were, and Facebook did not return Ars' request for comment in time for publication. Still, the incident raises new questions about the state of Facebook's wide open application platform and whether the company needs to do more to protect its users.

7:34 PM (11 hours ago)

Academic Claims to Find Sensitive Medical Info Exposed on Peer-to-Peer Networks

from Wired Top Stories by Kim Zetter

A new report says simple search terms on several filesharing networks uncover files listing thousands of patient names, Social Security numbers, birth dates and codes that reveal specific diseases.

Mar 1, 2009 (2 days ago)

Spam Spiked, then Slowed in February

from PC World Latest Technology News

Valentine's Day and financial fears inspired spam in February, security firm MessageLabs reports.

No comments:

Post a Comment

My Blog List