Aurora Report: Around The Horn vol.1,61

-- Aurora Report has been revamping its news sources and attempting to calibrate what has already been reported. As such we have been delayed in posting for the last several days.

Alerts

New UDP Traffic with a Destination Port of 21713, (Sat, Mar 14th)

Barry B. today submitted a sampling of log files with a series of random source IP's and ports ...(more)...

MS09-008 Protection

By MSRCTEAM

Hi Bill here,

You may have seen reports regarding the effectiveness of Microsoft Security Bulletin MS09-008. I wanted to let everyone know that we have thoroughly reviewed these reports, and customers who’ve deployed this update are protected from the four vulnerabilities outlined in the bulletin.

We’ve also been collaborating with several researchers regarding the effectiveness of this update, as it is a complex issue, and have released more details about these vulnerabilities and how the Security Update addresses them.

For those that want more information, please review the Microsoft Security Research and Defense blog http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx where there’s detailed information that will help customers better understand how the security update protects systems, clarifies the content of the security update and hopefully answers any questions you may have. Again, I want to assure you that MS09-008 protects from potential attacks that could exploit the vulnerabilities outlined in the bulletin.

Please continue to evaluate and deploy this update at your earliest convenience to help protect your environment.

Thanks, Bill

TA09-069A: Microsoft Updates for Multiple Vulnerabilities

Microsoft Updates for Multiple Vulnerabilities

Kundra takes leave of absence from federal CIO post (NetworkWorld Security)

Ubuntu users, today is a good day to patch, (Fri, Mar 13th)

If you are running Ubuntu systems, then today may be a good day to think about patching. Things bei ...(more)...

Kundra takes leave of absence from federal CIO post

The fallout from Thursday's arrests of a District of Columbia IT security official and contractor quickly raised questions about the fate of Vivek Kundra, the new federal CIO who until recently ran the office now mired in bribery allegations.

Bribery case creates possible IT security nightmare in D.C.

After being arrested on bribery charges Thursday, the District of Columbia's top information security official is being held without bail, partly because of uncertainty about whether he still has the ability to access the district's IT systems.

Security News

Brief: Better metrics needed for security, says expert (SecurityFocus News)

When web application security, Microsoft and the AV vendors all fail, (Fri, Mar 13th)

I just spent some time analyzing yet another incident and I was actually shocked about how the combi ...(more)...

Chris Petersen, Chief Technology Officer, LogRhythm

Chris gives us his vision on the current state of log and event management as well as some specifics about LogRhythm.

Anthony Giandomenico, Security Hero

Anthony Giandomenico weighs in on Data Loss/Data Leakage Protection (DLP).

Application Security Best Practices: A New Maturity Model for Building Security In (March 9 & 10, 2009)

The Building Security in Maturity Model (BSIMM) is "a set of best practices developed by Citigal and Fortify" that draws together data from nine software security initiatives to help software developers build more secure products.......

Romanians find cure for conficker

BitDefender has released what it claims is the first vaccination tool to remove the notorious Conficker virus that infected some 9 million Windows machines in about three months.

Conficker.C variant set for April 1st surprise, CA says

The third Conficker variant is set to activate April 1, says CA, generating 50,000 URLs daily with its download function poised for instructions.

IBM develops Facebook privacy application

IBM on Thursday unveiled an application that guides users toward strong privacy settings in Facebook's online marketplace and could be developed into a management tool for companies or across Web sites for users.

A way to sniff keystrokes from thin air

That PC keyboard you're using may be giving away your passwords. Researchers say they've discovered new ways to read what you're typing by aiming special wireless or laser equipment at the keyboard or by simply plugging into a nearby electrical socket.

Apple fixes security flaws, adds features in iTunes update

Apple Inc. updated iTunes Wednesday, fixing a pair of security vulnerabilities, adding support for the new line of iPod Shuffles and boosting performance when loading large libraries and browsing the online store.

The effects of corporate social media on overall network security

In today's increasingly communicative world, businesses face a dilemma. They have to find ways to be more engaging and communicate more directly to their customers and the public, while retaining close control of sensitive information.

Business process flaws seen posing security risks

Running a secure Web site means more than just guarding against cross-site scripting and SQL injection attacks. Flaws in the business processes that underlie Web sites can also present serious security risks, the CTO of a Web security company said Thursday.

Spot the Tiny Phishing Trick

The TinyURL service allows you to enter a long URL, such as one for a particular Google Maps location, and convert it into a short, easy-to-type or e-mail link. Good for sending links - or as Trend Micro reports, for hiding a malicious Web site URL in a phishing e-mail.

Keeping IT honest

Forrester thinks paid-for blogging is OK but Gibbs disagrees because … well, you’ll have to read it to find out. He also wonders about what you might do if you discover malfeasance in your company …

Foreign Web attacks change security paradigm

Traditional security systems may be ineffective and become obsolete in warding off Web attacks launched by countries, according to Val Smith, founder of Attack Research. New attack trends include blog spam and SQL injections from Russia and China, Smith said during his talk at the Source Boston Security Showcase on Friday.

L0phtCrack returns

By Michael S. Mimoso

Security expert Chris Wysopal explains why the L0phtCrack password cracking tool was unveiled once again after Symantec discontinued sales of L0phtCrack in 2006.

Number-driven risk metrics 'fundamentally broken'

By Michael S. Mimoso

A former national cybersecurity czar says risk models used by security organizations often lead to a faulty understanding of threats and flaws, and a misallocation of resources.

Financial expert sees value in new security firms

By Robert Westervelt

The global economy may be in a steep decline, but VC funding available to new software vendors demonstrates a sound business strategy.

Serious holes in Mac OS X memory, researcher shows

By Robert Westervelt

A demonstration of hacking techniques at the SOURCE Boston conference enables an attacker to execute arbitrary code and take full control of a computer.

Brief: Better metrics needed for security, says expert

Better metrics needed for security, says expert

Safe Mode: A Misnomer

By Nandi Kishore on Web and Internet Safety

Windows offers the useful option of “Safe Mode” to recover from any damage caused by various malfunctions in the system. Booting in Safe Mode loads limited drivers and services that are required for the basic operation of the system, but avoids adding many extras that complicate the environment. In general, Safe Mode is very helpful [...]

BBC cybercrime probe backfires

By Robert A. on IndustryNews

"The BBC hacked into 22,000 computers as part of an investigation into cybercrime but the move quickly backfired, with legal experts claiming the broadcaster broke the law and security gurus saying the experiment went too far. The technology show Click acquired a network of 22,000 hijacked computers - known as a...

The eroding enterprise boundary

Lock Down and Open Up

Businesses today function effectively only when the organisation supports effective collaboration between its staff and external parties, wherever they may be situated. Such is the nature of routine operations that they depend on complex interactions between people and their supporting IT systems that spread far beyond the IT firewall and, indeed, the business itself. Clearly this nature of working has profound implications for those charged with securing the operations of the business and the IT systems they use.

Multi-site bug exposes cloud computing's dark lining

One vuln fits all

More dark linings have been exposed in the cloud computing craze, this time by web security expert Russ McRee, who demonstrates how a flaw in a single provider can spell trouble for numerous customers it serves.

Former employee of Obama CIO pick busted for bribery

Appointee not linked to wrongdoing

An employee who worked for President Obama's pick for federal CIO has been arrested by the FBI and charged in a federal bribery sting, according to news reports.

Where to start with IT Security

Episode 1 Security Webcast Mini Series

In a short series of webcasts The Register's expert panel will be tackling the current state of the security market.

MS security chief becomes DHS cybersecurity boss

Hot seat

A senior Microsoft exec has been placed in charge of protecting the US's computer systems from hacking attacks

Visa yanks creds for payment card processing pair

RBS, Heartland no longer PCI compliant

Visa on Friday alerted the world that RBS WorldPay and Heartland Payment Systems are not on its list of payment card processors who are in good standing with industry-mandated standards for data security.

Kundra Takes Leave, Google Raises Privacy Flags

Well, at least the issue is not unpaid taxes this time -- but Vivek Kundra, the brand-new, first-ever federal CIO after just a...

Cybercrime-as-a-service takes off

Posted by InfoSec News on Mar 13

http://www.itnews.com.au/News/98524,cybercrimeasaservice-takes-off.aspx

By Ry Crozier
ITNews
12 March 2009

Malware writers that sell toolkits online for as little as $400 will now configure and host the attacks as a service for another $50, a security expert has said.

Speaking at the...

Army database may have been breached

Posted by InfoSec News on Mar 13

http://fcw.com/articles/2009/03/12/army-breach.aspx

By Doug Beizer
FCW.com
Mar 12, 2009

An Army database that contains personal information about nearly 1,600 soldiers may have been penetrated by unauthorized users, Army officials have announced.

Soldiers who registered with, or...

D.C.s top IT security official charged with bribery

Posted by InfoSec News on Mar 13

http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9129582

By Patrick Thibodeau
March 12, 2009
Computerworld

WASHINGTON Federal law enforcement officials filed bribery charges today against the District of Columbia's acting...

Microsoft Security Strategist Named Cybersecurity Leader

Posted by InfoSec News on Mar 13

http://www.informationweek.com/news/security/cybercrime/showArticle.jhtml?articleID=215900014

By K.C. Jones
InformationWeek
March 12, 2009

The Department of Homeland Security has announced a new cybersecurity leader. DHS Secretary Janet Napolitano has appointed Phil Reitinger as deputy ...

BBC team exposes cyber crime risk

Posted by InfoSec News on Mar 13

http://news.bbc.co.uk/2/hi/programmes/click_online/7932816.stm

BBC Click
12 March 2009

Software used to control thousands of home computers has been acquired online by the BBC as part of an investigation into global cyber crime. The technology programme Click has demonstrated just how at...

Kremlin Kids: We Launched the Estonian Cyber War

Posted by InfoSec News on Mar 13

http://blog.wired.com/defense/2009/03/pro-kremlin-gro.html

By Noah Shachtman
Danger Room
Wired.com
March 11, 2009

Like the online strikes against Georgia, the origins of the 2007 cyber attacks on Estonia remain hazy. Everybody suspects the Russian government was somehow behind the...

Kremlin-backed youths launched Estonian cyberwar, says Russian official

Posted by InfoSec News on Mar 12

http://www.theregister.co.uk/2009/03/11/russian_admits_estonian_ddos/

By Dan Goodin in San Francisco
The Register
11th March 2009

Members of a Kremlin-backed youth group spearheaded the cyberattacks that paralyzed Estonia's internet traffic in May of 2007, a Russian government official...

Team Edwards to devote day for network security

Posted by InfoSec News on Mar 12

http://www.edwards.af.mil/news/story.asp?id=123139253

By 1st Lt. William Newby
95th Communications Group
3/11/2009

EDWARDS AIR FORCE BASE, Calif. -- There is an Airman on the frontlines fighting a battle right now, battling an enemy who hides and launches attacks from more than 120...

APWG suggests e-crime reporting system

Posted by InfoSec News on Mar 12

http://www.techworld.com/security/news/index.cfm?newsID=112534

By Jeremy Kirk
IDG News Service
11 March 2009

A group dedicated to fighting phishing scams has developed a way for police and other organisations to report e-crimes in a common data format readable by a web browser or other...

CIA, NSA Adopting Web 2.0 Strategies

Posted by InfoSec News on Mar 12

http://www.informationweek.com/news/internet/web2.0/showArticle.jhtml?articleID=215801627

By J. Nicholas Hoover
InformationWeek
March 10, 2009

While the United States intelligence community may have gotten a lot of publicity for its Wikipedia-like Intellipedia Web site, agencies like the...

NSA Dominance of Cybersecurity Would Lead to Grave Peril, Expert Tells Congress