Aurora Report: Around The Horn vol.1,166

Zero Day

Tracking the hackers

Adobe working on new automatic (silent) updater

By Ryan Naraine on Responsible disclosure

The new update will give end users an automatic download in the background and will install the updates with no user interaction option.

PC World - A hacker from Miami pled guilty to conspiracy to hack into computer networks at major U.S. retail and financial groups, and to steal data on tens of millions of credit cards and debit cards on Tuesday.

Top 10 Security Nightmares of the Decade (PC World)

In technology

PC World - Blame the Internet for the latest decade of security lessons. Without it, you probably wouldn't even recognize the terms phishing, cybercrime, data breach, or botnet. Let's revisit the top security horrors of the past ten years, and try to remember what we learned from each.

Adobe to be Prime Target for Malware in 2010 (PC World)

In technology

PC World - 2009 is drawing to a close, and 2010 is almost upon us. The Chinese calendar says 2010 is the Year of the Tiger, but a report released from McAfee claims it could be the year of Adobe malware.

Target Co was victim of hacker Albert Gonzalez (Reuters)

In technology

Reuters - Target Co said it was among the victims of computer hacker Albert Gonzalez, mastermind of the biggest identity theft in U.S. history.

Hacker pleads guilty in Mass. to fraud case (AP)

In business

AP - A computer hacker who helped orchestrate the theft of tens of millions of credit and debit card numbers from major retailers in one of the largest such thefts in U.S. history pleaded guilty Tuesday in the last of three cases brought by federal prosecutors.

Hacker pleads guilty in huge credit card theft case (AFP)

In technology

AFP - A 28-year-old Florida man pleaded guilty on Tuesday to hacking into corporate computer networks and carrying out what US officials have described as the largest credit card theft in US history.

U.S. hacker pleads guilty, faces 17 to 25 years (Reuters)

In us

Reuters - A 28-year-old college dropout pleaded guilty on Tuesday to charges that he stole tens of millions of payment card numbers by breaking into corporate computer systems.

Adobe Will Be Top Target for Hackers in 2010, Report Says (PC World)

In technology

PC World - Adobe Systems' Flash and Acrobat Reader products will become the preferred targets for criminal hackers in 2010, surpassing Microsoft Office applications, a security vendor predicted this week.

Hackers Show It's Easy to Snoop on a GSM Call (PC World)

In technology

PC World - Computer security researchers say that the GSM phones used by the majority of the world's mobile-phone users can be listened in on with just a few thousand dollars worth of hardware and some free open-source tools.

Good Guys Bring Down the Mega-D Botnet (PC World)

In technology

PC World - For two years as a researcher with security company FireEye, Atif Mushtaq worked to keep Mega-D bot malware from infecting clients' networks. In the process, he learned how its controllers operated it. Last June, he began publishing his findings online. In November, he suddenly switched from defense to offense. And Mega-D--a powerful, resilient botnet that had forced 250,000 PCs to do its bidding--went down.

TaoSecurity

Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.

Excerpts from Randy George's "Dark Side of DLP"

By Richard Bejtlich

Randy George wrote a good article for InformationWeek titled The Dark Side of Data Loss Prevention. I thought he made several good points that are worth repeating and expanding.
[T]here's an ugly truth that DLP vendors don't like to talk about: Managing DLP on a large scale can drag your staff under like a concrete block tied to their ankles.
This is important, and Randy explains why in the rest of the article.
Before you fire off your first scan to see just how much sensitive data is floating around the network, you'll need to create the policies that define appropriate use of corporate information.
This is a huge issue. Who is to say just what activity is "authorized" or "not authorized" (i.e., "business activity" vs "information security incident")? I have seen a wide variety of activities that scream "intrusion!" only to hear, "well, we have a business partner in East Slobovistan who can only accept data sent via netcat in the clear." Notice I also emphasized "who." It's not just enough to recognize badness; someone has to be able to classify badness, with authority.
Once your policies are in order, the next step is data discovery, because to properly protect your data, you must first know where it is.
Good luck with this one. When you solve it at scale, let me know. This is actually the one area where I think "DLP" can really be rebranded as an asset discovery system, where the asset is data. I'd love to have a DLP deployment just to find out what is where and where it goes, under normal conditions, as perceived by the DLP product. That's a start at least, and better than "I think we have a server in East Slobovistan with our data..."
Then there's the issue of accuracy... Be prepared to test the data identification capabilities you've enabled. The last thing you want is to wade through a boatload of false-positive alerts every morning because of a paranoid signature set. You also want to make sure that critical information isn't flying right past your DLP scanners because of a lax signature set.
False positives? Signature sets? What is this, dead technology? That's right. Let's say your DLP product runs passively in alert-only mode. How do you know if you can trust it? That might require access to the original data or action to evaluate how and why the DLP product came to the alert-worthy conclusion that it did.
Paradoxically, if the DLP product is in active blocking mode, your analysts have an easier time separating true problems from false problems. If active DLP blocks something important, the user is likely to complain to the help desk. At least you can figure out what the user did that upset both DLP and the denied user.
However, as with intrusion-detection systems, not all actions can be automated, and network-based DLP will generate events that must be investigated and adjudicated by humans. The more aggressively you set your protection parameters, the more time administrators will spend reviewing events to decide which communications can proceed and which should be blocked.
Ah, we see the dead technology -- IDS -- mentioned explicitly. Let's face it -- running any passive alerting technology, and making good sense of the output, requires giving the analyst enough data to make a decision. This is the core of NSM philosophy, and why NSM advocates collecting a wide variety of data to support analysis.
For earlier DLP comments, please see Data Leakage Protection Thoughts from last year.

Best Book Bejtlich Read in 2009

By Richard Bejtlich

It's the end of the year, which means it's time to name the winner of the Best Book Bejtlich Read award for 2009!
Although I've been reading and reviewing digital security books seriously since 2000, this is only the fourth time I've formally announced a winner; see 2008, 2007, and 2006.
2009 was a slow year, due to a general lack of long-haul air travel (where I might read a whole book on one leg) and the general bleed-over from my day work into my outside-work time.
My ratings for 2009 can be summarized as follows:

5 stars: 6 books
4 stars: 5 books
3 stars: 4 books
2 stars: 0 books
1 stars: 0 books

Here's my overall ranking of the five star reviews; this means all of the following are excellent books.

6. Vi(1) Tips by Jacek Artymiak; devGuide.net. Every Unix admin should know how to use vi(1), and Jacek's book provides the right balance of commands and examples.
5. Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast by Paco Hope; O'Reilly. Even though I am not a Web developer, I found this book to be very clear and helpful for security analysts trying to understand Web traffic.
4. IPv6 Security by Scott Hogg; Cisco Press. When it comes to IPv6 security books, there is really no alternative, and thankfully this book delivers.
3. Windows Forensic Analysis DVD Toolkit, Second Edition by Harlan A. Carvey; Syngress. Harlan's update to the first edition of his book is another winner; you must read this book.
2. The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws by Marcus Pinto; Wiley. This is an excellent book. I read several books on Web application security recently, and this is my favorite.

And, the winner of the Best Book Bejtlich Read in 2009 award is...

1. SQL Injection Attacks and Defense by Justin Clarke, et al; Syngress. This was a really tough call. Any of the top 4 books could easily have been the best book I read in 2009. Congratulations to Syngress for publishing another winner. SQL injection is probably the number one problem for any server-side application, and this book is unequaled in its coverage.
Looking at the publisher count, top honors in 2009 go to Syngress for 2 titles, followed by Wiley, Cisco Press, O'Reilly, and devGuide.net, each with one.
Thank you to all publishers who sent me books in 2009. I have plenty more to read in 2010.
Congratulations to all the authors who wrote great books in 2009, and who are publishing titles in 2010!

Every Software Vendor Must Read and Heed

By Richard Bejtlich

Matt Olney and I spoke about the role of a Product Security Incident Response Team (PSIRT) at my SANS Incident Detection Summit this month. I asked if he would share his thoughts on how software vendors should handle vulnerability discovery in their software products.
I am really pleased to report that Matt wrote a thorough, public blog post titled Matt's Guide to Vendor Response. Every software vendor must read and heed this post. "Software vendor" includes any company that sells a product that runs software, whether it is a PC, mobile device, or a hardware platform executing firmware. Hmm, that includes just about everyone these days, except the little old ladies selling fabric at the hobby store.
Seriously, let's make 2010 the year of the PSIRT -- the year companies make dealing with vulnerabilities in their software an operational priority. I'm not talking about "building security in" -- that's been going on for a while. Until I can visit a variation of company.com/psirt, I'm not satisfied. For that matter, I'd like to see company.com/cirt as well, so outsiders can contact a company that might be inadvertently causing trouble for Internet users. (And yes, if you're wondering, we're working on both at my company!)

Difference Between Bejtlich Class and SANS Class

By Richard Bejtlich

A comment on my last post, Reminder: Bejtlich Teaching at Black Hat DC 2010, a reader asked:
I am trying to get my company sponsorship for your class at Black Hat. However, I was ask to justify between your class and SANS 503, Intrusion Detection In-Depth.
Would you be able to provide some advice?
That's a good question, but it's easy enough to answer. The overall point to keep in mind is that TCP/IP Weapons School 2.0 is a new class, and when I create a new class I design it to be different from everything that's currently on the market. It doesn't make sense to me to teach the same topics, or use the same teaching techniques, found in classes already being offered. Therefore, when I first taught TWS2 at Black Hat DC last year, I made sure it was unlike anything provided by SANS or other trainers.
Beyond being unique, here are some specific points to consider. I'm sure I'll get some howls of protest from the SANS folks, but they have their own platform to justify their approach. The two classes are very different, each with a unique focus. It's up to the student to decide what sort of material he or she wants to learn, in what environment, using whatever methods he or she prefers. I don't see anything specifically "wrong" with the SANS approach, but I maintain that a student will learn skills more appropriate for their environment in my class.

TWS2 is a case-driven, hands-on, lab-centric class. SANS is largely a slide-driven class.
When you attend my class you get three handouts: 1) a workbook explaining how to analyze digital evidence; 2) a workbook with questions for 15 cases; and 3) a teacher's guide answering all of the questions for the 15 cases. There are no slides aside from a few housekeeping items and a diagram or two to explain how the class is set up.
When you attend SANS you will receive several sets of slide decks that the instructor will show during the course of the class. You will also have labs but they are not the focus of the class.
I designed TWS2 to meet the needs of a wide range of students, from beginners to advanced practitioners. TWS2 attendees typically finish 5-7 cases per class, with the remainder suitable for "homework." Students can work at their own pace, although we cover certain cases at checkpoints during the class. A few students have completed all 15 cases, and I often ask if those students are looking for a new opportunity with my team!
TWS2 is about investigating digital evidence, primarily in the form of network traffic, logs, and some memory captures. The focus is overwhelmingly on the content and not the container. SANS spends more time on the container and less on the content.
For example, if you look at the SANS course overview, you'll see they spend the first three days on TCP/IP headers and analysis with Tcpdump. Again, there's nothing wrong with that, but I don't care so much about what bit in the TCP header corresponds to the RST flag. That was mildly interesting in the late 1990s when that part of the SANS course was written, but the content of a network conversation has been more important this decade. Therefore, my class focuses on what is being said and less on how it was transmitted.
TWS2 is not about Snort. While students do have access to a fully-functional Sguil instance with Snort alerts, SANCP session data, and full content libpcap network traffic, I do not spend time explaining how to write Snort alerts. SANS spends at least one day talking about Snort.
TWS is not about SIM/SEM/SIEM. Any "correlation" between various forms of evidence takes place in the student's mind, or using the free Splunk instance containing the logs collected from each case. If you consider dumping evidence into a system like Splunk, and then querying that evidence, to be "correlation," then we have "correlation." (Please see Defining Security Event Correlation for my thoughts on that subject.) SANS spends two days on fairly simple open source options for "correlation" and "traffic analysis."
TWS cases cover a wide variety of activity, while SANS is narrowly focused on suspicious and malicious network traffic. I decided to write cases that cover many of the sorts of activities I expect an enterprise incident detector and responder to encounter during his or her professional duties.
I also do not dictate any single approach to investigating each case. Just like real life, I want the student to produce an answer. I care less about how he or she analyzed the data to produce that answer, as long as the chain of reasoning is sound and the student can justify and repeat his or her methodology.

I hope that helps prospective students make a choice. I'll note that I don't send any of my analysts to the SANS "intrusion detection" class. We provide in-house training that includes my material but also focuses on the sorts of decision-making and evidence sources we find to be most effective in my company. Also please note this post concentrated on the differences between my class and the SANS "intrusion detection" class, and does not apply to other SANS classes.

SecurityFocus News

SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

Brief: Conficker infections drop overnight

Conficker infections drop overnight

Brief: UltraDNS suffers attack, Amazon affected

UltraDNS suffers attack, Amazon affected

Brief: Lookout aims to lockdown smart phones

Lookout aims to lockdown smart phones

Security Fix

Brian Krebs on computer and Internet security

Farewell 2009, and The Washington Post

In From the Bunker

This will be the last post for the Security Fix blog. Dec. 31 marks my final day at The Washington Post Company. Over the last 15 years, I've reported hundreds of stories for washingtonpost.com and the paper edition. I have authored more than 1,300 blog posts since we launched Security Fix back in March 2005. Dozens of investigative reports that first appeared online later were "reverse published" in the newspaper, including eight front-page stories and a Post Magazine cover. Through it all, you - the reader - have been my most valuable source, most reliable critic, and most persistent muse. Loyal readers are the reason Security Fix has consistently been among the most-visited blogs on washingtonpost.com. Thank you. I will continue to remain engaged in this increasingly vital news beat. Please stay in touch for updates in the New Year. I can be reached directly at this e-mail address.

Security - RSS Feeds

Symantec Y2K10 Date Stamp Bug Hits Endpoint Protection Manager

The start of 2010 has tripped up Symantec Endpoint Protection Manager, as updates issued since 11:59 p.m. Dec. 31, 2009, have been labeled as out-of-date.
- The new decade has brought a slight hiccup to users of Symantec Endpoint Protection Manager. According to the company, the product is incorrectly labeling updates issued in 2010 as out-of-date. The issue impacts the Endpoint Protection v11.x and Endpoint Protection Small Business Edition v12.x ...

EMC to Acquire Archer Technologies for Security Risk Management

EMC is buying Archer Technologies and folding it into EMC's RSA Security Division in order to expand its risk management portfolio and bolster its consulting services business.
- EMChas agreed to acquire governance, risk and compliance solution vendor Archer Technologies for an undisclosed sum. The acquisition, which is expected to close in the first quarter of the year, will fold Archers risk management products into EMCs RSAsecurity division. According to EMC, when ...

Researcher Uncovers Twitter, Google Calendar Security Vulnerabilities

A security researcher uncovered some holes in Google Calendar and Twitter that may allow an attacker to steal cookies and user session IDs.
- A security researcher has uncovered vulnerabilities in Twitter and Google Calendar that could put users at risk. In a proof of concept, researcher Nir Goldshlager demonstrated cross-site scripting (XSS) vulnerabilities in Google Calendar and Twitter that he said could be used to steal cookies an...

Symantec Discusses Security SAAS Plans for 2010

It's been a year since Symantec's acquisition of MessageLabs. In an interview with eWEEK, former MessageLabs CEO Adrian Chamberlain, now head of Symantec's software-as-a-service business, discusses the security company's plans for the SAAS space in the coming year and drops some hints on where Symantec may be headed.
- One of the underlying trends in security of late has been the adoption of cloud-based services. On the acquisition front, the past few years have seen several independent SAAS security vendors get gobbled up. Among those was Symantec's acquisition of MessageLabs. After more than a year under Sy...

Microsoft Downplays IIS Security Vulnerability Talk

Microsoft contends that an IIS security vulnerability being talked about is not as dangerous as the poorly configured servers that attackers would need to target for an exploit to work.
- Microsoft is downplaying talk of a zero-day bug in Internet Information Services). Reports began to circulate Dec. 24 of a security vulnerability in IIS. The issue was due to the way IIS 6.0 handles semicolons in URLs. However Microsoft contends that because IIS must be in an insecure configura...

Gonzalez Pleads Guilty in More Hacking Cases

Notorious hacker Albert Gonzalez adds guilty pleas for cracking the networks of Heartland Payment Systems, 7-11 and Hannaford Brothers in one of the largest data breaches ever investigated and prosecuted in the United States. Gonzalez previously pleaded guilty to hacking TJX Companies, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes Noble and Sports Authority.
- Notorious hacker Albert Gonzalez pleaded guilty Dec. 29 to conspiracy to hack into the computer networks of credit card processor Heartland Payment Systems, nationwide convenience store chain 7-Eleven and supermarket chain Hannaford Brothers. The hacks netted Gonzalez access to data from tens of ...

Mobile Phone Encryption Crack Downplayed by GSMA

The Global System for Mobile Communications Association claims the latest attack on the A5/1 encryption algorithm is not practical.
- Security researchers have cracked the encryption code used to protect most of the world's digital mobile phone calls, but some say the impact is being exaggerated. According to reports, cryptographer Karsten Nohl led an effort to break the 21-year-old GSM algorithm used to protect the privacy of...

LABS GALLERY: IBM ISS Web App Solution Paints Big Security Picture

IBM Rational AppScan, ISS Proventia IPS GX5108 and the SiteProtector security management console offer comprehensive Web application protection by combining proactive application vulnerability scanning with live IPS attack reports.
- ...

Microsoft IIS Security Bug Leaves Web Servers Vulnerable

Reports of a zero-day vulnerability affecting Microsoft Internet Information Services surfaced on the Web Dec. 24. Microsoft says it is investigating the matter, and has found so far that only certain configurations of IIS are vulnerable to attack.
- Microsoft is investigating reports of a new vulnerability affecting Microsoft Internet Information Services that could be used to execute malicious code on vulnerable Web servers. Details of the vulnerability came out Dec. 25 when security researcher Soroush Dalili posted information about the ...

Security

The Art of Technology

Brief: TSA subpoenas bloggers to find source of security doc leak

By chris.foresman@arstechnica.com (Chris Foresman) on tsa

The Transportation Security Administration is attempting to find the source of a leak of a sensitive security directive that followed a failed airline bombing attempt on Christmas Day. Two travel bloggers have revealed that they have been subpoenaed to provide information that may lead to the source of the leak.

Shortly after an attempted "underwear" bomber was discovered on Northwest Airlines Flight 253 from Amsterdam to Detroit on December 25, the Transportation Security Administration issued immediate, temporary changes to security procedures in an attempt to prevent similar incidents. The particular details of those changes were issued in an internal security directive, intended only for TSA employees. However, copies of the directive were leaked to several bloggers and quickly spread around the 'Net.

Writers Chris Elliott and Steven Frischling both received copies of the security directive from anonymous sources, and both published the text of the directive after mass confusion set in among holiday travelers affected by the sudden changes in security procedures. It appears that the TSA is not punishing either for publishing the document; rather, they are trying to find the source of the leak.

"The DHS & TSA are taking this matter seriously, and that tells me that they are paying attention to security in detail," Frischling wrote on his blog. So far, neither has admitted to knowing the identity of the source of the TSA directive.

The leak is somewhat embarrassing for the TSA, though, in light of a recent leak of the entire contents of the TSA's "Standard Operating Procedures" manual online. That disclosure was due to improper redacting of the document, which the TSA later claimed to be out of date.

One leg of GSM encryption cracked, cell industry unimpressed

By jtimmer@arstechnica.com (John Timmer) on hacking

GSM is the most popular protocol for cellphone telephony on the planet, with billions of users worldwide. But the standard encryption procedure used by most GSM carriers is only 64-bit, and academic researchers had spotted flaws in it starting over a decade ago. Now, in an effort to get carriers to take security seriously, a researcher is publicizing a brute-force attack on the encryption that he expects will be combined with work on the GSM frequency selection algorithm to create a cheap and easy method for eavesdropping on cellular calls. Despite initial progress on the effort, the cellular industry remains unimpressed.

Securing GSM communications relies on a combination of encryption and obscurity. The encryption, as described above, typically involves a 64-bit algorithm called A5/1, although many 3G networks use a newer, 128-bit version called A5/3. There's a history of academic research on this encryption that shows it to be vulnerable to various attacks, but there's no indication that any of these attacks have been used in the wild. That's presumably in part because of the obscurity aspect: GSM uses an algorithm to ensure that consecutive packets from a call are transmitted on different frequencies, making reconstruction of an entire transmission a matter of cracking that algorithm.

Brief: 2010 to bring new resolutions, new attacks on Adobe software

By jacqui@arstechnica.com (Jacqui Cheng) on virus

Cybercriminals will begin to migrate their focus from Office to Adobe's applications in 2010, according to security research firm McAfee. In its 2010 Threat Predictions report, the company said that exploits in Adobe Reader and Flash would become prime targets for hackers looking to spread malware in the coming year, along with social networking sites and even HTML 5.

McAfee noted that Reader and Flash are some of the most widely deployed applications in the world, providing hackers a high return on investment should they choose to target them. "Based on the current trends, we expect that in 2010 Adobe product exploitation is likely to surpass that of Microsoft Office applications in the number of desktop PCs being attacked," wrote the firm.

As noted by NetworkWorld, Adobe acknowledged earlier this year that it has seen an increase in attacks on its software already. Adobe CTO Kevin Lynch said during the 2009 Adobe Max conference that attacks were up for both Reader and "to some extent" Flash, but added that the company was working on reducing the window between learning about a problem and offering a fix.

McAfee also said that 2010 would take social network attacks "to new heights," especially thanks to the proliferation of Facebook apps and other Web applications. Speaking of Web apps, McAfee says that the advancements that come with HTML 5 will blur the line between Web and desktop applications, giving hackers another way to target users. These predictions go against similar predictions offered by Kaspersky Lab, however, which stated earlier this month that it believes 2010 will see a reduction in Web attacks and an increase in those that target P2P users. Either way, the message is the same: make sure to engage in safe(r) surfing practices and always wear protection. Virus and malware protection, that is.

etc: Breaches of secure data, like your social security number...

In security

Breaches of secure data, like your social security number or credit card info, continue to make headlines. DataBreaches.net has updated its list of the top 10 worst data breaches in history.

Brief: Last-minute Amazon, Wal-Mart shoppers delayed by DDoS attack

By jacqui@arstechnica.com (Jacqui Cheng) on security

If you were one of the many Internet users trying to beat the clock with holiday shopping on Wednesday, a DNS attack may have tried to spoil your plans. Users found themselves unable to access several major websites, including Amazon.com and Wal-Mart.com, during part of the day yesterday, which Amazon's DNS provider reported was a result of a DDoS attack.

The DNS attack started late in the day on Wednesday and took place against UltraDNS, the company that provides DNS services to the aforementioned sites. UltraDNS' parent company, Neustar, said that the attack affected the company's facilities in San Jose and Palo Alto, and the effects were largely limited to California users trying to access those sites. The company confirmed that an "abnormal spike in queries" took place and that it was identified as a DDoS attack.

The outage affected other parts of Amazon's Web Services in the US, but apparently not overseas. This, according to a retweet from Amazon Web "Strategist" Jeff Bar, included S3 and EC2. Luckily for Amazon and other e-commerce sites, they were only down for about an hour, but some shoppers still found themselves out of luck as a result of the outage.

As noted by CNET, this isn't the first time this year that Amazon and UltraDNS were affected by a DDoS attack. In April, a much larger attack took Amazon, SalesForce, and PetCo offline and affected a much larger number of customers. Still, with retailers struggling for decent numbers this holiday season, even an hour in one part of the country can mean much more than a minor annoyance.

SecuriTeam

Welcome to the SecuriTeam RSS Feed - sponsored by Beyond Security. Know Your Vulnerabilities! Visit BeyondSecurity.com for your web site, network and code security audit and scanning needs.

Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability

Insecure permissions have been detected in the multiple Kaspersky Lab antivirus products.

HP-UX Running Apache Data Injection and DoS Vulnerability

A potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).

MIT krb5 KDC denial of service in cross-realm referral processing

An unauthenticated remote attacker could cause the KDC to crash due to a null pointer dereference. Legitimate requests can also cause this crash to occur.

Trango Broadband Wireless Rogue SU Authentication Bug

Currently there is a flaw in the authentication mechanism of these radios which, if an attacker knows some details, can allow interception of ethernet packets broadcast from the Access Point to the Subscriber Unit and potentially allows injection into the communication from the Subscriber Unit to the Access Point.

Exposing HMS HICP Protocol and Intellicom NetBiterConfig.exe Remote Buffer Overflow

SCADA weaknesses created by HICP Protocol and NetBiter WebSCADA.

AproxEngine Multiple Vulnerabilities

Vulnerabilities have been discovered in AproxEngine, which can be exploited by malicious users to manipulate certain data, conduct spoofing, SQL injection, and script insertion attacks and by malicious people to conduct SQL injection and script insertion attacks.

SearchSecurity: Security Wire Daily News

The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.

EMC buys Archer Technologies for compliance management

By Robert Westervelt

The acquisition couples EMC's RSA security division with Archer's compliance management platform and builds on RSA's financial industry presence.

PDF attack code complicates security analysis, skirts detection

By Robert Westervelt

Only 8 of 40 antivirus vendors can detect the latest PDF attack, which uses sophisticated coding to complicate security analysis and enable the author to push malware updates.

IIS configuration error leads to increased threat, Microsoft says

By Robert Westervelt

A configuration error could lead to a vulnerable Microsoft IIS web server, Microsoft said after investigating reports of an IIS parsing extension flaw.

Five security themes to watch in 2010

By Robert Westervelt

All signs point to payment industry security improvements, tighter security in social networks and some new attack vectors for savvy cybercriminals.

Hacker pleads guilty to orchestrating Heartland credit card heist

By Robert Westervelt

Albert Gonzalez plead guilty to hacking into computer networks and stealing tens of millions of credit and debit cards from retailers and financial firms.

GSM cell phone encryption crack may force operators to upgrade

By Robert Westervelt

Karsten Nohl, a widely known encryption expert, has cracked the GSM encryption algorithm and claims software is available for hackers to eavesdrop on calls.

Microsoft doesn't rule out rushed patch for IIS zero-day vulnerability

By Robert Westervelt

Software giant dismisses the critical nature of the Internet Information Services zero-day flaw, but doesn't rule out an out-of-band patch.

DDoS attack strikes UltraDNS, affects Amazon, Wal-Mart

By Robert Westervelt

A flood of traffic caused general sluggishness and some outages for about an hour late Wednesday.

Web security strategy: Use cloud security services

By Eric Ogren

Web security used to be mainly URL filtering and protocol validation, but as Eric Ogren explains, Web security clouds improve security with little impact on performance.

Twitter domain hijacking highlights DNS security weaknesses

By Robert Westervelt

While some security experts call the Twitter incident a non-issue, others say it is a reminder of DNS weaknesses and the need for better authentication.

SANS%20RSS%20Feed

SANS NewsBites

All Stories From Vol: 11 - Issue: 101

Phony Anti-Terror Technology Responsible for Elevated Security Levels in 2003 (December 24 & 28, 2009)

A self-proclaimed software programmer who convinced the CIA that he had developed software capable of deciphering hidden messages in Al Jazeera broadcasts appears to have been responsible for an elevation in the national security level in late 2003, causing the grounding of international flights and the evacuation of the Metropolitan Museum of Art.......

Proposed Legislation in NJ Would Beef Up Penalties for Unsolicited Text Messages (December 28, 2009)

Two New Jersey state legislators are sponsoring a bill that would impose hefty fines on people and/or organizations that send unsolicited text messages.......

GSM Algorithm Broken (December 28, 2009)

An encryption expert giving a presentation at a conference in Berlin, Germany says he has broken the GSM algorithm used to protect the privacy of cell phone calls.......

Microsoft Says IIS Vulnerability is Low Risk (December 25 & 28, 2009)

Microsoft is downplaying reports of a flaw in its Internet Information Services (IIS), saying that as long as users adhere to secure configuration best practices, the vulnerability presents a low risk.......

DDoS Against DNS Provider Causes Problems for Some Online Retailers (December 24 & 28, 2009)

A distributed denial-of-service (DDoS) attack against the DNS provider for Amazon, Wal-Mart, the Gap and other shopping websites made those sites temporarily unavailable.......

GAO Report Points Fingers in Nuclear Site Document Leak (December 24, 2009)

A report from the Government Accountability Office (GAO) faults five government agencies, two congressional offices and the National Security Council for the leak of information about hundreds of US civilian nuclear facilities.......

Preliminary Approval for Countrywide Breach Settlement (December 24, 2009)

A US federal judge has granted preliminary approval to a proposed settlement that would have Countrywide Financial Corp.......

Prison Attacker Gets Prison Sentence (December 22 & 24, 2009)

Francis G.......

Government Faces Shortage of Skilled Cyber Security Specialists (December 23, 2009)

The US federal government is facing difficulty finding enough skilled cyber security employees to help protect networks from increasingly sophisticated and frequent attacks.......

Kindle DRM Broken (December 23, 2009)

Two different people claim to have broken the digital rights management (DRM) technology on Amazon's Kindle ebook reader so that the files stored in the application can be used on other devices as well.......

MBNA Customer Credit Card Data on Stolen Laptop (December 22 & 23, 2009)

MBNA is notifying thousands of customers that a laptop stolen from NCO Europe offices contains their credit card information.......

Former Assistant DA Draws Probation for Unauthorized Access to Information (December 22, 2009)

A Louisiana man has been sentenced to two years of probation and ordered to pay a US $3,000 fine for unauthorized access to information by use of a computer.......

Citibank Says There Was No Cyber Attack (December 22 & 23, 2009)

While the FBI says it is investigating losses totaling tens of millions of dollars from Citibank accounts, Citibank parent company Citigroup denies reports that it has fallen prey to a cyber attack or that an investigation is underway.......

White House Expected to Name Schmidt as Cybersecurity Coordinator (December 22, 2009)

The Washington Post and The New York Times are reporting that the White House will name Howard A.......

US Military Drone Video Feeds Will Not Be Encrypted Until At Least 2014 (December 19, 2009)

According to US Air Force officials, encryption of video feeds from the US military's unmanned Predator and Reaper aircraft will not be complete for at least five more years.......

BPI Survey Indicates Filesharing Activity Has Not Waned (December 18 & 20, 2009)

According to statistics from the British Phonographic Industry (BPI), illegal filesharing has not declined despite increased efforts by the government to discourage the practice.......

US Cyber Challenge Competition Heats Up (December 21, 2009)

A group of young people recently gathered in the Washington DC area to participate in the "all star" round of the US Cyber Challenge.......

Cyber Security Myths That Need to be Dispelled (December 21, 2009)

Melissa Hathaway, who earlier this year prepared the Cyberspace Policy Review for the Obama administration, says that we as individuals, organizations, governments and a nation need to shatter long-held myths about cyber space security and take steps to mitigate threats.......

Possible Prison Time for Sending Spyware (December 21, 2009)

An Ohio man could face time in prison for sending spyware to a woman's computer.......

Netflix Sued for Violating Customer Privacy (December 21, 2009)

An Ohio woman is suing Netflix for invading her privacy.......

WinAmp Update Fixes Five Security Flaws (December 18 & 21, 2009)

WinAmp users are urged to upgrade to version 5.......

Adobe Explains Why Critical Fix Will Wait Until January (December 18, 2009)

Adobe director for product security and privacy Brad Arkin says the company decided to wait until its scheduled January 12, 2010 security update to fix a recently disclosed critical PDF flaw.......

White House Task Force Makes Agency Information Sharing Recommendations (December 18, 2009)

A White House task force has recommended that government agencies focus on ways to share sensitive information more effectively before addressing data security issues that accompany data sharing.......

North Korea Allegedly Stole US/South Korean Military Plans (December 18 & 21, 2009)

The South Korean military has launched an investigation into allegations that North Korean hackers stole joint US/South Korean defense plans describing the countries' strategy in the event of a North Korean pre-emptive strike or other military provocation.......

Attackers Actively Exploiting Adobe Flaws (December 18, 2009)

Hackers exploited a vulnerability on a movie review website to redirect visitors to a server containing a maliciously crafted PDF file.......

IE Domain Registry Places Encrypted Copy of its Database With Third Party (December 18, 2009)

The IE Domain Registry has made arrangements to have an encrypted copy of its database held by a third party.......

SANS%20Internet%20Storm%20Center,%20InfoCON%3A%20green

SANS Internet Storm Center, InfoCON: green

Any other reports of decade change problems?, (Mon, Jan 4th)

We are curious whether anyone else is seeing the sorts of issues like the one with Symantec we just ...(more)...

Symantec SEPM having 2010 date problems, (Mon, Jan 4th)

Thanks to Derek to pointed us at this post from Symantec: http://www.symantec ...(more)...

Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324, (Mon, Jan 4th)

Couple of days ago one of our readers, Ric, submitted a suspicious PDF document to us. As you know, ...(more)...

WASC Threat Classification v2 published, (Mon, Jan 4th)

The WASC (Web Application Security Consortium) has just released the second version of their Threat ...(more)...

Ten Years of Volunteer Service and Going Strong, (Sat, Jan 2nd)

As many of our long-time readers are aware, the SANS Internet Storm Center evolved from an initiativ ...(more)...

Having Spamassassin Problems?, (Sat, Jan 2nd)

Karl sent us a note about date parsing issues in Spamassassin. I thought we fixed all of these ...(more)...

Dealing With Unwanted SSH Bruteforcing, (Fri, Jan 1st)

A common question I get from individuals who use Internet-accessible SSH to manage their network ...(more)...

Have a Happy New Year, (Thu, Dec 31st)

I know in some parts of the world it's already 2010, so I'd like to take the time to wish you all a ...(more)...

Sendmail 8.14.4 has been released, (Thu, Dec 31st)

As my colleague (Swa) here at the ISC said in the coffee room this morning, It's been awhile s ...(more)...

Ready to use IDS Sensor with Sguil, (Wed, Dec 30th)

I have just released an update on my 32-bit hardened IDS sensor (version 6.4) with all the Sguil com ...(more)...

GSM Cell Phone Encryption is Cracked - Interception of Cell Calls Possible, (Wed, Dec 30th)

According to the Financial Times, a hacking contest sponsored by KarstrenNohl, a G ...(more)...

KDC DoS in cross-realm referral processing, (Wed, Dec 30th)

If you are currently using MIT krb5 release krb5-1.7, a null pointer dereference has been reported w ...(more)...

What's up with port 12174? Possible Symantec server compromise?, (Tue, Dec 29th)

This is a heads-up that we have received a number of queries from readers about an increase in probe ...(more)...

Microsoft responds to possible IIS 6 0-day, (Tue, Dec 29th)

Following up to recent diaries 7816 and 7810 and numerous other sources regarding a possible IIS&nbs ...(more)...

It's been 10 years, (Mon, Dec 28th)

The Internet Storm Center directly traces it's roots back to the year 1999. A SANS Project cal ...(more)...

How this weekend's attempted Terrorist attack relates to IT., (Mon, Dec 28th)

In case you were spending time with your family this weekend and not watching the news, there was an ...(more)...

It seems the Blackberry problem may have been localized. All clear as far as I can tell., (Mon, Dec 28th)

-- Joel Esler | http://blog.joelesler ...(more)...

Microsoft puts up a blurb on their website about the IIS 0day., (Mon, Dec 28th)

Microsoft has put up a response on their security blog concerning the IIS 0day. Th ...(more)...

8 Basic Rules to Implement Secure File Uploads http://jbu.me/48 (inspired by IIS ; bug), (Mon, Dec 28th)

------ Johannes B. Ullrich, Ph ...(more)...

Pressure increasing for Microsoft to patch IIS 0 day, (Sun, Dec 27th)

The other day ISC Handler Guy Bruneau posted a Diary pointing to a Microsoft IIS 0Day Vulnerab ...(more)...

Did any digital nasties show up under your tree this year?, (Fri, Dec 25th)

As many of our readers may recall the past two years we had numerous reports of infected digital dev ...(more)...

Microsoft IIS File Parsing Extension Vulnerability, (Thu, Dec 24th)

A vulnerability has been identified in Microsoft Internet Information Services (IIS) where the serve ...(more)...

F5 BIG-IP ASM and PSM Remote Buffer Overflow, (Thu, Dec 24th)

The BIG-IP Application Security Manager (ASM) and Protocol Security Manager (PSM) bd dae ...(more)...

SANS%20RSS%20Feed

SANS Information Security Reading Room

Last 25 Computer Security Papers added to the Reading Room

Smart IDS - Hybrid LaBrea Tarpit

Categories: Case Studies,Intrusion Detection,Intrusion Prevention

Paper Added: December 28, 2009

A Taste of Scapy

Category: Penetration Testing

Paper Added: December 24, 2009

The Register - Security

Biting the hand that feeds IT

Y2.01K bug trips up Symantec

Schoolboy error causes red faces

Symantec's Endpoint Protection Manager has been hit by a classic date bug and fell over at the end of the year, accepting no definition updates dated since then.…

Mr Bean ousts PM from Spain's official website

This coup brought to you by XSS

Spain's prime minister was briefly ousted from that country's official website after hackers replaced his likeness with that of bumbling slapstick character Mr. Bean.…

The power of collaboration within unified communications

EMC slides Archer Technologies into security quiver

Aims at IT risk portfolio

Storage behemoth EMC started down the 2010 acquisition trail on Monday by announcing an agreement to purchase Archer Technologies, a privately-held maker of IT governance, risk management, and compliance software.…

Adobe Reader vuln hit with unusually advanced attack

Eight more days to go

With more than a week until Adobe is scheduled to patch a critical vulnerability in its Reader and Acrobat applications, online thugs are targeting it with an unusually sophisticated attack.…

Kingston coughs to security flaw in 'Secure' flash drive

That's gotta hurt

Kingston Technology is instructing customers to return certain models of its memory sticks, after the firm discovered a glitch in its DataTraveler Secure flash drives.…

Texas cops cuff 176 at illegal cockfight

100 cocks taken to shelter

Texas cops arrested 176 people on Saturday at an illegal cockfight around 50 miles northwest of Fort Worth, the Dallas Morning News reports.…

US feds squeeze bloggers for posting TSA orders

Nigerian crotchbomber claims first victims

At least two bloggers who posted the latest Transportation Security Administration security guidelines have received visits from the feds. One had his laptop confiscated and was served a subpoena. The other just received the subpoena.…

TJX kingpin pleads guilty to Heartland hack

Forest Gump of cybercrime face 17 years plus

TJX hacking mastermind Albert Gonzalez faces a minimum of 17 years behind bars after pleading guilty to further cybercrimes.…

MS dismisses IIS zero-day bug reports

It ain't vulnerable, just 'inconsistent'

Microsoft has dismissed reports that there's an unpatched critical flaw in the latest version of its webserver software.…

X-Box 360 theft suspect busted after online gaming sesh

From tagged to fragged

An alleged X-Box 360 thief was tracked down after he forgot to disable the game console's auto sign-in feature before hopping on the net.…

Adobe predicted as top 2010 hacker target

McAfee's crystal ball also reveals Google Chrome dangers

Adobe will overtake Microsoft as the primary target for hackers and virus writers in 2010, net-security firm McAfee predicts.…

TJX sniffer author jailed for two years

First of the gang

The malware coder who wrote the sniffer program used in the infamous TJX credit card heist has been jailed for two years.…

Secret code protecting cellphone calls set loose

Universal phone snooping moves forward

Cryptographers have moved closer to their goal of eavesdropping on cellphone conversations after cracking the secret code used to prevent the interception of radio signals as they travel between handsets and mobile operators' base stations.…

Microsoft IIS vuln leaves users open to remote attack

Beware of the 'semicolon bug'

Updated A researcher has identified a vulnerability in the most recent version of Microsoft's Internet Information Services that allows attackers to execute malicious code on machines running the popular webserver.…

Inmate gets 18 months for thin client prison hack

HR network jailbreak

A former prison inmate has been ordered to serve 18 months for hacking the facility's computer network, stealing personal details of more than 1,100 of its employees and making them available to other inmates.…

DDoS attack scrooges Amazon and others

UltraDNS California facilities targeted

Service to Amazon, Wal-Mart and several other shopping sites was briefly blocked on Wednesday evening when their DNS provider was hit by a distributed denial of service (DDoS) attack.…

Software fraudster 'fooled CIA' into terror alert

Spooks 'f*cking livid'

A con man fooled US spooks into grounding international flights by selling them "technology" to decode al-Qaeda messages hidden in TV broadcasts, it's claimed.…

Pharma link spammers invade Live Space

Fake blog posts spamvertise knock-off pills

Cybercrime affiliates of unlicensed pharmaceutical websites have begun moving on from attacks purely designed to poison Google search engine results, and are now targetting Microsoft's web properties.…

Network World on Security

The latest security news, analysis, reviews and feature articles from NetworkWorld.com.

Make Your New PC Hassle-Free, Part 3: Keep It Secure

Did you find a new PC under the tree (or menorah) last month? If so, there are steps you should take to make it as hassle-free as possible

SAS pushes for business analytics in Canadian gov’t

Fraud experts at a recent event in Toronto, hosted by SAS Institute, addressed challenges facing the government when it comes to combatting fraud. Why the "crown jewel" in fraud detection is powerful analytics.

TSA Gaffe Shows Pitfalls of Redaction

The public exposure of a TSA security manual illustrates the need for using robust redaction tools that will thoroughly hide sensitive text in electronic documents.

Managed security service packs a lot of protection into one box

Many small and midsize companies don't have the means to provide adequate and broad network security measures in-house. Yet these companies experience the same threats from the Internet as large companies with specialized security experts. A managed security service can provide strong security measures that are always current and that address a wide range of threats.

2020 Vision: Why you won't recognize the 'Net in 10 years

As they imagine the Internet of 2020, computer scientists across the U.S. are starting from scratch and re-thinking everything: from IP addresses to DNS to routing tables to Internet security in general. They're envisioning how the Internet might work without some of the most fundamental features of today's ISP and enterprise networks.

10 fool-proof predictions for the Internet in 2020

There are many views about how to fix the Internet’s architecture, but there's widespread agreement about many aspects of the future Internet. Here's our list of 10 fool-proof predictions for what the Internet will look like in a decade.

10 start-ups to watch in 2010

It's a rough economy for established vendors and start-ups alike, but the IT industry has plenty of interesting newcomers. These 10 companies to watch are tackling pressing problems related to virtualization, the cloud, smartphones, network management, security and power and cooling.

RockYou Sued Over Data Breach

An Indiana man sent a popular social networking app maker a great big "piece of flair" yesterday -- in the form of a class-action lawsuit. Alan Claridge sued RockYou, creators of spamtastic Facebook and MySpace apps like "Pieces of Flair" and "SuperWall," after the company admitted to having lost over 30 million individuals' personal identification data to a hacker.

Open source: How e-voting should be done

An open source approach to open voting systems is essential to the integrity of our electoral process. Here's a technical blueprint for securing the vote

Why traditional security doesn't work for SOA

SOA's strengths turn out to be highly exploitable entry points for attackers

New regulations will soon swell IT workloads

Government's response to the financial meltdown will require major tech initiatives for compliance, despite the recession's cutbacks

Global VoIP keeps Eaton connected

2008 InfoWorld 100 finalist: Diversified manufacturing firm cuts down cost of communication with voice-enabled global area network

Obama can't have a BlackBerry. Should your CEO?

Information security is not as strong as you may think, and the execs with the most sensitive data are juicy targets

Facebook, Twitter, iPhone app security fears

2010 will see increasing security threats to users of social networking and media sites such as Facebook and Twitter, a security vendor predicted.

2010 Prediction Roundup: From Outlandish to Likely

It's time to turn the page on 2009 and look into a crystal ball to the year ahead. PC World's own prognosticators have declared 2010 the year of the tablet computer , year of the Droid , year of the Mac and some even think 2010 might be Blu-ray's time to shine. But enough about PC World.

Group: Online ad networks mostly comply with privacy rules

Despite concerns from some privacy groups and U.S. lawmakers about behavioral advertising, most large advertising networks generally comply with a set of privacy and data-handling standards adopted by the Network Advertising Initiative a year ago, the NAI said in a report released Wednesday.

Zeus, Koobface, Conficker: How to fight

Cisco Systems Inc. highlighted the top security threats of 2009 by presenting Cybercrime Showcase Awards as part of its Annual Security Report.

Google Chrome OS may be security hotspot in 2010

Google's Chrome OS will be "poked" by hackers in 2010, in large part because it will be the "new kid on the block," a security researcher predicted Wednesday.

Security and Building Design: A Decade of Change

Building security design barely made the radar screen of most architects a decade ago. But as architect Barbara A. Nadel explains, the last decade brought the issue front and center.

Top 10 Security Nightmares of the Decade

Blame the Internet for the latest decade of security lessons. Without it, you probably wouldn't even recognize the terms phishing, cybercrime, data breach, or botnet. Let's revisit the top security horrors of the past ten years, and try to remember what we learned from each.

Adobe to be Prime Target for Malware in 2010

2009 is drawing to a close, and 2010 is almost upon us. The Chinese calendar says 2010 is the Year of the Tiger, but a report released from McAfee claims it could be the year of Adobe malware.

Forecast 2010: 11 daring predictions for 2010

We asked six IT industry observers to offer their predictions for 2010 and to speculate on who will be the winners and losers in the coming year. Here are their thought-provoking responses.

GSM Encryption Cracked, Showing Its Age

The unveiling of a GSM (Global System for Mobile Communications) encryption codebook compiled by a German security researcher and his team of collaborators lowers the bar significantly for the amount of money and technical expertise required to listen in on a GSM-based mobile phone call. More importantly, it illustrates just how old the current GSM encryption is and demonstrates why it's time for an upgrade.

Is someone intercepting your mobile voice calls?

Seventy-nine percent of organizations recently surveyed reveal their employees conduct confidential conversations over their mobile phones, yet only 18 per cent of those actually have mobile voice call security in place.

10 IDC tech predictions 2010

IDC Canada Ltd. recently revealed its top 10 technology predictions for 2010.

Hackers show it's easy to snoop on a GSM call

Computer security researchers say that the GSM phones used by the majority of the world's mobile-phone users can be listened in on with just a few thousand dollars worth of hardware and some free open-source tools.

Adobe will be top target for hackers in 2010, report says

Adobe Systems' Flash and Acrobat Reader products will become the preferred targets for criminal hackers in 2010, surpassing Microsoft Office applications, a security vendor predicted this week.

Things That Didn't Happen in '09 And Probably Won't in '10

We look back at how well GFI's David Kelleher did on predicting what was NOT likely to happen in the security department this year.

Good Guys Bring Down the Mega-D Botnet

For two years as a researcher with security company FireEye, Atif Mushtaq worked to keep Mega-D bot malware from infecting clients' networks. In the process, he learned how its controllers operated it. Last June, he began publishing his findings online. In November, he suddenly switched from defense to offense. And Mega-D--a powerful, resilient botnet that had forced 250,000 PCs to do its bidding--went down.

Why Can't the Law Get the Crooks?

Victor Rodriguez wants to know why law enforcement agencies can't stop the criminals infecting our PCs.

As DDoS Attacks Go, This One's a Dud

With all due respect to the affected holiday shoppers in Northern California, yesterday's distributed denial-of-service attack on Amazon, Wal-Mart, and other sites could've been much worse.

DDoS attack on DNS hits Amazon and others briefly

Internet users in Northern California were unable to reach properties including Amazon.com and Amazon Web Services for a time Wednesday evening, as their DNS provider was targeted by a distributed denial-of-service attack. The attack came as North American consumers rushed to finish online shopping ahead of the end-of-year holiday season.

E-Book Piracy: The Publishing Industry's Next Epic Saga?

As e-readers such as the Amazon Kindle continue to rise, so follows the publishing industry's worst nightmare: e-book piracy. For years e-book piracy was the exclusive province of the determined few willing to ferret out mostly nerdy textbook titles from the Internet's dark alleys and read them on their PC. But publishers say that the problem is ballooning as e-readers grow in popularity and the appetite for mainstream e-books grows.

Smartphone attacks, rogue antivirus, cloud breaches top 2010 security concerns

There has never been a year in which security threats diminished, so expect more hacks, exploits and scams in 2010, researchers warn.

The 5 essential patches of 2009

A panel of security experts helps Computerworld come up with the top five patches that users should have deployed over the past 12 months -- or should deploy as soon as possible.

Hacker targets Kindle, claims DRM protection is cracked

An Israeli hacker claims to have broken the copyright protection on Amazon's Kindle e-book reader to allow content to be viewed and shared on other digital readers.

Facebook's Other Top Trend of 2009: Divorce

Facebook just released a list of its top status trends for 2009. The list features mainly mundane topics such as Farmville, Michael Jackson, and Lady Gaga. It may also, however, need to include divorce.

Inmate gets 18 months for hacking prison computer

A former Massachusetts prison inmate has been given an 18-month prison sentence for hacking prison computers while he was incarcerated.

Hackers hit OpenX ad server in Adobe attack

Hackers have exploited flaws in a popular open-source advertising software to place malicious code on advertisements on several popular Web sites over the past week.

China state-linked microblog service hacked at launch

A Twitter-style service offered by a government-linked news site in China was hacked and has since gone offline, according to screenshots posted on the Web.

Citigroup, law enforcement refute cyber heist report

Citigroup and a federal law enforcement source on Tuesday refuted a claim that the bank's customers lost millions of dollars in an advanced cyber heist over the summer, leaving lingering questions over details of the alleged attack.

McAfee Avert Labs

Cutting edge security research as it happens.......

No More Dragons: the 26th Chaos Communication Congress Ends

By Toralv Dirro on Web and Internet Safety

With a dazzling laser show, the 26th Chaos Communication Congress (26c3) in Berlin, the last big security conference of 2009, has ended. If you haven’t been here, you might have missed fewer of the sessions than people on site, thanks to the worldwide availablility of live streams (and recordings). What you did miss was meeting [...]

Fake Alert Uses McAfee-like Domain Name to Attract Victims

By Patrick Knight on Web and Internet Safety

Cybercriminals love to use social engineering techniques to trick users into installing their malware. One of the latest fake-alert variants attempts to trick users into believing the software is related to or hosted by McAfee: mcafeevirusremover.com. With DAT release 5835 (December 17) McAfee detects the HTML code for the domain as FakeAlert-KW!htm and the associated Trojan [...]

Dragons Everywhere: The 26th Chaos Communication Congress, Part 2

By Toralv Dirro on Web and Internet Safety

Day 2 and Night 2 of the 26th Chaos Communication Congress is over, so it’s time for a short update on what you are missing here. This year the Congress is organized as a distributed event: Many local Hacker Spaces have joined the network at Berlin Conference Center, giving access to resources and talks to visitors. [...]

Here Be Dragons: The 26th Chaos Communication Congress, Part 1

By Toralv Dirro on Uncategorized

Although most people enjoy the days between Christmas and New Year’s Eve with their families, hackers, geeks, security enthusiasts, and privacy activists meet in Berlin for the world’s oldest and Europe’s biggest annual Hacker Conference. Now in its 26th year (I was a 13-year-old kid, trying to figure out what to with a Sharp [...]

2010 Predictions: the Year of a Major Social Networking Security Breach?

By David Marcus on Web and Internet Safety

With the New Year just days away, it’s time for McAfee Labs 2010 Threat Predictions. What should you be wary of in the coming year? Social networks. Sites such as Twitter and Facebook have changed the way we communicate, interact, and share on the web. As user bases for the top online social destinations reach [...]

(Not So) Happy Holidays from Koobface

By Paula Greve on Web and Internet Safety

Koobface has been busy. Activities associated with the worm have increased during the month of December. Often the activity is sending traffic to compromised servers to obtain more servers. Other times it uses those compromised servers to proxy users to malicious domains that distribute more malware or take control of the infected machines. This morning we [...]

InSecurity Complex

Keeping tabs on flaws, fixes, and the people behind them.

FAQ: Using your smartphone safely

By Elinor Mills

Worms, Trojans, and SMS attacks are risks for mobile devices like the iPhone, but the biggest practical threat to users is losing the device.

Q&A: Researcher Karsten Nohl on mobile eavesdropping

By Elinor Mills

Researcher who tackled smart card security last year talks to CNET about how easy it is to listen in on GSM-based mobile phone calls now that the encryption has been cracked.

RockYou sued over data breach

By Elinor Mills

Suit seeks class action status and accuses RockYou of "reckless indifference to proper security measures" in failing to secure its network and protect customer data.

Hacker Gonzalez pleads guilty in Heartland breach

By Elinor Mills

Reuters reports that Target was also among the many victims of the data breaches led by Albert Gonzalez that led to massive identity fraud.