Wednesday, January 27, 2010

Around The Horn vol.2,3

Zero Day

Tracking the hackers

Tor Project suffers hack attack

By Ryan Naraine on Zero-day attacks

Hackers broke into two of Tor Project servers and used the CPU and bandwidth to launch additional attacks.

RealPlayer haunted by 11 critical vulnerabilities

By Ryan Naraine on Viruses and Worms

RealNetworks released an advisory to warn of the vulnerabilities, which could be exploited via rigged image and media files to launch remote code execution attacks.

And the most popular password is...

By Dancho Danchev on Web 2.0

Analysis based on 32 million passwords from last month's RockYou.com server breach, shows that millions of people continue using weak passwords.

Microsoft knew of IE zero-day flaw since last September

By Ryan Naraine on Vulnerability research

Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.

Mozilla drops Firefox 3.6 with security goodies

By Ryan Naraine on Responsible disclosure

The Firefox 3.6 update includes new features to patch third-party Firefox plug-ins and lock out rogue add-ons.

Yahoo!%20News

Yahoo! News: Security News

Security News

China says not involved in cyberattacks on Google (AFP)

In technology

A man surfs the internet at a Shanghai cafe. China has denied any state involvement in cyberattacks on Google and accused the United States of AFP - China on Monday denied any state involvement in cyberattacks on Google and defended Internet censorship as necessary, as a row with Washington over the US firm's threat to leave the country rumbled on.

TaoSecurity

Richard Bejtlich's blog on digital security and the practices of network security monitoring, incident response, and forensics.

Look Beyond the Exploit

By Richard Bejtlich

The post One Exploit Should Not Ruin Your Day by Dino Dai Zovi made me think:
Finally, the larger problem is that it only took one exploit to compromise these organizations. One exploit should never ruin you day. [sic]
No, that is wrong. The larger problem is not that it "only took one exploit to compromise these organizations." I see this mindset in many shops who aren't defending enterprises on a daily basis. This point of view incorrectly focuses on exploitation as a point-in-time, "skirmish" event, disconnected from the larger battle or the ultimate campaign.
The real "larger problem" is that the exploit is only part of a campaign, where the intruder never gives up. In other words, comprehensive threat removal is the problem. There is no "cleaning," or "disinfecting," or "recovery" at the battle or campaign level. You might restore individual assets to a semi-trustworthy state, but the advanced persistent threat only cares that they can maintain long-term access to the environment.
If the problem were simply defending against a compromised asset, we would not still be talking about this issue. Rather, the problem is that it is exceptionally difficult, if not impossible, to remove this threat. Individual exploits add to the problem but they are only skirmishes.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Review of Network Maintenance and Troubleshooting Guide, 2nd Ed Posted

By Richard Bejtlich

http://ecx.images-amazon.com/images/I/41Z3aiquNDL._AA200.jpgAmazon.com just posted my 5 star review of Network Maintenance and Troubleshooting Guide, 2nd Ed by Neal Allen. From the review:
Good network troubleshooting books are rare. TCP/IP Analysis and Troubleshooting Toolkit by Kevin Burns (2003), Troubleshooting Campus Networks by Priscilla Oppenheimer and Joseph Bardwell (2002), and Network Analysis and Troubleshooting by Scott Haugdahl (1999) come to mind. Network Maintenance and Troubleshooting Guide (NMATG) brings a whole new dimension to network analysis, particularly at the lowest levels of the OSI model. I found topics covered in NMATG that were never discussed in other books. While not for every networking person, NMATG is a singular reference that belongs on a network professional's shelf.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Submit Questions for OWASP Podcast

By Richard Bejtlich

Jim Manicoinvited me to speak on the OWASP Podcast. If you'd like me to try answering specific questions, please email them to podcast at owasp.org. When the show is posted I will let everyone know here. Thank you.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Sguil 0.7.0 on Ubuntu 9.10

By Richard Bejtlich

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKQLIRA0K96TRbcW-zGYFEHxf7Z6rGPaisgIbh_zRm1rQ2XZ6dwV3HK3Ls35W4JTanFhkuNmDQ-sC_1iajbAvoAdbqRxSPYmNFukSxKs_beiYX0vj8fYHtoFJi40Z4kJNClO1Kze1S7Ms/s200/sguil_logo.pngToday I installed a Sguil client on a fresh installation of Ubuntu 9.10.
It was really easy with the exception of one issue I had to troubleshoot, explained below.
First notice that tcl8.4 and tk8.4 is already installed on Ubuntu 9.10.



richard@janney:~$ dpkg --list | grep -i tcl

ii  tcl8.4                               8.4.19-3                                   

Tcl (the Tool Command Language) v8.4 - run-t

ii  tk8.4                                8.4.19-3                                   

Tk toolkit for Tcl and X11, v8.4 - run-time 

richard@janney:~$ sudo apt-get install tclx8.4 tcllib 

 iwidgets4 tcl-tlsReading package lists... Done

Building dependency tree       

Reading state information... Done

The following extra packages will be installed:

  itcl3 itk3

Suggested packages:

  itcl3-doc itk3-doc iwidgets4-doc tclx8.4-doc

The following NEW packages will be installed:

  itcl3 itk3 iwidgets4 tcl-tls tcllib tclx8.4

0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.

Need to get 4,127kB of archives.

After this operation, 18.1MB of additional disk space will be used.

Do you want to continue [Y/n]? y

Get:1 http://us.archive.ubuntu.com karmic/universe itcl3 3.2.1-5 [99.4kB]

...truncated...


Next install wireshark via apt-get. I don't show that here.
The server I want to connect to is running Sguil 0.7.0, not the version currently in CVS. If you try connecting from a CVS client to a 0.7.0 server, the client will report an error like



error writing "sock6": connection reset by peer


On the server side you will see Sguil die on error:



pid(37598)  Client Connect: 192.168.2.194 39901 sock15

pid(37598)  Validating client access: 192.168.2.194

pid(37598)  Valid client access: 192.168.2.194

pid(37598)  Sending sock15: SGUIL-0.7.0 OPENSSL ENABLED

pid(37598)  Client Command Received: VersionInfo {SGUIL-0.7.0 OPENSSL ENABLED}

pid(37598)  ERROR: Client connect denied - mismatched versions

pid(37598)  CLIENT VERSION: {SGUIL-0.7.0 OPENSSL ENABLED}

pid(37598)  SERVER VERSION: SGUIL-0.7.0 OPENSSL ENABLED

Error: can not find channel named "sock15"

can not find channel named "sock15"

    while executing

"close $socketID"

    (procedure "ClientVersionCheck" line 11)

    invoked from within

"ClientVersionCheck $socketID $data1 "

    ("VersionInfo" arm line 1)

    invoked from within

"switch -exact $clientCmd {

      DeleteEventID { $clientCmd $socketID $index1 $index2 }

      DeleteEventIDList { $clientCmd $socketID $data1 }

      ..."

    (procedure "ClientCmdRcvd" line 38)

    invoked from within

"ClientCmdRcvd sock15"

SGUILD: killing child procs...

SGUILD: Exiting...


If you diff the sguil.tk from 0.7.0 against sguil.tk from CVS these differences explain what is happening:



richard@janney:~/sguil/client$ diff /home/richard/Downloads/sguil-0.7.0/client/sguil.tk sguil.tk

5c5

---

> # $Id: sguil.tk,v 1.254 2008/09/21 02:59:25 bamm Exp $ #

156,162d155

203a197

>       PassChange { $serverCmd [lindex $data 1] [lindex $data 2] }

235c229

---

>     puts $socketID [list VersionInfo $tmpVERSION]

...truncated...


Finally I like to edit my sguil.conf as shown to account for Wireshark's location and to reduce the number of panes from the default of 3 down to 1.



richard@janney:~/Downloads/sguil-0.7.0/client$ diff sguil.conf.orig sguil.conf

49c49

---

> set WIRESHARK_PATH /usr/bin/wireshark

73c73

---

> set RTPANES 1

78,80c78,80

---

> set RTPANE_PRIORITY(0) "1 2 3 4 5"

> #set RTPANE_PRIORITY(1) "2 3"

> #set RTPANE_PRIORITY(2) "4 5"


At this point I can use the Sguil client.
Unfortunately I continue to have a problem with DNS resolution. (I reported one a while back.)



can't read "state(reply)": no such element in array

can't read "state(reply)": no such element in array

    while executing

"binary scan $state(reply) SSSSSS mid hdr nQD nAN nNS nAR"

    (procedure "Flags" line 13)

    invoked from within

"Flags $token flags"

    (procedure "dns::name" line 3)

    invoked from within

"dns::name $tok"

    (procedure "GetHostbyAddr" line 47)

    invoked from within

"GetHostbyAddr $srcIP"

    (procedure "ResolveHosts" line 23)

    invoked from within

"ResolveHosts"

    invoked from within

".eventPane.pane1.childsite.detailPane.pane0.childsite.detailTabs.canvas.notebook.

 cs.page1.cs.ipDataFrame.dnsDataFrame.dnsActionFrame.dnsButton invoke"

    ("uplevel" body line 1)

    invoked from within

"uplevel #0 [list $w $cmd]"

    (procedure "tk::CheckRadioInvoke" line 3)

    invoked from within

"tk::CheckRadioInvoke .eventPane.pane1.childsite.detailPane.pane0.childsite.detailTabs.canvas.notebook.

 cs.page1.cs.ipDataFrame.dnsDataFrame.dnsActionFr..."

    (command bound to event) 


I noticed a similar error on the sguil-users mailing list and tried installing libudp-tcl, but I got the same error.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Attribution Using 20 Characteristics

By Richard Bejtlich

My post Attribution Is Not Just Malware Analysis raised some questions that I will try to address here. I'd like to cite Mike Cloppert as inspiration for some of this post.
Attribution means identifying the threat, meaning the party perpetrating the attack. Attribution is not just malware analysis. There are multiple factors that can be evaluated to try to attribute an attack.

  1. Timing. What is the timing of the attack, i.e., fast, slow, in groups, isolated, etc.?
  2. Victims or targets. Who is being attacked?
  3. Attack source. What is the technical source of the attack, i.e., source IP addresses, etc.?
  4. Delivery mechanism. How is the attack delivered?
  5. Vulnerability or exposure. What service, application, or other aspect of business is attacked?
  6. Exploit or payload. What exploit is used to attack the vulnerability or exposure?
  7. Weaponization technique. How was the exploit created?
  8. Post-exploitation activity. What does the intruder do next?
  9. Command and control method. How does the intruder establish command and control?
  10. Command and control servers. To what systems does the intruder connect to conduct command and control?
  11. Tools. What tools does the intruder use post-exploitation?
  12. Persistence mechanism. How does the intruder maintain persistence?
  13. Propagation method. How does the intruder expand control?
  14. Data target. What data does the intruder target?
  15. Data packaging. How does the intruder package data for exfiltration?
  16. Exfiltration method. How does the intruder exfiltrate data?
  17. External attribution. Did an external agency share attribution data based on their own capabilities?
  18. Professionalism. How professional is the execution, e.g., does keystroke monitoring show frequent mistakes, is scripting used, etc.?
  19. Variety of techniques. Does the intruder have many ways to accomplish its goals, or are they limited?
  20. Scope. What is the scope of the attack? Does it affect only a few systems, many systems?


As you can see, there are many characteristics than can be assessed in order to determine if an incident is likely caused by a certain party. Mature security shops use profiles like this to make their own intelligence assessments, often confidentially collaborating with others sharing the same problems.

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

Help Bro Project with Short Survey

By Richard Bejtlich

I've written about Bro before, and I noticed the following mailing list post titled Poll: Bro deployments:
Hello Sites Using Bro,
We'd like to ask for your help. We're in the process of preparing a major funding proposal for improving Bro, focused on: improving the end-user experience (things like comprehensive documentation, polishing rough edges, fixing bugs); and improving performance.
This looks like a potentially excellent opportunity. However, a major element of winning the funding is convincingly demonstrating to the funders that Bro is already well-established across a large & diverse user community.
To develop that framing, we'd like to ask as many of you folks as possible to fill out the small questionaire below. Please send the replies to Robin personally, not to the list (just replying to this mail should do the right thing). Assuming sufficient feedback, we'll post an anonymized summary to the list.
(Of course we already know about many of you, but collecting this information more systematically will allow us to put together a better overall view of the Bro community.)
Thanks a lot in advance,
Vern and Robin



--------- Please send to robin at icir.org -----------------------------



1.  Name of deployment site [optional]: 



2.  We are using Bro



    [ ] not yet, but we plan to

    [ ] experimentally

    [ ] operationally 



3.  We have done so for about _N_ years.



4.  Our site is best described as 



    [ ] Academia

    [ ] Research Lab

    [ ] Government

    [ ] Industry

    [ ] Other (please explain)



5.  In its current use, Bro monitors about _N_ systems.



6.  Would you be fine with us listing your site by name as a Bro user?



    [ ] Yes, however you wish.

    [ ] Yes in private to the funders in your grant application, but not publicly.

    [ ] No, please use this information only in an anonymized form.



7.  Optionally, list up to three improvements you would like to see

    in the "Bro world":


If you have any interest in Bro, please consider completing this short survey and email your results to Robin. Thank you!

Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)

 

Security - RSS Feeds

Security - RSS Feeds

China Denies Link to Cyber-Attacks

The Chinese government denies any involvement in cyber-attacks, rebuking accusations made linking the government to attacks on Google and 30 other companies.
- The Chinese government is fighting back against accusations it was involved in any way in the recent cyber-attacks that struck more than 30 enterprises, calling such talk "groundless." quot;Accusation that the Chinese government participated in cyber-attack, either in an explicit or inexplici...

Bredolab, Spam and the CAPTCHA-Cracking Biz

Meet Bredolab. Bredolab represents what Fortinet calls a simplified botnet a loader that simply connects to a remote server to report and receive files to download and execute. Fortinet has linked Bredolab to an innovative new spam engine called Webwail as well as an uptick in the growth of attacker services focused on cracking CAPTCHAs. By circumventing CAPTCHA protections, spammers can sign up for legitimate Web e-mail accounts to send out spam, making it harder for security vendors to block their messages. Fortinet Threat Researcher Derek Manky predicts more Web engines like Webwail will be developed, driving a growth in CAPTCHA-solving services. Here, eWEEK looks at Webwail and Bredolab, and shows what could be a new security threat: loaders sold as services to buyers looking to distribute malware.
- ...

Clinton Pushes Cyber-security in Wake of Google Attacks

Secretary of State Hillary Clinton calls for countries to cooperate in defending against cyber-attacks, but remains cautious in her comments regarding the recent attacks reported by Google.
- U.S. Secretary of State Hillary Clinton in a speech Jan. 21 took a strong stance in favor of promoting cyber-security partnerships and ending Internet censorship, but stopped short of using harsh language against China in connection with the recent cyber-attacks reported by Google. China has been ...

 

Security

The Art of Technology

etc: Those of you who still use RealPlayer should take note of a slew of updates intended to shut the door on some vulnerabilities.

In @etc

Those of you who still use RealPlayer should take note of a slew of updates intended to shut the door on some vulnerabilities.

Read More:US-CERT

 

Could Microsoft have fixed "Google hack" prior to attacks?

By p_emil@hotmail.com (Emil Protalinski) on internetexplorer

http://static.arstechnica.com/assets/2009/05/avsim_hacked_listing-thumb-230x130-5201-f.jpg

When Microsoft released the highly-publicized patch for Internet Explorer yesterday, the software giant admitted that it was aware of the flaw for quite some time. "As part of that investigation, we also determined that the vulnerability was the same as a vulnerability responsibly reported to us and confirmed in early September," Redmond disclosed on the Microsoft Security Response Center. Does this mean that Microsoft could have prevented the Chinese attacks on the 33 companies by releasing patches for Internet Explorer sooner, or at the very least, that the browser would not have been one of the vectors used? Not exactly, we learned after contacting three different security experts.

"When the vulnerability was disclosed to Microsoft in last December, there wasn't any known exploit in the wild," Chenxi Wang, Principal Analyst of Security and Risk Management at Forrester Research, told Ars. "Hence Microsoft scheduled to release the patch in February, which was the next available security bulletin date. But this attack came up before they released the update. That's why they issued the out of band fix. To be fair, Microsoft sees a lot of vulnerabilities, and you don't know which one actually would result in an attack." 

In short, Microsoft did what it always does: work on a fix, but don't tell the public until it is absolutely necessary to warn them, and then release it as soon as possible.

Read the rest of this article...

32 million passwords show most users careless about security

By jtimmer@arstechnica.com (John Timmer) on stupidity

We've covered this ground before, but never quite on this scale. The best passwords are arbitrary strings that mix letters, digits, and other characters, and are unique to each account. But the human brain isn't wired to remember arbitrary strings, and the explosion of locations that require a login has only exacerbated the problem. The inevitable result is that various surveys have all indicated that many user accounts are badly insecure.

The latest confirmation of that comes with some pretty significant numbers behind it: 32 million, to be exact. That's how many passwords were obtained in a recent hack of the RockYou service. The hacker left a file with all the passwords on a public site, and security firm iMPERVA has now analyzed them. The numbers aren't pretty: about a third are less than six characters, and half are vulnerable to dictionary attacks. The most common password was 123456, and it was followed by 12345, 123456789, and Password. iMPERVA estimates that someone with a slow DSL connection could access one account a second using a dictionary attack.

The one caveat here is that RockYou simply offers widgets for use on social networking sites, so the stakes aren't obviously that high. By all appearances, the worst thing that could happen if someone got ahold of RockYou login credentials is that they could upload photos to an unsuspecting user's Facebook account—potentially embarrassing, but not in the same league as banking information.

What iMPERVA doesn't comment on, but it should be noted, is that RockYou itself seems pretty indifferent to security. Although the site's security notice about the breach starts by saying, "Our users' privacy and data security have always been a priority for RockYou," there's no way to reconcile that with the fact that the company stored all its user information as plain text in a database that was vulnerable to an SQL injection attack. The company is taking reasonable measures in response to its very public failing, but this is security 101.

SearchSecurity.com

SearchSecurity: Security Wire Daily News

The latest information security news on IT threats, vulnerabilities and market trends from the award-winning SearchSecurity.com.

Data breach costs continue to rise in 2009, Ponemon study finds

By Robert Westervelt

A Ponemon Institute study of 45 businesses found data breach costs increased last year to $204 per compromised record, a rise of $2 per customer record over 2008 costs.

Adobe issues alert on Shockwave Player 3D graphics flaws

By Robert Westervelt

Vulnerabilities could allow an attacker to infect victims with malware and take control of an infected machine.

Microsoft issues critical security update, blocks IE 6 attacks

By Robert Westervelt

Eight critical vulnerabilities in Internet Explorer were repaired in Microsoft's rushed security update. All supported versions of IE are affected.

SANS%20Internet%20Storm%20Center,%20InfoCON%3A%20green

SANS Internet Storm Center, InfoCON: green

Outdated client applications, (Sun, Jan 24th)

The Aurora target attack made me think about the client applications again. This and when I saw ...(more)...

The necessary evils: Policies, Processes and Procedures, (Sat, Jan 23rd)

This isn't a glamorous topic and quite frankly it's not my favorite one to talk about or to work on. ...(more)...

Pass-down for a Successful Incident Response , (Fri, Jan 22nd)

A mandatory management tool for incident response is called the pass down. It is t ...(more)...

Firefox Upgrade Available, (Thu, Jan 21st)

Firefox released 3.6 today with a few notable improvements ...(more)...

The%20Register

The Register - Security

Biting the hand that feeds IT

Whirlpool allows old stains to linger on Kitchenaid.com site
Warnings put through spin cycle

Domestic appliance manufacturer Whirlpool has come under fire for failing to clean up a malware infection on one of its sites, months after it was notified of a problem by UK anti-virus firm Sophos.…

China denies role in cyber attacks on Google
Claims 'groundless'

China has denied it was involved in the December cyber attacks on Google and at least 33 other companies.…

Full-body scanner blind to bomb parts
Todger, yes. Combustibles, no

Most of the uproar over full-body scanners has focused on privacy concerns. There's one larger question, however, that hasn't received much scrutiny by the chattering classes: do the damnable things work?…

80% of fed sites miss DNS Security deadline
Where's your spoof protection?

The vast majority of US federal agencies have failed to meet a December 31 deadline to deploy new technology that would make it significantly harder for attackers to spoof their websites, according to Network World.…

Amateur goof makes Twitter account hijacking a snap
Just add XML

Twitter is sitting on an amateur configuration blunder that makes it trivial for attackers to take control of user accounts, a researcher said Friday.…

TSA screener plants powder baggie in flier's luggage
Not everyone gets the joke

A screener for the US Transportation Security Administration lost his job after pretending to plant a plastic bag of white powder in the carry-on luggage of a passenger at the Philadelphia International Airport.…

MS knew of Aurora exploit four months before Google attacks
China light on the matter

Microsoft first knew of the bug used in the infamous Operation Aurora IE exploits as long ago as August, four months before the vulnerability was used in exploits against Google and other hi-tech firms in December, it has emerged.…

Tor software updated after hackers crack into systems
Miscreants remain anonymous

Privacy-conscious users of the Tor anonymiser network have been urged to upgrade their software, following the discovery of a security breach.…

Irish board hack prompts password reset
Users thrown into scramble to change up login credentials

Popular Irish web discussion forum boards.ie has reset user passwords in response to a hack attack that compromised member login credentials.…

Emergency IE patch goes live as exploits proliferate
'Hundreds of sites' locked and loaded

Updated Microsoft released an emergency security update for all versions of Internet Explorer on Thursday as attacks exploiting a critical vulnerability in the widely used browser spread to hundreds of websites.…

http://www.networkworld.com/redesign2/logorss.gif

Network World on Security

The latest security news, analysis, reviews and feature articles from NetworkWorld.com. 

Study: CISOs Keep Breach Costs Lower

The latest "Cost of a Data Breach" survey from the Ponemon Institute finds companies with a CISO are better able to handle loss of sensitive information.

Stop 11 Hidden Security Threats

Do you know how to guard against scareware? How about Trojan horse text messages? Or social network data harvesting? Malicious hackers are a resourceful bunch, and their methods continually evolve to target the ways we use our computers now. New attack techniques allow bad guys to stay one step ahead of security software and to get the better of even cautious and well-informed PC users.

Chinese human rights sites hit by DDoS attack

Five Web sites run by Chinese human rights activists were attacked by hackers over the weekend, as a separate row continued between Google and China over political cyberattacks.

China rejects accusations on Google hack, Internet freedom

China on Monday dismissed accusations of any official involvement in hacking attacks on Google and other U.S. companies, adding to tension between the two countries over the issue.

Netgear targets SMB market with new security tool

Netgear's new security appliance takes on SMB stalwarts such as Fortinet and Barracuda by including key functions of antispam, antimalware, and Web content filtering into a single unit combining easy deployment and budget-preserving pricing.

HP unveils extensive security services package

HP Monday announced an extensive security-services portfolio that includes more than 90 basic offerings for application, identity and access management security to business continuity, cloud computing and managed services aimed at businesses and government.

Facebook users offered free spam 'firewall'

Security vendor Websense if offering Facebook users and businesses a new ‘firewall' service that monitors their pages for malicious posts, links and spam.

Acronis makes online backup service available to all

Acronis has made its online back-up service available as a stand-alone product.

China hacks used as lure for more targeted attacks

Malicious hackers have begun using the recent cyberattacks against Google and more than 30 other companies as lures for launching even more targeted attacks, security firm F-Secure said in a blog post today.

Botnets: 'The Democratization of Espionage'

The cyber attacks against Google, Adobe and a raft of other top U.S. corporations late last year were by most accounts sophisticated and targeted attempts to steal proprietary data. But lost in all of the resulting media hoopla over who the remaining victims were and whether Chinese hackers or indeed the Chinese government itself were responsible is the simple, terrifying truth that individual hackers now have access to the same arsenal of cyber weapons once reserved only for nation states.

Microsoft assurance on IE vulnerability

Microsoft has moved to reassure users and the corporate world that everything possible is being done to address concerns about an Internet Explorer (IE) vulnerability, after the attacks on Google and other companies in China.

RealPlayer fix addresses 11 security bugs

US-CERT is advising users to upgrade their RealPlayer software after the company patched 11 security bugs.

Cyber criminals target online activities of Asians

Social networking sites and online banking are very popular across the world but their users are now looking for better identity protection, according to the 2010 global online consumer security survey by RSA, the security division of EMC.

Baidu lawsuit: Register.com rep refused aid after hack

Chinese search engine Baidu.com was stranded without technical support from its U.S. domain registrar immediately after being hacked last week, Baidu has alleged in its lawsuit against the registrar.

TOR issues updated software after server breach

The TOR Project is advising users to upgrade to a new version of the software following a hack that compromised three of its servers.

Creating Secure Passwords You Can Remember

Microsoft Chairman Bill Gates declared the password dead. He told his audience that the password can't meet the challenge of keeping sensitive information protected, saying "People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure."

Users on hacked site used 'trivial' passwords

The hackers who stole and published 33 million passwords from the Rockyou.com website in December needn't have bothered, a security company has revealed. Many of them were so trivial they could have been guessed anyway.

IE attacks pose small threat to U.S., big risk to China

Security researchers say that the hackers exploiting an Internet Explorer bug are far more likely to hit Chinese computers users than those in the U.S. The hackers are believed to be working from China.

Europe's spam war hits stalemate

Europe's ISPs are just about holding their own against the global spam barrage, a Europe-wide report has found. Put another way, things are not getting better, but they are not getting any worse either.

Web users warned about hoax Amazon emails

Web users are warned about hoax emails claiming to be from etailer Amazon.

Emergency Internet Explorer patch available

Microsoft's emergency Internet Explorer 6 patch will be available from 6pm UK time. Facebook has begun warning members logging in to its social network site using Internet Explorer to update to the latest version of the web browser.

Google's China Challenge: How It Came to This

Google's getting some moral support from the government in its decision to stop censoring search in China.

Enterprises look to service providers for help managing security logs

Managed SIM services started to gain momentum over the past two years, largely due to compliance mandates such as the Payment Card Industry data security requirements.

Microsoft patches IE, admits it knew of bug last August

As Microsoft patched the Internet Explorer zero-day used to break into Google's network, it acknowledged that it had known of the bug since August 2009, when an Israeli security company reported the flaw.

Emergency Microsoft Update Fixes IE Zero-day

Microsoft today released a rare patch outside of its normal monthly update cycle to fix an under-attack zero-day security hole in Internet Explorer.

Widespread attacks exploit newly patched IE bug

The first widespread attack to leverage a recently patched flaw in Microsoft's Internet Explorer browser has surfaced.

Users still make hacking easy with weak passwords

In a report likely to make IT administrators tear out their hair, most users still rely on easy passwords, some as simple as "123456," to access their accounts.

80% of government Web sites miss DNS security deadline

Most U.S. federal agencies -- including the Department of Homeland Security -- have failed to comply with a Dec. 31, 2009, deadline to deploy new authentication mechanisms on their Web sites that would prevent hackers from hijacking Web traffic and redirecting it to bogus sites.

Mobile router hacked to reveal user's location

A user of Novatel Wireless's MiFi ‘portable Wi-Fi' hotspot appears to have stumbled on a security flaw that could allow an outsider to work out a user's location without their knowledge.

Microsoft to issue emergency IE patch Thursday

Microsoft will release its emergency patch for Internet Explorer (IE) on Thursday, the company said, as it also admitted that attacks can be hidden inside rigged Office documents.

Controversial App Provides Background Checks On the Go

Online privacy is a constant and growing concern as the evolving landscape of Web sites and services erode the traditional expectations of privacy. A new app from BeenVerified is adding even more controversy to the privacy dilemma by enabling users to conduct background checks on anyone in a matter of seconds from their iPhone.

Heartland's settlement offer not enough, lawyers say

Lawyers representing financial institutions in a data breach lawsuit against Heartland Payment Systems Inc are calling a recently proposed $60 million settlement offer from the company as way too meager.

Clinton: US gov't will push harder against Web censorship

The U.S. Department of State will launch several new initiatives focused on fighting Internet censorship, including working with businesses and other groups to develop mobile applications that help residents of countries with repressive governments report problems, U.S. Secretary of State Hillary Clinton said Thursday.

Clinton to challenge Internet censorship in policy address

U.S. Secretary of State Hillary Clinton will raise the issue of Google's ongoing battles in China in a broad policy address on Internet freedom she plans to make Thursday in Washington, D.C.

Mobile router hack reveals user's location

A user of Novatel Wireless's MiFi ‘portable Wi-Fi' hotspot appears to have stumbled on a security flaw that could allow an outsider to work out a user's location without their knowledge.

Microsoft Security Bulletin Coming for IE Zero-Day

Microsoft announced today that security bulletin MS10-002 will be released on Thursday--almost three weeks ahead of the next regularly-scheduled Patch Tuesday update. MS10-002 has a cumulative risk rating of Critical and it is being released out-of-band to address the zero-day exploit at the heart of the China attacks on Google, which is now circulating in-the-wild.

Microsoft confirms 17-year-old Windows bug

Microsoft warns that a bug in the kernel of a 32-bit windows versions could allow hackers to hijack PCs. The company said the bug is 17-years old.

 

McAfee Avert Labs

Cutting edge security research as it happens.......

Scams Take Advantage of Haiti Relief Efforts

By Sam Masiello on Web and Internet Safety

Never is the heartless nature of cybercriminals more apparent than in the wake of a tragedy. As relief efforts continue and worldwide aid pours in to help those affected by the earthquake that rocked Haiti on January 12, cybercriminals have not slowed their efforts. They are eager to get you to donate money that the people [...]

Patch Released for Recent Microsoft Zero Day (CVE-2010-0249)

By Craig Schmugar on Zero-Day

Microsoft has released Security Bulletin MS10-002, regarding Internet Explorer vulnerabilities. In addition to patching the flaw exposed by Operation Aurora, the company released patches for seven other vulnerabilities. We are aware of reports of private CVE-2010-0249 exploits impacting Internet Explorer 7 and 8 (though these are mitigated with ASLR and DEP). Historically, the odds of private exploits [...]

InSecurity Complex

Keeping tabs on flaws, fixes, and the people behind them.

StopBadware goes nonprofit with funding from Google, others

By Elinor Mills

Four-year-old anti-malware effort leaves Harvard's Berkman Center to become standalone nonprofit.

Survey: Data breaches from malicious attacks doubled last year

By Elinor Mills

Ponemon survey of U.S. companies discloses its first reports that data-stealing malware caused breaches.

Router glitch cripples California DMV network

By Elinor Mills

California workers resort to pen and paper during two-hour network outage at the Department of Motor Vehicles.

Facebook plugs friends list mobile leak

By Elinor Mills

Facebook fixes setting on Facebook's mobile site so strangers can't see other peoples' friends list.

 

Info Security News

Carries news items (generally from mainstream sources) that relate to security.

Microsoft, Aurora and something about forest and trees?

Posted by InfoSec News on Jan 24

http://blog.osvdb.org/2010/01/24/microsoft-aurora-and-something-about-forest-and-trees
By jericho
1.24.2010
OSVDB Blog
Perhaps it is the fine tequila this evening, but I really don't get how
our industry can latch on to the recent 'Aurora' incident and try to
take Microsoft to task about it. The amount of news on this has been
overwhelming, and I will try to very roughly summarize:
News surfaces Google, Adobe and 30+ companies hit by...

Call for Papers: WorldCIS-2011

Posted by InfoSec News on Jan 24

Fowarded from: Paul Kelly <p.kelly (at) worldcis.org>
Apologies for cross-postings. Please send it to interested
colleagues and students. Thanks!
CALL FOR PAPERS
********************************************************
World Congress on Internet Security (WorldCIS-2011)
Technically Co-Sponsored by IEEE UK/RI Computer Chapter
21-23 February 2011
www.worldcis.org
********************************************************
The World Congress...

China hacks used as lure for more targeted attacks

Posted by InfoSec News on Jan 24

http://www.computerworld.com/s/article/9147458/China_hacks_used_as_lure_for_more_targeted_attacks?taxonomyId=17
By Jaikumar Vijayan
Computerworld
January 22, 2010
Malicious hackers have begun using the recent cyberattacks against
Google and more than 30 other companies as lures for launching even more
targeted attacks, security firm F-Secure said in a blog post today.
The company reported spoofed e-mails purporting to contain details on
the...

Botnets: "The Democratization of Espionage"

Posted by InfoSec News on Jan 24

http://www.csoonline.com/article/521619/Botnets_The_Democratization_of_Espionage_
By Brian Krebs
CSO Online
January 22, 2010
The cyber attacks against Google, Adobe and a raft of other top U.S.
corporations late last year were by most accounts sophisticated and
targeted attempts to steal proprietary data. But lost in all of the
resulting media hoopla over who the remaining victims were and whether
Chinese hackers or indeed the Chinese...

Hackers strike again in attack on eateries

Posted by InfoSec News on Jan 24

http://joongangdaily.joins.com/article/view.asp?aid=2915745
January 25, 2010
joongang.co.kr
Hackers cracked into the credit card processing networks of several
popular restaurant chains in Korea from December through early this
year, obtaining personal information from customers to make fake cards
and ring up millions of won in purchases.
Authorities said the resulting monetary damage could exceed similar
high-profile hacking incidents...

Swiss Army Encryption Challenge Worth More Than $100K

Posted by InfoSec News on Jan 24

http://www.businesscomputingworld.co.uk/?p=3347
By Andy Cordial
businesscomputingworld.co.uk
January 21st, 2010
News that am encrypted swiss army knife from manufacturers Victorinox
remained uncracked - and a $100,000 prize went unclaimed - at the
Consumer Electronics Show in Las Vegas this month comes as no surprise.
Even if someone had cracked the 2010 version of the famous Swiss Army
knife, they would have obtained a lot more than...

China denies involvement in Google cyberattacks

Posted by InfoSec News on Jan 24

http://news.cnet.com/8301-1009_3-10440208-83.html
By Steven Musil
Security
CNet News
January 24, 2010
After warning of strained U.S.-China relations, China's government has
issued a statement denying any state involvement in the cyber attacks on
Google and some 30 other companies.
The statement, issued Monday Beijing time by China's Ministry of
Industry and Information Technology and carried on the state news agency
Xinhua, comes at a time...

DarkMarket Ringleader Pleads Guilty in London

Posted by InfoSec News on Jan 22

http://www.wired.com/threatlevel/2010/01/jilsi-pleads-guilty
By Kim Zetter
Threat Level
Wired.com
January 21, 2010
A former ringleader of a top internet carding site run secretly by the
FBI has pleaded guilty in the United Kingdom.
Renukanth Subramaniam, aka JiLsi, was a former Pizza Hut delivery guy
who helped run one of the leading English-language criminal sites,
DarkMarket. The site operated as an international cyber-bazaar for more...

Users still make hacking easy with weak passwords

Posted by InfoSec News on Jan 22

http://www.computerworld.com/s/article/9147138/Users_still_make_hacking_easy_with_weak_passwords?taxonomyId=17
By Jaikumar Vijayan
Computerworld
January 21, 2010
In a report likely to make IT administrators tear out their hair, most
users still rely on easy passwords, some as simple as "123456," to
access their accounts.
A report released today by database security vendor Imperva Inc. serves
as another reminder of why IT...

Microsoft Releases Critical Internet Explorer Patch

Posted by InfoSec News on Jan 22

http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=222400136
By Thomas Claburn
InformationWeek
January 21, 2010
Microsoft on Thursday released an out-of-band patch, MS10-002, to
address eight vulnerabilities in Internet Explorer, a move prompted by
the revelation last week that a series of cyber attacks from China on
Google and some 33 other companies relied on a flaw in Microsoft's
browser.
The eight...

Secunia Weekly Summary - Issue: 2010-03

Posted by InfoSec News on Jan 22

========================================================================
The Secunia Weekly Advisory Summary
2010-01-14 - 2010-01-21
This week: 54 advisories
========================================================================
Table of Contents:
1.....................................................Word From...

Router glitch cripples California DMV network

Posted by InfoSec News on Jan 22

http://news.cnet.com/8301-27080_3-10439263-245.html
By Elinor Mills
InSecurity Complex
CNET News
January 21, 2010
The California Department of Motor Vehicles department suffered a
network outage on Thursday due to an equipment glitch, a state official
said.
A router switch malfunctioned, said Bill Maile, spokesman for Office of
Technology Services for the state of California.
"It's very rare," he said. "Our staff quickly...

Google investigates China staff over cyber attack

Posted by InfoSec News on Jan 18

http://www.guardian.co.uk/technology/2010/jan/18/china-google-cyber-attack
By Tania Branigan in Beijing and Reuters
Guardian.co.uk
18 January 2010
Google is investigating whether one or more of its employees in China
helped launch the cyber attack against it last month, according to
reports.
It is thought the line of inquiry is a routine part of its investigation
into the attack, which Google says was sophisticated, originated in
China...

ISPs could cut spam easily, says expert

Posted by InfoSec News on Jan 18

http://news.techworld.com/security/3210489/isps-could-cut-spam-easily-says-expert/
[Seemed like a good idea in 2004...
http://www.infosecnews.org/hypermail/0405/8630.html - WK]
By John E. Dunn
Techworld
18 January 10
Two simple techniques could be used to strangle botnets, a security
expert has claimed. First, block email port 25 by default. Second, tell
users when they are spewing spam from compromised PCs.
According to Trend Micro's CTO,...

Companies Fight Endless War Against Computer Attacks

Posted by InfoSec News on Jan 18

http://www.nytimes.com/2010/01/18/technology/internet/18defend.html
By STEVE LOHR
The New York Times
January 17, 2010
The recent computer attacks on the mighty Google left every corporate
network in the world looking a little less safe.
Google's confrontation with China - over government censorship in
general and specific attacks on its systems - is an exceptional case, of
course, extending to human rights and international politics as...

Poisoned PDF pill used to attack US military contractors

Posted by InfoSec News on Jan 18

http://www.theregister.co.uk/2010/01/18/booby_trapped_pdf_cyber_espionage/
By John Leyden
The Register
18th January 2010
Unidentified hackers are running an ongoing cyber-espionage attack
targeting US military contractors
Booby-trapped PDF files, posing as messages from the US Department of
Defense, were emailed to US defence contractors last week. The document
refers to a real conference due to be held in Las Vegas in March.
Opening the...

France, Germany Say Avoid IE Until Security Vulnerability Patched

Posted by InfoSec News on Jan 18

http://www.eweek.com/c/a/Security/France-Germany-Say-Avoid-IE-Until-Security-Vulnerability-Patched-321481/
By Brian Prince
eWEEK.com
2010-01-18
France and Germany are advising users to switch from Internet Explorer
to another Web browser until Microsoft patches the zero-day
vulnerability linked to attacks on Google and others.
France and Germany have advised their citizens to ditch Internet
Explorer (IE) in the wake of reports that an IE...

Prince William in New Zealand security alert as DJ gatecrashes barbecue

Posted by InfoSec News on Jan 18

http://www.telegraph.co.uk/news/newstopics/theroyalfamily/7017129/Prince-William-in-New-Zealand-security-alert-as-DJ-gatecrashes-barbecue.html
By Andrew Alderson, in Wellington
Telegraph.co.uk
18 Jan 2010
The man is believed to have gained access to Mr Key's private residence
at Premier House in Wellington, where the Prime Minister had invited 50
guests.
The local DJ is understood to have spent several minutes on the loose as
a stunt....

IEEE creates Web portal on smart grids

Posted by InfoSec News on Jan 18

http://www.eetimes.com/news/design/showArticle.jhtml?articleID=222301321
By Rick Merritt
EE Times
01/19/2010
SAN JOSE, Calif. -- The IEEE has launched a new Web site that
consolidates information about smart electric grids from it various
societies. The portal is one of many activities from an IEEE smart grid
initiative coordinating the organization's work on the transition to
digital, networked power systems and services.
The smart grid is...

Federal Computer Week: Security News

New threats compel DOD to rethink cyber strategy

The Defense Department's diversity remains its Achilles' heel in the race to improve information assurance.

Assessing a training program

NIST Special Publication 800-16 recommends four ways to evaluate the effectiveness of a cybersecurity training program.

Without cyber response policies, U.S. can only denounce China attacks

The cyberattacks on Google originating from China highlight technology as a growing arena for the clash of national values and interests.

5 tips for cybersecurity-training your employees

Government security managers recommend several techniques for evaluating the effectiveness of employee cybersecurity training and improving the odds that the lessons will sink in.

eWeek Security Watch

Fraudulent iPhone Warranty Scheme Steals Device Data

In iPhone

Scammers are using a phony iPhone warranty scheme to trick end users into sharing their device data which could be used to help validate stolen devices on wireless networks.

 

DarkReading - Security News

DarkReading 

IBM to Acquire National Interest Security Company, LLC

DarkReading - All Stories

DarkReading

4 Steps For Trimming Patch Management Time

The heat is on to protect your systems from the newest exploits--a look at how to speed up patching without causing problems

Product Watch: Report Finds '123456' Most Popular Password

Imperva's study of 32 million passwords breached in last month's Rockyou.com hack finds consumer users still creating weak passwords

New Details On Targeted Attacks On Google, Others, Trickle Out

Meanwhile, Microsoft releases emergency patch for IE exploit used in the attacks

Inside IBM's Patent Applications For Airport Security

Technology has potential to apply profiling of passengers, alerting officials to potential terminal and tarmac threats

Darknet%20-%20Hacking,%20Cracking%20%26%20Computer%20Security

Darknet - The Darkside

Ethical Hacking, Penetration Testing & Computer Security

Websense Offers Facebook Users Free ‘Firewall’ Service

By Darknet on websense

There have been quite a few security concerns with Facebook, especially with the amount of personal information it collects on it’s users. Of course there is Koobface and it’s many variants which have been propagating all kinds of spam through Facebook wall posts and messages. I’m glad someone is offering a solution for free, yes...
Read the full post at darknet.org.uk

Burp Suite v1.3 Released – Integrated Platform For Attacking Web Applications

By Darknet on webapp security

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging,...
Read the full post at darknet.org.uk

 

CounterMeasures - Security, Privacy & Trust

A Trend Micro Solutions Architect Blog

Trend Micro Proactively Helps Protect Against Zero-Day Attacks Like the Recent IE Exploit

By Jonathan Leopando (Technical Communications) on Vulnerabilities

The recent attacks on Google and other large organizations (currently being referred to by others as “Aurora,” “Google attacks,” or “HYDRAQ”) refer to a set of carefully orchestrated, sophisticated, and highly complex attacks. They comprised malicious threats to all three communication vectors—email, Web, and files, plus, most notably, a zero-day vulnerability in Internet Explorer (IE). [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

Haiti Earthquake Unearths Malware

By Roderick OrdoƱez (Technical Communications) on Malware

After the earthquake that hit Haiti last January 12, the Internet was flooded with requests for financial donations from all sorts of companies and organizations. It should be noted that not all of these were true to their stated intentions. Martin Roesler, Trend Micro Director of Threat Research, warns Internet users to be very careful when [...]

Post from: TrendLabs | Malware Blog - by Trend Micro

 

CNET News - Security

StopBadware goes nonprofit with funding from Google, others

By Elinor Mills

Four-year-old anti-malware effort leaves Harvard's Berkman Center to become standalone nonprofit.

Originally posted at InSecurity Complex

Chinese human rights Web sites suffer attacks

By Stephen Shankland

The attack brought down the Chinese Human Rights Defenders' site and targeted four others amid a time when China's Web censorship is a hot issue.

Originally posted at Deep Tech

Survey: Data breaches from malicious attacks doubled last year

By Elinor Mills

Ponemon survey of U.S. companies discloses its first reports that data-stealing malware caused breaches.

Originally posted at InSecurity Complex

China denies involvement in Google cyberattacks

By Steven Musil

China's government issues statements denying any state involvement in the cyberattacks on the search giant and defending its online censorship.

Router glitch cripples California DMV network

By Elinor Mills

California workers resort to pen and paper during two-hour network outage at the Department of Motor Vehicles.

Originally posted at InSecurity Complex

Facebook plugs friends list mobile leak

By Elinor Mills

Facebook fixes setting on Facebook's mobile site so strangers can't see other peoples' friends list.

Originally posted at InSecurity Complex

Securing iPhone payment processing

By Dave Rosenberg

The iPhone is the latest mobile payment processing trend. Merchants and consumers need to understand the risks associated with this emerging technology.

Originally posted at Software, Interrupted

 

CGISecurity - Website and Application Security News

All things related to website, database, SDL, and application security since 2000.

Facebook security pretty much what you'd expect?

By Robert A. on IndustryNews

An interview claiming to be with a facebook employee discusses a few things that you probably were hoping didn't happen. Here are some choice quotes from the article " Rumpus: Have you ever logged in to anyone’s account? Employee: I have. For engineering reasons. Rumpus: Have you ever done it outside of...

 

 

 

********************************************************************************************** CONFIDENTIALITY NOTICE: The information contained in this email is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient, you are hereby notified that any unauthorized review, use, dissemination, distribution or copying of this communication is prohibited and may be subject to legal restriction or sanction. If you have received this email in error, please notify the sender immediately to arrange for return or destruction of the information and all copies. If you are the intended recipient but do not wish to receive communications through this medium, please advise the sender immediately. Thank you **********************************************************************************************

No comments:

Post a Comment

My Blog List