By Daniel Dumas
We would never advocate hacking your iPhone. However, if you wanted to, here are a few
The Beast unveiled: inside a Google server
By jhruska@arstechnica.com (Joel Hruska) on storage module
Google doesn't talk about its server operations very often; most of what we know boils down to one word: "big." The company lifted the lid ever-so-slightly yesterday (no April Fool), and gave the world a peek inside a data center that's normally locked up tighter than Fort Knox. The results (and the company's focus) might surprise you
FBI Raids Dallas Internet Service Provider Core IP
CEO says the raid was due to alleged illegal activity of a former customer
PowerPoint Hit with Zero-Day Attacks
Microsoft warned of targeted attacks against a new flaw in PowerPoint that can't yet be patched
A milestone passes, but the security lesson remains: If it's not Conficker, it's some other pest wriggling through cyberspace
Three Spammers Sentenced in US for Advance Fee Fraud
Victims lost US$1.2 million to fraudsters who operated out of the Netherlands
IBM Sees Conficker Hitting 4 Percent of PCs
Worm may be larger than previously thought, but IBM's estimates aren't definite
Conficker: I Came, I Saw, I Did ... Nothing
Analysis: After much hoopla, the "Worm to End All Worms" rides off into the sunset as an April Fools' punchline
Public Search Engines Mine Private Facebook Details
Researchers find treasure trove of private information via public search engines
UCSniff - VoIP/IP Video Sniffing ToolBy Darknet on voip-security
UCSniff is an exciting new VoIP Security Assessment tool that leverages existing open source software into several useful features, allowing VoIP owners and security professionals to rapidly test for the threat of unauthorized VoIP and Video Eavesdropping. Written in C, and initially released for Linux systems, the software is freely available for...
Read the full post at darknet.org.uk
Posted by InfoSec News on Apr 3
http://www.brisbanetimes.com.au/national/fitzgibbon-stays-mum-on-security-accessing-of-computer-20090402-9l5j.html
By Richard Baker and Nick McKenzie
Brisbane Times
April 2, 2009
DEFENCE Minister Joel Fitzgibbon and his department are refusing to
disclose whether the Defence Signals...
Register.com suffers further DOS attack
Posted by InfoSec News on Apr 3
http://www.theinquirer.net/inquirer/news/638/1051638/register-com-suffers-dos-attack
By Dean Pullen
The Inquirer
2 April 2009
EARLIER TODAY we reported that the domain name registrar behemoth
Register.com suffered from wide-scale DNS nameserver problems last
night.
The problems have...
Judge to decide if Hannaford data breach should go to trialPosted by InfoSec News on Apr 3
http://pressherald.mainetoday.com/story.php?id=248452
By TREVOR MAXWELL
Staff Writer
Portland Press Herald
April 2, 2009
PORTLAND - A federal judge said he will decide in the next few days
whether supermarket giant Hannaford Bros. is potentially liable for
damages because of a data...
Posted by InfoSec News on Apr 3
+----------------------------------------------------------------------+
| LinuxSecurity.com Weekly Newsletter |
| April 3rd, 2009 Volume 10, Number 14 |
Gary McKinnon supporters rally at US embassy
Posted by InfoSec News on Apr 3
http://www.techworld.com/security/news/index.cfm?newsID=113822
By Jeremy Kirk
IDG news service
03 April 2009
London experienced yet another protest during the G-20 summit, after
supporters of a British hacker gathered at US embassy on Thursday.
Gary McKinnon, 43, of London, is wanted by...
Secunia Weekly Summary - Issue: 2009-14Posted by InfoSec News on Apr 3
=============================================
The Secunia Weekly Advisory Summary
===========================
Conficker Scare: It’s the Media’s FaultPosted by InfoSec News on Apr 3
http://blogs.wsj.com/digits/2009/04/01/conficker-scare-its-the-medias-fault/
By Ben Worthen
The Wall Street Journal
April 1, 2009
The Conficker postmortems are starting. The early word: Shoot the
messengers.
Conficker, in case you missed it, is the computer virus that many media
accounts...
Posted by InfoSec News on Apr 3
http://www.indianexpress.com/news/govt-gets-real-on-cyber-terror/441860/
By Anubhuti Vishnoi
Indian Express
April 02, 2009
New Delhi: The Indian Government seems to have finally woken up to the
threat of cyber terrorism, and is putting together a full-fledged Crisis
Management Plan for...
Balancing technology with governance
In recent weeks we have run a number of connected "articles" about IT security. In this, the last article in the series, we reflect on security as a whole, and reviewing some of your feedback.…
Unpatched PowerPoint flaw spawns Trojan attacksClear and presentation danger
Microsoft has confirmed that hackers are using an unpatched flaw in PowerPoint to assault vulnerable systems.…
UKBA to exchange fingerprints with USSomeday, your prints will come
The UK Border Agency plans to start exchanging fingerprint data with the US, Canada and Australia in the near future…
Security's golden rulesAudio with slides
Episode 6 In this the last Regcast looking into the state of the security market, our panel return to discuss the lessons learned and the key points to be taken from the series.…
Conficker zombie botnet drops to 3.5 millionMap of the Problematique
The "activation" of Windows machines infected with the latest variant of the Conficker worm has allowed security watchers to come up with a far more accurate estimate of how many machines are infected.…
Locking up the cloudNinja security group forms alliance
A Cloud Security Alliance has popped up and will show itself at an RSA security conference on April 21.…
Next-gen SQL injection opens server door1 in 10 sites naked
A vulnerability estimated to affect more than 1 in 10 websites could go lethal with the finding that it can be used to reliably take complete control of the site's underlying server.…
MEPs urge govs: Set up surveillance registerWatchers must be seen to be watched
Governments should create a list of all organisations that track internet use and produce an annual report on internet surveillance, the European Parliament has said.…
Foreign and Commonwealth Office plans biometrics bonanza£15m earmarked for embassy security systems
The Foreign and Commonwealth Office plans to buy biometric systems for security use in British embassies.…
The security expert's armouryAudio with slides attached
Episode 5 In part five of our Regcast series assessing the state of the IT Security market, the panel tackle what is required in the Security expert’s armoury.…
DNA database grows faster than forecast5.14m profiles, despite removal of under-10s
Over 5m profiles are now on the national DNA database, significantly above the level forecast two years ago.…
Google Searching for Madoff’s Yacht Leads to Fake Anti-Virus and MalwareBy Paula Greve on Rogue AV
Have you ever read an article on the web where you just had to Google a certain term or phrase to learn more about it, or even just to satisfy your own curiosity? The answer is likely yes, and it’s probably a frequent occurrence. That’s what malware distributers have figured out. Here’s an example. [...]
Next Up: Office Exploits ReloadedBy Shinsuke Honjo on Zero-Day
We’ve just seen the Microsoft Excel 0-day attacks in February. Today, Microsoft published a new Security Advisory reporting a new unpatched vulnerability in Microsoft Office PowerPoint. McAfee Avert Labs investigated and discovered multiple attacks in the field using the PowerPoint exploit. McAfee VirusScan products detects this threat as Exploit-PPT.k trojan using the 5573 DATs to be released on the same day. As [...]
Brief: Tenuous trail leads from GhostNet to hackerTenuous trail leads from GhostNet to hacker
Attackers target new Microsoft PowerPoint zero-day flawBy SearchSecurity.com Staff
Microsoft said it is aware of limited, targeted attacks against a new PowerPoint zero-day flaw that surfaced Thursday. The software giant hasn't ruled out an out-of-cycle patch.
Conficker.c controls 4% of all infected PCs, IBM saysAs many as one out of every 25 Internet addresses that transmits potentially dangerous data over the Internet is infected with the Conficker.c worm, IBM's security arm said today.
Three spammers sentenced in U.S. for advance fee fraud
Two Nigerians and a Frenchman were sentenced to prison Thursday for swindling people out of more than $1.2 million in a massive e-mail scam, the U.S. Department of Justice said.
Reputation scoring changes enterprise security gameWhen it comes to personal and business relationships, a good reputation opens doors while a bad one slams them shut. And so it goes with enterprise security, too.
TACO Firefox Addon Fights Ads With CookiesNobody likes the idea of advertising networks tracking their travels across the Web and potentially building a profile of their likes and dislikes. This free Firefox addon keeps many of these networks at bay. Targeted Advertising Cookie Opt-Out (TACO) adds cookies to your hard disk that stops 28 different advertising networks from collecting information about you. That way, advertisers won't be able to track your travels.
After Conficker: A PowerPoint Zero-Day FlawJust when you thought you were safe from dangers such as the Conficker worm comes another hole in Microsoft's security, this time in the form of a PowerPoint zero-day vulnerability. Microsoft issued a statement yesterday warning PowerPoint users not to open unknown or unexpected PowerPoint e-mail attachments. These .ppt or .pps files may contain a virus that allows remote code execution, meaning hackers can pirate your computer and force it to function at will.
French 'three strikes' antipiracy law passes second readingFrench Internet users who share music or videos without permission from the copyright holders are one step closer to losing their Internet access, after the French National Assembly gave its assent to the so-called Hadopi law on Thursday night. The law had its first reading in the Senate last year.
IBM sees Conficker hitting 4% of PCsIBM is the second company in two days to suggest that the number of computers infected by the Conficker.C worm may be higher than previously thought.
Bill would give Obama power to shut down Internet, networks during cyber attacksThe proposed legislation, introduced April 1, also would give the President the power to “order the disconnection of any Federal government or United States critical infrastructure information systems or networks in the interest of national security.”
Retail banks unify systems to fight crime: studyThe rising cost of fighting financial crime in retail banking is driving the integration of systems as previously disparate divisions come together, along with a greater focus on accurately identifying suspicious activity, according to a recent Datamonitor study.
Lobbyist urges more gov't coordination of cybersecurityWorld governments need to do more to fight cyberterrorism and protect the Internet from attacks, because the Web has become so vital to commerce and communications, AT&T Inc.'s top lobbyist told reporters Wednesday.
Cloud computing needs better security, interoperability to live up to hypeIf cloud computing is to move beyond the hype cycle, vendors need to put aside their differences and agree on common principles related to security and the interoperability of cloud platforms.
New Momentum Widens Brand Protection Software Offering With New Investigation and Enforcement Services…
DNS Providers Under Attack, (Fri, Apr 3rd)
We've been keeping an eye on the issues affecting the domain servers of Register.com ...(more)...
Free security awareness training on-line from InfraGard, (Fri, Apr 3rd)InfraGard announced the availability of free-online security awareness training athttp://www.i ...(more)...
Three Laws of Behavior Dynamics for Information Security, (Fri, Apr 3rd)Successful security initiatives are not only grounded in business objectives, but also account for b ...(more)...
PowerPoint zero-day vulnerability (969136), (Fri, Apr 3rd)Several ISC readersshared with us a link to Microsoft's advisory969136, whichdescr ...(more)...
Is Conficker Finally History? (PC World) (Yahoo Security) Brief: Tenuous trail leads from GhostNet to hacker (SecurityFocus News) The Proposed Federalization of the Computer Security Field (E-Week Security) IBM Sees Conficker Hitting 4 Percent of PCs (PC World) (Yahoo Security) Next-gen SQL injection opens server door (The Register) Conficker Worm: Not Finished Yet (PC World) (Yahoo Security)New Senate Bill Proposes Mandatory Security Standards and Certifications (1st April 2009)
A new bill, sponsored by Senators John D.......
EU Calls For Development of Strategy to Protect European Cyber Space (31st March 2009)The European Commission has called for the development of a strategy to protect Europe from disruption to critical networks resulting from cyber attacks or natural disasters.......
Congress Investigates Effectiveness of PCI DSS (31st April 2009)Following recent breaches which resulted in compromised credit card details, such as the Heartland Payments System breach, the US House of Representative's Committee on Homeland Security questioned the effectiveness of the Payment Card Industry Data Security Standards (PCI DSS).......
Snooping Workers Fired by Kaiser Permanente (31st March 2009)A Kaiser Permanente hospital in Los Angeles has sacked fifteen employees and reprimanded eight others for unauthorized access to the medical records of Nadya Suleman, the Californian woman who gave birth to octuplets in January of this year.......
EU Warns Internet Companies to Better Protect Customers' Privacy (31st March 2009)The European Union's Consumer Affairs Commissioner, Meglena Kuneva, has warned Internet companies that they need to make better efforts to protect the privacy of their customers or face the introduction of more regulation.......
Conficker Fails to Live Up to Hype (1st April 2009)Despite various media outlets forecasting untold chaos on April 1st as a result of the Conficker C worm, the day passed with little or no incident...
Reports Show Spam Returns to Pre-McColo Levels (1st April 2009)A recent report from Google claims that the volume of spam has returned to the same levels they were in November 2008 before the shutdown of the notorious US based hosting provider McColo.......
Convicted Trojan Writer Facing New Hacking Charges (31st March 2009)A 25 year old man, Van T Dinh, who was convicted in 2004 for 13 months for creating a Trojan to steal login credentials to a stock trading system, is now facing two charges of hacking into an online currency exchange service and allegedly attempting to transfer US $110,000 into an account that was under his control.......
Major Web Services Victims of DDOS Attack (2nd April 2009)A number of major web services companies had their services disrupted as a result of a DDOS attack targeting a DNS service provider and a domain registrar.......
Cyber Crime Complaints Jump 33% in 2008 (2nd April 2009)Consumer complaints to the Internet Crime Complaint Centre (IC3), a joint venture between the FBI and the National White Collar Crime Center, rose by more than 33% in 2008 over the previous year.......
Stolen Laptop Contains Details on Thousands of Students (2nd April 2009)In the United Kingdom, a computer containing personal data on 33,000 pupils has been stolen from the offices of Wigan Council's Children and Young People's Services.......
XSS (Cross Site Scripting) Prevention Cheat Sheet
By Robert A. on XSS
"This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack. These rules apply to all the different varieties of XSS. Both reflected and stored XSS...
Blackhat 2006 RSS Security Talk Video AvailableBy Robert A. on XSS
In 2006 I gave a talk on hacking RSS feeds, and feed readers. I stumbled upon the video for blackhat 2006 by accident the other day and thought it was worth posting. Video: http://media.blackhat.com/bh-usa-06/video/2006_BlackHat_Vegas-V36-Auger_and_Sima-0day_subscriptions.mp4 Slides: http://www.cgisecurity.com/papers/RSS-Security.ppt Paper: http://www.cgisecurity.com/papers/HackingFeeds.pdf
Microsoft Security Advisory 969136
By MSRCTEAM
Bill here,
I wanted to let you know that we have just posted Microsoft Security Advisory (969136).
This advisory contains information regarding public reports of a vulnerability in Microsoft Office PowerPoint that could allow for remote code execution if a user opens a specially crafted PowerPoint file.
At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability. If you suspect that you were target for such an attack, you can scan your computer with the Windows Live OneCare safety scanner. The malicious PPT files are detected as Exploit:Win32/Apptom.gen. Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.
Products affected are Microsoft Office PowerPoint 2000 Service Pack 3, Microsoft Office PowerPoint 2002 Service Pack 3, and Microsoft Office PowerPoint 2003 Service Pack 3. Microsoft Office PowerPoint 2007 is not affected.
The advisory contains guidance and workarounds that customers can use to help protect themselves. We will continue to monitor the situation and post updates to the advisory and the MSRC Blog as we become aware of any important new information.
To better help in understanding the issue, Microsoft security experts have provided additional technical details on the Microsoft Security Research & Defense blog and the Microsoft Malware Protection Center team blog.
We have activated our Software Security Incident Response Process (SSIRP) and we are continuing to investigate this issue. In addition, we are actively working with partners in the Microsoft Active Protections Program (MAPP) and the Microsoft Security Response Alliance (MSRA) program to provide information that they can use to provide broader protections to customers.
Bill Sisk
How the Conficker Problem Just Got Much Worse [Conficker]
By John Mahoney on Virues
On the surface, April 1 came and went without a peep from the dreaded Conficker megaworm. But security experts see a frightening reality, one where Conficker is now more powerful and more dangerous than ever.
In the first minute of April 1, Conficker did exactly what everyone knew it was going to do: It successfully phoned home for an update. And while it was fun to imagine what nasty payload that update may have included (it was fun, wasn't it?), the result was not outwardly catastrophic; rather than a blueprint for world domination, the update contained instructions on how to dig in even deeper.
"The worm did exactly what everyone thought it was going to do, which is update itself," security expert Dan Kaminsky, who helped develop a widely-used Conficker scanner in the days leading up to April 1, told us. "The world wants there to be fireworks, or some Ebola-class, computers-exploding-all-over-the-world event or God knows what, but the reality is...the Conficker developers have cemented their ability to push updates through any fences the good guys have managed to build in February and March."
And here's why that is deeply, deeply scary. As we explained, Conficker has built a zombie botnet infrastructure by registering hundreds of spam DNS names (askcw.com.ru, and the like), which it then links up and uses as nodes for infected machines to contact for instructions. In its earlier forms, Conficker attempted to register 250 such DNS names per day. But with the third version of the software, the Conficker.c variant which has been floating around for the last month or so, the number of spam DNS takeovers was boosted to 50,000 per day—a number security pros can no longer keep up with.
What the April 1 update did was simple: It provided instructions for linking up with the thousands, perhaps tens of thousands of new nodes registered by Conficker.c over the last few weeks, effectively growing the size of the p2p botnet to a point where it can not be stopped.
"It's not about ownage, it's about continued ownage," says Kaminsky, citing a favorite quotation of one of his hacker buddies. "It's not about how you get into the network, it's about, 'How do you be [there] a year from now?'" And the answer is: "You do a lot of the things the Conficker developers are doing."
"This is not something where the guys wrote it, it's out, then they're going to go out and play Nintendo. They're frankly trying to build something that is a sustainable network for months or years to come," Kaminsky says.
Kevin Haley, director of Symantec Security Response, raises another good point: "The first [of April] would have been a pretty bad day to choose [to do something with Conficker], because everyone was watching to see what was going to happen. Whoever's behind this is as lot more patient than we are."
As far as what comes next? More waiting. Good methods now exist for detecting and cleansing Conficker from infected machines on a network (and, let's not forget, a months-old security patch from Microsoft is all you need to protect yourself), but by now the size of Conficker's infected army of nodes spread around the world is big enough to function with devastating consequences even if most PCs are secure.
So we'll just have to keep waiting to see what this thing does.
Posts
No comments:
Post a Comment