Thursday, December 24, 2009

Around The Horn vol.1,165

Zero Day

Tracking the hackers

Adobe plugs gaping holes in Flash Media Server

By Ryan Naraine on Web Applications

The patch addresses issues that allow an attacker to run malicious code on the affected system.

Cisco patches critical WebEx security holes

By Ryan Naraine on Zero-day attacks

Cisco WebEx WRF Player vulnerable to six code execution vulnerabilities.

Adobe PDF attack update: Patch coming Jan 12

By Ryan Naraine on Zero-day attacks

Adobe has finally provided official mitigation guidance and announced plans to ship a patch for this vulnerability on January 12th, 2010.

Yahoo!%20News

Yahoo! News: Security News

Security News

Hackers Hit OpenX Ad Server in Adobe Attack (PC World)

In technology

PC World - Hackers have exploited flaws in a popular open-source advertising software to place malicious code on advertisements on several popular Web sites over the past week.

AV-Comparatives Rates Anti-Malware Performance (PC Magazine)

In technology

PC Magazine - This week, AV-Comparatives.org released a performance test for anti-malware products that determines which offering has the lowest impact on system performance.

FBI probing cyber theft at Citibank: WSJ (AFP)

In politics

A crest of the Federal Bureau of Investigation is seen inside the J. Edgar Hoover FBI Building in Washington, DC. The FBI is probing an attack by suspected Russian computer hackers on Citigroup Inc. that resulted in the theft of tens of millions of dollars, The Wall Street Journal reported Tuesday.(AFP/File/Mandel Ngan)AFP - The US Federal Bureau of Investigation is probing an attack by suspected Russian computer hackers on Citigroup Inc. that resulted in the theft of tens of millions of dollars, The Wall Street Journal reported Tuesday.

Obama Selects Tech Veteran for Top Cybersecurity Post (PC World)

In technology

PC World - Howard Schmidt was named as the White House's cybersecurity coordinator on Tuesday, a job that was reportedly difficult to fill as the U.S. strengthens its computer security defense.

Report: FBI probes hacker attack on Citigroup (AP)

In technology

AP - The FBI is investigating a hacker attack on Citigroup Inc. that led to the theft of tens of millions of dollars, The Wall Street Journal reported Tuesday. The bank strenuously denied the report.

Report: Russian Gang Linked to Big Citibank Hack (PC World)

In technology

PC World - U.S. authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by hackers partly using Russian software tailored for the attack, according to a news report.

Twitter hacked, attacker claims Iran link (Reuters)

In technology

A Twitter page is displayed on a laptop computer in Los Angeles October 13, 2009. REUTERS/Mario AnzuoniReuters - A computer hacker briefly hijacked Twitter.com on Thursday, redirecting users to a website and claiming to represent a group calling itself the Iranian Cyber Army.

Norton, PC Tools Top Real-World Malware Test (PC Magazine)

In technology

PC Magazine - AV-Test.org on Thursday released the results of a lengthy real-world malware protection study, dynamic testing that put a number of shipping security solutions through their paces.

Researcher Cures Poisoned BlackBerry With Kisses (PC World)

In technology

PC World - A security researcher in Asia has braved Internet worms and poisoned applets to rid BlackBerry smartphones of spyware with Kisses, a free software application.

Suspected NKoreans hack war plan for SKorea (AFP)

In technology

File photo shows South Korean soldiers atop armoured vehicles during a drill at the town of Paju on the North Korea border. Computer hackers who may be from North Korea have gained access to a secret US-South Korean plan to defend the peninsula in case of war, the defence ministry said Friday.(AFP/File/Kim Jae-Hwan)AFP - Computer hackers who may be from North Korea have gained access to a secret US-South Korean plan to defend the peninsula in case of war, the defence ministry said Friday.

Sex, hot online search topic for children: Norton (AFP)

In technology

Sex was a hot online search topic for children in 2009, according to findings released by Internet security specialty firm Norton. While the top three search terms for Internet users under the age of 18 were YouTube, Google, and Facebook, the words AFP - Sex was a hot online search topic for children in 2009, according to findings released by Internet security specialty firm Norton.

Hacker seeks reduced sentence, citing Asperger's (AP)

In technology

AP - A computer hacker who was a force behind one of the largest cases of credit card theft in U.S. history says he has a developmental disorder and is asking for a reduced sentence.

China Jails Trojan Virus Authors in Cybercrime Crackdown (PC World)

In technology

PC World - A Chinese court Wednesday sentenced 11 members of a malware ring for writing and distributing Trojan horse viruses meant to steal online game account passwords, according to state media.

WindowSecurity.com

WindowSecurity.com

WindowSecurity.com provides Windows security news, articles, tutorials, software listings and reviews for information security professionals.

Admin Report Kit for Windows Server (ARK) - Voted WindowSecurity.com Readers' Choice Award Winner - Network Auditing Software

By info@WindowSecurity.com (The Editor)

Admin Report Kit for Windows Server (ARK) was selected the winner in the Network Auditing Software category of the WindowSecurity.com Readers' Choice Awards. GFI LANguard and Altiris SecurityExpressions were runner-up and second runner-up respectively.

TaoSecurity

Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.

Reminder: Bejtlich Teaching at Black Hat DC 2010

By Richard Bejtlich

Black Hat was kind enough to invite me back to teach multiple sessions of my 2-day course this year.
First up is Black Hat DC 2010 Training on 31 January and 01 February 2010 at Grand Hyatt Crystal City in Arlington, VA.
I will be teaching TCP/IP Weapons School 2.0.
Registration is now open. Black Hat set five price points and deadlines for registration, but only these three are left.

  • Regular ends 15 Jan
  • Late ends 30 Jan
  • Onsite starts at the conference

Seats are filling -- it pays to register early!
If you review the Sample Lab I posted earlier this year, this class is all about developing an investigative mindset by hands-on analysis, using tools you can take back to your work. Furthermore, you can take the class materials back to work -- an 84 page investigation guide, a 25 page student workbook, and a 120 page teacher's guide, plus the DVD. I have been speaking with other trainers who are adopting this format after deciding they are also tired of the PowerPoint slide parade.
Feedback from my 2009 sessions was great. Two examples:
"Truly awesome -- Richard's class was packed full of content and presented in an understandable manner." (Comment from student, 28 Jul 09)
"In six years of attending Black Hat (seven courses taken) Richard was the best instructor." (Comment from student, 28 Jul 09)
If you've attended a TCP/IP Weapons School class before 2009, you are most welcome in the new one. Unless you attended my Black Hat training in 2009, you will not see any repeat material whatsoever in TWS2. Older TWS classes covered network traffic and attacks at various levels of the OSI model. TWS2 is more like a forensics class, with network, log, and related evidence.
I will also be teaching in Barcelona and Las Vegas, but I will announce those dates later.
I strongly recommend attending the Briefings on 2-3 Feb. Maybe it's just my interests, but I find the scheduled speaker list to be very compelling.
I look forward to seeing you. Thank you.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Favorite Speaker Quotes from SANS Incident Detection Summit

By Richard Bejtlich

Taking another look at my notes, I found a bunch of quotes from speakers that I thought you might like to hear.

  • "If you think you're not using a MSSP, you already are. It's called anti-virus." Can anyone claim that, from the CIRTs and MSSPs panel?
  • Seth Hall said "Bro is a programming language with a -i switch to sniff traffic."
  • Seth Hall said "You're going to lose." Matt Olney agreed and expanded on that by saying "Hopefully you're going to lose in a way you recognize."
  • Matt Olney also said "Give your analyst a chance." ["All we are sayyy-ing..."]
  • Matt Jonkman said "Don't be afraid of blocking." It's not 2004 anymore. Matt emphasized the utility of reputation when triggering signatures, for example firing an alert when an Amazon.com-style URL request is sent to a non-Amazon.com server.
  • Ron Shaffer said "Bad guys are following the rules of your network to accomplish their mission."
  • Steve Sturges said "Snort 3.0 is a research project."
  • Gunter Ollmann said "Threats have a declining interest in persistence. Just exploit the browser and disappear when closed. Users are expected to repeat risky behavior, and become compromised again anyway."

Thanks again to all of our speakers!

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Notes from Tony Sager Keynote at SANS

By Richard Bejtlich

I took a few notes at the SANS Incident Detection Summit keynote by Tony Sager last week. I thought you might like to see what I recorded.
All of the speakers made many interesting comments, but it was really only during the start of the second day, when Tony spoke, when I had time to write down some insights.
If you're not familiar with Tony, he is chief of the Vulnerability Analysis and Operations (VAO) Group in NSA.

  • These days, the US goes to war with its friends (i.e., allies fight with the us against a common adversary). However, the US doesn't know its friends until the day before the war, and not all of the US' friends like each other. These realities complicate information assurance.
  • Commanders have been trained to accept a certain level of error in physical space. They do not expect to know the exact number of bullets on hand before a battle, for example. However, they often expect to know exactly how many computers they have at hand, as well as their state. Commanders will need to develop a level of comfort with uncertainty.
  • Far too much information assurance is at the front line, where the burden rests with the least trained, least experienced, yet well-meaning, people. Think of the soldier fresh from tech school responsible for "making it work" in the field. Hence, Tony's emphasis on shifting the burden to vendors where possible.
  • "When nations compete, everybody cheats." [Note: this is another way to remember that with information assurance, the difference is the intelligent adversary.]
  • The bad guy's business model is more efficient than the good guy's business model. They are global, competitive, distributed, efficient, and agile. [My take on that is the financially-motivated computer criminals actually earn ROI from their activities because they are making money. Defenders are simply avoiding losses.
  • The best way to defeat the adversary is to increase his cost, level of uncertainty, and exposure. Introducing these, especially uncertainty, causes the adversary to stop, wait, and rethink his activity.
  • Defenders can't afford perfection, and the definition changes by the minute anyway. [This is another form of the Defender's Dilemma -- what should we try to save, and what should we sacrifice? On the other hand we have the Intruder's Dilemma, which Aaron Walters calls the Persistence Paradox -- how to accomplish a mission that changes a system while remaining undetected.]
  • Our problems are currently characterized by coordination and knowledge management, and less by technical issues.
  • Human-to-human contact doesn't scale. Neither does narrative text. Hence Tony's promotion of standards-based communication.

Thanks again to Tony and our day one keynote Ron Gula!

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

SecurityFocus

SecurityFocus News

SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

Brief: White House appoints cybersecurity advisor

White House appoints cybersecurity advisor

Brief: Twitter investigates DNS hijack

Twitter investigates DNS hijack

News: Twitter attacker had proper credentials

Twitter attacker had proper credentials

News: PhotoDNA scans images for child abuse

PhotoDNA scans images for child abuse

Security Fix

Brian Krebs on computer and Internet security

Hackers exploit Adobe Reader flaw via comic strip syndicate

In Latest Warnings

Hackers broke into an online comic strip syndication service Thursday, embedding malicious code that sought to exploit a newly discovered security flaw in Adobe Reader and Acrobat, Security Fix has learned. On Monday, Adobe Systems Inc. said it was investigating reports that criminals were attacking Internet users via a previously unknown security flaw in its Adobe Reader and Acrobat software. Experts warned that the flaw could be used to foist software on unsuspecting users who visit a hacked or booby-trapped Web site. Albany, N.Y.-based Hearst publication Timesunion.com now reports that on Thursday readers of its comics section began complaining of being prompted to download malicious software. In an update posted to its site, Timesunion.com said the attack took advantage of the recently disclosed Adobe flaw. The news outlet said it had traced the attack back to a problem at King Features, which serves comics on its Web site, and that

Twitter.com hijacked by 'Iranian cyber army'

In Latest Warnings

Hackers hijacked the Web site of micro-blogging community Twitter.com early Friday, briefly redirecting users to a Web page for a group calling itself the "Iranian Cyber Army." The attackers apparently were able to redirect Twitter users by stealing the credentials needed to administer the domain name system (DNS) records for Twitter.com. DNS servers act as a kind of phone book for Internet traffic, translating human-friendly Web site names like "Twitter.com" into numeric Internet addresses that are easier for computers to handle. "Twitter's DNS records were temporarily compromised but have now been fixed," the company said in a brief statement on its Web site. "We are looking into the underlying cause and will update with more information soon." Twitter's DNS service is provided by Manchester, N.H. based Dyn Inc. Tom Daly, chief technology officer at Dyn, said the incident was not the result of a security failure on its services. Daly

Security - RSS Feeds

Security - RSS Feeds

Rogue Antivirus Operations Thrive in 2009

From serving malicious ads to poisoning search engine results for recently deceased actress Brittany Murphy, rogue antivirus operations have been going strong all year long.

Obama Names Former Microsoft Exec Cyber-Security Chief

U.S. President Barack Obama has chosen Howard Schmidt to step into the role of cyber-security coordinator. Schmidt said he has been asked to focus on several areas, including the development of a comprehensive strategy to secure U.S. networks.

A Look Back at the 7 Top Security Acquisitions of 2009

Many IT pros watched their budgets get trimmed in 2009, but security was the one area that proved relatively resilient. That was good news for security companies, who did not sit still during the year. In the last 12 months, there were a number of acquisitions in the security space that gobbled up companies big and small. In a look back at the year soon to be in the history books, eWEEK lists the corporate acquisitions that caused the biggest ripples in the IT security industry.
- ...

Feds Again Delay REAL ID Deadline

Concern about holiday travelers from states that are not in compliance with the REAL ID Act prompts the Department of Homeland Security to extend the material compliance deadline. Without the extension, travelers without REAL ID would not have been allowed to board U.S. flights.
- Reality trumped regulations Dec. 18 as the Department of Homeland Security extended a deadline that would have required all travelers boarding airplanes to have driver's licenses that comply with the federal anti-fraud standards of the REAL ID law. quot;In order to ensure that the millions ...

Facebook Privacy: Just How Much Do Users Want?

Facebook's privacy changes have been widely debated during the past week. But just how much privacy users really want or care about on a social networking site is, in some ways, an open question.
- It hasnt been the best 10 days for Facebook. After instituting changes meant to improve user privacy, Facebook has been hit with a Federal Trade Commission complaint alleging the social networking site did the exact opposite. According to a host of consumer and privacy groups, Facebooks changes act...

New Twitter Attack Details Emerge

The attack that took down Twitter Dec. 17 used legitimate credentials to log in and redirect Twitter.com to a site purporting to be under the control of the Iranian Cyber Army. The incident underscores the importance for businesses of keeping an eye on DNS security.

Hackers Deface Twitter Site

UPDATED WITH IMAGE: Between about 10 p.m. and 11 p.m. Pacific time on Dec. 17, Twitter was replaced by a black background page showing a green flag with a headline that read, in English: Iranian Cyber Army ... This Website Has Been Hacked by Iranian Cyber Army. Twitter returned in about an hour.

Facebook Privacy Complaints Spur Call for FTC Investigation

The Electronic Privacy Information Center and nine other groups file a complaint with the Federal Trade Commission calling for an investigation into privacy on Facebook. The groups say Facebook's recent privacy and security changes exposed user information.

Seven Security Attacks for Your Christmas Stocking

`Tis the season to be jolly especially if you write malware or are looking for an ocean of victims to phish. Botnet activity, as usual, is up during the season, with spammers and attackers trying to take advantage of the explosion in cyber-commerce that accompanies Christmas season. At McAfee, researchers have already seen e-mails from the Cutwail botnet using a Christmas theme, including a campaign that tries to lure recipients to Websites selling fake jewelry and Rolex watches. The spammers even go so far as to include a Better Business Bureau logo and a McAfee Hacker Safe icon their site.

Dealing with Application Security Vulnerabilities

Statistics from Bit9 serve as a reminder of the importance of keeping application patches up-to-date in the enterprise.
- Applications vulnerabilities are the honey bringing attackers out of their hives. According to an analysis by Bit9, released Dec. 16, this year's list of applications with the most serious vulnerabilities had Adobe Reader, Acrobat, Flash Player and Shockwave at the top. For IT administrator...

Militants Hack Unencrypted Drone Feeds

The Pentagon admits that militants have hacked Predator drone feeds with widely available software that costs less than $30. However, U.S. military officials insist, there is no proof that the hackers have been able to alter the flights of the drones or otherwise disrupt the drone missions. The Pentagon says the feeds are now encrypted.
- Iraqi militants have used inexpensive, off-the-rack software quot;to intercept live video feeds from U.S. Predator drones, quot; the Wall Street Journal reported Dec. 17. While the Pentagon confirms the hacking of the drone feeds which are unencrypted military officials claim there is no proof t...

Adobe Reader, Acrobat Security Vulnerability Patch Coming as Attacks Continue

Adobe Systems plans to release a patch for a zero-day vulnerability in Adobe Reader and Acrobat that has come under attack. This is the second critical security vulnerability Adobe has promised users it will fix in the coming weeks.
- Adobe Systems is prepping a patch for a zero-day bug affecting its Reader and Acrobat software for release by Jan. 12. The vulnerability is considered critical by Adobe and impacts the latest versions of Adobe Reader and Acrobat for Windows, Macintosh and Unix systems. Earlier editions a...

Security

The Art of Technology

Brief: Malware makers colocate servers, grab IPv4 address blocks

By jtimmer@arstechnica.com (John Timmer) on Security

Malware distributors, apparently tired of facing the constant threats of disconnection, are taking advantage of lax background checks in the system for distributing IP address blocks and buying them directly. Address blocks, which cover a contiguous range of IP addresses, are typically reserved for legitimate institutions and businesses that can demonstrate a need for that sort of allocation. But, at the top level, there are only five regional registries, most of which cover large and culturally diverse geographic regions. That makes it difficult to confirm whether a given request comes from a legitimate organization, a problem that malware makers are using to their advantage.

These allegations against spammers and other online criminals were made in a recent article on Kaspersky Lab's Threat Post. According to its author, online crime is big enough business that it now makes financial sense for its perpetrators to colocalize hardware at server farms, set up a legitimate looking business address, and apply for blocks of IP addresses via a cooperative or indifferent local registry. When the application is received by the regional organization, it often lacks the ability to carefully vet them, or even understand the local business laws where the request originated.

It's still possible for ISPs to block access to a given allocation, but there are several ways to make that step more difficult, including mixing in some legitimate hosting within an address block and rotating among different allocations, among others. It also relies on the legitimate ISPs expending the time and effort to identify and block traffic. In any case, the practice chews through the increasingly scarce pool of unallocated IPv4 addresses.

The article is a bit confused in spots; it suggests that the malware authors are acting as their own ISPs (they're not) and suggests it's useful for botnet herders (they count on other peoples' computers to do the heavy lifting). But it does provide yet another example of how, since various forms of malware have become big sources of income, the line between that and legitimate business has become increasingly blurry.

etc: The bad guys are targeting VoIP at an increasing rate. A ...

In @etc

The bad guys are targeting VoIP at an increasing rate. A report from McAfee says the number of VoIP vulnerabilities has tripled over the past three years.

Read More:Fierce VoIP, Infosecurity

Decline in Web, increase in P2P attacks predicted for 2010

By jacqui@arstechnica.com (Jacqui Cheng) on security

Cybercriminals have already begun shifting their focus from websites to file-sharing networks when it comes to dispensing malware, and will continue with this trend throughout 2010. Security researchers at Kaspersky Labs predict that malicious applications, such as fake antivirus programs, will be on the decline next year as attacks over P2P go up, while more criminals look to target victims via mobile platforms.

In its 2010 Cyberthreat Forecast, Kaspersky Lab said that it expects an increase in mass malware epidemics over P2P networks. 2009 saw a series of mass malware epidemics that were not caused by, but supported by files that were spread over P2P networks. "This method has been used to spread notorious threats such as TDSS and Virut as well as the first backdoor for Mac OS X," the researchers said.

iPhone worm code suggests mobile botnets may be future risk

By chris.foresman@arstechnica.com (Chris Foresman) on smartphone

So far, what little malware has been released for the iPhone has only affected the small percentage of folks who jailbreak and leave an SSH daemon running with the default root passwords. While some of these programs have been nothing but harmless pranks, a malicious version that attempted to create an iPhone botnet has been analyzed by researchers, leading them to conclude that mobile phones could quickly become a major target for malware writers.

The worms all started when a Dutch hacker decided to use port scanning to find iPhones with open SSH ports and default root passwords. He wrote a little program that would change the wallpaper to look as though a somewhat official-looking warning box had opened, which warned the user about running open SSH ports with default passwords. An Australian hacker then used the technique to create a worm that was self-replicating.

Feature: How to obtain and install an SSL/TLS certificate, for free

By glenn@glennf.com (Glenn Fleishman) on @bieb

Anyone operating a server on any scale should want a digital certificate to encrypt data between clients and services, whether for personal, office, or public use. That's a broad statement, but it holds true no matter how you slice it.

With so many people accessing networks over WiFi or other untrusted networks for an increasing number of different kinds of services—calendars, contacts, Webmail, email, and so on—encryption is a must, whether via a VPN or by securing services one by one. While I recommend VPNs, they aren't always the practical, affordable, or correct solution. For remote email access, SSL/TLS is simpler and more straightforward, and you don't have to compromise on protection in the process.

etc: Twitter was apparently hacked by the "Iranian Cyber ...

In @etc

Twitter was apparently hacked by the "Iranian Cyber Army" Thursday night according to a message on the site. The company says the problem was its DNS records being "temporarily compromised."

etc: The Twitter website was defaced on Thursday night and rep...

In twitter

The Twitter website was defaced on Thursday night and replaced with a political message posted by a group that calls itself the Iranian Cyber Army. Shortly after the site was restored to normal, Twitter issued a statement confirming that its DNS records were compromised.

etc: The effectiveness of the US military's pilotless drone op...

In @etc

The effectiveness of the US military's pilotless drone operations is being threatened, according to a report. The culprit is a $26 software package used by militants to intercept the drones' live video feeds.

SecuriTeam.com

SecuriTeam

Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.

APC Switched Rack PDU XSS Vulnerability

The APC Switch RACK PDU web administration login page is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.

HP-UX Running OpenSSL Unauthorized Data Injection and Denial of Service

A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).

Family Connections Multiple Remote Vulnerabilities

Many fields are not properly sanitised and some checks can be bypassed.

VideoCache vccleaner Root Vulnerability

VideoCache is a Squid URL rewriter plugin written in Python for bandwidth optimization while browsing video sharing websites. Version 1.9.2 allows a user with the privileges of the Squid proxy server to append semi-arbitrary data to arbitrary files with root privileges, upon the administrator's execution of the 'vccleaner' utility.

QuickHeal Antivirus 2010 Local Privilege Escalation

All files under the install folder have Full control for BUILTIN\users and can be replace with malicious files.

SearchSecurity.com

SearchSecurity: Security Wire Daily News

The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.

Security industry praises Schmidt but sees challenges ahead

By Robert Westervelt

President Obama's choice for cybersecurity coordinator is being widely praised, but experts say he has major hurdles to overcome.

Howard Schmidt expected to be named cybersecurity coordinator

By Michael Mimoso

Former Bush administration cybersecurity advisor Howard Schmidt is expected to be named cybersecurity coordinator.

Howard Schmidt named cybersecurity coordinator

By Michael Mimoso

Former Bush administration cybersecurity advisor Howard Schmidt is expected to be named cybersecurity coordinator.

Adobe warns of critical Flash Media Server vulnerability

By Robert Westervelt

Adobe issues update correcting two critical flaws in Flash Media Server 3.5.2 and earlier versions.

Cloud Security Alliance releases updated guidance

By Marcia Savage

New version provides more actionable advice for ensuring cloud computing security

Conficker-infected machines now number 7 million, Shadowserver finds

By Robert Westervelt

Despite inactivity, the number of bots created by the fast spreading Conficker/Downadup worm is in the millions, according to the Shadowserver Foundation, which monitors botnets.

SANS%20RSS%20Feed

SANS NewsBites

All Stories From Vol: 11 - Issue: 100

US Military Drone Surveillance Video Intercepted (December 17, 2009)

With the help of hackers and USD 26 piece of software, Iraqi militants have reportedly managed to intercept live video feeds from US Predator drones.......

EPIC Files FTC Complaint Over Facebook Privacy Changes (December 17, 2009)

The Electronic Privacy Information Center (EPIC) has filed a formal complaint with the US Federal Trade Commission (FTC) over Facebook's recent decision to change its default privacy settings to make more information about Facebook members public; if users want to limit who can see information about them, they must make those changes manually.......

Eleven Sentenced to Jail For Stealing Online Gaming Account Credentials (December 16 & 17, 2009)

Chinese authorities have jailed 11 people for their roles in a scheme that aimed to steal online gaming login credentials.......

Conficker on 6.5 Million Machines Worldwide (December 17, 2009)

According to information from Shadowserver, one in seven computers infected with Conficker are hosted on Chinese Internet service provider (ISP) Chinanet.......

Conficker Infects New Zealand Hospital Computer System (December 16 & 17, 2009)

The Conficker worm is believed to be responsible for a malware infestation of computer network at the Waikato District Health Board in New Zealand.......

Heartland Will Pay American Express US $3.6 Million to Settle Breach-Related Charges (December 17, 2009)

Heartland Payment Systems has agreed to pay American Express US $3.......

House Ethics Committee Data Leak Prompts Security Policy Changes (December 16, 2009)

US House of Representatives chief administrative officer Daniel P.......

Stolen Laptop Holds Military and DoD Employee Information (December 16, 2009)

A laptop computer stolen from the home of a Fort Belvoir Family and Morale, Welfare and Recreation Command contains personally identifiable information of more than 42,000 US Army soldiers, US Department of Defense employees and their families.......

Facebook Sues Alleged Spammers (December 16 & 17, 2009)

Facebook has filed a lawsuit against three men and their associated companies for allegedly using phishing attacks to gain access to Facebook accounts and then using the compromised accounts to send spam.......

Adobe Will Patch Critical Reader and Acrobat Flaw in January (December 15, 16 & 17, 2009)

A recently disclosed critical vulnerability in Adobe Reader and Adobe Acrobat has prompted recommendations that users disable JavaScript in both programs until a fix is available.......

Mozilla Updates Firefox (December 16, 2009)

On Tuesday, December 15, Mozilla released Firefox 3.......

Minnesota Public Radio and Reporter May Face Legal Action Over Data Access (December 15, 2009)

A Texas company is threatening to take legal action against a Minnesota Public Radio (MPR) and one of its reporters after they aired a story about security problems at the company that exposed sensitive personal information.......

SANS%20Internet%20Storm%20Center,%20InfoCON%3A%20green

SANS Internet Storm Center, InfoCON: green

Merry Festivus: Commence the "Airing of Infosec Grievaces", (Wed, Dec 23rd)

In honor of today's holiday, Festivus (for those familiar with Seinfeld). ...(more)...

Blackberry Outage, (Wed, Dec 23rd)

UPDATED 6:00AMCST (bambenek) - It appears Blackberry's network is back up. The outage af ...(more)...

Tell us about your Christmas Family Emergency Kit, (Wed, Dec 23rd)

If you read this diary, then you are probably one of those people who will be asked to fix various f ...(more)...

Howard Schmidt named as new Cybersecurity Coordinator, (Tue, Dec 22nd)

The White House announced this morning that Howard Schmidt was named as the first White House Cybers ...(more)...

There is no such thing as a free lunch ., (Mon, Dec 21st)

An ISC reader wrote in alerting us to unconfirmed reports that organizations and some government age ...(more)...

iPhone Botnet Analysis, (Mon, Dec 21st)

SRI's Malware Threat Center has published an excellent analysis of the iPhone botnet that we covered ...(more)...

Educationing Our Communities, (Sat, Dec 19th)

A few weeks ago it was my pleasure to talk to a group of young people who were participating in a pr ...(more)...

Frustrations of ISP Abuse Handling , (Sat, Dec 19th)

I am the Abuse Coordinator for a small ISP in the Midwest and am very receptive and proactive when d ...(more)...

Wireshark 1.2.5 released - including three security fixes , (Fri, Dec 18th)

...(more)...

Twitter outage via DNS hijacking, (Fri, Dec 18th)

A number of diary readers have submitted that the popular micro blogging site, Twitter.com has been ...(more)...

PHP 5.2.12 has been released; contains security fixes. See http://www.php.net, (Thu, Dec 17th)

...(more)...

In caches, danger lurks, (Thu, Dec 17th)

When ISC reader Greg searched for a particular piece of information, and found the site hosting the ...(more)...

overlay.xul is back, (Thu, Dec 17th)

It's been a while. If I remember correctly, a variant of Vundo was using the overlay ...(more)...

SANS%20RSS%20Feed

SANS Information Security Reading Room

Last 25 Computer Security Papers added to the Reading Room

Securing the Network Perimeter of a Community Bank

Category: Firewalls & Perimeter Protection

Paper Added: December 17, 2009

The%20Register

The Register - Security

Biting the hand that feeds IT

Hackers break Amazon's Kindle DRM
The great ebook 'unswindle'

Updated Hackers from the US and Israel say they have broken copyright protections built in to Amazon's Kindle for PC, a feat that allows ebooks stored on the application to work with other devices.…

Serious web vuln found in 8 million Flash files
XSS R Us

A security researcher has identified more than 8 million Adobe Flash files that make the websites hosting them vulnerable to attacks that target visitors with malicious code.…

Schmidt named Obama cybersecurity czar
Months long wait finally over

Howard Schmidt was confirmed as President Obama's cybersecurity czar on Tuesday, confirming an earlier prediction by AP that the long vacant role was about to be filled.…

iPhone worms can create mobile botnets
Paranoid, and not just about Android

A detailed analysis of the most malign in a recent spate of iPhone worms points to future mobile botnet risks.…

Microsoft AV advice may aid attackers, researcher warns
Better performance. But at what cost?

A security researcher is taking Microsoft to task for advising customers to exclude certain files and folders from anti-virus scanning, arguing the practice could be exploited by pushers of malware.…

Intel patches critical security bug in vPro software
Silicon-based bypass

Intel has released a patch for its series of silicon-based security protections after researchers from Poland identified flaws that allowed them to completely bypass the extensions.…

Closeted lesbian sues Netflix for privacy invasion
'Brokeback Mountain factor'

An in-the-closet lesbian mother has sued Netflix for publishing data that she believes could be used to out her.…

WinAmp update fades out critical media player flaws
This one goes up to 5.57

WinAmp users ought to upgrade following the discovery of multiple security vulns affecting the popular media player.…

Scareware scammers exploit Brittany Murphy's death
Cyber footpads poison more interweb searches

Actress Brittany Murphy's sudden death, just like Michael Jackson's untimely demise before her, has quickly been exploited by scareware scammers.…

Twitter hack linked to internal security breach
Cyber-reprisal for Iranian election support

Twitter's login credentials were used to make DNS changes that redirected surfers to a protest site last Friday, according to site admins.…

UK retail Wi-Fi security still patchy
War walk on the wild side

Wi-Fi security in UK retail environments is improving, but shops remain vulnerable to the sorts of attacks carried out as part of the infamous TJX credit card heist.…

Heartland to pay Amex $3.6m for massive payment breach
Thanks, 'Segvec'

Heartland Payment Systems will pay American Express $3.6m to settle claims related to the criminal breach of its payment processing network last year.…

Return of MP3 spam punts penis pill sites
When Harry Met Spammy

MP3 spam has made an unwelcome return, two years after the tactic was first used to spamvertise products and services.…

DNS attack hijacks Twitter
#wtf

A DNS hijacking attack left Twitter temporarily affected for about an hour early on Friday.…

Film review site hacked to spew malicious PDFs
Aintitcool.com attack isn't

Hackers on Thursday exploited a vulnerability on Ain't It Cool News that redirected anyone visiting the movie review site to a server containing a malicious Adobe Reader file.…

Watchdog files complaint over Facebook 'privacy' settings
EPIC violation of user expectation

The Electronic Privacy Information Center (EPIC) has filed a formal complaint with the US Federal Trade Commission over Facebook's recent changes to user privacy settings, claiming the changes are in violation of consumer-protection law.…

Iraqi insurgents hack US drones with $26 software
Video feed intercept

Updated Iraqi militants are intercepting sensitive video feeds from US predator drones using $26 off-the-shelf software, and the same technique leaves feeds from most military aircraft vulnerable to snooping, according to published reports.…

China cages game Trojan hackers
Go directly to jail, do not collect any gold

Chinese authorities have sentenced 11 members of a malware gang to long stretches behind bars, after the group was convicted of creating and distributing Trojans designed to steal the login credentials of online gamers.…

RockYou admits security snafu exposed email login details
Suitably contrite over 32m credential breach

Social media application developer RockYou has vowed to improve its security and apply encryption following a breach that exposed 32 million user login credentials to hackers.…

Facebook sues social network spammers
Alleged anti-social behaviour provokes lawsuit

Facebook has launched lawsuits against a trio of alleged high profile hijackers and spammers.…

Secure USB drive relies on recognising faces
Works as a bottle opener too

Portable data security has stepped up a notch following one manufacturer’s decision to pair a USB Flash drive with facial recognition technology.…

Conficker jams up developing interwebs
Uber-botnet already used to sling scareware

The infamous Conficker worm has disproportionally affected computer systems in the developing world, according to new research.…

Adobe: critical Acrobat flaw fix 4 weeks away
Batten down the hatches

Users of Adobe's Acrobat and Reader programs have a full four weeks to fret over a critical flaw that's being exploited in the wild to install malware on vulnerable machines.…

Uni warns patients after doctor gets phished
Cautionary tale ad infinitum

Officials at the University of California at San Francisco have warned 600 patients that their medical information may have been leaked by a doctor who fell for a phishing scam.…

Network World on Security

The latest security news, analysis, reviews and feature articles from NetworkWorld.com.

Virtualization security remains a work in progress

While adoption of server virtualization is proceeding at a gallop, the effort to refine virtualization security reached only a slow trot in 2009.

New Zealand spammer fined $210,000

A New-Zealand man has been fined $210,000 for breaching the Spam Act 2003 in a case brought by the Australian Communications and Media Authority (ACMA) in the Federal Court of Brisbane.

International airports to get new ePassport readers

Up to 400 new ePassport document readers will be rolled out across Australia’s airports as part of an Australian Customs and Border Protection Service IT upgrade.

Australian Customs and Border

Obama cyber czar choice worries about smartphones, social networking

In choosing Howard Schmidt as cyber czar President Obama has gotten someone who has held a similar job in a previous administration, has varied experience at high-level corporate jobs, was a frequent panelist at security conferences and who has even written a book on defending the Internet.

Schmidt Tapped as White House Cybersecurity Coordinator

An administration official told CSOonline.com Monday night that IT security veteran Howard Schmidt will be the new White House cybersecurity coordinator, a position President Obama created seven months ago.

Report: Russian gang linked to big Citibank hack

U.S. authorities are investigating the theft of an estimated tens of millions of dollars from Citibank by hackers partly using Russian software tailored for the attack, according to a news report.

Microsoft's 'whitelist' helps hackers, says Trend Micro

By recommending that users exclude some file extensions and folders from antivirus scans, Microsoft may put users at risk, a security company said today.

Virtual insecurity: Who's in control of your virtual machines?

Server virtualization has reached an inflection point in the enterprise at the 10-year mark. Capital expense savings from physical server consolidation are leveling off and early gains in IT operational efficiency are at risk due to rapidly growing and increasingly complex virtual infrastructures. Moreover, business-critical production applications -- the next virtualization frontier -- demand higher levels of service and strict security and compliance oversight, further challenging IT operations teams.

Federal Government to streamline online authentication

The Federal Government has moved to streamline the use of authentication tools among departments and agencies.

Big Budget Cuts Don't Mean the End of Staff Training

A resourceful CISO arranges low-cost training for his staff by working with a local security company. Another tip: Take a cop to lunch.

Ten 2010 IT Security Predictions, Part 2

Howard Schmidt, former eBay CISO and vice chairman of the President's Critical Infrastructure Protection Board, and the folks from ICSA Labs, a vendor-neutral testing and certification lab, offer 10 predictions for security in 2009. (Second of 2 parts).

How to protect your cloud data

The Cloud Security Alliance has taken a second run at creating recommendations for businesses to follow in order to better secure cloud services.

Twitter's own account caused blackout, says DNS provider

Hackers redirected Twitter.com's traffic to a rogue Web site for more than an hour early today by accessing its DNS records using an account assigned to Twitter, the company that manages Twitter's DNS servers said today.

Whitelisting made strides in 2009

When McAfee bought Solidcore, it was a clear sign that whitelisting is gaining acceptance. But not all users are happy about the trend.

Google’s Dashboard Approach to Privacy

If you use Gmail, Google Calendar, Google Docs, or any of the ever-growing array of Google services, you may have cringed at the trove of personal data the company has gathered. To allay concerns, Google launched Dashboard, a single page housing privacy controls and settings for most of its services.

Don't Lose Everything When You Lose a Laptop

The FireFound add-on for the Firefox browser adds tracking and remote wipe features that can help with lost or stolen computers.

Bugs and Fixes: Zero-Day Patch for Internet Explorer 6 or 7

A dangerous vulnerability in Internet Explorer 6 and 7 became publicly known before a fix was available, raising the specter of a high-risk zero-day attack.

Drone incident serves up data encryption lesson

The disclosure that Iraqi insurgents were able to intercept live video feeds from U.S. drones has focused the spotlight on a familiar IT security issue: data encryption.

Adobe explains PDF patch delay

Adobe chose to wait until mid-January to patch a critical PDF bug because issuing an emergency update would have disrupted its quarterly security update schedule, the company said today.

Security heavyweights predict 2010 threats

Upcoming security threats for 2010, as predicted by CA, Cisco, Symantec, Websense and a group of experts at Independent Security Evaluators. Plus, Info-Tech on security trends.

Twitter Goes Down: Apparently Hacked?

In case you haven't already noticed, Twitter went down for a while late Thursday night, Pacific Standard Time. Although as of this writing, all Twitter has acknowledged is "an unplanned downtime," there are various reports streaming in that Twitter was hacked by a group claiming to be the "Iranian Cyber Army."

Twitter's Love-Hate Relationship With Iran

On the early hours of Friday morning, the Iranian Cyber Army claimed it has hacked into Twitter. The microblogging site was down for nearly an hour, leaving millions in the eastern hemisphere tweetless. The reasoning behind this attack is suspicious, especially as Twitter was a core tool this summer for Iranian protesters to put their story out.

Upgraded Dutch payment card still vulnerable to relay attack

New security features being implemented into Dutch payment cards won't stop a kind of attack that fraudsters could use in the future in order to steal money from bank accounts, according to researchers at the University of Cambridge in the U.K.

Facebook Target of FTC Privacy Complaint

Ten privacy groups have filed a complaint with the Federal Trade Commission over recent changes to Facebook's privacy policy.

Heartland pays Amex $3.6 million over 2008 data breach

Heartland Payment Systems will pay American Express US$3.6 million to settle charges relating to the 2008 hacking of its payment system network.

Researcher cures poisoned BlackBerry with Kisses

A security researcher in Asia has braved Internet worms and poisoned applets to rid BlackBerry smartphones of spyware with Kisses, a free software application.

Hackers take Twitter offline

Microblogging site Twitter went offline for a while Friday after hackers calling themselves the Iranian Cyber Army apparently managed to change DNS records, redirecting traffic to another Web page.

Cloud Security Alliance issues new guidelines

The Cloud Security Alliance published the second edition of its guidelines for secure cloud computing on Thursday, delivering a voluminous document that sets out an architectural framework and makes a host of recommendations around cloud security.

Privacy groups bring Facebook complaints to FTC

Ten privacy and consumer groups, including the Electronic Privacy Information Center (EPIC), filed a complaint Thursday with the U.S.Federal Trade Commission, saying that Facebook's newly revamped privacy settings are deceptive and unfair.

Facebook Privacy Complaint Ignites War of Words

A high-profile electronic privacy group filed a federal complaint against Facebook on Thursday -- and now, Facebook is lashing back.

Patch Management Made Easy with WSUS 3.0 SP2

One of the challenges that comes with running a network is keeping your operating systems patched and secure. In response to this problem, Microsoft has released Windows Server Update Service 3.0 SP2 as a means to centrally download updates and control how they are deployed to the computers throughout your network. Additionally, WSUS provides extensive reporting features to quickly give you a snapshot of your computers' status. If your network is big enough to have a server and use Active Directory, it's big enough to benefit from using WSUS.

Cyber criminals eye file sharing networks: Kaspersky Lab

This year is on its way out and seemingly cyber criminals are also planning their year ahead. Secure content management solutions developer Kaspersky Lab has outlined the threats it expects to see in 2010 as a result of cyber criminal activity.

The 2009 data breach hall of shame

If there was anything even vaguely comforting about the data breaches that were announced this year, it was that many of them stemmed from familiar and downright mundane security failures.

Is Backing Up Online Safe?

After reading When the Backup Drive Gets Full, LaTonya Powell asked whether online backup services such as Mozy (which I recommended in that tip) are really secure.

China jails Trojan virus authors in cybercrime crackdown

A Chinese court Wednesday sentenced 11 members of a malware ring for writing and distributing Trojan horse viruses meant to steal online game account passwords, according to state media.

Chinese ISP hosts 1 in 7 Conficker infections

Security experts have known for months that some countries have had a harder time battling the Conficker worm than others. But thanks to data released Wednesday by Shadowserver, a volunteer-run organization, they now have a better idea of which Internet Service Providers have the biggest problem.

McAfee Avert Labs

Cutting edge security research as it happens.......

Hacker’s Holiday – A Viral Video!

By Shane Keats on Uncategorized

Ketchup stains. Klingons. Exploding monitors. They’re all part of our fiendishly clever new music video, Hacker’s Holiday. Pity poor Tiny Tim. He gets a shiny new PC for Christmas and doesn’t both to protect it. Well, you can guess the rest. A few short days later (12 days maybe?) his PC is ready for the [...]

Hacker’s Holiday: A Viral Music Video

By Shane Keats on Web and Internet Safety

Ketchup stains. Klingons. Exploding monitors. They’re all part of our fiendishly clever new music video, Hacker’s Holiday. Pity poor Tiny Tim. He gets a shiny new PC for Christmas and doesn’t both to protect it. Well, you can guess the rest. A few short days later (12 days maybe?) his PC is ready for the [...]

Check Your Friends! Facebook IMs May Lead To Trouble

By David Marcus on Web and Internet Safety

I ran into a few strange IMs over the weekend. When I was not shoveling out my driveway from the 15 inches of snow that covered it I was logged into Facebook telling people about it…. It was then that I started receiving some VERY interesting IMs from a friend extolling the virtues of a [...]

Brittany Murphy Searching Dangers

By David Marcus on SiteAdvisor

Sadly, actress Brittany Murphy passed away over the weekend. With her unfortunate passing will come the inevitable web searches that lead Internet users to some potentially unsafe sights. This has been a well established trend throughout 2009. It is a sad reflection that malware authors and scammers will use these events as lures to distribute [...]

Conficker Again in the News, Part 2

By Francois Paget on Web and Internet Safety

Yesterday, my colleague Dave Marcus quoted for you the new graphs and stats posted by Shadowserver. Indeed, since November 2008, W32/Conficker (alias Downup, Downadup, Kido) has frequently made headlines. This computer worm has five main variants, which have appeared during the last year. Wikipedia lists the dates:  A variant: First appeared 21 November 2008 B [...]

McAfee Labs Report on VoIP Vulnerabilities

By David Marcus on Vulnerability Research

Voice over Internet Protocol (VoIP) is a method for making phone calls over the Internet or using private networks. Traditional phone calls must travel over a series of switches and circuits owned by the telephone companies, which control the process and the charges. By using VoIP, both businesses and individuals can enjoy a substantial cost [...]

InSecurity Complex

Keeping tabs on flaws, fixes, and the people behind them.

Web-based Lookout protects mobile devices, data

By Elinor Mills

Lookout offers data security, backup, and management over the Web and a way to locate and protect missing or stolen devices.

Using Facebook and Twitter safely

By Elinor Mills

Share a lot? Here's a guide to the security and privacy problems that users of Facebook and Twitter encounter, and what they can do about it.

Firefox, Adobe top buggiest-software list

By Elinor Mills

Open-source Firefox reports all holes, putting it at the top of the list for bug reports, while Adobe replaces Microsoft in the second spot, reports find.

Info Security News

Carries news items (generally from mainstream sources) that relate to security.

Citigroup, Law Enforcement Refute Cyber Heist Report

Posted by InfoSec News on Dec 22

http://www.pcworld.com/businesscenter/article/185334/citigroup_law_enforcement_refute_cyber_heist_report.html
By Jeremy Kirk and Robert McMillan
IDG News Service
December 22, 2009
Citigroup and a federal law enforcement source on Tuesday refuted a
claim that the bank's customers lost millions of dollars in an advanced
cyber heist over the summer, leaving lingering questions over details of
the alleged attack.
According to a report in...

Former Morgan Stanley Coder Gets 2 Years in Prison for TJX Hack

Posted by InfoSec News on Dec 22

http://www.wired.com/threatlevel/2009/12/stephen-watt
By Kim Zetter
Threat Level
Wired.com
December 22, 2009
The two great friends talked every day and shared information about all
of their exploits - sexual, narcotic and hacking - according to
prosecutors. Now another thing they’ll have to share information about
is their experience in federal prison.
While accused TJX hacker kingpin Albert Gonzalez awaits a possible
sentence of 17...

Serious web vuln found in 8 million Flash files

Posted by InfoSec News on Dec 22

http://www.theregister.co.uk/2009/12/22/mass_flash_file_vulnerability/
By Dan Goodin in San Francisco
The Register
22nd December 2009
A security researcher has identified more than 8 million Adobe Flash
files that make the websites hosting them vulnerable to attacks that
target visitors with malicious code.
The Flash files are contained on a wide variety of sites operated by
online casinos, news organizations, banks, and professional...

Obama to name Howard Schmidt as cybersecurity coordinator

Posted by InfoSec News on Dec 22

http://www.washingtonpost.com/wp-dyn/content/article/2009/12/21/AR2009122103055.html
By Ellen Nakashima
Washington Post Staff Writer
December 22, 2009
Seven months after President Obama vowed to "personally select" an
adviser to orchestrate the government's strategy for protecting computer
systems, the White House will name a former Bush administration official
to the job Tuesday.
Howard A. Schmidt, who was a cyber-adviser in...

IDF bolstering computer defenses

Posted by InfoSec News on Dec 21

http://www.jpost.com/servlet/Satellite?cid=1260930892360&pagename=JPost%2FJPArticle%2FShowFull
By YAAKOV KATZ
The Jerusalem Post
Dec 18, 2009
In the face of a growing cyber warfare threat, the IDF is beefing up its
defenses against enemy hackers.
The IDF operates a number of units - in Military Intelligence and the
IDF's Computer Services Directorate - which are jointly responsible for
defending the IDF as well as other intelligence...

Call for Papers: The 5th International Conference for Internet Technology and Secured Transactions (ICITST-2010)

Posted by InfoSec News on Dec 21

Fowarded from: d.lin (at) icitst.org
*********************************************************************
The 5th International Conference for Internet Technology and
Secured Transactions (ICITST-2010), Technical Co-Sponsored
by IEEE UK/RI Communications Chapter, November 8-11, 2010, London, UK
(www.icitst.org)
*********************************************************************...

Attack Of The RAM Scrapers

Posted by InfoSec News on Dec 21

http://www.darkreading.com/vulnerability_management/security/attacks/showArticle.jhtml?articleID=222002720
By Keith Ferrell
DarkReading
Dec 18, 2009
The inclusion of RAM scrapers in a recent Verizon Business list of the
top data breach attack vectors has prompted a bit of buzz about what
exactly RAM scraping is and how much of a threat it poses.
A RAM scraper as identified in the Verizon Business Data Breach
Investigation report is a piece...

Tips for providing low-cost security training

Posted by InfoSec News on Dec 21

http://www.computerworld.com/s/article/345792/Big_Budget_Cuts_Don_t_Mean_the_End_of_Staff_Training?taxonomyId=17
By Julia King
Computerworld
December 21, 2009
At the height of the recession, Providence Health & Services in Seattle
whacked its IT training budget by a hefty 65%. That meant conferences
and most tuition-based classroom training were out of the question. So
Eric Cowperthwaite, the health service provider's chief information...

TJX Hacker 'Will Never Commit Any Crime Again'

Posted by InfoSec News on Dec 21

http://www.wired.com/threatlevel/2009/12/gonzalez-remorseful/
By Kim Zetter
Threat Level
Wired.com
December 18, 2009
Confessed hacker Albert Gonzalez's turn as a Secret Service informant
led him down a dark path of obsession, culminating in the largest
identity-theft spree in history.
Frances Gonzalez Lago, Gonzalez’s sister, wrote his sentencing judge
that her brother’s work as an informant for the agency between 2003 and
and 2008...

N.Korea 'Hacks into S.Korea-U.S. Defense Plans'

Posted by InfoSec News on Dec 18

http://english.chosun.com/site/data/html_dir/2009/12/18/2009121800317.html
The Chosun Ilbo
Dec. 18, 2009
Suspected North Korean hackers may have gained access to a war plan
devised by South Korea and the U.S. in preparation for an emergency,
including details of specific operational scenarios, intelligence
agencies believe.
According to the January issue of the Monthly Chosun published Friday,
the National Intelligence Service and the...

Sci-fi reviews site hacked to spew malicious PDFs

Posted by InfoSec News on Dec 18

http://www.theregister.co.uk/2009/12/18/aintitcool_malware_attack/
By Dan Goodin in San Francisco
The Register
18th December 2009
Hackers on Thursday exploited a vulnerability on Ain't It Cool News that
redirected anyone visiting the movie review site to a server containing
a malicious Adobe Reader file.
The attack targeted a vulnerable PHP script on one of AICN's servers
that automatically appended the malicious link to banner ads served...

Heartland pays Amex $3.6M over 2008 data breach

Posted by InfoSec News on Dec 18

http://www.computerworld.com/s/article/9142448/Heartland_pays_Amex_3.6M_over_2008_data_breach?taxonomyId=17
By Robert McMillan
IDG News Service
December 17, 2009
Heartland Payment Systems will pay American Express $3.6 million to
settle charges relating to the 2008 hacking of its payment system
network.
This is the first settlement Heartland has reached with a card brand
since disclosing the incident in January of this year.
The U.S....

Twitter hijacked by 'Iranian Cyber Army'?

Posted by InfoSec News on Dec 18

http://news.cnet.com/8301-1023_3-10418140-93.html
By Steven Musil
Digital Media
CNet News
December 17, 2009
Updated at 11:15 p.m. PST to include comment from witness and reflect
Twitter.com accessible again.
Twitter.com was down Thursday evening, and there is a suggestion that
the microblogging site may have been hacked or the victim of a DNS
hijacking.
The site, which was inaccessible for about an hour starting around 10
p.m. PST, was...

Scores of Scottish ministers' files lost or stolen

Posted by InfoSec News on Dec 18

http://www.telegraph.co.uk/news/newstopics/politics/scotland/6827331/Scores-of-Scottish-ministers-files-lost-or-stolen.html
By Simon Johnson
Scottish Political Editor
Telegraph.co.uk
17 Dec 2009
Policy documents belonging to SNP ministers have also been lost in the
post, stolen from a Holyrood conference room and left on a train and in
a car park.
The litany of lost information has been revealed for the first time, and
includes data that...

Secunia Weekly Summary - Issue: 2009-51

Posted by InfoSec News on Dec 18

========================================================================
The Secunia Weekly Advisory Summary
2009-12-10 - 2009-12-17
This week: 117 advisories
========================================================================
Table of Contents:
1.....................................................Word From...

Hacker hit community college system

Posted by InfoSec News on Dec 18

http://www.newsobserver.com/news/crime_safety/story/246272.html
By Kristin Collins
Staff writer
Newsobserver.com
December 17, 2009
Patrons of the state's community colleges may have had their drivers
license and Social Security numbers stolen by a hacker.
College officials announced late today that 51,000 library users at 25
campuses, including Wake Tech and Johnston County, were the victims of a
security breach in August.
They said the...

Document Reveals TJX Hacker’s Assistance to Prosecutors

Posted by InfoSec News on Dec 17

http://www.wired.com/threatlevel/2009/12/gonzalez-memo/
By Kim Zetter
Threat Level
Wired.com
December 15, 2009
Admitted TJX hacker Albert Gonzalez has identified two Russian
accomplices who helped him hack into numerous companies and steal more
than 130 million credit and debit card numbers.
Gonzalez told prosecutors that the hackers breached at least four card
processing companies, as well as a series of foreign banks, a brokerage
house...

Spymaster sees Israel as world cyberwar leader

Posted by InfoSec News on Dec 17

http://www.reuters.com/article/idUSTRE5BE30920091215
By Dan Williams
TEL AVIV
Reuters
Dec 15, 2009
TEL AVIV (Reuters) - Israel is using its civilian technological advances
to enhance cyberwarfare capabilities, the senior Israeli spymaster said
on Tuesday in a rare public disclosure about the secret program.
Using computer networks for espionage -- by hacking into databases -- or
to carry out sabotage through so-called "malicious...

FW: DHS Holds Virtual Job Fair to Expand Cyber Workforce

Posted by InfoSec News on Dec 17

Forwarded from: Jeff Moss <jmoss (at) blackhat.com>
Thought I would pass this on to everyone on InfoSec News, it’s the
follow up to the announcement of DHS getting authority to hire up to
1,000 more people in security.
-- Jeff Moss
------
DHS Holds Virtual Job Fair to Expand Cyber Workforce
Secretary Napolitano on Friday announced the launch of a virtual job
fair at www.dhs.gov/cyberjobfair to recruit cybersecurity experts --...

Texas company lays out 'hacking' case against Minnesota Public Radio

Posted by InfoSec News on Dec 17

http://www.minnpost.com/braublog/2009/12/15/14315/texas_company_lays_out_hacking_case_against_minnesota_public_radio
By David Brauer
minnpost.com
Dec 15 2009
Do Minnesota Public Radio and reporter Sasha Aslanian realistically face
civil and criminal penalties after uncovering a Texas firm’s security
breaches involving state of Minnesota job-seeker data?
Lookout Services - which acknowledges an October security breach and
subsequent...

Five Things You Need to Know About Social Engineering

Posted by InfoSec News on Dec 17

http://www.networkworld.com/news/2009/121609-five-things-you-need-to.html
By Robert McMillan
IDG News Service
December 16, 2009
SOCIAL ENGINEERING IS GROWING UP. Social engineering, the act of
tricking people into giving up sensitive information, is nothing new.
Convicted hacker Kevin Mitnick made a name for himself by cold-calling
staffers at major U.S. companies and talking them into giving him
information. But today's criminals are...

CFP: Workshop on Collaboration and Security (COLSEC'10)

Posted by InfoSec News on Dec 17

Forwarded from: Patrice Clemente <patrice.clemente (at) gmail.com>
----------------------------------------------------------------
The 2010 International Symposium on Collaborative Technologies and Systems
(CTS 2010)
CALL FOR PAPERS
Workshop on Collaboration and Security (COLSEC'10)
The Westin Lombard Yorktown Center Chicago, Illinois, USA May 17-21, 2010 In...

Botnet Operators Infecting Servers, Not Just PCs

Posted by InfoSec News on Dec 17

http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=222002433
By Kelly Jackson Higgins
DarkReading
Dec 16, 2009
Botnet operators have always been able to easily infect and convert PCs
into bots, but they also are increasingly going after servers -- even
building networks of compromised servers.
Web servers, FTP servers, and even SSL servers are becoming prime
targets for botnet operators,...

 

Federal Computer Week: Security News

VA security scholarship program delayed until 2011

A program enacted in 2006 to help the Veterans Affairs Department beef up its information security expertise by offering financial assistance to doctoral students and those who recently earned doctorates still is more than a year away from awarding its first scholarship, according to a report made to Congress.

DHS setting new deadlines for Real ID

The Homeland Security Department has extended the Dec. 31 deadline for states to comply with Real ID drivers license requirements and is setting new deadlines with the states.

National cybersecurity coordinator choice widely applauded

Industry insiders say the breadth and depth of the appointee's experience in both government and the private sector bodes well for his performance in the challenging job of coordinating the government’s cybersecurity policy.

Obama picks cybersecurity coordinator

Howard Schmidt is President Barack Obama’s choice for cybersecurity chief, the administration announced today.

Encryption of Predator video feeds will take time

It could take as long as five years before video feeds from Predator and Reaper drones are fully encrypted and U.S. forces are able to keep enemy forces from intercepting the information, reports Ellen Nakashima in the Washington Post.

Laptop with personal data about thousands stolen from Army employee

A government laptop containing names and personally identifiable information of more than 42,000 patrons of childcare and recreational facilities at Fort Belvoir in Virginia since 2005 was stolen on Nov. 28.

Hackers with political agenda bring down Twitter

Twitter says attack on site's Domain Name System redirected users to a cryptic anti-American message from the "Iranian Cyber Army."

iPhone: Enterprise-worthy, perhaps, but secure enough for feds?

The latest iPhone operating system is more secure, but doubts linger about whether it can rival the BlackBerry for government-level real security.

 

eWeek Security Watch

An Unpleasant Anniversary: 11 Years of SQL Injection

In Vulnerability Research

The first known publicized discussion of SQL injection came in the form of an article in Phrack magazine Dec. 25, 1998, courtesy of a researcher known as Rain Forest Puppy. More than a decade later, the same vulnerability is at the center of some of the most publicized data breaches of the year.

Brittany Murphy Searches Yield Malicious Results

In Social engineering

In yet another example of attackers poisoning search engine results, attackers are using the passing of actress Brittany Murphy to lure users to malicious sites.

MP3 Spam Makes a Comeback

In Spam

Researchers at Symantec and Trend Micro have reported seeing mp3 spam hitting inboxes.

Pharma Spam Finds Its Voice

In Virus and Spyware

Pharma spammers have become so desperate in their attempts to avoid e-mail filters for text and image files that they've begun using MP3 audio files to lure end users.

DarkReading - Security News

DarkReading

Pioneer Linens, Celebrating 97 Years of Luxury Linen Retailing in Florida, Opens New Fort Lauderdale Storefront Catering to Luxury Homeowners With Mansions at the Sea

Friends Play Top Role in Video Gamers' Purchase Decisions

Zscaler Protects Against Adobe Acrobat Reader Zero-Day Exploits

Reportlinker Adds Remote Shopping 2010

SingleHop Announces Tandem Reseller Program: Redefining the Way Servers Are Resold

DarkReading - All Stories

DarkReading

Facebook Hit By Clickjacking Attack

Social network targeted by emerging brand of attack that's hard to kill

Feds Need To Push Forward On Cybersecurity, Says Former FBI CIO

Key to any plan is to focus on hardware, software, and people, and to understand that cybersecurity is a risk management effort, says Zal Azmi

The 9 Coolest Hacks Of 2009

Digital faces, missile defenses, iPod Touches, and even texting teens all were the subject of extreme hacks

White House Names Howard Schmidt As Cybersecurity Czar

Former Bush administration official will head U.S. cybersecurity initiative for Obama, but experts question whether the post has much power

Smartphone Security Startup Offers Free Beta

Product to mix lightweight mobile client with cloud-based security, backup and anti-theft features

4 Factors To Consider Before Firing Up That DLP Solution

There's an ugly truth that DLP vendors don't like to talk about

Attack Of The RAM Scrapers

Beware of malware aimed at grabbing valuable data from volatile memory in point-of-sale systems

Electronic Medical Records: The Good, Bad, And Ugly

EMRs offer huge benefits, but privacy and security threats are massive as well

Lab Test Results: Symantec, Kaspersky Lab, PC Tools, AVG, Detect The Most Zero-Day Attacks

AV-Test finds detection rates of 83- to 90 percent, but rival lab says rates are actually 29- to 64 percent

Privacy Group Files Complaint To FTC About Facebook

Recent changes will make too much user information available to the public, maintains the Electronic Privacy Information Center

Product Watch: IBM Replaces Passwords With Palm-Vein Biometrics In Single Sign-On

Fujitsu's PalmSecure LOGONDIRECTOR is integrated with IBM Tivoli Access Manager for Single Sign-On

Readying For A Zero-Day Attack: Expect The Unexpected

In new report, Dark Reading describes methods for managing zero-day attacks and vulnerabilities

Botnet Operators Infecting Servers, Not Just PCs

Web, FTP, and SSL servers are becoming handy tools for botnets to expand and multiply

Cybercriminals Bypassing Two-Factor Authentication

Targeted attacks have resulted in theft of money and/or information, says Gartner

Product Watch: Bit9 Lists Top Vulnerable Applications Of 2009

Adobe apps top list of most vulnerable apps

Darknet%20-%20Hacking,%20Cracking%20%26%20Computer%20Security

Darknet - The Darkside

Ethical Hacking, Penetration Testing & Computer Security

hostmap 0.2 – Automatic Hostname & Virtual Hosts Discovery Tool

By Darknet on web-server-security

hostmap is a free, automatic, hostnames and virtual hosts discovery tool written in Ruby, licensed under GNU General Public License version 3 (GPLv3). Its goal is to enumerate all hostnames and configured virtual hosts on an IP address. The primary users of hostmap are professionals performing vulnerability assessments and penetration...
Read the full post at darknet.org.uk

Brittany Murphy Dies & Scareware Scammers Strike

By Darknet on worm

It seems to be a trend now, whenever someone famous dies some kind of malware or phishing scam will pop up playing on their death with the usual social engineering aspect. The most memorable one recently of course was the passing of The King of Pop – Michael Jackson The latest one is Brittany Murphy who passed [...]
Read the full post at darknet.org.uk

PDFResurrect v0.9 Released – PDF Analysis and Scrubbing Utility

By Darknet on pdf security

PDFResurrect is a tool aimed at analyzing PDF documents. The PDF format allows for previous document changes to be retained in a more recent version of the document, thereby creating a running history of changes for the document. This tool attempts to extract all previous versions while also producing a summary of changes between versions. [...]
Read the full post at darknet.org.uk

CounterMeasures - A Security Blog

Rik Ferguson blogs about current security issues.

Twitter (not) hacked by Iranian Cyber Army

By Rik Ferguson on web

UPDATE: I was asked to talk to Channel 4 news in the UK about this incident this evening and they have been good enough to share the full content of my interview and a subsequent interview on the same subject with Tim Stevens from King’s College London. _________________________________________________________________________________________ Original post:   At about 6am GMT Twitter fell victim to [...]

CNET News - Security

Web-based Lookout protects mobile devices, data

By Elinor Mills

Lookout offers data security, backup, and management over the Web and a way to locate and protect missing or stolen devices.

Originally posted at InSecurity Complex

Hackers claim to crack Kindle copyright armor

By Leslie Katz

Two hackers, one in Israel and one in the United States, say they've found ways to export e-books from Amazon's popular e-reader to other devices.

Originally posted at Crave

Using Facebook and Twitter safely

By Elinor Mills

Share a lot? Here's a guide to the security and privacy problems that users of Facebook and Twitter encounter, and what they can do about it.

Originally posted at InSecurity Complex

Report: FBI investigating Citibank cyberattack

By Lance Whitney

Russian cybercriminals reportedly hacked into Citibank, stealing tens of millions of dollars and prompting an FBI investigation, says The Wall Street Journal.

White House appoints cybersecurity chief

By Lance Whitney

New Cybersecurity Coordinator Howard Schmidt promises to develop strategies to protect U.S. networks, beef up technology partnerships, and promote R&D.

So, is it safe to tweet now?

By Caroline McCarthy

In the "Iranian Cyber Army" incident, Twitter has once again proven embarrassingly vulnerable. The good news? It doesn't look like user accounts were compromised--not that Twitter stores a whole lot of personal information.

Originally posted at The Social

Twitter hijacked by 'Iranian Cyber Army'

By Steven Musil

The microblogging site appeared defaced by a group that identified itself as the "Iranian Cyber Army" before the site went down.

Originally posted at News - Digital Media

Firefox, Adobe top buggiest-software list

By Elinor Mills

Open-source Firefox reports all holes, putting it at the top of the list for bug reports, while Adobe replaces Microsoft in the second spot, reports find.

Originally posted at InSecurity Complex

Predator drones hacked in Iraq operations

By Declan McCullagh

The apparent security breach arose because the UAVs do not use encryption in the final link to their operators on the ground.

CGISecurity - Website and Application Security News

All things related to website, database, SDL, and application security since 2000.

Adobe on Fuzzing Adobe Reader For Security Defects

By Robert A. on Security Tools

Adobe has published an entry on their blog outlining how fuzzing plays a part in discovering security issues in their product prior to launching it. Its good to see a company such as Adobe publishing this information as its one of those things that is discussed frequently by the security community, however...

No comments:

Post a Comment

My Blog List