Tuesday, November 17, 2009

Around The Horn vol.1,160

Zero Day

Tracking the hackers

Thousands of web sites compromised, redirect to scareware

By Dancho Danchev on Web 2.0

Security researchers have detected a massive blackhat SEO (search engine optimization) campaign consisting of over 200,000 compromised web sites, all redirecting to fake security software, commonly refered to as scareware.

Microsoft confirms 'detailed' Windows 7 exploit

By Ryan Naraine on Windows Vista

Exploit code for the vulnerability was released by researcher Laurent Gaffié after failed attempts to get Microsoft's security response center to acknowledge that this was an issue that needs to be patched.

Man-in-the-middle attacks demoed on 4 smartphones

By Dancho Danchev on Wi-Fi security

Security researchers test four smartphones (Nokia N95, Windows HTC tilt, Android G1 and Apple iPhone 3G S) and demonstrate man-in-the-middle attacks conducted through compromised Wi-Fi spots.

Microsoft bracing for malware attacks from embedded fonts

By Ryan Naraine on Spyware and Adware

It's only a matter of time before malicious hackers start exploiting a critical Windows vulnerability via booby-trapped Web pages or Office (Word or PowerPoint) documents.

Apple Safari exposes Windows to drive-by download attacks

By Ryan Naraine on Vulnerability research

A high-priority Safari update patches vulnerabilities that allow remote code execution (drive-by downloads) if a user simply surfs to a maliciously rigged Web site.

Adobe plugs security hole in Photoshop Elements

By Ryan Naraine on Pen testing

Adobe has shipped a patch to cover a security vulnerability affecting its Photoshop Elements software product.

Yahoo!%20News

Yahoo! News: Security News

Security News

GAO: Los Alamos computer security has weaknesses (AP)

In us

AP - Security weaknesses uncovered in Los Alamos National Laboratory's classified computer network could increase the risk of a breach of classified information, the U.S. Government Accountability Office said in a new report.

Computer security co. Fortinet plans IPO this week (AP)

In business

AP - Fortinet Inc. plans to go public Wednesday in an initial public offering, giving investors a chance to tap a network security provider with sales expected to grow.

Obama Administration Unsure About New Cybersecurity Laws (PC World)

In technology

PC World - Current laws addressing cyber crime aren't adequate to address growing attacks on the government and businesses, a representative of U.S. President Barack Obama's administration said Tuesday.

Cyber laws must punish individuals not society: specialist (AFP)

In technology

Young people browse the Internet in a cybercafe in Abidjan in August 2009. Laws regulating cybercrimes must target individuals and not society as a whole, an IT specialist told an Internet governance forum at the Egyptian resort of Sharm el-Sheikh on Tuesday.(AFP/File/Issouf Sanogo)AFP - Laws regulating cybercrimes must target individuals and not society as a whole, an IT specialist told an Internet governance forum at the Egyptian resort of Sharm el-Sheikh on Tuesday.

Shadowserver to Take Over as Mega-D Botnet Herder (PC World)

In technology

PC World - An effort is underway to clean up tens of thousands of computers infected with malicious software known for churning out thousands of spam messages per hour.

FBI says hackers targeting law firms, PR companies (AP)

In technology

AP - Hackers are increasingly targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients doing business overseas.

UK Hails First Cybercrime Cooperation With Banks (PC World)

In technology

PC World - U.K. police are hailing the sentencing of four people who used a sophisticated Trojan horse program to siphon money out of online bank accounts and send it to Eastern European countries and Russia.

Fake Verizon 'balance-checker' Is a Trojan (PC World)

In business

PC World - Cyber-criminals have started preying on Verizon Wireless customers, sending out spam e-mail messages that say their accounts are over the limit and offering them a "balance checker" program to review their payments.

DNS Problem Linked to DDoS Attacks Gets Worse (PC World)

In technology

PC World - Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet's DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims.

First Windows 7 Exploit Appears To Evade SDL Process (NewsFactor)

In business

NewsFactor - Windows 7 escaped the monthly patching process earlier this week, but it didn't escape the notice of hackers. What some security researchers are calling the first zero-day exploit in Windows 7 has been identified and Microsoft is investigating the issue.

Modded Xbox 360s Jailbroken With 'Un-Ban' Hack? (PC World)

In technology

PC World - A hacker eager to reconnect modded Xbox 360s banned by Microsoft in recent days may be on the verge of releasing a workaround. According to 360Mods (by way of DailyTech), user 'c4eva' has shifted gears from developing Lite-on and Hitachi optical drive mods to creating a firmware rev that would allow modded Xbox 360s to bypass Microsoft's online security tests.

New Malware Affects Jailbroken iPhones (PC World)

In technology

PC World - Late last week, an Australian hacker dubbed ikee deployed the Rickrolling wormâ€" a harmless and humorous worm that installs a picture of 80's one hit wonder Rick Astley to affected users' home screens.

New IPhone Malware Steals Data From Jailbroken Phones (PC World)

In technology

PC World - Another piece of dangerous code that attacks iPhones has been found, although it puts at risk only a very small subset of the smartphone's users.

Estonians, Russian, Moldovan charged in credit card hack (AFP)

In us

Alleged computer hackers from Estonia, Russia and Moldova have been indicted in a scheme that netted nine million dollars from cash dispensers, the US Justice Department said on Tuesday.(AFP/File)AFP - Alleged computer hackers from Estonia, Russia and Moldova have been indicted in a scheme that netted nine million dollars from cash dispensers, the US Justice Department said on Tuesday.

FireEye Moves Quickly to Quash Mega-D Botnet (PC World)

In technology

PC World - A computer security company known for battling botnets moved last week to try to shut down a persistent spam player.

WindowSecurity.com

WindowSecurity.com

WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.

Microsoft Azure: Security in the Cloud

By deb@shinder.net (Deb Shinder)

What Microsoft is doing to address the biggest cloud security hot spots.

TaoSecurity

Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.

Extending Security Event Correlation

By Richard Bejtlich

Last year at this time I wrote a series of posts on security event correlation. I offered the following definition in the final post:
Security event correlation is the process of applying criteria to data inputs, generally of a conditional ("if-then") nature, in order to generate actionable data outputs.
Since then what I have found is that products and people still claim this as a goal, but for the most part achieving it remains elusive.
Please also see that last post for what SEC is not, i.e., SEC is not simply collection (of data sources), normalization (of data sources), prioritization (of events), suppression (via thresholding), accumulation (via simple incrementing counters), centralization (of policies), summarization (via reports), administration (of software), or delegation (of tasks).
So is SEC anything else? Based on some operational uses I have seen, I think I can safely introduce an extension to "true" SEC: applying information from one or more data sources to develop context for another data source. What does that mean?
One example I saw recently (and this is not particularly new, but it's definitely useful), involves NetWitness 9.0. Their new NetWitness Identity function adds user names collected from Active Directory to the meta data available while investigating network traffic. Analysts can choose to review sessions based on user names rather than just using source IP addresses.
This is certainly not an "if-then" proposition, as sold by SIM vendors, but the value of this approach is clear. I hope my use of the word "context" doesn't apply to much historical security baggage to this conversation. I'm not talking about making IDS alerts more useful by knowing the qualities of a target of server-side attack, for example. Rather, to take the case of a server side attack scenario, imagine replacing the source IP with the country "Bulgaria" and the target IP with "Web server hosting Application X" or similar. It's a different way for an analyst to think about an investigation.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Embedded Hardware and Software Pen Tester Positions in GE Smart Grid

By Richard Bejtlich

I was asked to help locate two candidates for positions in the GE Smart Grid initiative.
We're looking for an Embedded Hardware Penetration Tester (1080237) and an Embedded Firmware Penetration Tester (1080236).
If interested, search for the indicated job numbers at ge.com/careers or go to the job site to get to the search function a little faster.
I don't have any other information on these jobs, so please work through the job site. Thank you.
Update Mon 16 Nov: As noted by Charlene in the comments below, the jobs are no longer posted. If I hear they are back I will post an update here.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Reaction to 60 Minutes Story

By Richard Bejtlich

I found the new 60 Minutes update on information warfare to be interesting. I fear that the debate over whether or not "hackers" disabled Brazil's electrical grid will overshadow the real issue presented in the story: advanced persistent threats are here, have been here, and will continue to be here.
Some critics claim APT must be a bogey man invented by agencies arguing over how to gain greater control over the citizenry. Let's accept agencies are arguing over turf. That doesn't mean the threat is not real. If you refuse to accept the threat exists, you're simply ignorant of the facts. That might not be your fault, given policymakers' relative unwillingness to speak out.
If you want to get more facts on this issue, I recommend the Northrop Grumman report I mentioned last month.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

SecurityFocus

SecurityFocus News

SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

Brief: Survey: Majority of Web sites vulnerable

Survey: Majority of Web sites vulnerable

News: Researcher busts into Twitter via SSL reneg hole

Researcher busts into Twitter via SSL reneg hole

News: Security firm chokes sprawling spam botnet

Security firm chokes sprawling spam botnet

Brief: Microsoft fixes kernel, Office flaws

Microsoft fixes kernel, Office flaws

Microsoft warns of Windows 7 security hole

In Latest Warnings

Microsoft has confirmed reports of a security flaw in its Windows operating system that hackers could use to temporarily destabilize Windows 7 PCs. The software giant also acknowledged that blueprints for exploiting the flaw are now available online. At issue is a so-called "denial-of-service" vulnerability in the component of Windows that handles the sharing of files and folders. Microsoft said attackers could use exploit code now publicly available to cause vulnerable systems to stop functioning or become unreliable. The flaw is present in Windows 7 and Windows Server 2008 R2, and does not exist in older versions of the operating system, the software giant said. In a security bulletin published Friday, Microsoft said the vulnerability would not let attackers install malicious software or take control over an affected system, and that any ill effects from an attack on this flaw could be remedied by simply restarting the PC. In addition,

Security update for Apple's Safari Web browser

In New Patches

Apple has shipped a new version of its Safari Web browser that fixes at least seven security vulnerabilities. The Safari 4.0.4 update is available for both Mac and Windows versions of the browser. Mac users can grab the latest version through Software Update; Windows users will need to use the bundled Apple Software Update application.

Nastygram: Beware the NACHA gotcha

In Nastygram

Cyber thieves on Thursday began blasting out millions of e-mails impersonating NACHA - The Electronic Payments Association, a not-for-profit group that develops operating rules for organizations that handle electronic payments, from payroll direct deposits to online bill pay services. The missives in this latest scam arrive with various subject lines, but all complain about an unauthorized, rejected or failed ACH transaction. Most regular Internet users probably will ignore this message, as few people probably even know what ACH stands for (ACH, or "automated clearing house" refers to the electronic network used by banks to process credit and debit transactions in batches). That's likely just fine with the attackers, who appear to be targeting bookkeepers at small to mid-sized companies -- people who actually recognize what a failed or rejected ACH transaction can mean for their business's bottom line and reputation. According to an alert at the real NACHA Web

Brazilian Govt: Soot, not hackers, caused '07 blackouts

In From the Bunker

The Brazilian government is refuting a report aired on Sunday by the CBS news magazine 60 Minutes, which stated that power blackouts in the South American nation in 2005 and 2007 were caused by hackers. Meanwhile, a large swath of Central Brazil is still reeling from another massive blackout that occurred in the region Tuesday evening. Citing six unnamed sources in the intelligence, military and cybersecurity communities, 60 Minutes claimed that a two-day outage that affected 3 million people in the Brazilian state of Espirito Santo was caused by hackers hitting a utility company's control systems. Another, smaller outage in January 2005 also was caused by hackers, the report said. According to the Wired.com Threat Level blog, the utility company involved, Furnas Centrais Elétricas, said it "has no knowledge of hackers acting in Furnas' power transmission system." "Brazilian government officials disputed the report over the weekend, and Raphael Mandarino Jr.,

A year later: A look back at McColo

In Cyber Justice

A year ago today, the Internet community witnessed a remarkable event: The unplugging of McColo, a Web hosting facility in Northern California that for a long time controlled a majority of the spam-sending operations on the planet. McColo's two main Internet providers abruptly yanked the cord after Security Fix presented them with scads of evidence collected by security researchers tying massive amounts of spam and other illicit activity to McColo's network. The outcome, of course, is now well known: The volume of spam sent worldwide tanked overnight, and remained at diminished levels for many weeks. All sorts of other badness diminished as well (more on that later). But since then, the sizable chunk of virtual real estate previously occupied by McColo has remained eerily quiet. A review of more than 3,000 Internet addresses previously assigned to the hosting firm reveals an Internet ghost town, as if the entire neighborhood had

Microsoft plugs 15 holes in Windows, Office

In New Patches

Microsoft on Tuesday released software updates to fix at least 15 security flaws in Windows, Windows Server and Microsoft Office. One of the patches addresses a flaw so serious that users could find their Windows PCs compromised just by visiting booby-trapped Web sites. Richie Lai, director of vulnerability research for patch management firm Qualys, said the most dangerous vulnerability addressed in this month's updates is a flaw in the way Windows handles so-called "embedded font" files. An attacker could stitch specially made embedded fonts into a Web page and use this flaw to install malicious software when people merely browse the site with Internet Explorer on Windows 2000, Windows XP or Windows Server 2003 systems, Lai said. Microsoft said it believes hackers will quickly figure out a way to exploit this flaw for criminal gain. Andrew Storms, director of security operations for San Francisco-based security firm nCircle, agreed, saying the

Eight indicted in $9M RBS WorldPay heist

In Cyber Justice

Eight men have been indicted on charges that they hacked into credit card processing firm RBS Worldpay, and helped steal more than $9 million in a highly coordinated heist nearly a year ago, the U.S. Justice Department said Tuesday. The 16-count indictment, which names individuals from Estonia, Moldova and Russia, is the first major break in a case federal investigators are calling "perhaps the most sophisticated and organized computer fraud attack ever conducted." "Today, almost exactly one year later, the leaders of this attack have been charged," said Sally Quillian Yates, acting U.S. attorney of the Northern District of Georgia, in a written statement. "This investigation has broken the back of one of the most sophisticated computer hacking rings in the world." The men are accused of cracking the data encryption that RBS WorldPay used to protect customer data on payroll debit cards, allowing them to clone the cards. Some

Security - RSS Feeds

Security - RSS Feeds

The Pirate Bay Cuts BitTorrent Tracker

The Pirate Bay has shut down its BitTorrent tracker, opting instead for a more decentralized approach.

Metasploit Project Releases Update to Security Testing Framework

A new version of Metasploit is out just weeks after the testing framework was acquired by Rapid7. Fresh off its acquisition by Rapid7, the Metasploit Project has released an updated version of its penetration testing framework that includes more than 440 exploits and hundreds of payloads. Rapid7 acquired Metasploit last month to add to the companys testing capabilities. Nick Selby, mana...

eWeek Newsbreak Nov 16 2009

Microsoft released a security advisory to help users mitigate a bug affecting Windows 7 and Windows Server 2008 Release 2. The bug lies within the SMB protocol and affects SMB versions 1 and 2. SMB is the file sharing protocol used by default on Windows-based computers. NetSuite and InsideView recently paired up to release an application that ports social networking functionality to both CRM and Enterprise Resource Planning. By doing so, the companies join others that have recently been attempting to leverage social networking within a business-process context. Dell Children's Medical Center of Central Texas is the first healthcare facility in the world to achieve a LEED Platinum Certification by the USGBC. This hospital was rated in six key categories, Sustainable Site development, Water Efficiency, Energy Atmosphere, Materials and Resources, Indoor Air Quality, and Innovation Design. Earlier this year Samsung Electronics announced the launch of Samsung Blue Earth, an environmentally friendly mobile phone with a full touch screen. The phone was first showcased at the Mobile World Congress 2009 in Barcelona and now were showing it to you. According to Samsung, Blue Earth is the first solar powered full-touch screen phone.
- Video Content....

Researcher Hacks Twittter Using SSL Vulnerability

A security researcher demonstrates how an SSL renegotiation vulnerability made public earlier in November could be exploited to steal Twitter log-in credentials.
- A security researcher has demonstrated how attackers could use a newly discovered vulnerability in the Secure Sockets Layer protocol to launch an attack on Twitter. The researcher, Anil Kurmus, posted details of the attack to his blog, The Secure Goose, Nov. 10. The exploit takes advantage of a...

Microsoft Issues Advisory on Windows 7 Security Bug

Microsoft releases an advisory to help users concerned about a new zero-day vulnerability affecting Windows 7 and Windows Server 2008 R2. The bug was made public last week after Patch Tuesday.
- Microsoft released a security advisory to help users mitigate a bug affecting Windows 7 and Windows Server 2008 Release 2. The security vulnerability was reported last week by researcher Laurent Gaffie and can be exploited to remotely trigger a denial-of-service condition in Windows 7 and Win...

DNS Security Makes Strides, but Challenges Remain

An annual survey from Infoblox and The Measurement Factory found that many external name servers are still open to recursion, a fact that leaves them vulnerable to being used to launch DDoS attacks. However, the survey also shows a growing interest in DNSSEC.
- A new survey painted a picture of domain name server security that was both troubling and hopeful. According to research released by Infoblox and The Measurement Factory, there has been a dramatic increase in the percentage of external name servers that are open to recursion. The study put th...

How Secure is Your Jailbroken iPhone?

Though the ikee worm and other recent incidents have highlighted security risks facing users of jailbroken iPhones, the question remains: If you are using a jailbroken iPhone, just how insecure is it and what can you do about it?
- iPhone security has been front and center the past two weeks, with much of the focus falling on jailbroken devices. Between the ikee worm and the discovery of a tool that allows attackers to steal data from jailbroken phones, some have wondered whether jailbroken iPhones are inherently insec...

IBM Reveals New Security Product for Virtual Environments

IBM announced plans for a new virtualization security product that extends protection to multiple layers of the virtual infrastructure by integrating with VMware's VMsafe technology.
- IBM is talking up virtualization security with a new product aimed at protecting enterprise virtual infrastructures. According to IBM, the product - known as IBM Virtual Server Security for VMware vSphere - is designed to help protect every layer of the virtual infrastructure, from the hyperv...

LABS GALLERY: Shavlik Netchk Protect 7 Gets Anti-Malware Boost

Shavlik Netchk Protect 7 adds anti-malware capabilities (in the form of Sunbelt's VIPRE engine) to the well-respected patch management solution. The management console GUI is excellent, as is support for virtual machines. Patch management is extremely strong, and anti-malware protection is very good, although the latter could be better integrated into the overall platform.
- ...

WhiteHat: Web Security Vulnerabilites Found on Most Sites

In the latest report on Website vulnerabilities by WhiteHat Security, researchers found 64 percent of Websites have at least one serious vulnerability. The most common flaw - cross-site scripting.
- New research from WhiteHat Security painted a bleak picture for Website security. In its latest iteration of its Website Security Statistics report, WhiteHat found 64 percent of the 1,364 sites the company analyzed have at least one serious vulnerability. But the news isnt all bad according to...

Windows Security Bug Revealed After Microsoft Patch Tuesday

A security researcher discovers a bug that could be used to trigger a crash in Windows 7 and Windows Server 2008 Release 2.
- Less than 24 hours after Microsoft's Patch Tuesday, a security researcher revealed a zero-day bug affecting Windows 7 and Windows Server 2008 Release 2. Researcher Laurent Gaffie posted proof-of-concept code as well as information about the flaw on his blog and the Full Disclosure mailing list ...

REVIEW: Shavlik Netchk Protect 7 Provides Patch Management, Anti-Malware in a Single Tool

Combining the Shavlik Netchk patch management system with the Sunbelt VIPRE anti-malware engine, Protect 7 is a full- featured security solution. Howewer, anti-malware is not fully integrated into the management console, and eWEEK Labs experienced some quirkiness with the GUI during tests.
- Perhaps the most time- and resource-consuming task on IT professionals security to-do list is patching applications and operating systems. The rise in popularity of virtual machine technology only intensifies the issue. Add to that the nightmare of malware. No longer simply a nuisance, todays ma...

iPhone Hacker Tool Steals Data from Jailbroken Phones

Researchers at Mac security firm Intego have uncovered a new tool hackers can use to steal data from jailbroken Apple iPhones. The tool leverages the same default password issue as the ikee worm targeting iPhone users in Australia.
- Security researchers have found a new tool targeting users of jailbroken iPhones. On the heels of the discovery of a worm targeting jailbroken iPhones in Australia, security researchers at Intego now say they have detected a program known as iPhone/Privacy.A that hackers can use to swipe person...

Hackers Charged in RBS WorldPay Breach

Federal prosecutors announced indictments against eight people in connection with the theft of more than $9 million from ATMs around the world.
- A U.S. grand jury has indicted eight people in connection with the theft of more than $9 million from over 2,100 ATMs in at least 280 cities around the world. The indictment accuses Viktor Pleshchuk, 28, of St. Petersburg, Russia; Sergei Tsurikov, 25, of Tallinn, Estonia; Oleg Covel...

Facebook Says Hijacked Groups No Threat to Confidential Data

Facebook confirms that a group called Control Your Info seized control of some Facebook groups. According to Facebook, no hacking is involved and no confidential data is at risk. As many as 200 groups are reported as being under the power of Control Your Info.
- An anonymous group going by the name Control Your Info hijacked hundreds of Facebook groups Nov. 10 to put a spotlight on the social networking site's security. Control Your Info seized control of the Facebook groups and renamed each Control Your Info. On the wall of every group was a message ...

Microsoft Issues Critical Windows Security Patches

Microsoft releases six security bulletins for November's Patch Tuesday, covering 15 vulnerabilities. Three of the bulletins are rated critical and address Windows security.
- Microsoft released six patches Nov. 10 to cover 15 security vulnerabilities. Three of the bulletins address critical Windows security issues. Those bulletins cover a variety of issues affecting the WSDAPI (Web Services on Devices Application Programming Interface), vulnerabilities in the Window...

10 Reasons Why Mac OS X Security Could Get Worse

News Analysis: Mac OS X might be considered far more secure than Windows today, but that may be changing over time. Apple's operating system is now a bigger target than ever. As more people jump on the Mac bandwagon, more and more malware makers will follow.
- Apple released another major Mac OS X security update Nov. 9. The update, Mac OS X 10.6.2, installs several fixes for quot;Snow Leopard, quot; including for a problem that logs users out unexpectedly. But it was the security side of the update that may cause the most alarm. According to Apple, ...

SecuriTeam.com

SecuriTeam

Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.

Atheros Driver Reserved Frame DoS Vulnerability

The wireless driver in some Wi-Fi access points (such as the ATHEROS-based Netgear WNDAP330) do not correctly parse malformed reserved management frames.

Microsoft Windows License Logging Service Heap Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. Authentication is not required on certain configurations to exploit this vulnerability.

McAfee Security Manager Authentication Bypass and Session Hijacking Vulnerability

McAfee Network Security Manager is vulnerable to authentication bypass via HTTP session cookie hijacking. A remote attacker could exploit this vulnerability to hijack an existing session to the Network Security Manager.

Microsoft Office Excel Code Execution Vulnerabilities

Attackers using specially crafted XLS files can execute arbitrary code via memory corruptions, invalid index, and invalid pointer errors.

SearchSecurity.com

SearchSecurity: Security Wire Daily News

The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.

Russian cybercriminals target H1N1 Swine flu fears

By Robert Westervelt

Report outlines massive affiliate campaigns pushing counterfeit Tamiflu and making Russian hackers millions.

Russian cybercriminals target H1N1 Swine Flu fears

By Robert Westervelt

Report outlines massive affiliate campaigns pushing counterfeit Tamiflu and making Russian hackers millions.

H.D. Moore speaks about Metasploit Project deal, Release 3.3

By Neil Roiter

Founder talks about the community's reaction to the Rapid7 acquisition, big changes in the latest Metasploit Framework release and what the future might hold.

Windows 7 DOS flaw allows hackers to freeze Microsoft's newest OS

By Robert Westervelt

A Server Message Block (SMB) flaw in Microsoft's latest OS can be remotely exploited by an attacker to cause Windows 7 machines to stop responding.

Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS

By Robert Westervelt

A Server Message Block (SMB) flaw in Microsoft's latest OS can be remotely exploited by an attacker to cause Windows 7 machines to stop responding.

Secure your remote users in 2010

By Eric Ogren

As companies shave operational costs by hiring more remote workers, IT security teams should plan to protect sensitive data being used by a highly mobile workforce in 2010.

Web security firm ranks Firefox, Safari browsers as flaw prone

By Robert Westervelt

Penetration testing firm Cenzic says Mozilla Firefox and the Apple Safari browsers contain the most vulnerabilities in a study covering the first half of 2009.

Layoffs prompt insider threat fears, cybersecurity survey finds

By Robert Westervelt

The 12th annual Ernst & Young Global Information Survey found senior IT professionals worried about reprisals from disgruntled employees.

SANS%20RSS%20Feed

SANS NewsBites

All Stories From Vol: 11 - Issue: 91

GAO Report Finds Network Security Problems at Los Alamos (November 13 & 16, 2009)

A report from the Government Accountability Office (GAO) describes various computer network vulnerabilities at Los Alamos National Laboratory (LANL).......

Most Security Products Require Multiple Testing Cycles for Certification (November 16, 2009)

A study from ISCA Labs, based on data from 20 years of security product testing, listed the top reasons products fail their initial certification testing.......

Yahoo! Closes SQL Injection Hole in HotJobs (November 16 & 17, 2009)

An SQL injection vulnerability on the jobs section of the Yahoo! website, HotJobs, could be exploited to gain access to personal information.......

Four Men Jailed for Using Trojan to Steal Funds From Bank Accounts (November 13 & 16, 2009)

A court in the United Kingdom has sentenced four men to prison for using malware to steal nearly GBP 600,000 (US $1 million) from bank accounts.......

Israeli Police Arrest Alleged Phisher (November 15, 2009)

Israeli police and the Israeli Defense Fund arrested a man suspected of launching a phishing attack on customers of Bank Leumi.......

Class Action Settlement Approved in Data Breach Case (November 12, 2009)

A judge has approved a class action lawsuit settlement in a case involving a data security breach at financial services firm D.......

Cyber War Expose (November 13, 2009)

The covers are off the cyber warfare story.......

For One-Third of US Government Agencies, Security Incidents Are a Daily Occurrence (November 10 & 11, 2009)

A CDW-Government survey of 300 US government IT professionals found that 44 percent of agencies noted an increase in the number of security incidents over last year.......

Researchers Describe Weakness in Government Wiretap Technology (November 11 & 12, 2009)

Researchers at the University of Pennsylvania say they have discovered a vulnerability in the technology the government uses to conduct wiretaps.......

Indian Outsourcer Arrested for Selling British Patients' Medical Files (November 10 & 12, 2009)

Police in India have arrested the chief of an outsourcing company for allegedly selling British patients' medical records.......

Modified Xbox Consoles Banned From Xbox Live (November 11 & 12, 2009)

In an attempt to combat piracy, Microsoft is permanently banning modified Xbox consoles from accessing Xbox Live.......

Eight Indicted in Massive, Coordinated ATM Fraud (November 10 & 11, 2009)

A US federal grand jury in Atlanta, Georgia has indicted eight men in connection with the RBS WorldPay security breach.......

Bank Fraud Linked to Stolen Employee Data (November 10, 2009)

A data security breach of a server at the Vancouver (Washington) School District exposed employee information, including Social Security numbers (SSNs) and bank account information of employees who use direct payroll deposit.......

Metasploit Framework 3.3 Released, (Tue, Nov 17th)

The Metasploit Project released Metasploit Framework 3.3 today ...(more)...

OpenVPN Fixed OpenSSL Session Renegotiation Issue, (Tue, Nov 17th)

OpenVPN released an update to respond to the OpenSSL vulnerability described in CVE-2009-3555. OpenV ...(more)...

Reports of a successful exploit of the SSL Renegotiation Vulnerability?, (Mon, Nov 16th)

Its a brand new week. ...(more)...

Microsoft advisory for Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit released, (Sat, Nov 14th)

Microsoft has released an advisory for the Windows 7 / Windows Server 2008 R2 Remote SMB DoS Exploit ...(more)...

Flash Origin Policy Attack, (Fri, Nov 13th)

An apparently critical vulnerability in Adobe Flash has been identified that could allow sites with ...(more)...

WordPress 2.8.6 Available - security fixes, (Fri, Nov 13th)

...(more)...

Conficker patch via email?, (Fri, Nov 13th)

Microsoft does not send patches, updates, anti-virus, or anti-spyware via email (hopefully ever). Th ...(more)...

New challenge posted at ethicalhacker.net "SSHliders" due 23/11/09, (Fri, Nov 13th)

...(more)...

TLS & SSLv3 renegotiation vulnerability explained, (Fri, Nov 13th)

Thierry Zoller has written a nice summary of the TLS SSLv3 renegotiation vulnerability. He cov ...(more)...

It's Never Too Early To Start Teaching Them, (Fri, Nov 13th)

Last week it was my pleasure to visit a group of middle school students that are interested in anyth ...(more)...

Pushdo/Cutwail Spambot - A Little Known BIG Problem, (Fri, Nov 13th)

Today was another one of those days that all ISP's dread. I am the Abuse Coordinator for a sma ...(more)...

Windows 7 / Windows Server 2008 R2 Remote SMB Exploit, (Thu, Nov 12th)

Mikael wrote us yesterday, telling us about a site claiming to have a zero day for SMBon both ...(more)...

Apple Safari 4.0.4 Released, (Wed, Nov 11th)

Safari 4.0 ...(more)...

Layer 2 Network Protections against Man in the Middle Attacks, (Wed, Nov 11th)

Last month (Day 9 of Cyber Security Awareness Month) we discussed a Man in the Middle (MITM) attack ...(more)...

SANS%20RSS%20Feed

SANS Information Security Reading Room

Last 25 Computer Security Papers added to the Reading Room

Gathering Security Metrics and Reaping the Rewards

Category: Management & Leadership

Paper Added: November 16, 2009

Hey Dude! I Can Do a Great Humphrey Bogart!

Category: Network Devices

Paper Added: November 11, 2009

The%20Register

The Register - Security

Biting the hand that feeds IT

Romanian cops to $150,000 ATM skimming spree
'All your PINs are belong to us'

A Romanian national has admitted he defrauded Bank of America of about $150,000 in a scheme that secretly recorded customer information as it was entered into automatic teller machines.…

Trojans likely to follow Win 7 activation hack
Beware Greeks bearing security bypasses

Trojan attacks are likely in the wake of the Windows 7 product activation system cracks developed last week, less than a month after the release of Microsoft's latest operating system.…

Official Bruce Schneier action figure steps onto market
Coiffure options: 'Ponytail', 'Bald' or 'Cyborg'

Good news for devotees of ponytailed crypto guru of all our hearts Bruce Schneier: it's now possible to buy an officially endorsed "Bruce Schneier action figure".…

Spam net snared a quarter million bots, says conqueror
Putting the mega in Mega-D

Herders behind the Mega-D botnet may have corralled nearly a quarter million infected machines into their spam-churning enterprise before it was recently crippled by white hat hackers.…

DNSSec update deadline penciled in for 2011
Long awaited security upgrade heading for .com and .net

VeriSign announced plans on Monday to roll out the DNSSec security standard for the web's .com and .net Top Level Domain Names (TLDs) by the first quarter of 2011.…

Gang sentenced for UK bank trojan
Almost £600,000 siphoned

A British court has sentenced four men to prison after they admitted they used sophisticated trojan software to steal almost £600,000 from bank accounts and send it to Eastern Europe.…

Spammers aim to profit from swine flu pandemic
Caution advised over modern day Harry Limes

Russian cybercrooks have laid the groundwork needed to build a business cashing in on swine flu panic-buying.…

iPhone worm hacker gets death threats, job offers
Mixed bug bag for chastened VXer

The creator of the rickrolling iPhone worm has spoken of possible job offers and death threats since the release of the Jesus Phone malware last weekend.…

Adobe Flash attack vector exploits insecure web design
User-supplied malware upload peril

An unpatched security risk involving Adobe Flash creates a possible mechanism for hackers to load exploits onto websites.…

Microsoft defends Hotmail's cookie requirement
Log out block 'good for security'

Microsoft has said its new policy of requiring users to accept third party cookies to log out of Hotmail improves security.…

MS patent looks just like Unix command, critics howl
'Sudo for dummies'

Microsoft has won a patent that covers functionality closely resembling security features that have been at the heart of Unix for more than two decades and more recently been folded into the Linux and Mac operating systems.…

Win 7 remote kernel crasher code released
File and print freeze menace revealed

Microsoft has reportedly begun investigating a potentially nasty denial of service vulnerability affecting Windows 7.…

Attackers conceal exploit sites with Twitter API
Trends technique suffers hacktile dysfunction

Drive-by exploit writers have been spotted using a popular Twitter command to send web surfers to malicious sites, a technique that helps conceal the devious deed.…

Wikipedia sued for publishing convicted murderer's name
Hey Wolfgang Werlé: Ever heard of the Streisand Effect?

A man who served 15 years for the gruesome murder of a famous German actor is taking legal action against Wikipedia for reporting the conviction.…

Malware cleans out jailbroken iPhones
Hack tool wriggles through Rickroll worm hole

Updated Miscreants have developed a hacking tool that attacks jailbroken iPhones.…

Lighter Patch Tuesday focuses on Windows flaws
Win 7 users get a month off for good behaviour

Microsoft released six patches on Tuesday night - three critical - as part of its regular Patch Tuesday update cycle.…

Security service protects PCs from attack

Start-up InZero Systems Tuesday makes its debut with a security service that promises to protect PCs from possible malware, intrusions and other types of attacks.

Michael Jackson is riskiest celebrity of 2009

Michael Jackson has been named the riskiest celebrity of 2009 by Symantec.

New security products underperform, says ICSA

Many security products simply do not work as advertised, or at least need a lot of tinkering to make them work, a report from the respected ICSA Lab has found.

Yahoo jobs site in SQL attack worry

Yahoo raced last Thursday to close a potentially serious vulnerability that could have exposed customer data from its online jobs website , a security company has revealed.

The Cloud Security Survival Guide

For companies increasingly dependent on cloud services, security challenges abound. Here's a collection of articles, columns and audio to help IT security practitioners plot the right course.

Endpoint security frustrates IT

There's a groundswell of frustration about today's endpoint security, as well as worries about how newer technologies such as virtualization or cloud computing will impact it, according to a new study.

Shadowserver to take over as Mega-D botnet herder

An effort is underway to clean up tens of thousands of computers infected with malicious software known for churning out thousands of spam messages per hour.

Bebo is work social network for cyberbulling

Bebo is the social network where teenagers are most likely to experience cyberbullying, says Beatbulling.

Network and Security Operations Convergence

Bringing network and security ops under one roof is translating into more efficiency and increased security for IT management and consulting firm American Systems

Google Street View Battle Highlights Privacy Challenge

Google is being sued by a Swiss watchdog agency for allegedly failing to take adequate measures to protect privacy. The legal battle in Switzerland is just the latest in a long line of privacy issues with Google and illustrates the challenge of providing as much information as possible without violating privacy concerns.

UK hails first cybercrime cooperation with banks

U.K. police are hailing the sentencing of four people who used a sophisticated Trojan horse program to siphon money out of online bank accounts and send it to Eastern European countries and Russia.

Washington Watch National ID Program in Deep Trouble, as Budget Is Cut 40%

Funding for the already troubled Real ID program has been cut 40%, amid criticism by privacy advocates and state governors.

InfoWorld's top 10 emerging enterprise technologies

2009's up-and-coming technologies for business that will have the greatest impact in years to come

Network-based e-mail – Ready for prime time?

In the prior newsletter, we raised the question of whether the time is here – or past due – for moving email from local PCs back to the network. This time we want to continue the discussion by looking at some of the key questions that need to be addressed.

Blue Coat unveils secure Web gateway appliances

Blue Coat on Monday unveiled new Web gateway security appliances that the company says achieve higher throughput and scalability compared with its earlier products.

VeriSign bolsters security for .com, .net sites

VeriSign says it will support DNS Security Extensions, dubbed DNSSEC, in the .net and .com top-level domains by March 2011.

Microsoft confirms first Windows 7 zero-day bug

Microsoft late on Friday confirmed that an unpatched vulnerability exists in Windows 7, but downplayed the problem, saying most users would be protected from attack by blocking two ports at the firewall.

Fake Verizon 'balance-checker' is a Trojan

Cyber-criminals have started preying on Verizon Wireless customers, sending out spam e-mail messages that say their accounts are over the limit and offering them a "balance checker" program to review their payments.

Job Search Scams: Protect Yourself Against Identity Theft

As U.S. unemployment has increased, so too has the number of job search scams identity theft rings are perpetrating against desperate job seekers.

Amazon called out over cloud security, secrecy

Amazon's cloud computing service should not be used for applications that require advanced security and availability, an analyst report claims.

DNS problem linked to DDoS attacks gets worse

Internet security experts say that misconfigured DSL and cable modems are worsening a well-known problem with the Internet's DNS (domain name system), making it easier for hackers to launch distributed denial-of-service (DDoS) attacks against their victims.

GAO: Los Alamos National Lab's cybersecurity lacking

Cybersecurity efforts to protect a leading U.S. nuclear laboratory's classified computer network remain lacking even after a series of security lapses, according to a new report from the U.S. Government Accountability Office.

Spam campaign targets payment transfer system

A new spam campaign is targeting a financial transfer system that handles trillions of dollars in transactions annually and has proved to be a fertile target of late for online fraudsters.

Shifting mobile cost to employees? Think twice

I've noticed a disturbing anecdotal trend in talking to enterprise customers lately, and some recent IDC numbers I just stumbled across seem to back it up. The unfortunate movement is away from corporate-liable mobile phone models and towards individual-liable setups, where employees procure their own wireless devices and services and may be reimbursed for their expenses by their employer.

EU-US accord on SWIFT data hits political snag

Some of Europe's largest countries are backing away from a controversial draft agreement being negotiated with the U.S. that would allow that country's antiterrorism agencies access to the personal financial data of millions of European citizens, it emerged Friday.

Cyber-Ark unveils tool for managing Windows, Unix systems

Cyber-Ark Software introduced a single tool that can manage accounts that have privileged access on both Windows and Unix systems.

HP and 3Com: A good fit, but not without overlap

HP and 3Com fit remarkably well together when considering the target markets that drove them together in this week's blockbuster $2.7 billion deal: core Ethernet switching and China. But most of the rest – low-end, SMB and edge switching, plus wireless networking – faces considerable overlap.

Fortinet detects increase in malware levels

Fortinet, a network security provider and unified threat management (UTM) solutions specialist has observed the highest level of total malware detected in more than a year.

Undercover 1.5 ousts iPhone thieves with push notifications

It's 2 AM. Do you know where your iPhone is?

Web Site Security Holes Make Case for Protection

Two-thirds of the sites that tend to care most about security still have serious unfixed vulnerabilities, according to an analysis from web security firm WhiteHat Security.

Flash flaw puts most sites, users at risk, say researchers

Hackers can exploit a flaw in Adobe's Flash to compromise nearly every Web site that allows users to upload content, including Google's Gmail, then launch silent attacks on visitors to those sites, security researchers said today.

Global news recap, World Tech Update, Nov. 12

Click here to watch this week's World Tech Update.

Protect Your PCs from Windows 7's Zero-Day Exploit

It was a notable accomplishment when Windows 7 was not impacted in any way by the vulnerabilities addressed in the six Security Bulletins released by Microsoft for the November Patch Tuesday. It would be even more impressive if Windows 7 proved invulnerable to the zero-day exploit that hit the next day.

Apple issues week's second patch set, fixes 7 Safari flaws

Apple on Wednesday issued its second security update in three days, patching seven vulnerabilities in Safari, including one in the Windows version that the company fixed two months ago for most Mac users.

Facebook Tips: Staying Safe While Using Games and Apps

The maker of the popular FarmVille game has agreed to change its practices that subjected Facebook users to some scammy offers. But the more games and apps that you use on Facebook, the higher your risk for malware, phishing scams and hacking. Here are four tips for staying secure.

H1N1 drives demand for secure remote access

Vendors of remote access technologies are reporting an unexpected increase in demand for their products over the past several months as a result of companies' H1N1-related concerns.

How to DDOS a federal wiretap

Researchers at the University of Pennsylvania say they've discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.

Panda launches free 'cloud' antivirus scanner

After seven months in beta , Panda Security has released the first version of its cloud-based antivirus product, which will be free to consumers with a paid-for managed service for SMBs.

New iPhone malware steals data from jailbroken phones

Another piece of dangerous code that attacks iPhones has been found, although it puts at risk only a very small subset of the smartphone's users.

Federal Data Security Law: 'Careful What You Wish For'

A cybersecurity bill advanced further up the U.S. Senate gauntlet last week, and some IT security practitioners aren't happy about it.

iPhone worms, other smartphone malware in researchers’ sights

Georgia Tech researchers have received a $450,000 NSF grant to boost security of iPhones, BlackBerries and other smartphones and the wireless networks on which they run. And it’s those networks where the researchers are really zeroing in.

Data-stealing hack targets jailbroken iPhones

Once more into the breach, my iPhone-wielding compatriots. On Monday, we heard about the iPhone vulnerability that allowed dastardly hackers to place nefarious Rick Astley wallpaper on some jailbroken devices. Now, security firm Intego reports that the same loophole can allow hackers to do far worse.

iPhone security problems bring new risks

In just four days, not one but two worms targeting the iPhone have emerged. Both of the worms target the same vulnerability, a default password in the SSH server that is installed on jail-broken iPhones. While one worm is a mostly a nuisance, the second siphons personal information from the iPhone, which makes it a serious identity theft threat.

TalkTalk applauds new EU legislation

UK ISP TalkTalk has applauded the EU agreement regarding disconnecting illegal downloaders from the web, saying the legislation "puts into legal language what fair-minded people instinctively knew was right and just".

Microsoft releases Office 2004, 2008 updates

Microsoft on Tuesday issued updates for its venerable Office suite versions 2004 and 2008.

Windows 7 may be secure, but are Windows users safe?

Windows 7 users got a nice surprise on Tuesday when Microsoft released its first set of security patches since unveiling the new operating system last month. Of the 15 bugs patched, none affected Windows 7.

IA job prospects bright

No one reading this column needs general references to news about the economic difficulties we are living through in the United States and elsewhere. Just the other day, I spoke with a long-time friend and colleagues from the information security field who used to earn a decent living as a much sought-after consultant; last week he canceled his business telephone line to save money. He's looking for a permanent job.

Online users becoming less anxious over security, privacy

While surveys about security usually end up telling us about how bad people feel, a global survey released Tuesday indicates there's substantially less anxiety about Internet security, personal safety and national security than there was six months ago.

McAfee Avert Labs

Cutting edge security research as it happens.......

The McColo Effect: One Year Later

By Sam Masiello on Web and Internet Safety

One year ago today email administrators were astonished to notice the amount of spam hitting their mail servers had plunged precipitously. Email volumes dropped off as much as 60 percent to 70 percent, and the reason wasn’t immediately obvious to anyone except for the folks who knew that McColo, a major spam-hosting ISP had been taken [...]

InSecurity Complex

Keeping tabs on flaws, fixes, and the people behind them.

FAQ: Recognizing phishing e-mails

By Elinor Mills

Phishing attacks have spiked this year, recent reports show. Here's a primer on what phishing is and how to avoid it.

Report: Countries prepping for cyber war

By Elinor Mills

U.S., Israel, Russia, China, and France are gearing up for cyber offensives, according to a new McAfee report.

Antitrust concerns linger in Google Books deal

By Elinor Mills

Opponents of Google Books settlement say the search giant will still have exclusive rights to digitize orphaned out-of-print works.

Originally posted at News - Digital Media

Hackers create tools for disaster relief

By Elinor Mills

At the first-ever Random Hacks of Kindness event, developers work on technology tools that emergency relief workers can use in disasters.

Microsoft patching zero-day Windows 7 SMB hole

By Elinor Mills

Company warns customers that exploit code for the Server Message Block hole is available and suggests a workaround until a patch is ready.

RSA reveals details behind re-shipping scam

By Elinor Mills

Desperate during the downturn, people are taking "jobs" as re-shippers, not realizing they're helping criminals move goods purchased with stolen credit cards, RSA says.

Expert says Adobe Flash policy is risky

By Elinor Mills

Adobe Flash Player allows arbitrary content to access applications without permission, says researcher at Foreground Security.

Microsoft probing Windows 7 zero-day hole

By Elinor Mills

One day after Patch Tuesday, researcher warns of unpatched security hole in Windows 7 and Server 2008.

Eastern Europeans charged in payment processor hack

By Elinor Mills

Grand jury indicts defendants accused of hacking into RBS WorldPay network and running "one of the most sophisticated computer hacking rings in the world."

Info Security News

Carries news items (generally from mainstream sources) that relate to security.

GMH data breached in stolen laptop

Posted by InfoSec News on Nov 17

http://www.guampdn.com/article/20091117/NEWS01/911170301/1002
By Laura Matthews
Pacific Daily News
November 17, 2009
The Guam Memorial Hospital suffered an information breach when a laptop
containing unsecured health information was stolen in late October.
It wasn't until late last week that they found out the machine contained
a file with personal information for approximately 2,000 employees,
volunteers, contractors and physicians....

Police probe breach of NHS smartcard security as e-records launched in London

Posted by InfoSec News on Nov 17

http://www.computerweekly.com/Articles/2009/11/16/239006/police-probe-breach-of-nhs-smartcard-security-as-e-records-launched-in.htm
By Tony Collins
ComputerWeekly.com
16 Nov 2009
An NHS trust at the forefront of work on the 12.7bn NHS IT scheme has
called in police after a breach of smartcard security compromised the
confidentiality of hundreds of electronic records.
Patients in Hull have expressed their dismay that an unauthorised NHS...

A different kind of antiviral donation for Africa

Posted by InfoSec News on Nov 17

http://www.networkworld.com/news/2009/111609-antivirus-africa.html
By M. E. Kabay
Network World
11/16/2009
Africa is suffering from yet another plague: this one infects their
computers instead of their communities.
Chris Michael, writing in the English newspaper The Guardian in August
2009, summarized the situation as follows: "...Africa has become a hive
of [T]rojans, worms and exploiters of all stripes. As PC use on the
continent...

Report: Countries prepping for cyber war

Posted by InfoSec News on Nov 17

http://news.cnet.com/8301-27080_3-10399141-245.html
By Elinor Mills
InSecurity Complex
CNet News
November 16, 2009
Major countries and nation-states are engaged in a "Cyber Cold War,"
amassing "cyber weapons," conducting espionage, and testing networks in
preparation for using the Internet to conduct war, according to a new
report to be released on Tuesday by McAfee.
In particular, countries gearing up for cyber...

Obama said to be close again to naming cybersecurity chief

Posted by InfoSec News on Nov 17

http://www.computerworld.com/s/article/9140948/Obama_said_to_be_close_again_to_naming_cybersecurity_chief?taxonomyId=17
By Jaikumar Vijayan
Computerworld
November 16, 2009
The Obama administration is once again reported to be close to naming a
White House cybersecurity coordinator.
A story in the Federal Times, quoting unnamed sources, said that an
announcement could come as soon as Thanksgiving.
The two people in the running for the post...

Researcher Hacks Twittter Using SSL Vulnerability

Posted by InfoSec News on Nov 17

http://www.eweek.com/c/a/Security/Researcher-Demonstrates-SSL-Vulnerability-on-Twitter-291904/
By Brian Prince
eWEEK.com
2009-11-16
A security researcher has demonstrated how attackers could use a newly
discovered vulnerability in the Secure Sockets Layer protocol to launch
an attack on Twitter.
The researcher, Anil Kurmus, posted details of the attack to his blog,
The Secure Goose, Nov. 10. The exploit takes advantage of a
vulnerability...

The Cyberwar Plan

Posted by InfoSec News on Nov 16

Forwarded from: William Knowles <wk (at) c4i.org>
http://www.nationaljournal.com/njmagazine/cs_20091114_3145.php
By Shane Harris
National Journal
Nov. 14, 2009
Cover Story
In May 2007, President Bush authorized the National Security Agency,
based at Fort Meade, Md., to launch a sophisticated attack on an enemy
thousands of miles away without firing a bullet or dropping a bomb.
At the request of his national intelligence director,...

Little to Show for $433 MM Infosec Investment

Posted by InfoSec News on Nov 16

http://www.govinfosecurity.com/articles.php?art_id=1937
By Eric Chabrow
Managing Editor
Gov InfoSecurity
November 13, 2009
Los Alamos National Laboratory has spent $433 million to secure its
classified computer network between fiscal years 2001 and 2008,
according to a report issued Friday by the Government Accountability
Office, yet significant weaknesses remain in safeguarding the
confidentiality, integrity and availability of information...

Evidence at issue in corporate espionage case involving WYCO employees

Posted by InfoSec News on Nov 16

http://www.knoxnews.com/news/2009/nov/13/evidence-at-issue-in-corporate-espionage-case-of/
By Hugh G. Willett,
Knoxvillebiz.com
November 13, 2009
There is an expectation of privacy for files stored on a laptop computer
but not for files stored on a central office server, a federal
magistrate judge ruled Thursday in a case of alleged corporate
espionage.
U.S. Magistrate Judge C. Clifford Shirley Jr. found that e-mail messages
of defendant...

14 tech firms form cybersecurity alliance for government

Posted by InfoSec News on Nov 16

http://gcn.com/articles/2009/11/12/tech-firms-form-cybersecurity-alliance.aspx
By Wyatt Kash
GCN.com
Nov 12, 2009
Thirteen leading technology providers, together with Lockheed Martin,
today announced the formation of a new cybersecurity technology
alliance. The announcement coincided with the opening of a new NexGen
Cyber Innovation and Technology Center in Gaithersburg, Md., designed to
test and develop new information and cybersecurity...

DNS problem linked to DDoS attacks gets worse

Posted by InfoSec News on Nov 16

http://www.computerworld.com/s/article/9140839/DNS_problem_linked_to_DDoS_attacks_gets_worse?taxonomyId=17
By Robert McMillan
IDG News Service
November 13, 2009
Internet security experts say that misconfigured DSL and cable modems
are worsening a well-known problem with the Internet's DNS (domain name
system), making it easier for hackers to launch distributed
denial-of-service (DDoS) attacks against their victims.
According to research set...

Government Use Of Windows 7 Hinges On Security Spec

Posted by InfoSec News on Nov 13

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=221601528
By J. Nicholas Hoover
InformationWeek
November 12, 2009
More than a dozen federal agencies, including the White House and all
branches of the military, are testing Windows 7, according toMicrosoft
(NSDQ: MSFT). But it may be another six months before agencies can move
ahead with Windows 7 deployment because a government-mandated security
standard...

UK's cyber warriors go into battle in March

Posted by InfoSec News on Nov 13

http://www.theregister.co.uk/2009/11/12/csoc_date/
By Chris Williams
The Register
12th November 2009
The UK's new cyberwarfare unit will be ready for action on 10 March,
according to the government.
The Cyber Security Operations Centre (CSOC), located at GCHQ in
Cheltenham, will have an initial staff of 19, said Baroness Crawley.
CSOC will monitor the internet for threats to UK infrastrucutre and
counter-attack when necessary.
The...

Britney Spears' Twitter account hacked

Posted by InfoSec News on Nov 13

http://marquee.blogs.cnn.com/2009/11/12/britney-spears-twitter-account-hacked/
The Marquee Blog
CNN.com
November 12, 2009
Britney Spears and the devil? If you'd logged on to her Twitter account
recently, that might have been the impression.
Hackers appear to have struck the singer's Twitter account on Thursday,
altering her wallpaper and posting the following tweets:
"I give myself to Lucifer every day for it to arrive as quickly as...

Kung fu shrine under attack

Posted by InfoSec News on Nov 13

http://english.people.com.cn/90001/90782/6812197.html
People's Daily Online
November 13, 2009
He was China's youngest Abbot in the Shaolin Temple - 22 when he
ascended the throne. He was one of the first monks in China with an MBA.
He is also the most controversial Buddhist here, allegedly for turning
the shrine into a money-making machine.
Now, he is in the spotlight again after hackers targeted the website
established to promote...

HHS seeking solutions to address FISMA compliance for health exchange

Posted by InfoSec News on Nov 13

http://fcw.com/articles/2009/11/12/fisma-compliance-patient-data-exchange.aspx
By Alice Lipowicz
FCW.com
Nov 12, 2009
Health and Human Services Department officials are looking for
information technology solutions that comply with a key federal
cybersecurity law while also allowing for exchange of federal health
data with private entities, a senior health data exchange official said
today.
Currently, federal medical agencies that handle...

Secunia Weekly Summary - Issue: 2009-46

Posted by InfoSec News on Nov 13

========================================================================
The Secunia Weekly Advisory Summary
2009-11-05 - 2009-11-12
This week: 48 advisories
========================================================================
Table of Contents:
1.....................................................Word From...

RSA reveals details behind re-shipping scam

Posted by InfoSec News on Nov 13

http://news.cnet.com/8301-27080_3-10396478-245.html
By Elinor Mills
InSecurity Complex
CNet News
November 12, 2009
RSA FraudAction Research Lab has uncovered the workings behind a recent
re-shipping scam in which U.S. residents were used as mules to send
goods purchased with stolen credit card numbers overseas.
The operation began a year ago and received applications from more than
1,900 people, though only 33 people were...

Attackers use Twitter API to conceal exploit sites

Posted by InfoSec News on Nov 11

http://www.theregister.co.uk/2009/11/12/attackers_use_twitter_command/
By Dan Goodin in San Francisco
The Register
12th November 2009
Drive-by exploit writers have been spotted using a popular Twitter
command to send web surfers to malicious sites, a technique that helps
conceal the devious deed.
The microblogging site makes application programming interfaces (APIs)
such as this one available so legitimate websites can easily plug into
the...

Microsoft tries to clean up COFEE spill

Posted by InfoSec News on Nov 11

http://gcn.com/articles/2009/11/11/microsoft-forensics-tool-cofee.aspx
By Kurt Mackie
GCN.com
Nov 11, 2009
Someone spilled hot COFEE, otherwise known as Microsoft's Computer
Online Forensic Evidence Extractor.
The spill or leak was noted on Monday in reports from CrunchGear and Ars
Technica. COFEE is a computer forensics solution that Microsoft provides
for free to law enforcement agencies. It's really a collection of tools
packaged...

Alleged $9 Million Hacking Ring Exposed

Posted by InfoSec News on Nov 11

http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=221601198
By Tim Wilson
DarkReading
Nov 11, 2009
A group of alleged hackers from Eastern Europe has been indicted on
charges of hacking into a computer network operated by the Atlanta-based
credit card processing company RBS WorldPay, which is part of the Royal
Bank of Scotland.
Eight individuals, mostly from Russia and Estonia, have been charged.
The 16-count...

How to DDOS a federal wiretap

Posted by InfoSec News on Nov 11

http://www.computerworld.com/s/article/9140717/How_to_DDOS_a_federal_wiretap?taxonomyId=17
By Robert McMillan
November 11, 2009
IDG News Service
Researchers at the University of Pennsylvania say they've discovered a
way to circumvent the networking technology used by law enforcement to
tap phone lines in the U.S.
The flaws they've found "represent a serious threat to the accuracy and
completeness of wiretap records used for both...

Microsoft probing Windows 7 zero-day hole

Posted by InfoSec News on Nov 11

http://news.cnet.com/8301-27080_3-10395891-245.html
By Elinor Mills
InSecurity Complex
CNet News
November 11, 2009
Microsoft said on Wednesday it is looking into a report of a
vulnerability in Windows 7 and Server 2008 Release 2 that could be used
by an attacker to remotely crash the computer.
The company is investigating claims of a "possible denial-of-service
vulnerability in Windows Server Message Block (SMB)," the Microsoft...

Federal Computer Week: Security News

3 basic steps can thwart most cyberattacks, NSA security official says

Three key practices can help systems withstand about 80 percent of commonly-known attack mechanisms, according to an estimate from the National Security Agency.

Another day, another cybersecurity breach at federal agencies

Federal IT security pros say external sources are the biggest threat to their agency or network, while defense agencies indicate state-sponsored cybersecurity attacks are their most significant external cybersecurity issue.

Security lacking for Los Alamos classified network, GAO says

The national laboratory overseeing the nation’s nuclear stockpile has some serious security shortfalls, according to auditors.

State pilot shows a way to improve security while cutting costs

Agency has reduced its serious vulnerabilities while cutting the cost of its security program, said Chief Information Security Officer John Streufert.

Justice needs better IT approach to gang intell, IG says

Two Justice Department centers for coordinating gang-related information haven't made much difference in crime-fighting.

Is it time for a national data breach notification law?

Lawmakers are again considering legislation that would create federal requirements for notifying people when their personal data is compromised.

CISOs assess the assessors

Government chief information security officers discuss the process and effectiveness of security compliance measures.

CISOs take center-stage

The nature of IT security matters — brought to high alert by episodic breaches and ongoing cyber threats — has raised the stakes and profiles of the government chief information security officer.

Chief information security officers answer 4 burning questions

6 government chief information security officers have a round-table discussion about the most dangerous new cybersecurity threats and best strategies for addressing those risks.

Is a legislative fix in FISMA's future?

Agencies can improve cybersecurity without an overhaul of the Federal Information Security Management Act by using continuous and targeted monitoring of systems, some experts say.

14 tech firms form cybersecurity alliance for government

A new testing center, part of an effort led by Lockheed Martin and 13 IT companies, will allow for collaboration on developing better cyber defenses.

eWeek Security Watch

Enterprise Security Challenged by Web 2.0, Mobile Devices

In Web 2.0

A new survey from the Ponemon Institute shows that a lack of collaboration between IT security and operations teams is impacting security, researchers say.

Online IT Security Drama: Reality or TV?

In Trojan attacks

Applications Security Inc. has produced an online miniseries that aims to detail the plight of today's IT security workers. But is the show true to life, or not nearly quite as desperate?

Koobface Worm Poses as Facebook User

In Virus and Spyware

The Koobface botnet has new tricks up its sleeve: It can now automate the process of registering a Facebook account, confirming an e-mail address and joining random Facebook groups.

Unisys: Interest in Biometric Authentication Growing

In Privacy

A new consumer survey shows that attitudes regarding biometrics are changing as interest in the technology grows in response to identity theft.

DarkReading - Security News

DarkReading

Henry Bros. Electronics, Inc. Reports Third Quarter 2009 Results

Wisconsin-based Artisans, Inc. Launches Shop.Ducks.org to Sell Ducks Unlimited Branded Apparel

APO Encryption Software Joins RevenueWire

Hastings Entertainment to Announce Results for Third Quarter of Fiscal Year 2009 on November 16, 2009

Perimeter E-Security Names Managed Services Veteran Tim Harvey as CEO

DarkReading - All Stories

DarkReading

Most Security Products Don't Initially Work As Intended, Study Says

Many security products fail to perform as promised in initial certification tests

Myth-Busting: Quelling 7 Cloud Computing Fears

Concerned about data privacy and single points of failure, among other worries? Get ready to put your fears to rest

Conn. AG Investigates Blue Cross Blue Shield Data Breach

BC/BS and its related companies Anthem and Empire failed to inform health care providers until late last month, says Connecticut Attorney General Richard Blumenthal

DNSSEC Rollout Gains Traction

VeriSign updates its plans for <i>.com</i> and <i>.net</i> DNSSEC adoption, and new survey from Infoblox shows DNSSEC getting a big bump over the past year

Does New Microsoft Patent Infringe On Unix Program Sudo?

Some in the open source community suspicious of Microsoft's intent

Hacking Privileged Database User Access

How to provide least user privilege to your privileged database users

Product Watch: IBM Unveils New Virtual Server Security Offering

IBM launches tools for securing VMware virtual server environments

OWASP Issues New Top 10 Web Application Security Risks List

List now focuses on actual risk, not weaknesses and flaws in Websites

One-Third Of Federal IT Pros Deal With Daily Cybersecurity Threat

Mobile computing and smart phones also continue to pose security problems, according to CDW-G survey

Microsoft Looks Into Bug That Can Crash Windows 7

Company is investigating a possible denial-of-service vulnerability in Windows Server Message Block

New Flash Attack Has No Real 'Fix'

Researchers show how Adobe Flash can be exploited in browsers when victim visits sites that accept user-generated content

How To Protect Your Assets When Working With Third Parties

A number of insurance products protect against loss arising from IT-related risks

HP To Buy 3Com In Multibillion-Dollar Deal

3Com brings network switching, routing, and security solutions to HP

Researcher Takes Step Toward Integrating Penetration Test Tools

Will release free tools tomorrow at OWASP conference

'Likely' Windows Kernel Vuln Addressed By Latest Microsoft Patch

Microsoft, security researchers urge customers to make deployment of MS09-065 a priority

iPhone Targeted Yet Again

New hacking tool steals personal data off 'jailbroken' iPhones over a wireless network

Microsoft Orders Removal Of Blog About Bing Cashback Flaw

In a blog post last Wednesday, Bountii.com co-founder Samir Meghani outlined what he described as "an obvious flaw"

Researchers Building Tools To Clean Up Infected Smart Phones Via The Wireless Network

Georgia Tech working on tools for wireless providers to fix compromised phones remotely

Department Of Interior's Cybersecurity Governance 'Inefficient' And 'Wasteful': Report

Report from the agency's inspector general points to broad problems at the agency

Product Watch: Microsoft Releases 'Agile' Security Development Lifecycle (SDL) Guide

Software giant also issues white paper detailing how SDL addresses cloud security

Apple Issues Patch For 40 Vulnerabilities In Snow Leopard OS

Among security flaws addressed by Mac OS X 10.6.2 is login bypass vulnerability

Majority Of Web Apps Have Severe Vulnerabilities

Flaws 'could potentially lead to the exposure of sensitive or confidential user information during transactions,' according to new report from Cenzic

SaaS Offerings May Play Key Role In Small Business Security, Report Says

Security service offerings may help small businesses keep up with larger enterprises, report says

Darknet%20-%20Hacking,%20Cracking%20%26%20Computer%20Security

Darknet - The Darkside

Ethical Hacking, Penetration Testing & Computer Security

Katana v1 (Kyuzo) – Portable Multi-Boot Security Suite

By Darknet on wireshark

The Katana: Portable Multi-Boot Security Suite is designed to fulfill many of your computer security needs. The idea behind this tool is to bring together many of the best security distributions and applications to run from one USB Flash Drive. Instead of keeping track of dozens of CDs and DVDs loaded with your favorite [...]
Read the full post at darknet.org.uk

SSL Renegotiation Bug Succesfully Used To Attack Twitter

By Darknet on twitter security

When this SSL Renegotiation bug hit the news, most people said it was a theoretical attack and was of no practical use in the real world. But then people tend to say that about most things don’t they until they get pwned up the face. It turns out the rather obscure SSL flaw can be used to [...]
Read the full post at darknet.org.uk

Cain & Abel v4.9.35 – Password Sniffer, Cracker and Brute-Forcing Tool

By Darknet on windows hacking tool

It’s been quite a while since we’ve written about Cain & Abel, one of the most powerful tools for the Windows platform (back in 2007 here). Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using...
Read the full post at darknet.org.uk

Jailbroken iPhone Users Get Rickrolled

By Darknet on rickrolled

The ‘big’ news this week was the first self-replicating worm hit the iPhone, it only seemed to be spreading in Australia though and only worked under a specific set of circumstances. It only effects iPhone users that have jailbroken their phone and have the SSH software installed with a default password of alpine. Thankfully it’s...
Read the full post at darknet.org.uk

Pakistani Interior Minister Hacked.

By Rik Ferguson on web

The web site of Rehman Malik, the Interior Minister for Pakistan has been hacked. The compromise appears to be politically motivated The section of the front page entitled  “Welcome Message by Mr. A. Rehamn Malik – Minister for Interior” (along with most other sections) now bears the message: “F__k Of U Losers..We Dont Need Such Ministers” Claiming [...]

A mule and his money are soon parted.

By Rik Ferguson on cybercrime

This week in the UK is annual Get Safe Online week, and I had an interesting morning today at the summit launching the event. The summit was very well attended with representatives from all areas of business, government and law enforcement there to learn about and endorse the work that Get Safe Online have been doing. [...]

CNET News - Security

FAQ: Recognizing phishing e-mails

By Elinor Mills

Phishing attacks have spiked this year, recent reports show. Here's a primer on what phishing is and how to avoid it.

Originally posted at InSecurity Complex

Report: Countries prepping for cyber war

By Elinor Mills

U.S., Israel, Russia, China, and France are gearing up for cyber offensives, according to a new McAfee report.

Originally posted at InSecurity Complex

VeriSign expects major security update by 2011

By Tom Espiner

New protocol will guarantee the origin and integrity of Domain Name System data for .com and .net, company says.

Microsoft patching zero-day Windows 7 SMB hole

By Elinor Mills

Company warns customers that exploit code for the Server Message Block hole is available and suggests a workaround until a patch is ready.

Originally posted at InSecurity Complex

RSA reveals details behind re-shipping scam

By Elinor Mills

Desperate during the downturn, people are taking "jobs" as re-shippers, not realizing they're helping criminals move goods purchased with stolen credit cards, RSA says.

Originally posted at InSecurity Complex

Expert says Adobe Flash policy is risky

By Elinor Mills

Adobe Flash Player allows arbitrary content to access applications without permission, says researcher at Foreground Security.

Originally posted at InSecurity Complex

Apple updates Safari for security

By Seth Rosenblatt

A security update from Apple fixes multiple security holes in Safari, but a lack of transparency makes it hard to judge how severe the threats are.

Originally posted at The Download Blog

Microsoft probing Windows 7 zero-day hole

By Elinor Mills

One day after Patch Tuesday, researcher warns of unpatched security hole in Windows 7 and Server 2008.

Originally posted at InSecurity Complex

Security considerations for virtual environments

By Dave Rosenberg

Virtual environments have as many security risks as their physical counterparts. Users need to take security into consideration throughout their design process.

Originally posted at Software, Interrupted

Eastern Europeans charged in payment processor hack

By Elinor Mills

Grand jury indicts defendants accused of hacking into RBS WorldPay network and running "one of the most sophisticated computer hacking rings in the world."

Originally posted at InSecurity Complex

A child porn-planting virus: Threat or bad defense?

By Larry Magid

There is some concern that malware can plant illegal child porn on innocent people's computers, but experts say that, while possible, it's not very likely.

Originally posted at Safe and Secure

CGISecurity - Website and Application Security News

All things related to website, database, SDL, and application security since 2000.

OWASP Issues 2010 Top 10 (RC1)

By Robert A. on IndustryNews

At AppsecDC OWASP published the latest version of its top ten list. From the Top Ten "OWASP plans to release the final public release of the OWASP Top 10 -2010during the first quarter of 2010 after a final, one-month public comment period ending December 31, 2009. This release of the OWASPTop 10...

Ars Technica - Security

New SMB flaw can crash Windows 7 and Server 2008 R2 remotely

By emil.protalinski@arstechnica.com (Emil Protalinski) on Windows Server 2008 R2

companion photo for New SMB flaw can crash Windows 7 and Server 2008 R2 remotely

Microsoft has issued Security Advisory 977544 in regard to public reports of a possible denial of service vulnerability in the company's implementation of the Server Message Block 2 (SMB2) protocol that only affects Windows 7 and Windows Server 2008 R2 (32-bit, 64-bit, and Itanium-based). Windows Vista, Windows Server 2008, Windows XP, Windows Server 2003, and Windows 2000 are not affected. Microsoft notes that the vulnerability cannot be used to take control of or install malicious software on a user's system, but detailed exploit code has been published for the vulnerability.

Read the rest of this article...

A single smartphone can DoS federal wiretaps

By jtimmer@arstechnica.com (John Timmer) on wiretaps

companion photo for A single smartphone can DoS federal wiretaps

As the telecommunications world went wireless and digital, the tried-and-true method law enforcement agencies used for wiretaps—splicing into the local loop—was in danger of becoming an anachronism. In 1994, Congress passed the Communications Assistance for Law Enforcement Act, which required telecommunications switches to incorporate a capacity for government monitoring of phone calls and other communications. That requirement ultimately produced an ANSI standard, J-STD-025, that dictated the capabilities of the hardware interface used by law enforcement agencies. A team of academic researchers has now put that standard to the test, and found that it's vulnerable to various forms of denial and obfuscation attacks.

As the authors note, the monitoring of domestic communications has been a source of controversy in recent years; others have questioned whether having a standard capacity built into every piece of communication hardware leaves the US communications infrastructure at risk of external attack. They avoid these issues, however, and focus on a simpler question: how well does the J-standard actually work?

Read the rest of this article...

Researchers' well-aimed stone takes down Goliath botnet

By jacqui@arstechnica.com (Jacqui Cheng) on spam

companion photo for Researchers' well-aimed stone takes down Goliath botnet

Security researchers have taken down a major spam offender, though the dip in spam levels may be only temporary. Members of the FireEye security team coordinated an attack on the Mega-D botnet (also known as Ozdok) last week by preemptively registering domains meant for the botnet's command and control channels (CnCs) and shutting down others. Spam coming from Mega-D stopped almost instantly, proving that David really can take down Goliath every once in a while.

Ever since the shut-down of McColo in 2008, the brains behind spam botnets have been much smarter about diversifying their CnCs. As pointed out by a FireEye blog post, they're no longer relying on a single net of domains to control the botnet—instead, many current botnets have mechanisms in place that randomly generate the next block of domains that the zombie machines will look for once the current set is shut down, and the people controlling the CnCs just register those domains on the fly as needed.

Read the rest of this article...

Truly malicious iPhone malware now out in the wild

By chris.foresman@arstechnica.com (Chris Foresman) on SSH

companion photo for Truly malicious iPhone malware now out in the wild

If you didn't heed previous warnings to secure your jailbroken iPhone, you may be in for some serious trouble. Computer security firm Intego has identified the first known truly malicious code which targets jailbroken iPhones with default root passwords.

The latest in a string of recent attacks, iPhone/Privacy.A uses a technique similar to previous hacks. The malware scans for phones on a given network with an open SSH port, then attempts to log in using the default root password that is the same on all iPhones. Unlike the previous versions, which merely replaced the wallpaper image to alert users that they have been cracked, the new version silently copies personal data—"e-mail, contacts, SMSs, calendars, photos, music files, videos, as well as any data recorded by any iPhone app." It then sends the data back to the machine running the software.

Read the rest of this article...

Bot herders turn to the cloud for command-and-control

By jtimmer@arstechnica.com (John Timmer) on Malware

companion photo for Bot herders turn to the cloud for command-and-control

On Monday, the security blog at Arbor Networks reported finding a bit of malware that checked in with a remote account to download some URLs. On its own, this is hardly a newsworthy event; botnets have used all sorts of communications protocols to receive updated code and information. What makes this discovery distinct is that the code that was feeding URLs to the botnet was running on Google's AppEngine platform.

These days, malware itself tends to act a bit like a grid computing service. The actual software that compromises a user's system tends to be fairly generic, hiding its presence and spreading where possible, but not actually doing much until activated. Once activated, the compromised machines use whatever resources are at their disposal to complete whatever task they're ordered to do. Those orders, which are spread through just about every Internet protocol imaginable—from HTTP to IRC—provide things like the body of a message to spam or a series of addresses to target with a denial of service attack.

Read the rest of this article...

No comments:

Post a Comment

My Blog List